Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: System Care Antivirus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 23.11.2013, 14:22   #1
MoltoBene
 
System Care Antivirus - Standard

System Care Antivirus



Hallo zusammen,

hoffe hier auf schnelle Hilfe ...
Habe mir wohl den "System Care Antivirus"-Plagegeist eingefangen.
(Durch Download von Software über CDNet?)

Es poppt jedenfalls in unregelmäßigen Abständen rechts unten auf dem Bildschirm ein offensichtlich gefaktes Antivirus-Fenster muit folgendm Text auf:
"Ihr computer ist nicht gesichert [...]" und "Ein kostenloses backup ist verfügbar".

Das OS ist Vista Ultimate SP1.
Laufender Schutz sind AntiVir und OnlineArmor.

Vorinstalliert für Extra-Durchläufe habe ich außerdem SUPERAntiSpyware und Mbam.
Erfahrung (unter Anleitung) mit sämtlichen Hardcore-Tools besteht bereits.
Wenn auch nciht bei dieser Bedrohung ...

Bin für jede Hilfe zum Entfernen dankbar.

LG
Molto

Alt 23.11.2013, 15:37   #2
aharonov
/// TB-Ausbilder
 
System Care Antivirus - Standard

System Care Antivirus



Hi,

mach bitte einen FRST-Scan. Wenn dieser blockiert wird, dann führe ihn im abgesicherten Modus durch.


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 24.11.2013, 18:18   #3
MoltoBene
 
System Care Antivirus - Standard

System Care Antivirus



Hallo Aharonov,

vielen Dank, dass Du dich meines Problems annimmst.

Ich weiß deinen Einsatz sehr zu schätzen und hoffe, dass es den Rechner nicht allzu schlimm erwischt hat ...

Anbei die Textausgaben des FRST-Scans aus den entsprechenden Dateien.

FRST.txt:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-11-2013
Ran by [Nutzer] (ATTENTION: The logged in user is not administrator) on VIDEO-PC on 24-11-2013 17:57:11
Running from C:\Users\[Nutzer]\Desktop
Windows Vista (TM) Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oaui.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
(Dropbox, Inc.) C:\Users\[Nutzer]\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oahlp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-17] (Realtek Semiconductor)
HKLM\...\Run: [@OnlineArmor GUI] - C:\Program Files (x86)\Online Armor\oaui.exe [2415104 2012-10-02] (Emsisoft GmbH)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Runonce: [InstallShieldSetup] - C:\PROGRA~2\INSTAL~1\{3165E~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{3165E~1\reboot.ini [x]
HKLM-x32\...\Runonce: [InstallShieldSetup1] - C:\PROGRA~2\INSTAL~1\{3165E~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{3165E~1\reboot.ini [x]
HKLM-x32\...\RunOnce: [InnoSetupRegFile.0000000001] - "C:\Windows\is-93086.exe" /REG [1544704 2012-10-04] ()
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent [766536 2012-09-29] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [InnoSetupRegFile.0000000002] - "C:\Windows\is-QSNKT.exe" /REG [1544704 2013-01-26] ()
HKLM-x32\...\RunOnce: [InnoSetupRegFile.0000000003] - "C:\Windows\is-41LQ8.exe" /REG [1544704 2013-06-05] ()
HKLM-x32\...\Runonce: [InstallShieldSetup2] - C:\PROGRA~2\INSTAL~1\{72AD9~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{72AD9~1\reboot.ini [x]
HKLM-x32\...\RunOnce: [InnoSetupRegFile.0000000004] - "C:\Windows\is-1V0T0.exe" /REG [1544704 2013-08-14] ()
HKLM-x32\...\RunOnce: [InnoSetupRegFile.0000000005] - "C:\Windows\is-9HLPF.exe" /REG [1544704 2013-09-14] ()
HKCU\...\Run: [Google Update] - C:\Users\[Nutzer]\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-14] (Google Inc.)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [6604568 2013-11-20] (SUPERAntiSpyware)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\[Nutzer]\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-11-15] (Spotify Ltd)
HKCU\...\Run: [Spotify] - C:\Users\[Nutzer]\AppData\Roaming\Spotify\spotify.exe [5955072 2013-11-15] (Spotify Ltd)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe -update plugin [829832 2013-10-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Matrox PowerDesk] - C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Startup.exe [889352 2012-10-23] (Matrox Graphics Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-03-26] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\[Nutzer]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\[Nutzer]\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x70AE3D3940C3CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: outobox - {30f06672-0e95-41a9-80cb-dee386af99ad} - C:\Program Files (x86)\outobox\outoboxBHO.dll (outobox)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\[Nutzer]\AppData\Roaming\Mozilla\Firefox\Profiles\sum0togv.default
FF Homepage: https://www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @ilok.com/iLokHelper,version=3.1.0.7 - C:\Program Files (x86)\PACE Anti-Piracy\iLok\NPPaceILok.dll ( PACE Anti-Piracy, Inc)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\[Nutzer]\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\[Nutzer]\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: BYTubeD - Bulk YouTube video Downloader - C:\Users\[Nutzer]\AppData\Roaming\Mozilla\Firefox\Profiles\sum0togv.default\Extensions\bytubed@cs213.cse.iitk.ac.in
FF Extension: adblockpopups - C:\Users\[Nutzer]\AppData\Roaming\Mozilla\Firefox\Profiles\sum0togv.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: dta - C:\Users\[Nutzer]\AppData\Roaming\Mozilla\Firefox\Profiles\sum0togv.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "https://www.google.de/"
CHR Plugin: (Shockwave Flash) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Google Update) - C:\Users\[Nutzer]\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (ProxTube) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.4_0
CHR Extension: (YouTube) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (outobox) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjpdnoojnohifgekbkmnfbiobhcbedka\1.0.0_0
CHR Extension: (AdBlock) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0
CHR Extension: (New Tab Behavior) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjgjmlflcoalihhlikncfkoclobaemeg\1.0.1_0
CHR Extension: (FlashBlock) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_0
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0
CHR Extension: (Tiny MP3 Player - MP3 Link Music Player) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\User Data\Default\Extensions\klphnalhafkamjdgcmpmijohkkokajbg\1.3_0
CHR Extension: (Stop Autoplay for YouTube.) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdfnbpkmkkdhgidgcpdkgpdlfjcgnnh\0.11.5.24_0
CHR Extension: (Google Wallet) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Better Pop Up Blocker) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0
CHR HKLM-x32\...\Chrome\Extension: [fjpdnoojnohifgekbkmnfbiobhcbedka] - C:\Program Files (x86)\outobox\fjpdnoojnohifgekbkmnfbiobhcbedka.crx
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Admin\AppData\Local\Wajam\Chrome\wajam.crx

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2012-09-05] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-04] (Avira Operations GmbH & Co. KG)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
R2 hasplms; C:\Windows\system32\hasplms.exe [4889032 2011-12-30] (SafeNet Inc.)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2012-12-12] (Nero AG)
R2 iphlpsvc; C:\Windows\System32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
S2 Matrox.Pdesk3.ServicesHost; C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Services.exe [3867656 2012-10-23] (Matrox Graphics Inc)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R2 OAcat; C:\Program Files (x86)\Online Armor\OAcat.exe [216072 2012-10-02] (Emsisoft GmbH)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [93048 2007-01-25] (CACE Technologies)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1326176 2012-07-25] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [681056 2012-07-25] (Secunia)
R2 SvcOnlineArmor; C:\Program Files (x86)\Online Armor\oasrv.exe [4463864 2012-10-02] (Emsisoft GmbH)
R2 Update outobox; C:\Program Files (x86)\outobox\updateoutobox.exe [66840 2013-11-12] ()
R2 Util outobox; C:\Program Files (x86)\outobox\bin\utiloutobox.exe [66840 2013-11-23] ()
S2 WajamUpdaterV3; C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe [114176 2013-11-20] (Wajam)
R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u https://activation.paceap.com/InitiateActivation [x]
S3 RpcLocator; %SystemRoot%\system32\locator.exe [x]

==================== Drivers (Whitelisted) ====================

S3 acsint; C:\Windows\System32\DRIVERS\acsint64.sys [49104 2013-03-26] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux64.sys [73168 2013-03-26] (Cisco Systems, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-05] (Avira Operations GmbH & Co. KG)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
U4 Htcdrmthuns; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] ()
S3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [25808 2013-04-11] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-10-31] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [40208 2007-01-25] (CACE Technologies)
R1 OADevice; C:\Windows\SysWow64\Drivers\OADriver.sys [61632 2012-10-02] ()
R1 oahlpXX; C:\Windows\syswow64\drivers\oahlp64.sys [62016 2012-10-02] ()
R1 OAmon; C:\Windows\SysWOW64\Drivers\OAmon.sys [40520 2012-10-02] (Emsisoft)
R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [32920 2012-02-10] (Emsisoft)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)
S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [29472 2010-01-14] (Windows (R) Codename Longhorn DDK provider)
S3 ATICDSDr; \??\C:\Users\Admin\AppData\Local\Temp\ATICDSDr.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-24 17:57 - 2013-11-24 17:58 - 00019578 _____ C:\Users\[Nutzer]\Desktop\FRST.txt
2013-11-24 17:56 - 2013-11-24 17:56 - 00000000 ____D C:\FRST
2013-11-24 17:54 - 2013-11-24 17:47 - 01958440 _____ (Farbar) C:\Users\[Nutzer]\Desktop\FRST64.exe
2013-11-24 17:47 - 2013-11-24 17:48 - 00000000 ____D C:\Users\[Nutzer]\Desktop\Threat - System Care Antivirus
2013-11-24 17:29 - 2013-11-24 17:29 - 105952601 _____ C:\Windows\SysWOW64\䣠쟏輼¾
2013-11-23 15:14 - 2013-11-23 15:14 - 00000000 ____D C:\Users\[Nutzer]\Screensaver
2013-11-22 13:21 - 2013-11-22 13:21 - 00000000 ____D C:\Users\[Nutzer]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Power Tab Software
2013-11-22 13:21 - 2013-11-22 13:21 - 00000000 ____D C:\Program Files (x86)\Power Tab Software
2013-11-22 13:18 - 2003-08-20 06:06 - 02512896 _____ C:\Users\[Nutzer]\Downloads\PTEditor17.msi
2013-11-22 13:18 - 2003-08-20 06:05 - 00000041 _____ C:\Users\[Nutzer]\Downloads\Setup.Ini
2013-11-22 13:18 - 2002-01-05 07:46 - 00065536 _____ (Microsoft Corporation) C:\Users\[Nutzer]\Downloads\Setup.Exe
2013-11-22 13:18 - 2001-09-25 15:05 - 01707856 _____ (Microsoft Corporation) C:\Users\[Nutzer]\Downloads\InstMsiA.Exe
2013-11-22 13:18 - 2001-09-11 18:04 - 01821008 _____ (Microsoft Corporation) C:\Users\[Nutzer]\Downloads\InstMsiW.Exe
2013-11-22 13:16 - 2013-11-23 14:08 - 00000000 ____D C:\Program Files (x86)\outobox
2013-11-22 13:15 - 2013-11-22 13:16 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-11-22 13:15 - 2013-11-22 13:15 - 00422350 _____ C:\Users\Admin\AppData\Local\dd_vcredistMSI789D.txt
2013-11-22 13:15 - 2013-11-22 13:15 - 00000926 _____ C:\Users\Admin\Desktop\MyPC Backup.lnk
2013-11-22 13:15 - 2013-11-22 13:15 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-11-22 13:14 - 2013-11-22 13:15 - 00014322 _____ C:\Users\Admin\AppData\Local\dd_vcredistUI789D.txt
2013-11-22 13:13 - 2013-11-22 13:13 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
2013-11-22 13:13 - 2013-11-22 13:13 - 00000000 ____D C:\Users\Admin\AppData\Local\Wajam
2013-11-22 13:12 - 2013-11-22 13:14 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-11-22 13:10 - 2013-11-22 13:17 - 05917258 _____ C:\Users\[Nutzer]\Downloads\powertab.zip
2013-11-22 13:09 - 2013-11-22 13:09 - 00923784 _____ (CNET Download.com) C:\Users\[Nutzer]\Downloads\cbsidlm-cbsi145-Power_Tab_Editor-ORG-10502034.exe
2013-11-22 13:02 - 2013-11-22 13:02 - 00618912 _____ C:\Users\[Nutzer]\Downloads\power-tab-editor-1-7.exe
2013-11-22 12:28 - 2013-11-22 12:28 - 00494192 _____ () C:\Users\[Nutzer]\Downloads\Winfy.exe
2013-11-17 17:56 - 2013-11-17 17:56 - 00000001 _____ C:\Users\Admin\AppData\Local\llftool.4.30.agreement
2013-11-17 17:55 - 2013-11-17 17:55 - 02043392 _____ C:\Users\[Nutzer]\Downloads\HDDLLF.4.30.exe
2013-11-17 17:55 - 2013-11-17 17:55 - 00000001 _____ C:\Users\[Nutzer]\AppData\Local\llftool.4.30.agreement
2013-11-17 17:53 - 2013-11-17 17:53 - 00098304 _____ (Hewlett-Packard Company) C:\Users\[Nutzer]\Downloads\HPUSBFW_v2.2.3.exe
2013-11-16 11:11 - 2013-11-16 11:11 - 104513208 _____ C:\Windows\SysWOW64\ⰳ䒺輼ª
2013-11-15 08:57 - 2013-11-15 10:31 - 00033333 _____ C:\Users\[Nutzer]\temp.aup
2013-11-15 08:57 - 2013-11-15 08:57 - 00000000 ____D C:\Users\[Nutzer]\temp_data
2013-11-12 11:48 - 2013-11-15 13:33 - 00000355 _____ C:\Users\[Nutzer]\Desktop\temp.txt
2013-11-07 16:17 - 2013-11-07 16:17 - 00000000 ____D C:\Users\[Nutzer]\Documents\Adobe
2013-11-06 11:48 - 2013-11-06 11:48 - 00091888 _____ C:\Users\[Nutzer]\Documents\R-nr.79743.xlsx
2013-11-01 18:57 - 2013-11-01 20:14 - 00034304 ____H C:\Users\[Nutzer]\Desktop\~WRL3437.tmp
2013-11-01 18:57 - 2013-11-01 20:14 - 00034304 ____H C:\Users\[Nutzer]\Desktop\~WRL2974.tmp
2013-11-01 18:57 - 2013-11-01 20:14 - 00034304 ____H C:\Users\[Nutzer]\Desktop\~WRL2463.tmp
2013-11-01 18:57 - 2013-11-01 20:14 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL2263.tmp
2013-11-01 18:57 - 2013-11-01 20:12 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL3739.tmp
2013-11-01 18:57 - 2013-11-01 20:12 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL1742.tmp
2013-11-01 18:57 - 2013-11-01 20:12 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL0566.tmp
2013-11-01 18:57 - 2013-11-01 20:11 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL1319.tmp
2013-11-01 18:57 - 2013-11-01 20:11 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL0622.tmp
2013-11-01 18:57 - 2013-11-01 20:10 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL2703.tmp
2013-10-30 19:28 - 2013-11-23 14:32 - 00000000 ____D C:\Users\[Nutzer]\AppData\Local\Spotify
2013-10-30 19:28 - 2013-11-23 14:31 - 00000000 ____D C:\Users\[Nutzer]\AppData\Roaming\Spotify
2013-10-30 19:28 - 2013-10-30 19:40 - 00001721 _____ C:\Users\[Nutzer]\Desktop\Spotify.lnk
2013-10-30 19:28 - 2013-10-30 19:40 - 00001707 _____ C:\Users\[Nutzer]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-10-30 19:28 - 2013-10-30 19:28 - 27576432 _____ (Spotify Ltd) C:\Users\[Nutzer]\Downloads\Spotify Installer.exe
2013-10-28 18:22 - 2013-11-22 17:26 - 00000000 ____D C:\Users\[Nutzer]\Documents\FIFA 14
2013-10-28 18:21 - 2013-10-28 18:21 - 00001077 _____ C:\Users\Public\Desktop\FIFA 14.lnk
2013-10-28 17:50 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-10-28 17:50 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-10-28 17:50 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-10-28 17:50 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-10-28 17:49 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-10-28 17:49 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2013-10-28 17:49 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-10-28 17:49 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-10-28 17:49 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2013-10-28 17:49 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-10-28 17:49 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2013-10-28 17:49 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-10-28 17:49 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-10-28 17:49 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-10-28 17:49 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2013-10-28 17:49 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-10-28 17:49 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-10-28 17:49 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2013-10-28 17:49 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2013-10-28 17:49 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-10-28 17:49 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2013-10-28 17:49 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-10-28 17:49 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2013-10-28 17:49 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2013-10-28 17:49 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-10-28 17:49 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2013-10-28 17:49 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2013-10-28 17:49 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2013-10-28 17:49 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2013-10-28 17:49 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-10-28 17:49 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2013-10-28 17:49 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2013-10-28 17:49 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-10-28 17:49 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-10-28 17:49 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2013-10-28 17:49 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-10-28 17:49 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2013-10-28 17:49 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-10-28 17:49 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2013-10-28 17:49 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2013-10-28 17:49 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2013-10-28 17:49 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2013-10-28 17:49 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2013-10-28 17:49 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2013-10-28 17:49 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2013-10-28 17:49 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-10-28 17:49 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2013-10-28 17:49 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2013-10-28 17:49 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2013-10-28 17:49 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2013-10-28 17:49 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2013-10-28 17:49 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-10-28 17:49 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-10-28 17:49 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2013-10-28 17:49 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2013-10-28 17:49 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-10-28 17:49 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2013-10-28 17:49 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-10-28 17:49 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2013-10-28 17:49 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2013-10-28 17:49 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2013-10-28 17:49 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-10-28 17:49 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2013-10-28 17:49 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2013-10-28 17:49 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-10-28 17:49 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2013-10-28 17:49 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2013-10-28 17:49 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-10-28 17:49 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2013-10-28 17:49 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-10-28 17:49 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-10-28 17:49 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2013-10-28 17:49 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-10-28 17:49 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2013-10-28 17:49 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-10-28 17:49 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2013-10-28 17:49 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2013-10-28 17:49 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2013-10-28 17:49 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2013-10-28 17:49 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2013-10-28 17:49 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2013-10-28 17:49 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2013-10-28 17:49 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2013-10-28 17:49 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2013-10-28 17:49 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2013-10-28 17:49 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2013-10-28 17:49 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2013-10-28 17:49 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2013-10-28 17:49 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2013-10-28 17:49 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2013-10-28 17:49 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2013-10-28 17:49 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2013-10-28 17:49 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2013-10-28 17:49 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2013-10-28 17:49 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2013-10-28 17:49 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2013-10-28 17:49 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2013-10-28 17:49 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2013-10-28 17:49 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2013-10-28 17:49 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2013-10-28 17:49 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2013-10-28 17:49 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2013-10-28 17:49 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2013-10-28 17:49 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2013-10-28 17:49 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2013-10-28 17:49 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2013-10-28 17:49 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2013-10-28 17:49 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2013-10-28 17:49 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2013-10-28 17:49 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2013-10-28 17:49 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2013-10-28 17:49 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2013-10-28 17:49 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2013-10-28 17:49 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2013-10-28 17:49 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2013-10-28 17:49 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2013-10-28 17:49 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2013-10-28 17:49 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2013-10-28 17:49 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2013-10-28 17:49 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2013-10-28 17:49 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2013-10-28 17:49 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2013-10-28 17:48 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2013-10-28 17:48 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2013-10-28 17:48 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2013-10-28 17:48 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2013-10-28 17:48 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2013-10-28 17:48 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2013-10-28 17:48 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2013-10-28 17:48 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2013-10-28 17:48 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2013-10-28 17:48 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2013-10-28 17:48 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2013-10-28 17:48 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2013-10-28 17:48 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2013-10-28 17:48 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-10-28 17:48 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2013-10-28 17:48 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2013-10-28 17:48 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2013-10-28 17:48 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2013-10-28 17:48 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2013-10-28 17:48 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2013-10-28 17:48 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2013-10-28 17:48 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2013-10-28 17:48 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2013-10-28 17:48 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-10-28 17:48 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2013-10-28 17:48 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2013-10-28 17:48 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2013-10-28 17:48 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2013-10-28 17:48 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2013-10-28 17:48 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2013-10-28 17:48 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2013-10-28 17:48 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2013-10-28 17:48 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2013-10-28 17:48 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2013-10-28 17:48 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2013-10-28 17:48 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2013-10-28 17:48 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2013-10-28 17:48 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2013-10-28 17:48 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2013-10-28 17:48 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2013-10-28 17:48 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2013-10-28 17:48 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2013-10-28 17:48 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2013-10-28 17:48 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2013-10-28 17:48 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2013-10-28 17:48 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2013-10-28 17:48 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2013-10-28 17:48 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2013-10-28 17:48 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2013-10-28 17:48 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2013-10-28 17:48 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2013-10-28 17:48 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-10-28 17:48 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2013-10-28 17:48 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2013-10-28 17:48 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2013-10-28 17:48 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2013-10-28 17:48 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2013-10-28 17:48 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2013-10-28 08:44 - 2013-10-28 14:43 - 103734365 _____ C:\Windows\SysWOW64\⻳蠺輼¸

