Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 04.02.2014, 16:08   #1
newi
 
Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen - Standard

Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen



Hallo Trojaner-Board-Profis,

ich bin das erste Mal auf eurer Seite und hoffe alles nach euren Regeln auszführen.

Also:
Anscheinend durch einen USB-Stick eines Bekannten habe ich irgendeine Malware auf meinen Rechner bekommen (WIN7 Pro, SP1). Meine Anti-Virensoftware (Trend Micro Titanium) erkennt und löscht diese zwar, der beinhaltende Ordner und die Dateien werden aber automatisch wieder rekonstruiert - die Anti-Virensoftware arbeitet (löscht) also ständig.

Ich habe mir bereits Malwarebytes heruntergeladen und mehrere Male ausgeführt, aber ohne Erfolg.

Bis jetzt habe ich auch keine Schäden am Rechner oder irgendwelcher Software feststellen können, ich habe aber den Rechner auch gleich vom Netz getrennt, was dzt auch der aktuelle Status ist.

Hier meine Log-files:

Defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:31 on 04/02/2014 (Admin_Mirko)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Frst:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2014
Ran by Mirko (ATTENTION: The logged in user is not administrator) on MIRKOS_DELL on 04-02-2014 15:32:29
Running from C:\Users\Mirko\