==================== One Month Modified Files and Folders =======

2013-11-24 17:58 - 2013-11-24 17:57 - 00019578 _____ C:\Users\[Nutzer]\Desktop\FRST.txt
2013-11-24 17:56 - 2013-11-24 17:56 - 00000000 ____D C:\FRST
2013-11-24 17:51 - 2013-10-07 08:09 - 00002836 _____ C:\Users\[Nutzer]\Desktop\Do It.txt
2013-11-24 17:48 - 2013-11-24 17:47 - 00000000 ____D C:\Users\[Nutzer]\Desktop\Threat - System Care Antivirus
2013-11-24 17:47 - 2013-11-24 17:54 - 01958440 _____ (Farbar) C:\Users\[Nutzer]\Desktop\FRST64.exe
2013-11-24 17:47 - 2006-11-02 16:21 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-24 17:47 - 2006-11-02 16:21 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-24 17:29 - 2013-11-24 17:29 - 105952601 _____ C:\Windows\SysWOW64\䣠쟏輼¾
2013-11-24 17:29 - 2008-01-21 02:53 - 02082997 _____ C:\Windows\WindowsUpdate.log
2013-11-24 17:28 - 2012-08-14 13:58 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2107122012-3887617209-2813249809-1000UA.job
2013-11-23 15:16 - 2012-08-18 17:10 - 00111104 _____ C:\Users\[Nutzer]\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-23 15:14 - 2013-11-23 15:14 - 00000000 ____D C:\Users\[Nutzer]\Screensaver
2013-11-23 15:14 - 2012-08-14 22:16 - 00000000 ____D C:\Users\[Nutzer]
2013-11-23 15:08 - 2012-08-14 22:22 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2107122012-3887617209-2813249809-1001UA.job
2013-11-23 15:01 - 2012-08-15 10:14 - 00000000 ____D C:\Users\[Nutzer]\AppData\Roaming\Dropbox
2013-11-23 14:59 - 2013-07-06 08:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-23 14:32 - 2013-10-30 19:28 - 00000000 ____D C:\Users\[Nutzer]\AppData\Local\Spotify
2013-11-23 14:31 - 2013-10-30 19:28 - 00000000 ____D C:\Users\[Nutzer]\AppData\Roaming\Spotify
2013-11-23 14:08 - 2013-11-22 13:16 - 00000000 ____D C:\Program Files (x86)\outobox
2013-11-22 17:26 - 2013-10-28 18:22 - 00000000 ____D C:\Users\[Nutzer]\Documents\FIFA 14
2013-11-22 16:37 - 2012-11-06 18:50 - 00000000 ____D C:\Program Files (x86)\Origin
2013-11-22 16:37 - 2012-08-14 22:18 - 00093296 _____ C:\Users\[Nutzer]\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-22 14:36 - 2012-11-30 14:25 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-11-22 13:36 - 2012-08-13 17:37 - 00093296 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-22 13:21 - 2013-11-22 13:21 - 00000000 ____D C:\Users\[Nutzer]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Power Tab Software
2013-11-22 13:21 - 2013-11-22 13:21 - 00000000 ____D C:\Program Files (x86)\Power Tab Software
2013-11-22 13:21 - 2006-11-02 14:33 - 00000000 ____D C:\Windows\Help
2013-11-22 13:17 - 2013-11-22 13:10 - 05917258 _____ C:\Users\[Nutzer]\Downloads\powertab.zip
2013-11-22 13:16 - 2013-11-22 13:15 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-11-22 13:15 - 2013-11-22 13:15 - 00422350 _____ C:\Users\Admin\AppData\Local\dd_vcredistMSI789D.txt
2013-11-22 13:15 - 2013-11-22 13:15 - 00000926 _____ C:\Users\Admin\Desktop\MyPC Backup.lnk
2013-11-22 13:15 - 2013-11-22 13:15 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-11-22 13:15 - 2013-11-22 13:14 - 00014322 _____ C:\Users\Admin\AppData\Local\dd_vcredistUI789D.txt
2013-11-22 13:15 - 2012-08-13 17:37 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-22 13:14 - 2013-11-22 13:12 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-11-22 13:13 - 2013-11-22 13:13 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
2013-11-22 13:13 - 2013-11-22 13:13 - 00000000 ____D C:\Users\Admin\AppData\Local\Wajam
2013-11-22 13:09 - 2013-11-22 13:09 - 00923784 _____ (CNET Download.com) C:\Users\[Nutzer]\Downloads\cbsidlm-cbsi145-Power_Tab_Editor-ORG-10502034.exe
2013-11-22 13:02 - 2013-11-22 13:02 - 00618912 _____ C:\Users\[Nutzer]\Downloads\power-tab-editor-1-7.exe
2013-11-22 12:54 - 2012-08-15 09:22 - 00000000 ____D C:\Users\[Nutzer]\Desktop\privat
2013-11-22 12:28 - 2013-11-22 12:28 - 00494192 _____ () C:\Users\[Nutzer]\Downloads\Winfy.exe
2013-11-22 11:39 - 2008-01-21 11:47 - 01418806 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-22 11:39 - 2008-01-21 11:46 - 00618204 _____ C:\Windows\system32\perfh007.dat
2013-11-22 11:39 - 2008-01-21 11:46 - 00122636 _____ C:\Windows\system32\perfc007.dat
2013-11-22 10:29 - 2012-08-14 13:58 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2107122012-3887617209-2813249809-1000Core.job
2013-11-22 09:20 - 2012-08-18 17:14 - 00000000 ____D C:\Users\[Nutzer]\AppData\Roaming\vlc
2013-11-22 09:02 - 2013-01-26 12:23 - 00000000 ____D C:\Users\[Nutzer]\AppData\Local\JDownloader 2.0
2013-11-21 21:08 - 2012-08-14 22:22 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2107122012-3887617209-2813249809-1001Core.job
2013-11-21 18:04 - 2013-02-19 10:29 - 00000000 ____D C:\Users\[Nutzer]\Desktop\[Firma]
2013-11-17 17:56 - 2013-11-17 17:56 - 00000001 _____ C:\Users\Admin\AppData\Local\llftool.4.30.agreement
2013-11-17 17:55 - 2013-11-17 17:55 - 02043392 _____ C:\Users\[Nutzer]\Downloads\HDDLLF.4.30.exe
2013-11-17 17:55 - 2013-11-17 17:55 - 00000001 _____ C:\Users\[Nutzer]\AppData\Local\llftool.4.30.agreement
2013-11-17 17:53 - 2013-11-17 17:53 - 00098304 _____ (Hewlett-Packard Company) C:\Users\[Nutzer]\Downloads\HPUSBFW_v2.2.3.exe
2013-11-17 16:20 - 2012-08-16 14:13 - 00000000 ____D C:\Users\[Nutzer]\AppData\Roaming\Adobe
2013-11-17 16:20 - 2012-08-16 14:03 - 00000000 ____D C:\ProgramData\Adobe
2013-11-17 16:18 - 2012-08-13 17:36 - 00000000 ____D C:\Users\Admin
2013-11-16 13:16 - 2012-08-14 15:26 - 00000000 ____D C:\Program Files (x86)\Online Armor
2013-11-16 13:14 - 2013-03-08 14:54 - 00000000 ____D C:\Users\[Nutzer]\AppData\Local\HTC MediaHub
2013-11-16 13:11 - 2012-09-21 14:45 - 00000000 ____D C:\ProgramData\PACE
2013-11-16 13:10 - 2006-11-02 16:40 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-16 11:11 - 2013-11-16 11:11 - 104513208 _____ C:\Windows\SysWOW64\ⰳ䒺輼ª
2013-11-15 13:33 - 2013-11-12 11:48 - 00000355 _____ C:\Users\[Nutzer]\Desktop\temp.txt
2013-11-15 10:32 - 2012-09-04 22:13 - 00000000 ____D C:\Users\[Nutzer]\AppData\Roaming\Audacity
2013-11-15 10:31 - 2013-11-15 08:57 - 00033333 _____ C:\Users\[Nutzer]\temp.aup
2013-11-15 08:57 - 2013-11-15 08:57 - 00000000 ____D C:\Users\[Nutzer]\temp_data
2013-11-14 22:58 - 2013-09-22 18:20 - 00000000 ____D C:\Users\[Nutzer]\Desktop\for Kindle
2013-11-07 16:17 - 2013-11-07 16:17 - 00000000 ____D C:\Users\[Nutzer]\Documents\Adobe
2013-11-06 17:16 - 2012-08-14 20:46 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-11-06 11:48 - 2013-11-06 11:48 - 00091888 _____ C:\Users\[Nutzer]\Documents\R-nr.79743.xlsx
2013-11-04 14:40 - 2012-08-16 08:49 - 00000925 _____ C:\Users\[Nutzer]\Desktop\Dropbox.lnk
2013-11-04 14:40 - 2012-08-16 08:48 - 00000000 ____D C:\Users\[Nutzer]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-11-04 14:40 - 2012-08-14 22:18 - 00000000 ___RD C:\Users\[Nutzer]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-01 20:14 - 2013-11-01 18:57 - 00034304 ____H C:\Users\[Nutzer]\Desktop\~WRL3437.tmp
2013-11-01 20:14 - 2013-11-01 18:57 - 00034304 ____H C:\Users\[Nutzer]\Desktop\~WRL2974.tmp
2013-11-01 20:14 - 2013-11-01 18:57 - 00034304 ____H C:\Users\[Nutzer]\Desktop\~WRL2463.tmp
2013-11-01 20:14 - 2013-11-01 18:57 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL2263.tmp
2013-11-01 20:12 - 2013-11-01 18:57 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL3739.tmp
2013-11-01 20:12 - 2013-11-01 18:57 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL1742.tmp
2013-11-01 20:12 - 2013-11-01 18:57 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL0566.tmp
2013-11-01 20:11 - 2013-11-01 18:57 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL1319.tmp
2013-11-01 20:11 - 2013-11-01 18:57 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL0622.tmp
2013-11-01 20:10 - 2013-11-01 18:57 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL2703.tmp
2013-10-30 19:40 - 2013-10-30 19:28 - 00001721 _____ C:\Users\[Nutzer]\Desktop\Spotify.lnk
2013-10-30 19:40 - 2013-10-30 19:28 - 00001707 _____ C:\Users\[Nutzer]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-10-30 19:28 - 2013-10-30 19:28 - 27576432 _____ (Spotify Ltd) C:\Users\[Nutzer]\Downloads\Spotify Installer.exe
2013-10-28 18:48 - 2012-08-15 07:42 - 00000000 ____D C:\Users\[Nutzer]\Documents\FIFA 12
2013-10-28 18:22 - 2012-08-14 20:45 - 00000000 ____D C:\ProgramData\Origin
2013-10-28 18:21 - 2013-10-28 18:21 - 00001077 _____ C:\Users\Public\Desktop\FIFA 14.lnk
2013-10-28 18:20 - 2012-08-14 22:54 - 00044405 _____ C:\Windows\DirectX.log
2013-10-28 14:43 - 2013-10-28 08:44 - 103734365 _____ C:\Windows\SysWOW64\⻳蠺輼¸

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\12-6_vista_win7_64_dd_ccc.exe
C:\Users\Admin\AppData\Local\Temp\AskSLib.dll
C:\Users\Admin\AppData\Local\Temp\BackupSetup.exe
C:\Users\Admin\AppData\Local\Temp\FreemakeVideoConverter_3.1.1.3.exe
C:\Users\Admin\AppData\Local\Temp\FreemakeVideoConverter_3.1.2.0.exe
C:\Users\Admin\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Admin\AppData\Local\Temp\_is4D06.exe
C:\Users\[Nutzer]\AppData\Local\Temp\AskSLib.dll
C:\Users\[Nutzer]\AppData\Local\Temp\flac.exe
C:\Users\[Nutzer]\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\[Nutzer]\AppData\Local\Temp\i4jdel0.exe
C:\Users\[Nutzer]\AppData\Local\Temp\lame.exe
C:\Users\[Nutzer]\AppData\Local\Temp\MAC.exe
C:\Users\[Nutzer]\AppData\Local\Temp\mp3el2.exe
C:\Users\[Nutzer]\AppData\Local\Temp\oggdec.exe
C:\Users\[Nutzer]\AppData\Local\Temp\oggenc.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-11-2013
Ran by [Nutzer] at 2013-11-24 17:58:52
Running from C:\Users\[Nutzer]\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
ACDPlayer (x32)
Adobe AIR (x32 Version: 3.8.0.870)
Adobe Creative Suite (x32 Version: 1.1.1)
Adobe Download Assistant (x32 Version: 1.2)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Adobe Widget Browser (x32 Version: 2.0 Build 348)
Adobe Widget Browser (x32 Version: 2.0.348)
AMD APP SDK Runtime (Version: 10.0.938.1)
AMD Catalyst Install Manager (Version: 8.0.881.0)
Any Audio Converter 4.0.1 (x32)
Any Video Converter 3.4.2 (x32)
Any Video Converter 5 5.0.4 (x32)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (x32 Version: 2.1.3.127)
ASIO4ALL (x32 Version: 2.11 Beta1)
Audacity 2.0.2 (x32 Version: 2.0.2)
Audiograbber 1.83 SE  (x32 Version: 1.83 SE )
Audiograbber MP3-Plugin (x32 Version: 1.0)
AudioPlayer 1.8 (x32)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
bl (x32 Version: 1.0.0)
Blue Cat's FreqAnalyst VST-x64 2.02 (Version: 2.02)
Bonjour (Version: 3.0.0.10)
calibre 64bit (Version: 1.3.0)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.0611.1251.21046)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0611.1251.21046)
Catalyst Control Center InstallProxy (x32 Version: 2012.0611.1251.21046)
Catalyst Control Center Localization All (x32 Version: 2012.0611.1251.21046)
CCC Help Chinese Standard (x32 Version: 2012.0611.1250.21046)
CCC Help Chinese Traditional (x32 Version: 2012.0611.1250.21046)
CCC Help Czech (x32 Version: 2012.0611.1250.21046)
CCC Help Danish (x32 Version: 2012.0611.1250.21046)
CCC Help Dutch (x32 Version: 2012.0611.1250.21046)
CCC Help English (x32 Version: 2012.0611.1250.21046)
CCC Help Finnish (x32 Version: 2012.0611.1250.21046)
CCC Help French (x32 Version: 2012.0611.1250.21046)
CCC Help German (x32 Version: 2012.0611.1250.21046)
CCC Help Greek (x32 Version: 2012.0611.1250.21046)
CCC Help Hungarian (x32 Version: 2012.0611.1250.21046)
CCC Help Italian (x32 Version: 2012.0611.1250.21046)
CCC Help Japanese (x32 Version: 2012.0611.1250.21046)
CCC Help Korean (x32 Version: 2012.0611.1250.21046)
CCC Help Norwegian (x32 Version: 2012.0611.1250.21046)
CCC Help Polish (x32 Version: 2012.0611.1250.21046)
CCC Help Portuguese (x32 Version: 2012.0611.1250.21046)
CCC Help Russian (x32 Version: 2012.0611.1250.21046)
CCC Help Spanish (x32 Version: 2012.0611.1250.21046)
CCC Help Swedish (x32 Version: 2012.0611.1250.21046)
CCC Help Thai (x32 Version: 2012.0611.1250.21046)
CCC Help Turkish (x32 Version: 2012.0611.1250.21046)
ccc-utility64 (Version: 2012.0611.1251.21046)
CCleaner (Version: 3.22)
CDBurnerXP (x32 Version: 4.5.2.4291)
Cisco AnyConnect Secure Mobility Client  (x32 Version: 3.1.03103)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.03103)
Cool & Quiet (x32)
Dropbox (HKCU Version: 2.4.6)
eLicenser Control (x32)
ElsterFormular (x32 Version: 14.4.20130909)
FIFA 14 (x32 Version: 1.0.0.3)
FileZilla Client 3.5.3 (x32 Version: 3.5.3)
Free Google Books Downloader (x32 Version: 1.3.1.0)
Google Chrome (HKCU Version: 31.0.1650.57)
HTC Driver Installer (x32 Version: 4.0.1.002)
HTC Sync Manager (x32 Version: 1.1.87.0)
IK Multimedia Authorization Manager version 1.0.9 (Version: 1.0.9)
iLok Client Helper (x32 Version: 5.9.1)
IPTInstaller (x32 Version: 4.0.8)
iTunes (Version: 10.6.3.25)
Java 7 Update 7 (64-bit) (Version: 7.0.70)
Java 7 Update 9 (x32 Version: 7.0.90)
Java Auto Updater (x32 Version: 2.1.9.0)
Java SE Development Kit 7 Update 6 (64-bit) (Version: 1.7.0.60)
Java SE Development Kit 7 Update 6 (x32 Version: 1.7.0.60)
Java SE Development Kit 7 Update 7 (64-bit) (Version: 1.7.0.70)
JDownloader 0.9 (x32 Version: 0.9)
JDownloader 2.0 (x32 Version: 2.0)
Kyocera Product Library (Version: 2.0.0713)
LAME v3.99.3 (for Windows) (x32)
LeechFTP  (x32)
Magic ISO Maker v5.5 (build 0281) (x32)
MagicDisc 2.7.106 (x32)
Malwarebytes Anti-Malware Version 1.65.1.1000 (x32 Version: 1.65.1.1000)
Matrox PowerDesk (Version: 1.15.2032.1023 2.08.01 GXM)
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (x32 Version: 12.0.4518.1014)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Office Word Viewer 2003 (x32 Version: 11.0.8173.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MuseScore 1.3 (x32 Version: 1.3.0)
MyPC Backup  (Version: )
Online Armor 6.0 (x32 Version: 6.0)
Origin (x32 Version: 9.0.15.65)
outobox 2013.11.12.181539 (Version: 2013.11.12.181539)
PACE License Support Win64 (Version: 2.1.0.0279)
PACE License Support Win64 (x32 Version: 2.1.0.0279)
Panda USB Vaccine 1.0.1.4 (x32)
Paragon Backup & Recovery™ 2012 Free (x32 Version: 90.00.0003)
Pazera Free Audio Extractor 1.4 (x32 Version: 1.4)
PDF Settings CS6 (x32 Version: 11.0)
PDF-XChange Lite 2012 (Version: 5.0.266.0)
ph (x32 Version: 1.0.0)
Phase 5 HTML-Editor (x32 Version: 5.6.2.3)
PhotoDose 4.5 (x32)
Power Tab Editor 1.7 (x32 Version: 1.7.0)
PreSonus Studio One 2 x64 (Version: 2.5.2.22258)
QuickTime (x32 Version: 7.74.80.86)
RAIDXpert (x32 Version: 3.3.1540.19)
Realtek Ethernet Controller Driver For Windows Vista (x32 Version: 6.235.304.2010)
Realtek Ethernet Diagnostic Utility (x32 Version: 1.00.0000)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6069)
REAPER (x64)
Secunia PSI (3.0.0.3001) (x32 Version: 3.0.0.3001)
SketchUp 8 (x32 Version: 3.0.16846)
SmartFTP Client Setup Files 4.1 (x64) (remove only) (x32 Version: 4.1)
Spotify (HKCU Version: 0.9.6.72.ge389c074)
SUPERAntiSpyware (Version: 5.6.1014)
TreeSize Free V2.7 (x32 Version: 2.7)
Ultimate Extras sounds from Microsoft® Tinker™
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1)
URL Snooper v2.17.01 (x32)
VideoPad Videobearbeitungs-Software (HKCU)
Visual C++ 64-bit Redistributables (Version: 1.2.0.5555)
Visual C++ 64-bit Redistributables (x32 Version: 1.2.0.5555)
Visual C++ Redistributables (x32 Version: 1.2.0.5555)
VLC media player 2.0.3 (x32 Version: 2.0.3)
Wajam (x32 Version: 2.06)
Windows-Soundschemas
WinPcap 4.0 (x32 Version: 4.0.0.755)
WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0)
Zope External Editor 1.0.0 (x32 Version: 1.0.0)

==================== Restore Points  =========================

Could not list Restore Points. Check WMI.


==================== Hosts content: ==========================

2006-11-02 13:34 - 2006-09-18 22:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2107122012-3887617209-2813249809-1000Core.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2107122012-3887617209-2813249809-1000UA.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2107122012-3887617209-2813249809-1001Core.job => C:\Users\[Nutzer]\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2107122012-3887617209-2813249809-1001UA.job => C:\Users\[Nutzer]\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-06-11 17:24 - 2012-06-11 17:24 - 00045056 _____ () C:\Windows\system32\atitmp64.dll
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\PACE:AB88C7C0634EB5D0
AlternateDataStreams: C:\Users\[Nutzer]\Cookies:y5cLsF9hUG8kFpLkt6gmn
AlternateDataStreams: C:\Users\[Nutzer]\Lokale Einstellungen:L4no5DlQ7Yg3SSB6yk
AlternateDataStreams: C:\Users\[Nutzer]\AppData\Local:L4no5DlQ7Yg3SSB6yk
AlternateDataStreams: C:\Users\[Nutzer]\AppData\Local\Anwendungsdaten:L4no5DlQ7Yg3SSB6yk

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/23/2013 03:46:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12480

Error: (11/23/2013 03:46:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12480

Error: (11/23/2013 03:46:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/23/2013 03:46:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11481

Error: (11/23/2013 03:46:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11481

Error: (11/23/2013 03:46:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/23/2013 03:46:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10483

Error: (11/23/2013 03:46:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10483

Error: (11/23/2013 03:46:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/23/2013 03:46:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9469


System errors:
=============
Error: (11/23/2013 01:59:04 PM) (Source: Service Control Manager) (User: )
Description: WajamUpdaterV3%%2

Error: (11/22/2013 01:11:00 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (11/20/2013 07:10:10 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (11/18/2013 01:28:33 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (11/17/2013 05:55:47 PM) (Source: DCOM) (User: Video-PC)
Description: AnwendungsspezifischLokalAktivierung{7D1933CB-86F6-4A98-8628-01BE94C9A575}Video-PC[Nutzer]S-1-5-21-2107122012-3887617209-2813249809-1001LocalHost (unter Verwendung von LRPC)

Error: (11/17/2013 05:55:47 PM) (Source: DCOM) (User: Video-PC)
Description: AnwendungsspezifischLokalAktivierung{7D1933CB-86F6-4A98-8628-01BE94C9A575}Video-PC[Nutzer]S-1-5-21-2107122012-3887617209-2813249809-1001LocalHost (unter Verwendung von LRPC)

Error: (11/17/2013 04:25:51 PM) (Source: VDS Basic Provider) (User: )
Description: Sektoren auf Datenträger "\\?\PhysicalDrive2" können nicht auf null gesetzt werden. Fehlercode: \\?\PhysicalDrive2

Error: (11/17/2013 04:14:39 PM) (Source: Microsoft-Windows-BitLocker-Driver) (User: NT-AUTORITÄT)
Description: 0xc000000dG:0x0

Error: (11/16/2013 01:17:14 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (11/16/2013 01:16:10 PM) (Source: Service Control Manager) (User: )
Description: Windows Update


Microsoft Office Sessions:
=========================
Error: (11/23/2013 03:46:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12480

Error: (11/23/2013 03:46:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12480

Error: (11/23/2013 03:46:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/23/2013 03:46:46 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11481

Error: (11/23/2013 03:46:46 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11481

Error: (11/23/2013 03:46:46 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/23/2013 03:46:45 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10483

Error: (11/23/2013 03:46:45 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10483

Error: (11/23/2013 03:46:45 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/23/2013 03:46:44 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9469


CodeIntegrity Errors:
===================================
  Date: 2013-11-24 17:58:10.373
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-24 17:58:10.327
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-24 17:58:10.295
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-24 17:58:10.264
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-24 17:58:10.217
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-24 17:58:10.186
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-24 17:58:10.139
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-24 17:58:10.077
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-23 15:16:53.939
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Online Armor\oawatch64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-22 14:43:24.678
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 73%
Total physical RAM: 4061.12 MB
Available physical RAM: 1078.34 MB
Total Pagefile: 10058.68 MB
Available Pagefile: 5580.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:1.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: ([Nutzer]) (Fixed) (Total:182.88 GB) (Free:5.66 GB) NTFS
Drive e: ([Nutzer2]) (Fixed) (Total:182.88 GB) (Free:0.8 GB) NTFS
Drive g: ([USB-Stick]) (Removable) (Total:3.73 GB) (Free:0.57 GB) FAT32

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         
__________________

Alt 24.11.2013, 18:25   #4
aharonov
/// TB-Ausbilder
 
System Care Antivirus - Standard

System Care Antivirus



Ok.


Schritt 1
  • Gehe zu Start --> Systemsteuerung und öffne Programme und Funktionen.
  • Suche und deinstalliere dort der Reihe nach folgende Einträge:
    MyPC Backup
    Wajam
  • Schliesse das Fenster wieder und führe einen Neustart durch, wenn das gefordert wurde.



Schritt 2

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 3

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.




Schritt 4

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.
__________________
cheers,
Leo

Alt 24.11.2013, 19:12   #5
MoltoBene
 
System Care Antivirus - Standard

System Care Antivirus



Hallo,

leider kann ich schon den ersten Schritt nicht ausführen ...

Denn "MyPC Backup" lässt sich bei mir auf diese Weise anscheinend nicht deinstallieren:
Wenn ich auf die Schaltfläche "Deinstallieren/ändern" in "Programme und Funktionen" klicke, dann passiert einfach Nichts.

Versuche ich es erneut, erscheint die Meldung:
"Warten Sie, bis die Deinstallation bzw. Änderung des aktuellen Programms abgeschlossen ist."

Was nun?


Alt 24.11.2013, 19:19   #6
aharonov
/// TB-Ausbilder
 
System Care Antivirus - Standard

System Care Antivirus



Dann mach einfach weiter mit dem nächsten Punkt.
__________________
--> System Care Antivirus

Alt 24.11.2013, 20:31   #7
MoltoBene
 
System Care Antivirus - Standard

System Care Antivirus



AntiVirus monierte den Registryzugriff von Combofix... Dachte, es wäre aus...?!

Nach dem automatischen Neustart ist Combofix nun außer Rand und Band:
pev.3xe öffnet etliche DOS-Fester und schließt sie.
Schon seit 20 Minuten...

Was soll ich tun?

Geändert von MoltoBene (24.11.2013 um 20:37 Uhr)

Alt 26.11.2013, 16:39   #8
MoltoBene
 
System Care Antivirus - Standard

System Care Antivirus



Habe den Rechner per Hard Reset nach etlicher Zeit vom endlosen Combofix-Dauereinsatz befreit ...
Was nun?

Würde mich freuen, wenn ich noch weitere Anweisung zur "Rettung" bzw. Bereinigung des Systems bekommen würde.
Gerade nun, da Combofix "abgeschmiert" ist ...

Danke schonmal und Gruß
Molto


Ergänzung:
OK, werde es nochmals versuchen und sicherstellen, dass NICHTS sonst mehr läuft ... :-D

Geändert von MoltoBene (26.11.2013 um 16:54 Uhr)

Alt 26.11.2013, 16:55   #9
aharonov
/// TB-Ausbilder
 
System Care Antivirus - Standard

System Care Antivirus



Hi,

lösche die vorhandene combofix.exe, lade sie neu herunter (Link) und führe Combofix nochmals wie angegeben aus. Klappt es dieses Mal besser?
__________________
cheers,
Leo

Alt 26.11.2013, 18:35   #10
MoltoBene
 
System Care Antivirus - Standard

System Care Antivirus



Hallo und danke, dass Du den Faden aufgreifst.

Hatte Combofix nochmals ausgeführt und es lief auch durch (inkl. Erstellung des Logfiles).
Nach dem Neustart hat der Rechner sich aber wohl am Wiederherstellungspunkt orientiert(?), denn es ist kein Logfile mehr zu finden ...
Nach dem Durchlauf von Combofix wurden 75% der auf dem Desktop abgelegten Dateien nicht mehr angezeigt/waren "verschwunden". Nach dem Neustart sind sie allerdings wieder da ...

Nur, um sicher zu gehen:
Soll ich Combofix dennoch neu herunterladen und nochmals ausführen?

Gruß
Molto

AntiVir hat mir gerade den Fiesling gemeldet, der wohl verantwortlich ist: PowerTab Editor
Es handelt sich dabei um einen Download von CDNet, den ich schon im Verdacht hatte.
Ich frage mich nur, warum AntiVir sich nicht bereits VOR der Infektion gemeldet hat ... :-/

Alt 26.11.2013, 19:31   #11
aharonov
/// TB-Ausbilder
 
System Care Antivirus - Standard

System Care Antivirus



Mach mal mit einem frischen FRST-Scan weiter:


Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.
__________________
cheers,
Leo

Alt 26.11.2013, 21:43   #12
MoltoBene
 
System Care Antivirus - Standard

System Care Antivirus



Hallo,

habe FRST ausgeführt.
Das Log-File findest Du am Ende des Beitrags.

Nur noch kurz als "Zwischeninfo":
Während der Installation von PowerTab Editor scheint etwas mit dem Namen "Outobox" mit-installiert worden zu sein.

Der FRST-Log zeigt es in "One Month Created Files and Folders":
C:\Program Files (x86)\outobox

... und auch in "Internet (Whitelisted)":
BHO-x32: outobox - {30f06672-0e95-41a9-80cb-dee386af99ad} - C:\Program Files (x86)\outobox\outoboxBHO.dll

Könnte es sich dabei tatsächlich um eine Variante des Schädlings BrowseFox.F handeln?
Ein Check auf VirusTotal ergibt jedenfalls widersprüchliche Ergebnisse:
42x unbedenklich, aber
AVG sagt: MalSign.Outobox.C42
DrWeb sagt: Adware.Plugin.100
ESET-NOD32 sagt: a variant of Win32/BrowseFox.F
TrendMicro-HouseCall: TROJ_GEN.F47V1122
Auch finden sich im Log Einträge mit chinesischen Schriftzeichen(!?), bspw. der letzte Eintrag in "One Month Modified Files and Folders". Sie machen mich doppelt stutzig, weil es sich stets um den Ordner "C:\Windows\SysWOW64" handelt.

Würde mich freuen, wenn Du mir sagen könntest, wie ich weitermachen kann und auch, ob Du die beiden genannten Punkte (Outobox/chinesische Einträge) für problematisch hältst(?).

Hier noch das Log-File des FRST-Scans:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-11-2013 01
Ran by [Nutzer] (ATTENTION: The logged in user is not administrator) on VIDEO-PC on 26-11-2013 19:37:36
Running from C:\Users\[Nutzer]\Desktop\Threat - System Care Antivirus\05 - Farbar's Recovery Scan Tool
Windows Vista (TM) Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oaui.exe
(Spotify Ltd) C:\Users\[Nutzer]\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oahlp.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
(Matrox Graphics Inc.) C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Startup.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Spotify Ltd) C:\Users\[Nutzer]\AppData\Roaming\Spotify\spotify.exe
() C:\Users\[Nutzer]\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\[Nutzer]\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\[Nutzer]\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\[Nutzer]\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Users\[Nutzer]\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\[Nutzer]\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\[Nutzer]\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\[Nutzer]\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-17] (Realtek 

Semiconductor)
HKLM\...\Run: [@OnlineArmor GUI] - C:\Program Files (x86)\Online Armor\oaui.exe [2415104 2012-10-02] 

(Emsisoft GmbH)
HKLM-x32\...\RunOnce: [InnoSetupRegFile.0000000001] - "C:\Windows\is-93086.exe" /REG [1544704 2012-10-04] ()
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - "C:\Program Files (x86)\Malwarebytes' Anti-

Malware\mbamgui.exe" /install /silent [766536 2012-09-29] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [InnoSetupRegFile.0000000002] - "C:\Windows\is-QSNKT.exe" /REG [1544704 2013-01-26] ()
HKLM-x32\...\RunOnce: [InnoSetupRegFile.0000000003] - "C:\Windows\is-41LQ8.exe" /REG [1544704 2013-06-05] ()
HKLM-x32\...\Runonce: [InstallShieldSetup2] - C:\PROGRA~2\INSTAL~1\{72AD9~1\setup.exe -rebootC:\PROGRA~2

\INSTAL~1\{72AD9~1\reboot.ini [x]
HKLM-x32\...\RunOnce: [InnoSetupRegFile.0000000004] - "C:\Windows\is-1V0T0.exe" /REG [1544704 2013-08-14] ()
HKLM-x32\...\RunOnce: [InnoSetupRegFile.0000000005] - "C:\Windows\is-9HLPF.exe" /REG [1544704 2013-09-14] ()
HKCU\...\Run: [Google Update] - C:\Users\[Nutzer]\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-

08-14] (Google Inc.)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [6604568 2013-11-

20] (SUPERAntiSpyware)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\[Nutzer]\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe 

[1168896 2013-11-15] (Spotify Ltd)
HKCU\...\Run: [Spotify] - C:\Users\[Nutzer]\AppData\Roaming\Spotify\spotify.exe [5955072 2013-11-15] (Spotify 

Ltd)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application 

Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple 

Inc.)
HKLM-x32\...\Run: [Matrox PowerDesk] - C:\Program Files (x86)\Matrox 

Graphics\PowerDesk\Matrox.PDesk.Startup.exe [889352 2012-10-23] (Matrox Graphics Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira 

Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco 

AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-03-26] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Startup: 

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x70AE3D3940C3CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q=

{searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q=

{searchTerms}&src=IE-SearchBox&Form=IE8SRC
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7

\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7

\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common 

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: outobox - {30f06672-0e95-41a9-80cb-dee386af99ad} - C:\Program Files (x86)\outobox\outoboxBHO.dll 

(outobox)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)

\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)

\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common 

Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common 

Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common 

Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common 

Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common 

Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common 

Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\[Nutzer]\AppData\Roaming\Mozilla\Firefox\Profiles\sum0togv.default
FF Homepage: https://www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle 

Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @ilok.com/iLokHelper,version=3.1.0.7 - C:\Program Files (x86)\PACE Anti-

Piracy\iLok\NPPaceILok.dll ( PACE Anti-Piracy, Inc)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll 

(Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation 

Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems 

Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\[Nutzer]

\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\[Nutzer]

\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: BYTubeD - Bulk YouTube video Downloader - C:\Users\[Nutzer]

\AppData\Roaming\Mozilla\Firefox\Profiles\sum0togv.default\Extensions\bytubed@cs213.cse.iitk.ac.in
FF Extension: adblockpopups - C:\Users\[Nutzer]

\AppData\Roaming\Mozilla\Firefox\Profiles\sum0togv.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: dta - C:\Users\[Nutzer]

\AppData\Roaming\Mozilla\Firefox\Profiles\sum0togv.default\Extensions\{DDC359D1-844A-42a7-9AA1-

88A850A938A8}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - 

C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows 

Presentation Foundation\DotNetAssistantExtension\

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "https://www.google.de/"
CHR Plugin: (Shockwave Flash) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\Application\21.0.1180.79

\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\Application\31.0.1650.57

\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\Application\31.0.1650.57

\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\Application\31.0.1650.57

\pdf.dll ()
CHR Plugin: (Google Update) - C:\Users\[Nutzer]\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No 

File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation 

Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (ProxTube) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\User 

Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.4_0
CHR Extension: (YouTube) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\User 

Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (outobox) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\User 

Data\Default\Extensions\fjpdnoojnohifgekbkmnfbiobhcbedka\1.0.0_0
CHR Extension: (AdBlock) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\User 

Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0
CHR Extension: (New Tab Behavior) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\User 

Data\Default\Extensions\gjgjmlflcoalihhlikncfkoclobaemeg\1.0.1_0
CHR Extension: (FlashBlock) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\User 

Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_0
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\[Nutzer]

\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0
CHR Extension: (Tiny MP3 Player - MP3 Link Music Player) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\User 

Data\Default\Extensions\klphnalhafkamjdgcmpmijohkkokajbg\1.3_0
CHR Extension: (Stop Autoplay for YouTube.) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\User 

Data\Default\Extensions\lgdfnbpkmkkdhgidgcpdkgpdlfjcgnnh\0.11.5.24_0
CHR Extension: (Google Wallet) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\User 

Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Better Pop Up Blocker) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\User 

Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0
CHR HKLM-x32\...\Chrome\Extension: [fjpdnoojnohifgekbkmnfbiobhcbedka] - C:\Program Files (x86)

\outobox\fjpdnoojnohifgekbkmnfbiobhcbedka.crx

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira 

Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira 

Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-04] (Avira 

Operations GmbH & Co. KG)
R2 hasplms; C:\Windows\system32\hasplms.exe [4889032 2011-12-30] (SafeNet Inc.)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2012-12-12] 

(Nero AG)
R2 iphlpsvc; C:\Windows\System32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R2 Matrox.Pdesk3.ServicesHost; C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Services.exe 

[3867656 2012-10-23] (Matrox Graphics Inc)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R2 OAcat; C:\Program Files (x86)\Online Armor\OAcat.exe [216072 2012-10-02] (Emsisoft GmbH)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [93048 2007-01-25] (CACE Technologies)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1326176 2012-07-25] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [681056 2012-07-25] (Secunia)
R2 SvcOnlineArmor; C:\Program Files (x86)\Online Armor\oasrv.exe [4463864 2012-10-02] (Emsisoft GmbH)
R2 Update outobox; C:\Program Files (x86)\outobox\updateoutobox.exe [66840 2013-11-12] ()
R2 Util outobox; C:\Program Files (x86)\outobox\bin\utiloutobox.exe [66840 2013-11-23] ()
R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u 

https://activation.paceap.com/InitiateActivation [x]
S3 RpcLocator; %SystemRoot%\system32\locator.exe [x]

==================== Drivers (Whitelisted) ====================

S3 acsint; C:\Windows\System32\DRIVERS\acsint64.sys [49104 2013-03-26] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux64.sys [73168 2013-03-26] (Cisco Systems, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-05] (Avira Operations GmbH & Co. KG)
S1 Beep; No ImagePath
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
S4 Htcdrmthuns; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] ()
S3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [25808 2013-04-11] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-10-31] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [40208 2007-01-25] (CACE Technologies)
R1 OADevice; C:\Windows\SysWow64\Drivers\OADriver.sys [61632 2012-10-02] ()
R1 oahlpXX; C:\Windows\syswow64\drivers\oahlp64.sys [62016 2012-10-02] ()
R1 OAmon; C:\Windows\SysWOW64\Drivers\OAmon.sys [40520 2012-10-02] (Emsisoft)
R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [32920 2012-02-10] (Emsisoft)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and 

SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and 

SUPERAntiSpyware.com)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)
S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [29472 2010-01-14] (Windows (R) Codename Longhorn DDK 

provider)
S3 ATICDSDr; \??\C:\Users\Admin\AppData\Local\Temp\ATICDSDr.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-26 17:20 - 2013-11-26 17:20 - 00010511 _____ C:\ComboFix.txt
2013-11-26 17:20 - 2013-11-26 17:20 - 00000979 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start 

Menu\Programs\Internet Explorer.lnk
2013-11-26 17:20 - 2013-11-26 17:20 - 00000949 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start 

Menu\Programs\Internet Explorer (64-bit).lnk
2013-11-26 17:20 - 2013-11-26 17:20 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start 

Menu\Programs\Accessories
2013-11-24 20:03 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-24 20:03 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-24 20:03 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-24 20:03 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-24 20:03 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-24 20:03 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-24 20:03 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-24 20:03 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-24 20:02 - 2013-11-26 17:20 - 00000000 ____D C:\Qoobox
2013-11-24 20:02 - 2013-11-26 17:18 - 00000000 ____D C:\Windows\erdnt
2013-11-24 20:02 - 2013-11-26 17:05 - 00000000 ____D C:\32788R22FWJFW
2013-11-24 20:02 - 2013-11-24 20:02 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start 

Menu\Programs\Administrative Tools
2013-11-24 19:50 - 2013-11-24 19:51 - 00000000 ____D C:\AdwCleaner
2013-11-24 19:08 - 2013-11-24 19:40 - 00000000 _____ C:\Users\[Nutzer]\Desktop\Threat-temp.txt
2013-11-24 19:02 - 2013-11-24 19:02 - 00000074 _____ C:\Users\[Nutzer]\Desktop\Threat-Thread.txt
2013-11-24 17:56 - 2013-11-24 17:56 - 00000000 ____D C:\FRST
2013-11-24 17:47 - 2013-11-26 19:35 - 00000000 ____D C:\Users\[Nutzer]\Desktop\Threat - System Care Antivirus
2013-11-24 17:29 - 2013-11-24 17:29 - 105952601 _____ C:\Windows\SysWOW64\䣠쟏輼¾
2013-11-23 15:14 - 2013-11-23 15:14 - 00000000 ____D C:\Users\[Nutzer]\Screensaver
2013-11-22 13:21 - 2013-11-22 13:21 - 00000000 ____D C:\Users\[Nutzer]

\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Power Tab Software
2013-11-22 13:21 - 2013-11-22 13:21 - 00000000 ____D C:\Program Files (x86)\Power Tab Software
2013-11-22 13:18 - 2003-08-20 06:06 - 02512896 _____ C:\Users\[Nutzer]\Downloads\PTEditor17.msi
2013-11-22 13:18 - 2003-08-20 06:05 - 00000041 _____ C:\Users\[Nutzer]\Downloads\Setup.Ini
2013-11-22 13:18 - 2002-01-05 07:46 - 00065536 _____ (Microsoft Corporation) C:\Users\[Nutzer]

\Downloads\Setup.Exe
2013-11-22 13:18 - 2001-09-25 15:05 - 01707856 _____ (Microsoft Corporation) C:\Users\[Nutzer]

\Downloads\InstMsiA.Exe
2013-11-22 13:18 - 2001-09-11 18:04 - 01821008 _____ (Microsoft Corporation) C:\Users\[Nutzer]

\Downloads\InstMsiW.Exe
2013-11-22 13:16 - 2013-11-23 14:08 - 00000000 ____D C:\Program Files (x86)\outobox
2013-11-22 13:15 - 2013-11-22 13:15 - 00422350 _____ C:\Users\Admin\AppData\Local\dd_vcredistMSI789D.txt
2013-11-22 13:14 - 2013-11-22 13:15 - 00014322 _____ C:\Users\Admin\AppData\Local\dd_vcredistUI789D.txt
2013-11-22 13:10 - 2013-11-22 13:17 - 05917258 _____ C:\Users\[Nutzer]\Downloads\powertab.zip
2013-11-22 13:09 - 2013-11-22 13:09 - 00923784 _____ (CNET Download.com) C:\Users\[Nutzer]\Downloads\cbsidlm

-cbsi145-Power_Tab_Editor-ORG-10502034.exe
2013-11-22 12:28 - 2013-11-22 12:28 - 00494192 _____ () C:\Users\[Nutzer]\Downloads\Winfy.exe
2013-11-17 17:56 - 2013-11-17 17:56 - 00000001 _____ C:\Users\Admin\AppData\Local\llftool.4.30.agreement
2013-11-17 17:55 - 2013-11-17 17:55 - 02043392 _____ C:\Users\[Nutzer]\Downloads\HDDLLF.4.30.exe
2013-11-17 17:55 - 2013-11-17 17:55 - 00000001 _____ C:\Users\[Nutzer]\AppData\Local\llftool.4.30.agreement
2013-11-17 17:53 - 2013-11-17 17:53 - 00098304 _____ (Hewlett-Packard Company) C:\Users\[Nutzer]

\Downloads\HPUSBFW_v2.2.3.exe
2013-11-16 11:11 - 2013-11-16 11:11 - 104513208 _____ C:\Windows\SysWOW64\ⰳ䒺輼ª
2013-11-15 08:57 - 2013-11-15 10:31 - 00033333 _____ C:\Users\[Nutzer]\temp.aup
2013-11-15 08:57 - 2013-11-15 08:57 - 00000000 ____D C:\Users\[Nutzer]\temp_data
2013-11-12 11:48 - 2013-11-15 13:33 - 00000355 _____ C:\Users\[Nutzer]\Desktop\temp.txt
2013-11-07 16:17 - 2013-11-07 16:17 - 00000000 ____D C:\Users\[Nutzer]\Documents\Adobe
2013-11-06 11:48 - 2013-11-06 11:48 - 00091888 _____ C:\Users\[Nutzer]\Documents\R-nr.79743.xlsx
2013-11-01 18:57 - 2013-11-01 20:14 - 00034304 ____H C:\Users\[Nutzer]\Desktop\~WRL3437.tmp
2013-11-01 18:57 - 2013-11-01 20:14 - 00034304 ____H C:\Users\[Nutzer]\Desktop\~WRL2974.tmp
2013-11-01 18:57 - 2013-11-01 20:14 - 00034304 ____H C:\Users\[Nutzer]\Desktop\~WRL2463.tmp
2013-11-01 18:57 - 2013-11-01 20:14 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL2263.tmp
2013-11-01 18:57 - 2013-11-01 20:12 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL3739.tmp
2013-11-01 18:57 - 2013-11-01 20:12 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL1742.tmp
2013-11-01 18:57 - 2013-11-01 20:12 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL0566.tmp
2013-11-01 18:57 - 2013-11-01 20:11 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL1319.tmp
2013-11-01 18:57 - 2013-11-01 20:11 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL0622.tmp
2013-11-01 18:57 - 2013-11-01 20:10 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL2703.tmp
2013-10-30 19:28 - 2013-11-26 19:09 - 00000000 ____D C:\Users\[Nutzer]\AppData\Roaming\Spotify
2013-10-30 19:28 - 2013-11-26 18:54 - 00000000 ____D C:\Users\[Nutzer]\AppData\Local\Spotify
2013-10-30 19:28 - 2013-10-30 19:40 - 00001721 _____ C:\Users\[Nutzer]\Desktop\Spotify.lnk
2013-10-30 19:28 - 2013-10-30 19:40 - 00001707 _____ C:\Users\[Nutzer]

\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-10-30 19:28 - 2013-10-30 19:28 - 27576432 _____ (Spotify Ltd) C:\Users\[Nutzer]\Downloads\Spotify 

Installer.exe
2013-10-28 18:22 - 2013-11-24 19:00 - 00000000 ____D C:\Users\[Nutzer]\Documents\FIFA 14
2013-10-28 18:21 - 2013-10-28 18:21 - 00001077 _____ C:\Users\Public\Desktop\FIFA 14.lnk
2013-10-28 17:50 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\XAudio2_7.dll
2013-10-28 17:50 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32

\XAudio2_7.dll
2013-10-28 17:50 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32

\XAPOFX1_5.dll
2013-10-28 17:50 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\XAPOFX1_5.dll
2013-10-28 17:49 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\xactengine3_7.dll
2013-10-28 17:49 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32

\xactengine3_7.dll
2013-10-28 17:49 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32

\D3DCompiler_43.dll
2013-10-28 17:49 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-10-28 17:49 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32

\d3dcsx_43.dll
2013-10-28 17:49 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\d3dcsx_43.dll
2013-10-28 17:49 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32

\d3dx10_43.dll
2013-10-28 17:49 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\d3dx10_43.dll
2013-10-28 17:49 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32

\d3dx11_43.dll
2013-10-28 17:49 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\d3dx11_43.dll
2013-10-28 17:49 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32

\XAudio2_6.dll
2013-10-28 17:49 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\XAudio2_6.dll
2013-10-28 17:49 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\xactengine3_6.dll
2013-10-28 17:49 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32

\xactengine3_6.dll
2013-10-28 17:49 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32

\XAPOFX1_4.dll
2013-10-28 17:49 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\XAPOFX1_4.dll
2013-10-28 17:49 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32

\X3DAudio1_7.dll
2013-10-28 17:49 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\X3DAudio1_7.dll
2013-10-28 17:49 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32

\XAudio2_5.dll
2013-10-28 17:49 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\XAudio2_5.dll
2013-10-28 17:49 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\xactengine3_5.dll
2013-10-28 17:49 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32

\xactengine3_5.dll
2013-10-28 17:49 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32

\XAPOFX1_3.dll
2013-10-28 17:49 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\XAPOFX1_3.dll
2013-10-28 17:49 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32

\d3dcsx_42.dll
2013-10-28 17:49 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\d3dcsx_42.dll
2013-10-28 17:49 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32

\D3DCompiler_42.dll
2013-10-28 17:49 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2013-10-28 17:49 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\D3DCompiler_42.dll
2013-10-28 17:49 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-10-28 17:49 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32

\d3dx10_42.dll
2013-10-28 17:49 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\d3dx10_42.dll
2013-10-28 17:49 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32

\d3dx11_42.dll
2013-10-28 17:49 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\d3dx11_42.dll
2013-10-28 17:49 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32

\XAudio2_4.dll
2013-10-28 17:49 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\XAudio2_4.dll
2013-10-28 17:49 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\xactengine3_4.dll
2013-10-28 17:49 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32

\xactengine3_4.dll
2013-10-28 17:49 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32

\X3DAudio1_6.dll
2013-10-28 17:49 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\X3DAudio1_6.dll
2013-10-28 17:49 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2013-10-28 17:49 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-10-28 17:49 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32

\D3DCompiler_41.dll
2013-10-28 17:49 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\D3DCompiler_41.dll
2013-10-28 17:49 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32

\d3dx10_41.dll
2013-10-28 17:49 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\d3dx10_41.dll
2013-10-28 17:49 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32

\XAudio2_3.dll
2013-10-28 17:49 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\XAudio2_3.dll
2013-10-28 17:49 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\xactengine3_3.dll
2013-10-28 17:49 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32

\xactengine3_3.dll
2013-10-28 17:49 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32

\XAPOFX1_2.dll
2013-10-28 17:49 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\XAPOFX1_2.dll
2013-10-28 17:49 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32

\X3DAudio1_5.dll
2013-10-28 17:49 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\X3DAudio1_5.dll
2013-10-28 17:49 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2013-10-28 17:49 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2013-10-28 17:49 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32

\D3DCompiler_40.dll
2013-10-28 17:49 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\D3DCompiler_40.dll
2013-10-28 17:49 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32

\d3dx10_40.dll
2013-10-28 17:49 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\d3dx10_40.dll
2013-10-28 17:49 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\xactengine3_2.dll
2013-10-28 17:49 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32

\xactengine3_2.dll
2013-10-28 17:49 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32

\XAPOFX1_1.dll
2013-10-28 17:49 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\XAPOFX1_1.dll
2013-10-28 17:49 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32

\XAudio2_2.dll
2013-10-28 17:49 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\XAudio2_2.dll
2013-10-28 17:49 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\d3dx10_39.dll
2013-10-28 17:49 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2013-10-28 17:49 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-10-28 17:49 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32

\D3DCompiler_39.dll
2013-10-28 17:49 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\D3DCompiler_39.dll
2013-10-28 17:49 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32

\d3dx10_39.dll
2013-10-28 17:49 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32

\XAudio2_1.dll
2013-10-28 17:49 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\XAudio2_1.dll
2013-10-28 17:49 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\xactengine3_1.dll
2013-10-28 17:49 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32

\xactengine3_1.dll
2013-10-28 17:49 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32

\XAPOFX1_0.dll
2013-10-28 17:49 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\XAPOFX1_0.dll
2013-10-28 17:49 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\X3DAudio1_4.dll
2013-10-28 17:49 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32

\X3DAudio1_4.dll
2013-10-28 17:49 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2013-10-28 17:49 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2013-10-28 17:49 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32

\D3DCompiler_38.dll
2013-10-28 17:49 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\D3DCompiler_38.dll
2013-10-28 17:49 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32

\d3dx10_38.dll
2013-10-28 17:49 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\d3dx10_38.dll
2013-10-28 17:49 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32

\XAudio2_0.dll
2013-10-28 17:49 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\XAudio2_0.dll
2013-10-28 17:49 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\xactengine3_0.dll
2013-10-28 17:49 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32

\xactengine3_0.dll
2013-10-28 17:49 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32

\X3DAudio1_3.dll
2013-10-28 17:49 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\X3DAudio1_3.dll
2013-10-28 17:49 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2013-10-28 17:49 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2013-10-28 17:49 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32

\D3DCompiler_37.dll
2013-10-28 17:49 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\D3DCompiler_37.dll
2013-10-28 17:49 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32

\d3dx10_37.dll
2013-10-28 17:49 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\d3dx10_37.dll
2013-10-28 17:49 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32

\xactengine2_10.dll
2013-10-28 17:49 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\xactengine2_10.dll
2013-10-28 17:49 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32

\X3DAudio1_2.dll
2013-10-28 17:49 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\X3DAudio1_2.dll
2013-10-28 17:49 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2013-10-28 17:49 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2013-10-28 17:49 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32

\D3DCompiler_36.dll
2013-10-28 17:49 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\D3DCompiler_36.dll
2013-10-28 17:49 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32

\d3dx10_36.dll
2013-10-28 17:49 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\d3dx10_36.dll
2013-10-28 17:49 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32

\xactengine2_9.dll
2013-10-28 17:49 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\xactengine2_9.dll
2013-10-28 17:49 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2013-10-28 17:49 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2013-10-28 17:49 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32

\D3DCompiler_35.dll
2013-10-28 17:49 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\D3DCompiler_35.dll
2013-10-28 17:49 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32

\d3dx10_35.dll
2013-10-28 17:49 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\d3dx10_35.dll
2013-10-28 17:49 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32

\xactengine2_8.dll
2013-10-28 17:49 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\xactengine2_8.dll
2013-10-28 17:48 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2013-10-28 17:48 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2013-10-28 17:48 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32

\D3DCompiler_34.dll
2013-10-28 17:48 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\D3DCompiler_34.dll
2013-10-28 17:48 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32

\d3dx10_34.dll
2013-10-28 17:48 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\d3dx10_34.dll
2013-10-28 17:48 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32

\xactengine2_7.dll
2013-10-28 17:48 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\xactengine2_7.dll
2013-10-28 17:48 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32

\xinput1_3.dll
2013-10-28 17:48 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\xinput1_3.dll
2013-10-28 17:48 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32

\d3dx10_33.dll
2013-10-28 17:48 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\d3dx10_33.dll
2013-10-28 17:48 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2013-10-28 17:48 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-10-28 17:48 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32

\D3DCompiler_33.dll
2013-10-28 17:48 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\D3DCompiler_33.dll
2013-10-28 17:48 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32

\x3daudio1_1.dll
2013-10-28 17:48 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\x3daudio1_1.dll
2013-10-28 17:48 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32

\xactengine2_6.dll
2013-10-28 17:48 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\xactengine2_6.dll
2013-10-28 17:48 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\xactengine2_5.dll
2013-10-28 17:48 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32

\xactengine2_5.dll
2013-10-28 17:48 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2013-10-28 17:48 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-10-28 17:48 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2013-10-28 17:48 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2013-10-28 17:48 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2013-10-28 17:48 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2013-10-28 17:48 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\xactengine2_4.dll
2013-10-28 17:48 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32

\xactengine2_4.dll
2013-10-28 17:48 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32

\xinput1_2.dll
2013-10-28 17:48 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32

\xactengine2_3.dll
2013-10-28 17:48 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\xactengine2_3.dll
2013-10-28 17:48 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\xinput1_2.dll
2013-10-28 17:48 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\xactengine2_2.dll
2013-10-28 17:48 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32

\xactengine2_2.dll
2013-10-28 17:48 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2013-10-28 17:48 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2013-10-28 17:48 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32

\xactengine2_1.dll
2013-10-28 17:48 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\xactengine2_1.dll
2013-10-28 17:48 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32

\xinput1_1.dll
2013-10-28 17:48 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\xinput1_1.dll
2013-10-28 17:48 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2013-10-28 17:48 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2013-10-28 17:48 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32

\xactengine2_0.dll
2013-10-28 17:48 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\xactengine2_0.dll
2013-10-28 17:48 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32

\x3daudio1_0.dll
2013-10-28 17:48 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64

\x3daudio1_0.dll
2013-10-28 17:48 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2013-10-28 17:48 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2013-10-28 17:48 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2013-10-28 17:48 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-10-28 17:48 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2013-10-28 17:48 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2013-10-28 17:48 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2013-10-28 17:48 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2013-10-28 17:48 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2013-10-28 17:48 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2013-10-28 08:44 - 2013-10-28 14:43 - 103734365 _____ C:\Windows\SysWOW64\⻳蠺輼¸

==================== One Month Modified Files and Folders =======

2013-11-26 19:35 - 2013-11-24 17:47 - 00000000 ____D C:\Users\[Nutzer]\Desktop\Threat - System Care Antivirus
2013-11-26 19:31 - 2006-11-02 16:21 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-

9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-26 19:31 - 2006-11-02 16:21 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-

9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-26 19:28 - 2012-08-14 13:58 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-

2107122012-3887617209-2813249809-1000UA.job
2013-11-26 19:09 - 2013-10-30 19:28 - 00000000 ____D C:\Users\[Nutzer]\AppData\Roaming\Spotify
2013-11-26 19:08 - 2012-08-14 22:22 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-

2107122012-3887617209-2813249809-1001UA.job
2013-11-26 18:59 - 2013-07-06 08:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-26 18:54 - 2013-10-30 19:28 - 00000000 ____D C:\Users\[Nutzer]\AppData\Local\Spotify
2013-11-26 18:23 - 2013-03-08 14:54 - 00000000 ____D C:\Users\[Nutzer]\AppData\Local\HTC MediaHub
2013-11-26 17:34 - 2008-01-21 02:53 - 01107755 _____ C:\Windows\WindowsUpdate.log
2013-11-26 17:31 - 2012-09-21 14:45 - 00000000 ____D C:\ProgramData\PACE
2013-11-26 17:31 - 2006-11-02 16:40 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-26 17:31 - 2006-11-02 16:39 - 00340806 _____ C:\Windows\PFRO.log
2013-11-26 17:30 - 2006-11-02 16:40 - 00032644 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-26 17:20 - 2013-11-26 17:20 - 00010511 _____ C:\ComboFix.txt
2013-11-26 17:20 - 2013-11-26 17:20 - 00000979 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start 

Menu\Programs\Internet Explorer.lnk
2013-11-26 17:20 - 2013-11-26 17:20 - 00000949 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start 

Menu\Programs\Internet Explorer (64-bit).lnk
2013-11-26 17:20 - 2013-11-26 17:20 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start 

Menu\Programs\Accessories
2013-11-26 17:20 - 2013-11-24 20:02 - 00000000 ____D C:\Qoobox
2013-11-26 17:20 - 2006-11-02 14:33 - 00000000 __RHD C:\Users\Default
2013-11-26 17:18 - 2013-11-24 20:02 - 00000000 ____D C:\Windows\erdnt
2013-11-26 17:18 - 2012-08-14 22:18 - 00000000 ___RD C:\Users\[Nutzer]

\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-26 17:17 - 2006-11-02 13:34 - 00000215 _____ C:\Windows\system.ini
2013-11-26 17:05 - 2013-11-24 20:02 - 00000000 ____D C:\32788R22FWJFW
2013-11-26 16:54 - 2013-10-07 08:09 - 00003091 _____ C:\Users\[Nutzer]\Desktop\Do It.txt
2013-11-26 16:31 - 2012-08-15 10:14 - 00000000 ____D C:\Users\[Nutzer]\AppData\Roaming\Dropbox
2013-11-24 20:02 - 2013-11-24 20:02 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start 

Menu\Programs\Administrative Tools
2013-11-24 19:51 - 2013-11-24 19:50 - 00000000 ____D C:\AdwCleaner
2013-11-24 19:51 - 2012-08-13 17:37 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start 

Menu\Programs\Startup
2013-11-24 19:47 - 2012-08-14 15:26 - 00000000 ____D C:\Program Files (x86)\Online Armor
2013-11-24 19:44 - 2006-11-02 16:21 - 04999632 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-24 19:40 - 2013-11-24 19:08 - 00000000 _____ C:\Users\[Nutzer]\Desktop\Threat-temp.txt
2013-11-24 19:02 - 2013-11-24 19:02 - 00000074 _____ C:\Users\[Nutzer]\Desktop\Threat-Thread.txt
2013-11-24 19:00 - 2013-10-28 18:22 - 00000000 ____D C:\Users\[Nutzer]\Documents\FIFA 14
2013-11-24 18:20 - 2012-11-06 18:50 - 00000000 ____D C:\Program Files (x86)\Origin
2013-11-24 18:12 - 2012-08-14 22:19 - 00000000 ____D C:\Users\[Nutzer]\AppData\Roaming\OnlineArmor
2013-11-24 17:59 - 2013-02-19 10:29 - 00000000 ____D C:\Users\[Nutzer]\Desktop\[Firma]
2013-11-24 17:56 - 2013-11-24 17:56 - 00000000 ____D C:\FRST
2013-11-24 17:29 - 2013-11-24 17:29 - 105952601 _____ C:\Windows\SysWOW64\䣠쟏輼¾
2013-11-23 15:16 - 2012-08-18 17:10 - 00111104 _____ C:\Users\[Nutzer]\AppData\Local\DCBC2A71-70D8-4DAN-EHR8

-E0D61DEA3FDF.ini
2013-11-23 15:14 - 2013-11-23 15:14 - 00000000 ____D C:\Users\[Nutzer]\Screensaver
2013-11-23 15:14 - 2012-08-14 22:16 - 00000000 ____D C:\Users\[Nutzer]
2013-11-23 14:08 - 2013-11-22 13:16 - 00000000 ____D C:\Program Files (x86)\outobox
2013-11-22 16:37 - 2012-08-14 22:18 - 00093296 _____ C:\Users\[Nutzer]\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-22 14:36 - 2012-11-30 14:25 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-11-22 13:36 - 2012-08-13 17:37 - 00093296 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-22 13:21 - 2013-11-22 13:21 - 00000000 ____D C:\Users\[Nutzer]

\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Power Tab Software
2013-11-22 13:21 - 2013-11-22 13:21 - 00000000 ____D C:\Program Files (x86)\Power Tab Software
2013-11-22 13:21 - 2006-11-02 14:33 - 00000000 ____D C:\Windows\Help
2013-11-22 13:17 - 2013-11-22 13:10 - 05917258 _____ C:\Users\[Nutzer]\Downloads\powertab.zip
2013-11-22 13:15 - 2013-11-22 13:15 - 00422350 _____ C:\Users\Admin\AppData\Local\dd_vcredistMSI789D.txt
2013-11-22 13:15 - 2013-11-22 13:14 - 00014322 _____ C:\Users\Admin\AppData\Local\dd_vcredistUI789D.txt
2013-11-22 13:09 - 2013-11-22 13:09 - 00923784 _____ (CNET Download.com) C:\Users\[Nutzer]\Downloads\cbsidlm

-cbsi145-Power_Tab_Editor-ORG-10502034.exe
2013-11-22 12:54 - 2012-08-15 09:22 - 00000000 ____D C:\Users\[Nutzer]\Desktop\privat
2013-11-22 12:28 - 2013-11-22 12:28 - 00494192 _____ () C:\Users\[Nutzer]\Downloads\Winfy.exe
2013-11-22 11:39 - 2008-01-21 11:47 - 01418806 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-22 11:39 - 2008-01-21 11:46 - 00618204 _____ C:\Windows\system32\perfh007.dat
2013-11-22 11:39 - 2008-01-21 11:46 - 00122636 _____ C:\Windows\system32\perfc007.dat
2013-11-22 10:29 - 2012-08-14 13:58 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-

2107122012-3887617209-2813249809-1000Core.job
2013-11-22 09:20 - 2012-08-18 17:14 - 00000000 ____D C:\Users\[Nutzer]\AppData\Roaming\vlc
2013-11-22 09:02 - 2013-01-26 12:23 - 00000000 ____D C:\Users\[Nutzer]\AppData\Local\JDownloader 2.0
2013-11-21 21:08 - 2012-08-14 22:22 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-

2107122012-3887617209-2813249809-1001Core.job
2013-11-17 17:56 - 2013-11-17 17:56 - 00000001 _____ C:\Users\Admin\AppData\Local\llftool.4.30.agreement
2013-11-17 17:55 - 2013-11-17 17:55 - 02043392 _____ C:\Users\[Nutzer]\Downloads\HDDLLF.4.30.exe
2013-11-17 17:55 - 2013-11-17 17:55 - 00000001 _____ C:\Users\[Nutzer]\AppData\Local\llftool.4.30.agreement
2013-11-17 17:53 - 2013-11-17 17:53 - 00098304 _____ (Hewlett-Packard Company) C:\Users\[Nutzer]

\Downloads\HPUSBFW_v2.2.3.exe
2013-11-17 16:20 - 2012-08-16 14:13 - 00000000 ____D C:\Users\[Nutzer]\AppData\Roaming\Adobe
2013-11-17 16:20 - 2012-08-16 14:03 - 00000000 ____D C:\ProgramData\Adobe
2013-11-17 16:18 - 2012-08-13 17:36 - 00000000 ____D C:\Users\Admin
2013-11-16 11:11 - 2013-11-16 11:11 - 104513208 _____ C:\Windows\SysWOW64\ⰳ䒺輼ª
2013-11-15 13:33 - 2013-11-12 11:48 - 00000355 _____ C:\Users\[Nutzer]\Desktop\temp.txt
2013-11-15 10:32 - 2012-09-04 22:13 - 00000000 ____D C:\Users\[Nutzer]\AppData\Roaming\Audacity
2013-11-15 10:31 - 2013-11-15 08:57 - 00033333 _____ C:\Users\[Nutzer]\temp.aup
2013-11-15 08:57 - 2013-11-15 08:57 - 00000000 ____D C:\Users\[Nutzer]\temp_data
2013-11-14 22:58 - 2013-09-22 18:20 - 00000000 ____D C:\Users\[Nutzer]\Desktop\for Kindle
2013-11-07 16:17 - 2013-11-07 16:17 - 00000000 ____D C:\Users\[Nutzer]\Documents\Adobe
2013-11-06 17:16 - 2012-08-14 20:46 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-11-06 11:48 - 2013-11-06 11:48 - 00091888 _____ C:\Users\[Nutzer]\Documents\R-nr.79743.xlsx
2013-11-04 14:40 - 2012-08-16 08:49 - 00000925 _____ C:\Users\[Nutzer]\Desktop\Dropbox.lnk
2013-11-04 14:40 - 2012-08-16 08:48 - 00000000 ____D C:\Users\[Nutzer]

\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-11-01 20:14 - 2013-11-01 18:57 - 00034304 ____H C:\Users\[Nutzer]\Desktop\~WRL3437.tmp
2013-11-01 20:14 - 2013-11-01 18:57 - 00034304 ____H C:\Users\[Nutzer]\Desktop\~WRL2974.tmp
2013-11-01 20:14 - 2013-11-01 18:57 - 00034304 ____H C:\Users\[Nutzer]\Desktop\~WRL2463.tmp
2013-11-01 20:14 - 2013-11-01 18:57 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL2263.tmp
2013-11-01 20:12 - 2013-11-01 18:57 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL3739.tmp
2013-11-01 20:12 - 2013-11-01 18:57 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL1742.tmp
2013-11-01 20:12 - 2013-11-01 18:57 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL0566.tmp
2013-11-01 20:11 - 2013-11-01 18:57 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL1319.tmp
2013-11-01 20:11 - 2013-11-01 18:57 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL0622.tmp
2013-11-01 20:10 - 2013-11-01 18:57 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL2703.tmp
2013-10-30 19:40 - 2013-10-30 19:28 - 00001721 _____ C:\Users\[Nutzer]\Desktop\Spotify.lnk
2013-10-30 19:40 - 2013-10-30 19:28 - 00001707 _____ C:\Users\[Nutzer]

\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-10-30 19:28 - 2013-10-30 19:28 - 27576432 _____ (Spotify Ltd) C:\Users\[Nutzer]\Downloads\Spotify 

Installer.exe
2013-10-28 18:48 - 2012-08-15 07:42 - 00000000 ____D C:\Users\[Nutzer]\Documents\FIFA 12
2013-10-28 18:22 - 2012-08-14 20:45 - 00000000 ____D C:\ProgramData\Origin
2013-10-28 18:21 - 2013-10-28 18:21 - 00001077 _____ C:\Users\Public\Desktop\FIFA 14.lnk
2013-10-28 18:20 - 2012-08-14 22:54 - 00044405 _____ C:\Windows\DirectX.log
2013-10-28 14:43 - 2013-10-28 08:44 - 103734365 _____ C:\Windows\SysWOW64\⻳蠺輼¸

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---



Gruß
Molto

Alt 27.11.2013, 14:05   #13
aharonov
/// TB-Ausbilder
 
System Care Antivirus - Standard

System Care Antivirus



Zitat:
Würde mich freuen, wenn Du mir sagen könntest, wie ich weitermachen kann und auch, ob Du die beiden genannten Punkte (Outobox/chinesische Einträge) für problematisch hältst(?).
Outobox ist nur ein bisschen Adware. Unerwünschtes lästiges Zeugs aber harmlos.
Die chinesischen Einträge stammen von Avira. Die haben da einen bekannten Bug drin, welcher diese Files produziert.

Mach bitte nochmals einen FRST-Scan, aber dieses Mal mit der Addition.txt.
(Und nimm im Editor bitte die Zeilenumbrüche raus, bevor du das Log hier einfügst!)


Starte noch einmal FRST.
  • Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.
__________________
cheers,
Leo

Alt 27.11.2013, 19:49   #14
MoltoBene
 
System Care Antivirus - Standard

System Care Antivirus



aharonov, anbei die angeforderten Logs.
Wie schauen die aus?


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-11-2013 01
Ran by [Nutzer] (ATTENTION: The logged in user is not administrator) on VIDEO-PC on 27-11-2013 15:37:46
Running from C:\Users\[Nutzer]\Desktop
Windows Vista (TM) Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oaui.exe
(Spotify Ltd) C:\Users\[Nutzer]\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oahlp.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
(Matrox Graphics Inc.) C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Startup.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Spotify Ltd) C:\Users\[Nutzer]\AppData\Roaming\Spotify\spotify.exe
() C:\Users\[Nutzer]\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\[Nutzer]\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\[Nutzer]\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\[Nutzer]\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Users\[Nutzer]\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\[Nutzer]\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\[Nutzer]\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\[Nutzer]\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
() C:\Users\[Nutzer]\Desktop\Planetscott v1.0 - Always On Top\OnTop.exe
() C:\Users\[Nutzer]\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\[Nutzer]\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-17] (Realtek Semiconductor)
HKLM\...\Run: [@OnlineArmor GUI] - C:\Program Files (x86)\Online Armor\oaui.exe [2415104 2012-10-02] (Emsisoft GmbH)
HKLM-x32\...\RunOnce: [InnoSetupRegFile.0000000001] - "C:\Windows\is-93086.exe" /REG [1544704 2012-10-04] ()
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent [766536 2012-09-29] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [InnoSetupRegFile.0000000002] - "C:\Windows\is-QSNKT.exe" /REG [1544704 2013-01-26] ()
HKLM-x32\...\RunOnce: [InnoSetupRegFile.0000000003] - "C:\Windows\is-41LQ8.exe" /REG [1544704 2013-06-05] ()
HKLM-x32\...\Runonce: [InstallShieldSetup2] - C:\PROGRA~2\INSTAL~1\{72AD9~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{72AD9~1\reboot.ini [x]
HKLM-x32\...\RunOnce: [InnoSetupRegFile.0000000004] - "C:\Windows\is-1V0T0.exe" /REG [1544704 2013-08-14] ()
HKLM-x32\...\RunOnce: [InnoSetupRegFile.0000000005] - "C:\Windows\is-9HLPF.exe" /REG [1544704 2013-09-14] ()
HKCU\...\Run: [Google Update] - C:\Users\[Nutzer]\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-14] (Google Inc.)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [6604568 2013-11-20] (SUPERAntiSpyware)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\[Nutzer]\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-11-15] (Spotify Ltd)
HKCU\...\Run: [Spotify] - C:\Users\[Nutzer]\AppData\Roaming\Spotify\spotify.exe [5955072 2013-11-15] (Spotify Ltd)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Matrox PowerDesk] - C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Startup.exe [889352 2012-10-23] (Matrox Graphics Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-03-26] (Cisco Systems, Inc.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x70AE3D3940C3CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: outobox - {30f06672-0e95-41a9-80cb-dee386af99ad} - C:\Program Files (x86)\outobox\outoboxBHO.dll (outobox)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\[Nutzer]\AppData\Roaming\Mozilla\Firefox\Profiles\sum0togv.default
FF Homepage: https://www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @ilok.com/iLokHelper,version=3.1.0.7 - C:\Program Files (x86)\PACE Anti-Piracy\iLok\NPPaceILok.dll ( PACE Anti-Piracy, Inc)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\[Nutzer]\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\[Nutzer]\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: BYTubeD - Bulk YouTube video Downloader - C:\Users\[Nutzer]\AppData\Roaming\Mozilla\Firefox\Profiles\sum0togv.default\Extensions\bytubed@cs213.cse.iitk.ac.in
FF Extension: adblockpopups - C:\Users\[Nutzer]\AppData\Roaming\Mozilla\Firefox\Profiles\sum0togv.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: dta - C:\Users\[Nutzer]\AppData\Roaming\Mozilla\Firefox\Profiles\sum0togv.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "https://www.google.de/"
CHR Plugin: (Shockwave Flash) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Google Update) - C:\Users\[Nutzer]\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (ProxTube) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.4_0
CHR Extension: (YouTube) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (outobox) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjpdnoojnohifgekbkmnfbiobhcbedka\1.0.0_2
CHR Extension: (AdBlock) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0
CHR Extension: (New Tab Behavior) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjgjmlflcoalihhlikncfkoclobaemeg\1.0.1_0
CHR Extension: (FlashBlock) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_0
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0
CHR Extension: (Tiny MP3 Player - MP3 Link Music Player) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\User Data\Default\Extensions\klphnalhafkamjdgcmpmijohkkokajbg\1.3_0
CHR Extension: (Stop Autoplay for YouTube.) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdfnbpkmkkdhgidgcpdkgpdlfjcgnnh\0.11.5.24_0
CHR Extension: (Google Wallet) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Better Pop Up Blocker) - C:\Users\[Nutzer]\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0
CHR HKLM-x32\...\Chrome\Extension: [fjpdnoojnohifgekbkmnfbiobhcbedka] - C:\Program Files (x86)\outobox\fjpdnoojnohifgekbkmnfbiobhcbedka.crx

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 hasplms; C:\Windows\system32\hasplms.exe [4889032 2011-12-30] (SafeNet Inc.)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2012-12-12] (Nero AG)
R2 iphlpsvc; C:\Windows\System32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R2 Matrox.Pdesk3.ServicesHost; C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Services.exe [3867656 2012-10-23] (Matrox Graphics Inc)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R2 OAcat; C:\Program Files (x86)\Online Armor\OAcat.exe [216072 2012-10-02] (Emsisoft GmbH)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [93048 2007-01-25] (CACE Technologies)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1326176 2012-07-25] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [681056 2012-07-25] (Secunia)
R2 SvcOnlineArmor; C:\Program Files (x86)\Online Armor\oasrv.exe [4463864 2012-10-02] (Emsisoft GmbH)
R2 Update outobox; C:\Program Files (x86)\outobox\updateoutobox.exe [66840 2013-11-12] ()
R2 Util outobox; C:\Program Files (x86)\outobox\bin\utiloutobox.exe [66840 2013-11-23] ()
R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u https://activation.paceap.com/InitiateActivation [x]
S3 RpcLocator; %SystemRoot%\system32\locator.exe [x]

==================== Drivers (Whitelisted) ====================

S3 acsint; C:\Windows\System32\DRIVERS\acsint64.sys [49104 2013-03-26] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux64.sys [73168 2013-03-26] (Cisco Systems, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-05] (Avira Operations GmbH & Co. KG)
S1 Beep; No ImagePath
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
S4 Htcdrmthuns; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] ()
S3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [25808 2013-04-11] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-10-31] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [40208 2007-01-25] (CACE Technologies)
R1 OADevice; C:\Windows\SysWow64\Drivers\OADriver.sys [61632 2012-10-02] ()
R1 oahlpXX; C:\Windows\syswow64\drivers\oahlp64.sys [62016 2012-10-02] ()
R1 OAmon; C:\Windows\SysWOW64\Drivers\OAmon.sys [40520 2012-10-02] (Emsisoft)
R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [32920 2012-02-10] (Emsisoft)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)
S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [29472 2010-01-14] (Windows (R) Codename Longhorn DDK provider)
S3 ATICDSDr; \??\C:\Users\Admin\AppData\Local\Temp\ATICDSDr.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-27 15:37 - 2013-11-27 15:38 - 00019222 _____ C:\Users\[Nutzer]\Desktop\FRST.txt
2013-11-27 15:37 - 2013-11-26 19:37 - 01958474 _____ (Farbar) C:\Users\[Nutzer]\Desktop\FRST64.exe
2013-11-26 22:19 - 2013-11-27 09:43 - 106424558 _____ C:\Windows\SysWOW64\輼á
2013-11-26 17:20 - 2013-11-26 17:20 - 00010511 _____ C:\ComboFix.txt
2013-11-26 17:20 - 2013-11-26 17:20 - 00000979 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-26 17:20 - 2013-11-26 17:20 - 00000949 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-11-26 17:20 - 2013-11-26 17:20 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-24 20:03 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-24 20:03 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-24 20:03 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-24 20:03 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-24 20:03 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-24 20:03 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-24 20:03 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-24 20:03 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-24 20:02 - 2013-11-26 17:20 - 00000000 ____D C:\Qoobox
2013-11-24 20:02 - 2013-11-26 17:18 - 00000000 ____D C:\Windows\erdnt
2013-11-24 20:02 - 2013-11-26 17:05 - 00000000 ____D C:\32788R22FWJFW
2013-11-24 20:02 - 2013-11-24 20:02 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-24 19:50 - 2013-11-24 19:51 - 00000000 ____D C:\AdwCleaner
2013-11-24 19:08 - 2013-11-26 21:38 - 00001299 _____ C:\Users\[Nutzer]\Desktop\Threat-temp.txt
2013-11-24 19:02 - 2013-11-24 19:02 - 00000074 _____ C:\Users\[Nutzer]\Desktop\Threat-Thread.txt
2013-11-24 17:56 - 2013-11-24 17:56 - 00000000 ____D C:\FRST
2013-11-24 17:47 - 2013-11-27 15:37 - 00000000 ____D C:\Users\[Nutzer]\Desktop\Threat - System Care Antivirus
2013-11-24 17:29 - 2013-11-24 17:29 - 105952601 _____ C:\Windows\SysWOW64\䣠쟏輼¾
2013-11-23 15:14 - 2013-11-23 15:14 - 00000000 ____D C:\Users\[Nutzer]\Screensaver
2013-11-22 13:21 - 2013-11-22 13:21 - 00000000 ____D C:\Users\[Nutzer]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Power Tab Software
2013-11-22 13:21 - 2013-11-22 13:21 - 00000000 ____D C:\Program Files (x86)\Power Tab Software
2013-11-22 13:18 - 2003-08-20 06:06 - 02512896 _____ C:\Users\[Nutzer]\Downloads\PTEditor17.msi
2013-11-22 13:18 - 2003-08-20 06:05 - 00000041 _____ C:\Users\[Nutzer]\Downloads\Setup.Ini
2013-11-22 13:18 - 2002-01-05 07:46 - 00065536 _____ (Microsoft Corporation) C:\Users\[Nutzer]\Downloads\Setup.Exe
2013-11-22 13:18 - 2001-09-25 15:05 - 01707856 _____ (Microsoft Corporation) C:\Users\[Nutzer]\Downloads\InstMsiA.Exe
2013-11-22 13:18 - 2001-09-11 18:04 - 01821008 _____ (Microsoft Corporation) C:\Users\[Nutzer]\Downloads\InstMsiW.Exe
2013-11-22 13:16 - 2013-11-23 14:08 - 00000000 ____D C:\Program Files (x86)\outobox
2013-11-22 13:15 - 2013-11-22 13:15 - 00422350 _____ C:\Users\Admin\AppData\Local\dd_vcredistMSI789D.txt
2013-11-22 13:14 - 2013-11-22 13:15 - 00014322 _____ C:\Users\Admin\AppData\Local\dd_vcredistUI789D.txt
2013-11-22 13:10 - 2013-11-22 13:17 - 05917258 _____ C:\Users\[Nutzer]\Downloads\powertab.zip
2013-11-22 13:09 - 2013-11-22 13:09 - 00923784 _____ (CNET Download.com) C:\Users\[Nutzer]\Downloads\cbsidlm-cbsi145-Power_Tab_Editor-ORG-10502034.exe
2013-11-22 12:28 - 2013-11-22 12:28 - 00494192 _____ () C:\Users\[Nutzer]\Downloads\Winfy.exe
2013-11-17 17:56 - 2013-11-17 17:56 - 00000001 _____ C:\Users\Admin\AppData\Local\llftool.4.30.agreement
2013-11-17 17:55 - 2013-11-17 17:55 - 02043392 _____ C:\Users\[Nutzer]\Downloads\HDDLLF.4.30.exe
2013-11-17 17:55 - 2013-11-17 17:55 - 00000001 _____ C:\Users\[Nutzer]\AppData\Local\llftool.4.30.agreement
2013-11-17 17:53 - 2013-11-17 17:53 - 00098304 _____ (Hewlett-Packard Company) C:\Users\[Nutzer]\Downloads\HPUSBFW_v2.2.3.exe
2013-11-16 11:11 - 2013-11-16 11:11 - 104513208 _____ C:\Windows\SysWOW64\ⰳ䒺輼ª
2013-11-15 08:57 - 2013-11-15 10:31 - 00033333 _____ C:\Users\[Nutzer]\temp.aup
2013-11-15 08:57 - 2013-11-15 08:57 - 00000000 ____D C:\Users\[Nutzer]\temp_data
2013-11-12 11:48 - 2013-11-15 13:33 - 00000355 _____ C:\Users\[Nutzer]\Desktop\temp.txt
2013-11-07 16:17 - 2013-11-07 16:17 - 00000000 ____D C:\Users\[Nutzer]\Documents\Adobe
2013-11-06 11:48 - 2013-11-06 11:48 - 00091888 _____ C:\Users\[Nutzer]\Documents\R-nr.79743.xlsx
2013-11-01 18:57 - 2013-11-01 20:14 - 00034304 ____H C:\Users\[Nutzer]\Desktop\~WRL3437.tmp
2013-11-01 18:57 - 2013-11-01 20:14 - 00034304 ____H C:\Users\[Nutzer]\Desktop\~WRL2974.tmp
2013-11-01 18:57 - 2013-11-01 20:14 - 00034304 ____H C:\Users\[Nutzer]\Desktop\~WRL2463.tmp
2013-11-01 18:57 - 2013-11-01 20:14 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL2263.tmp
2013-11-01 18:57 - 2013-11-01 20:12 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL3739.tmp
2013-11-01 18:57 - 2013-11-01 20:12 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL1742.tmp
2013-11-01 18:57 - 2013-11-01 20:12 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL0566.tmp
2013-11-01 18:57 - 2013-11-01 20:11 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL1319.tmp
2013-11-01 18:57 - 2013-11-01 20:11 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL0622.tmp
2013-11-01 18:57 - 2013-11-01 20:10 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL2703.tmp
2013-10-30 19:28 - 2013-11-27 14:29 - 00000000 ____D C:\Users\[Nutzer]\AppData\Roaming\Spotify
2013-10-30 19:28 - 2013-11-26 18:54 - 00000000 ____D C:\Users\[Nutzer]\AppData\Local\Spotify
2013-10-30 19:28 - 2013-10-30 19:40 - 00001721 _____ C:\Users\[Nutzer]\Desktop\Spotify.lnk
2013-10-30 19:28 - 2013-10-30 19:40 - 00001707 _____ C:\Users\[Nutzer]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-10-30 19:28 - 2013-10-30 19:28 - 27576432 _____ (Spotify Ltd) C:\Users\[Nutzer]\Downloads\Spotify Installer.exe
2013-10-28 18:22 - 2013-11-24 19:00 - 00000000 ____D C:\Users\[Nutzer]\Documents\FIFA 14
2013-10-28 18:21 - 2013-10-28 18:21 - 00001077 _____ C:\Users\Public\Desktop\FIFA 14.lnk
2013-10-28 17:50 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-10-28 17:50 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-10-28 17:50 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-10-28 17:50 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-10-28 17:49 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-10-28 17:49 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2013-10-28 17:49 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-10-28 17:49 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-10-28 17:49 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2013-10-28 17:49 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-10-28 17:49 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2013-10-28 17:49 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-10-28 17:49 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-10-28 17:49 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-10-28 17:49 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2013-10-28 17:49 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-10-28 17:49 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-10-28 17:49 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2013-10-28 17:49 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2013-10-28 17:49 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-10-28 17:49 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2013-10-28 17:49 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-10-28 17:49 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2013-10-28 17:49 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2013-10-28 17:49 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-10-28 17:49 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2013-10-28 17:49 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2013-10-28 17:49 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2013-10-28 17:49 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2013-10-28 17:49 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-10-28 17:49 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2013-10-28 17:49 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2013-10-28 17:49 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-10-28 17:49 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-10-28 17:49 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2013-10-28 17:49 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-10-28 17:49 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2013-10-28 17:49 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-10-28 17:49 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2013-10-28 17:49 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2013-10-28 17:49 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2013-10-28 17:49 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2013-10-28 17:49 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2013-10-28 17:49 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2013-10-28 17:49 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2013-10-28 17:49 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-10-28 17:49 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2013-10-28 17:49 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2013-10-28 17:49 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2013-10-28 17:49 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2013-10-28 17:49 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2013-10-28 17:49 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-10-28 17:49 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-10-28 17:49 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2013-10-28 17:49 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2013-10-28 17:49 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-10-28 17:49 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2013-10-28 17:49 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-10-28 17:49 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2013-10-28 17:49 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2013-10-28 17:49 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2013-10-28 17:49 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-10-28 17:49 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2013-10-28 17:49 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2013-10-28 17:49 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-10-28 17:49 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2013-10-28 17:49 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2013-10-28 17:49 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-10-28 17:49 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2013-10-28 17:49 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-10-28 17:49 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-10-28 17:49 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2013-10-28 17:49 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-10-28 17:49 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2013-10-28 17:49 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-10-28 17:49 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2013-10-28 17:49 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2013-10-28 17:49 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2013-10-28 17:49 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2013-10-28 17:49 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2013-10-28 17:49 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2013-10-28 17:49 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2013-10-28 17:49 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2013-10-28 17:49 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2013-10-28 17:49 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2013-10-28 17:49 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2013-10-28 17:49 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2013-10-28 17:49 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2013-10-28 17:49 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2013-10-28 17:49 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2013-10-28 17:49 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2013-10-28 17:49 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2013-10-28 17:49 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2013-10-28 17:49 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2013-10-28 17:49 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2013-10-28 17:49 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2013-10-28 17:49 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2013-10-28 17:49 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2013-10-28 17:49 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2013-10-28 17:49 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2013-10-28 17:49 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2013-10-28 17:49 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2013-10-28 17:49 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2013-10-28 17:49 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2013-10-28 17:49 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2013-10-28 17:49 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2013-10-28 17:49 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2013-10-28 17:49 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2013-10-28 17:49 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2013-10-28 17:49 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2013-10-28 17:49 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2013-10-28 17:49 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2013-10-28 17:49 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2013-10-28 17:49 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2013-10-28 17:49 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2013-10-28 17:49 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2013-10-28 17:49 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2013-10-28 17:49 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2013-10-28 17:49 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2013-10-28 17:49 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2013-10-28 17:49 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2013-10-28 17:49 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2013-10-28 17:48 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2013-10-28 17:48 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2013-10-28 17:48 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2013-10-28 17:48 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2013-10-28 17:48 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2013-10-28 17:48 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2013-10-28 17:48 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2013-10-28 17:48 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2013-10-28 17:48 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2013-10-28 17:48 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2013-10-28 17:48 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2013-10-28 17:48 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2013-10-28 17:48 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2013-10-28 17:48 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-10-28 17:48 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2013-10-28 17:48 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2013-10-28 17:48 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2013-10-28 17:48 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2013-10-28 17:48 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2013-10-28 17:48 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2013-10-28 17:48 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2013-10-28 17:48 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2013-10-28 17:48 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2013-10-28 17:48 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-10-28 17:48 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2013-10-28 17:48 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2013-10-28 17:48 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2013-10-28 17:48 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2013-10-28 17:48 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2013-10-28 17:48 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2013-10-28 17:48 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2013-10-28 17:48 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2013-10-28 17:48 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2013-10-28 17:48 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2013-10-28 17:48 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2013-10-28 17:48 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2013-10-28 17:48 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2013-10-28 17:48 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2013-10-28 17:48 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2013-10-28 17:48 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2013-10-28 17:48 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2013-10-28 17:48 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2013-10-28 17:48 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2013-10-28 17:48 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2013-10-28 17:48 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2013-10-28 17:48 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2013-10-28 17:48 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2013-10-28 17:48 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2013-10-28 17:48 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2013-10-28 17:48 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2013-10-28 17:48 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2013-10-28 17:48 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-10-28 17:48 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2013-10-28 17:48 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2013-10-28 17:48 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2013-10-28 17:48 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2013-10-28 17:48 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2013-10-28 17:48 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2013-10-28 08:44 - 2013-10-28 14:43 - 103734365 _____ C:\Windows\SysWOW64\⻳蠺輼¸

==================== One Month Modified Files and Folders =======

2013-11-27 15:38 - 2013-11-27 15:37 - 00019222 _____ C:\Users\[Nutzer]\Desktop\FRST.txt
2013-11-27 15:37 - 2013-11-24 17:47 - 00000000 ____D C:\Users\[Nutzer]\Desktop\Threat - System Care Antivirus
2013-11-27 15:37 - 2013-01-26 12:23 - 00000000 ____D C:\Users\[Nutzer]\AppData\Local\JDownloader 2.0
2013-11-27 15:31 - 2006-11-02 16:21 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-27 15:31 - 2006-11-02 16:21 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-27 15:28 - 2012-08-14 13:58 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2107122012-3887617209-2813249809-1000UA.job
2013-11-27 15:08 - 2012-08-14 22:22 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2107122012-3887617209-2813249809-1001UA.job
2013-11-27 14:59 - 2013-07-06 08:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-27 14:38 - 2012-08-18 17:14 - 00000000 ____D C:\Users\[Nutzer]\AppData\Roaming\vlc
2013-11-27 14:29 - 2013-10-30 19:28 - 00000000 ____D C:\Users\[Nutzer]\AppData\Roaming\Spotify
2013-11-27 11:10 - 2008-01-21 02:53 - 01139133 _____ C:\Windows\WindowsUpdate.log
2013-11-27 10:28 - 2012-08-14 13:58 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2107122012-3887617209-2813249809-1000Core.job
2013-11-27 09:43 - 2013-11-26 22:19 - 106424558 _____ C:\Windows\SysWOW64\輼á
2013-11-26 21:38 - 2013-11-24 19:08 - 00001299 _____ C:\Users\[Nutzer]\Desktop\Threat-temp.txt
2013-11-26 21:08 - 2012-08-14 22:22 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2107122012-3887617209-2813249809-1001Core.job
2013-11-26 19:37 - 2013-11-27 15:37 - 01958474 _____ (Farbar) C:\Users\[Nutzer]\Desktop\FRST64.exe
2013-11-26 18:54 - 2013-10-30 19:28 - 00000000 ____D C:\Users\[Nutzer]\AppData\Local\Spotify
2013-11-26 18:23 - 2013-03-08 14:54 - 00000000 ____D C:\Users\[Nutzer]\AppData\Local\HTC MediaHub
2013-11-26 17:31 - 2012-09-21 14:45 - 00000000 ____D C:\ProgramData\PACE
2013-11-26 17:31 - 2006-11-02 16:40 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-26 17:31 - 2006-11-02 16:39 - 00340806 _____ C:\Windows\PFRO.log
2013-11-26 17:30 - 2006-11-02 16:40 - 00032644 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-26 17:20 - 2013-11-26 17:20 - 00010511 _____ C:\ComboFix.txt
2013-11-26 17:20 - 2013-11-26 17:20 - 00000979 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-26 17:20 - 2013-11-26 17:20 - 00000949 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-11-26 17:20 - 2013-11-26 17:20 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-26 17:20 - 2013-11-24 20:02 - 00000000 ____D C:\Qoobox
2013-11-26 17:20 - 2006-11-02 14:33 - 00000000 __RHD C:\Users\Default
2013-11-26 17:18 - 2013-11-24 20:02 - 00000000 ____D C:\Windows\erdnt
2013-11-26 17:18 - 2012-08-14 22:18 - 00000000 ___RD C:\Users\[Nutzer]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-26 17:17 - 2006-11-02 13:34 - 00000215 _____ C:\Windows\system.ini
2013-11-26 17:05 - 2013-11-24 20:02 - 00000000 ____D C:\32788R22FWJFW
2013-11-26 16:54 - 2013-10-07 08:09 - 00003091 _____ C:\Users\[Nutzer]\Desktop\Do It.txt
2013-11-26 16:31 - 2012-08-15 10:14 - 00000000 ____D C:\Users\[Nutzer]\AppData\Roaming\Dropbox
2013-11-24 20:02 - 2013-11-24 20:02 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-24 19:51 - 2013-11-24 19:50 - 00000000 ____D C:\AdwCleaner
2013-11-24 19:51 - 2012-08-13 17:37 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-24 19:47 - 2012-08-14 15:26 - 00000000 ____D C:\Program Files (x86)\Online Armor
2013-11-24 19:44 - 2006-11-02 16:21 - 04999632 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-24 19:02 - 2013-11-24 19:02 - 00000074 _____ C:\Users\[Nutzer]\Desktop\Threat-Thread.txt
2013-11-24 19:00 - 2013-10-28 18:22 - 00000000 ____D C:\Users\[Nutzer]\Documents\FIFA 14
2013-11-24 18:20 - 2012-11-06 18:50 - 00000000 ____D C:\Program Files (x86)\Origin
2013-11-24 18:12 - 2012-08-14 22:19 - 00000000 ____D C:\Users\[Nutzer]\AppData\Roaming\OnlineArmor
2013-11-24 17:56 - 2013-11-24 17:56 - 00000000 ____D C:\FRST
2013-11-24 17:29 - 2013-11-24 17:29 - 105952601 _____ C:\Windows\SysWOW64\䣠쟏輼¾
2013-11-23 15:16 - 2012-08-18 17:10 - 00111104 _____ C:\Users\[Nutzer]\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-23 15:14 - 2013-11-23 15:14 - 00000000 ____D C:\Users\[Nutzer]\Screensaver
2013-11-23 15:14 - 2012-08-14 22:16 - 00000000 ____D C:\Users\[Nutzer]
2013-11-23 14:08 - 2013-11-22 13:16 - 00000000 ____D C:\Program Files (x86)\outobox
2013-11-22 16:37 - 2012-08-14 22:18 - 00093296 _____ C:\Users\[Nutzer]\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-22 14:36 - 2012-11-30 14:25 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-11-22 13:36 - 2012-08-13 17:37 - 00093296 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-22 13:21 - 2013-11-22 13:21 - 00000000 ____D C:\Users\[Nutzer]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Power Tab Software
2013-11-22 13:21 - 2013-11-22 13:21 - 00000000 ____D C:\Program Files (x86)\Power Tab Software
2013-11-22 13:21 - 2006-11-02 14:33 - 00000000 ____D C:\Windows\Help
2013-11-22 13:17 - 2013-11-22 13:10 - 05917258 _____ C:\Users\[Nutzer]\Downloads\powertab.zip
2013-11-22 13:15 - 2013-11-22 13:15 - 00422350 _____ C:\Users\Admin\AppData\Local\dd_vcredistMSI789D.txt
2013-11-22 13:15 - 2013-11-22 13:14 - 00014322 _____ C:\Users\Admin\AppData\Local\dd_vcredistUI789D.txt
2013-11-22 13:09 - 2013-11-22 13:09 - 00923784 _____ (CNET Download.com) C:\Users\[Nutzer]\Downloads\cbsidlm-cbsi145-Power_Tab_Editor-ORG-10502034.exe
2013-11-22 12:54 - 2012-08-15 09:22 - 00000000 ____D C:\Users\[Nutzer]\Desktop\privat
2013-11-22 12:28 - 2013-11-22 12:28 - 00494192 _____ () C:\Users\[Nutzer]\Downloads\Winfy.exe
2013-11-22 11:39 - 2008-01-21 11:47 - 01418806 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-22 11:39 - 2008-01-21 11:46 - 00618204 _____ C:\Windows\system32\perfh007.dat
2013-11-22 11:39 - 2008-01-21 11:46 - 00122636 _____ C:\Windows\system32\perfc007.dat
2013-11-17 17:56 - 2013-11-17 17:56 - 00000001 _____ C:\Users\Admin\AppData\Local\llftool.4.30.agreement
2013-11-17 17:55 - 2013-11-17 17:55 - 02043392 _____ C:\Users\[Nutzer]\Downloads\HDDLLF.4.30.exe
2013-11-17 17:55 - 2013-11-17 17:55 - 00000001 _____ C:\Users\[Nutzer]\AppData\Local\llftool.4.30.agreement
2013-11-17 17:53 - 2013-11-17 17:53 - 00098304 _____ (Hewlett-Packard Company) C:\Users\[Nutzer]\Downloads\HPUSBFW_v2.2.3.exe
2013-11-17 16:20 - 2012-08-16 14:13 - 00000000 ____D C:\Users\[Nutzer]\AppData\Roaming\Adobe
2013-11-17 16:20 - 2012-08-16 14:03 - 00000000 ____D C:\ProgramData\Adobe
2013-11-17 16:18 - 2012-08-13 17:36 - 00000000 ____D C:\Users\Admin
2013-11-16 11:11 - 2013-11-16 11:11 - 104513208 _____ C:\Windows\SysWOW64\ⰳ䒺輼ª
2013-11-15 13:33 - 2013-11-12 11:48 - 00000355 _____ C:\Users\[Nutzer]\Desktop\temp.txt
2013-11-15 10:32 - 2012-09-04 22:13 - 00000000 ____D C:\Users\[Nutzer]\AppData\Roaming\Audacity
2013-11-15 10:31 - 2013-11-15 08:57 - 00033333 _____ C:\Users\[Nutzer]\temp.aup
2013-11-15 08:57 - 2013-11-15 08:57 - 00000000 ____D C:\Users\[Nutzer]\temp_data
2013-11-14 22:58 - 2013-09-22 18:20 - 00000000 ____D C:\Users\[Nutzer]\Desktop\for Kindle
2013-11-07 16:17 - 2013-11-07 16:17 - 00000000 ____D C:\Users\[Nutzer]\Documents\Adobe
2013-11-06 17:16 - 2012-08-14 20:46 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-11-06 11:48 - 2013-11-06 11:48 - 00091888 _____ C:\Users\[Nutzer]\Documents\R-nr.79743.xlsx
2013-11-04 14:40 - 2012-08-16 08:49 - 00000925 _____ C:\Users\[Nutzer]\Desktop\Dropbox.lnk
2013-11-04 14:40 - 2012-08-16 08:48 - 00000000 ____D C:\Users\[Nutzer]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-11-01 20:14 - 2013-11-01 18:57 - 00034304 ____H C:\Users\[Nutzer]\Desktop\~WRL3437.tmp
2013-11-01 20:14 - 2013-11-01 18:57 - 00034304 ____H C:\Users\[Nutzer]\Desktop\~WRL2974.tmp
2013-11-01 20:14 - 2013-11-01 18:57 - 00034304 ____H C:\Users\[Nutzer]\Desktop\~WRL2463.tmp
2013-11-01 20:14 - 2013-11-01 18:57 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL2263.tmp
2013-11-01 20:12 - 2013-11-01 18:57 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL3739.tmp
2013-11-01 20:12 - 2013-11-01 18:57 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL1742.tmp
2013-11-01 20:12 - 2013-11-01 18:57 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL0566.tmp
2013-11-01 20:11 - 2013-11-01 18:57 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL1319.tmp
2013-11-01 20:11 - 2013-11-01 18:57 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL0622.tmp
2013-11-01 20:10 - 2013-11-01 18:57 - 00033792 ____H C:\Users\[Nutzer]\Desktop\~WRL2703.tmp
2013-10-30 19:40 - 2013-10-30 19:28 - 00001721 _____ C:\Users\[Nutzer]\Desktop\Spotify.lnk
2013-10-30 19:40 - 2013-10-30 19:28 - 00001707 _____ C:\Users\[Nutzer]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-10-30 19:28 - 2013-10-30 19:28 - 27576432 _____ (Spotify Ltd) C:\Users\[Nutzer]\Downloads\Spotify Installer.exe
2013-10-28 18:48 - 2012-08-15 07:42 - 00000000 ____D C:\Users\[Nutzer]\Documents\FIFA 12
2013-10-28 18:22 - 2012-08-14 20:45 - 00000000 ____D C:\ProgramData\Origin
2013-10-28 18:21 - 2013-10-28 18:21 - 00001077 _____ C:\Users\Public\Desktop\FIFA 14.lnk
2013-10-28 18:20 - 2012-08-14 22:54 - 00044405 _____ C:\Windows\DirectX.log
2013-10-28 14:43 - 2013-10-28 08:44 - 103734365 _____ C:\Windows\SysWOW64\⻳蠺輼¸

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-11-2013 01
Ran by [Nutzer] at 2013-11-27 15:38:52
Running from C:\Users\[Nutzer]\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
ACDPlayer (x32)
Adobe AIR (x32 Version: 3.8.0.870)
Adobe Creative Suite (x32 Version: 1.1.1)
Adobe Download Assistant (x32 Version: 1.2)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Adobe Widget Browser (x32 Version: 2.0 Build 348)
Adobe Widget Browser (x32 Version: 2.0.348)
AMD APP SDK Runtime (Version: 10.0.938.1)
AMD Catalyst Install Manager (Version: 8.0.881.0)
Any Audio Converter 4.0.1 (x32)
Any Video Converter 3.4.2 (x32)
Any Video Converter 5 5.0.4 (x32)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (x32 Version: 2.1.3.127)
ASIO4ALL (x32 Version: 2.11 Beta1)
Audacity 2.0.2 (x32 Version: 2.0.2)
Audiograbber 1.83 SE  (x32 Version: 1.83 SE )
Audiograbber MP3-Plugin (x32 Version: 1.0)
AudioPlayer 1.8 (x32)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
bl (x32 Version: 1.0.0)
Bonjour (Version: 3.0.0.10)
calibre 64bit (Version: 1.3.0)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.0611.1251.21046)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0611.1251.21046)
Catalyst Control Center InstallProxy (x32 Version: 2012.0611.1251.21046)
Catalyst Control Center Localization All (x32 Version: 2012.0611.1251.21046)
CCC Help Chinese Standard (x32 Version: 2012.0611.1250.21046)
CCC Help Chinese Traditional (x32 Version: 2012.0611.1250.21046)
CCC Help Czech (x32 Version: 2012.0611.1250.21046)
CCC Help Danish (x32 Version: 2012.0611.1250.21046)
CCC Help Dutch (x32 Version: 2012.0611.1250.21046)
CCC Help English (x32 Version: 2012.0611.1250.21046)
CCC Help Finnish (x32 Version: 2012.0611.1250.21046)
CCC Help French (x32 Version: 2012.0611.1250.21046)
CCC Help German (x32 Version: 2012.0611.1250.21046)
CCC Help Greek (x32 Version: 2012.0611.1250.21046)
CCC Help Hungarian (x32 Version: 2012.0611.1250.21046)
CCC Help Italian (x32 Version: 2012.0611.1250.21046)
CCC Help Japanese (x32 Version: 2012.0611.1250.21046)
CCC Help Korean (x32 Version: 2012.0611.1250.21046)
CCC Help Norwegian (x32 Version: 2012.0611.1250.21046)
CCC Help Polish (x32 Version: 2012.0611.1250.21046)
CCC Help Portuguese (x32 Version: 2012.0611.1250.21046)
CCC Help Russian (x32 Version: 2012.0611.1250.21046)
CCC Help Spanish (x32 Version: 2012.0611.1250.21046)
CCC Help Swedish (x32 Version: 2012.0611.1250.21046)
CCC Help Thai (x32 Version: 2012.0611.1250.21046)
CCC Help Turkish (x32 Version: 2012.0611.1250.21046)
ccc-utility64 (Version: 2012.0611.1251.21046)
CCleaner (Version: 3.22)
CDBurnerXP (x32 Version: 4.5.2.4291)
Cisco AnyConnect Secure Mobility Client  (x32 Version: 3.1.03103)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.03103)
Cool & Quiet (x32)
Dropbox (HKCU Version: 2.4.6)
eLicenser Control (x32)
ElsterFormular (x32 Version: 14.4.20130909)
FIFA 14 (x32 Version: 1.0.0.3)
FileZilla Client 3.5.3 (x32 Version: 3.5.3)
Free Google Books Downloader (x32 Version: 1.3.1.0)
Google Chrome (HKCU Version: 31.0.1650.57)
HTC Driver Installer (x32 Version: 4.0.1.002)
HTC Sync Manager (x32 Version: 1.1.87.0)
IK Multimedia Authorization Manager version 1.0.9 (Version: 1.0.9)
iLok Client Helper (x32 Version: 5.9.1)
IPTInstaller (x32 Version: 4.0.8)
iTunes (Version: 10.6.3.25)
Java 7 Update 7 (64-bit) (Version: 7.0.70)
Java 7 Update 9 (x32 Version: 7.0.90)
Java Auto Updater (x32 Version: 2.1.9.0)
Java SE Development Kit 7 Update 6 (64-bit) (Version: 1.7.0.60)
Java SE Development Kit 7 Update 6 (x32 Version: 1.7.0.60)
Java SE Development Kit 7 Update 7 (64-bit) (Version: 1.7.0.70)
JDownloader 0.9 (x32 Version: 0.9)
JDownloader 2.0 (x32 Version: 2.0)
Kyocera Product Library (Version: 2.0.0713)
LAME v3.99.3 (for Windows) (x32)
LeechFTP  (x32)
Magic ISO Maker v5.5 (build 0281) (x32)
MagicDisc 2.7.106 (x32)
Malwarebytes Anti-Malware Version 1.65.1.1000 (x32 Version: 1.65.1.1000)
Matrox PowerDesk (Version: 1.15.2032.1023 2.08.01 GXM)
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (x32 Version: 12.0.4518.1014)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Office Word Viewer 2003 (x32 Version: 11.0.8173.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MuseScore 1.3 (x32 Version: 1.3.0)
Online Armor 6.0 (x32 Version: 6.0)
Origin (x32 Version: 9.0.15.65)
outobox 2013.11.12.181539 (Version: 2013.11.12.181539)
PACE License Support Win64 (Version: 2.1.0.0279)
PACE License Support Win64 (x32 Version: 2.1.0.0279)
Panda USB Vaccine 1.0.1.4 (x32)
Paragon Backup & Recovery™ 2012 Free (x32 Version: 90.00.0003)
Pazera Free Audio Extractor 1.4 (x32 Version: 1.4)
PDF-XChange Lite 2012 (Version: 5.0.266.0)
ph (x32 Version: 1.0.0)
Phase 5 HTML-Editor (x32 Version: 5.6.2.3)
PhotoDose 4.5 (x32)
Power Tab Editor 1.7 (x32 Version: 1.7.0)
PreSonus Studio One 2 x64 (Version: 2.5.2.22258)
QuickTime (x32 Version: 7.74.80.86)
RAIDXpert (x32 Version: 3.3.1540.19)
Realtek Ethernet Controller Driver For Windows Vista (x32 Version: 6.235.304.2010)
Realtek Ethernet Diagnostic Utility (x32 Version: 1.00.0000)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6069)
REAPER (x64)
Secunia PSI (3.0.0.3001) (x32 Version: 3.0.0.3001)
SketchUp 8 (x32 Version: 3.0.16846)
SmartFTP Client Setup Files 4.1 (x64) (remove only) (x32 Version: 4.1)
Spotify (HKCU Version: 0.9.6.72.ge389c074)
SUPERAntiSpyware (Version: 5.6.1014)
TreeSize Free V2.7 (x32 Version: 2.7)
Ultimate Extras sounds from Microsoft® Tinker™
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1)
URL Snooper v2.17.01 (x32)
VideoPad Videobearbeitungs-Software (HKCU)
Visual C++ 64-bit Redistributables (Version: 1.2.0.5555)
Visual C++ 64-bit Redistributables (x32 Version: 1.2.0.5555)
Visual C++ Redistributables (x32 Version: 1.2.0.5555)
VLC media player 2.0.3 (x32 Version: 2.0.3)
Windows-Soundschemas
WinPcap 4.0 (x32 Version: 4.0.0.755)
WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0)
Zope External Editor 1.0.0 (x32 Version: 1.0.0)

==================== Restore Points  =========================

Could not list Restore Points. Check WMI.


==================== Hosts content: ==========================

2006-11-02 13:34 - 2006-09-18 22:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2107122012-3887617209-2813249809-1000Core.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2107122012-3887617209-2813249809-1000UA.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2107122012-3887617209-2813249809-1001Core.job => C:\Users\[Nutzer]\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2107122012-3887617209-2813249809-1001UA.job => C:\Users\[Nutzer]\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-06-11 17:24 - 2012-06-11 17:24 - 00045056 _____ () C:\Windows\system32\atitmp64.dll
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\PACE:AB88C7C0634EB5D0
AlternateDataStreams: C:\Users\[Nutzer]\Cookies:y5cLsF9hUG8kFpLkt6gmn
AlternateDataStreams: C:\Users\[Nutzer]\Lokale Einstellungen:L4no5DlQ7Yg3SSB6yk
AlternateDataStreams: C:\Users\[Nutzer]\AppData\Local:L4no5DlQ7Yg3SSB6yk
AlternateDataStreams: C:\Users\[Nutzer]\AppData\Local\Anwendungsdaten:L4no5DlQ7Yg3SSB6yk

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/27/2013 02:27:02 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (11/27/2013 02:27:02 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (11/27/2013 02:27:02 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (11/27/2013 02:27:02 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (11/27/2013 01:57:00 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (11/27/2013 00:26:44 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (11/27/2013 10:26:53 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (11/27/2013 09:57:02 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (11/27/2013 06:26:53 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (11/27/2013 06:26:42 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.


System errors:
=============
Error: (11/27/2013 02:08:26 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (11/26/2013 05:33:18 PM) (Source: Service Control Manager) (User: )
Description: Beep

Error: (11/26/2013 05:31:43 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (11/26/2013 05:28:17 PM) (Source: DCOM) (User: )
Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793}

Error: (11/26/2013 05:17:09 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (11/26/2013 05:13:38 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (11/26/2013 05:03:25 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (11/26/2013 04:53:24 PM) (Source: Microsoft-Windows-BitLocker-Driver) (User: NT-AUTORITÄT)
Description: 0xc000000dL:0x0

Error: (11/26/2013 04:16:04 PM) (Source: Microsoft-Windows-BitLocker-Driver) (User: NT-AUTORITÄT)
Description: 0xc000000dL:0x0

Error: (11/25/2013 10:21:21 AM) (Source: Microsoft-Windows-BitLocker-Driver) (User: NT-AUTORITÄT)
Description: 0xc000000dL:0x0


Microsoft Office Sessions:
=========================
Error: (11/27/2013 02:27:02 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (11/27/2013 02:27:02 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (11/27/2013 02:27:02 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (11/27/2013 02:27:02 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (11/27/2013 01:57:00 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (11/27/2013 00:26:44 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (11/27/2013 10:26:53 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (11/27/2013 09:57:02 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (11/27/2013 06:26:53 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (11/27/2013 06:26:42 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.


CodeIntegrity Errors:
===================================
  Date: 2013-11-27 15:38:26.543
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-27 15:38:26.501
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-27 15:38:26.462
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-27 15:38:26.424
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-27 15:38:26.356
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-27 15:38:26.318
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-27 15:38:26.265
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-27 15:38:26.216
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-26 19:38:11.379
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-26 19:38:11.347
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 46%
Total physical RAM: 4061.12 MB
Available physical RAM: 2165.49 MB
Total Pagefile: 8349.79 MB
Available Pagefile: 4591.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:8.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: ([Nutzer]) (Fixed) (Total:182.88 GB) (Free:4.89 GB) NTFS
Drive e: ([Nutzer2]) (Fixed) (Total:182.88 GB) (Free:0.88 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         

Alt 27.11.2013, 19:56   #15
aharonov
/// TB-Ausbilder
 
System Care Antivirus - Standard

System Care Antivirus



Schritt 1
  • Gehe zu Start --> Systemsteuerung und öffne Programme und Funktionen.
  • Suche und deinstalliere dort der Reihe nach folgende Einträge:
    outobox 2013.11.12.181539
  • Schliesse das Fenster wieder und führe einen Neustart durch, wenn das gefordert wurde.



Schritt 2
  • Öffne das Programm Malwarebytes Anti-Malware.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke auf Aktualisierung --> Suche nach Aktualisierung.
  • Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
  • Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.



Schritt 3


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Schritt 4

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.
__________________
cheers,
Leo

Antwort

Themen zu System Care Antivirus
abständen, antivirus, backup, bildschirm, compu, computer, download, entferne, entfernen, folge, gefaktes, hallo zusammen, hilfe, kostenloses, poppt, rechts, regelmäßigen, schnelle, schnelle hilfe, software, syetem care antivirus, system, system care, system care antivirus, unregelmäßige, verfügbar, zusammen




Ähnliche Themen: System Care Antivirus


  1. System Care Antivirus
    Log-Analyse und Auswertung - 04.09.2013 (5)
  2. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 25.08.2013 (4)
  3. System Care Antivirus was tun?
    Plagegeister aller Art und deren Bekämpfung - 09.08.2013 (3)
  4. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (25)
  5. System Care Antivirus auf PC
    Plagegeister aller Art und deren Bekämpfung - 20.07.2013 (10)
  6. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (15)
  7. System Care Antivirus
    Log-Analyse und Auswertung - 25.06.2013 (33)
  8. System Care Antivirus
    Log-Analyse und Auswertung - 23.06.2013 (9)
  9. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 23.06.2013 (21)
  10. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (70)
  11. System Care Antivirus-OTL Log
    Log-Analyse und Auswertung - 31.05.2013 (15)
  12. System Care Antivirus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 23.05.2013 (3)
  13. System Care Antivirus Win XP
    Plagegeister aller Art und deren Bekämpfung - 03.05.2013 (11)
  14. System Care Antivirus Win XP
    Mülltonne - 01.05.2013 (1)
  15. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 19.04.2013 (1)
  16. System Care Antivirus entfernen
    Anleitungen, FAQs & Links - 10.04.2013 (2)

Zum Thema System Care Antivirus - Hallo zusammen, hoffe hier auf schnelle Hilfe ... Habe mir wohl den "System Care Antivirus"-Plagegeist eingefangen. (Durch Download von Software über CDNet?) Es poppt jedenfalls in unregelmäßigen Abständen rechts unten - System Care Antivirus...
Archiv
Du betrachtest: System Care Antivirus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.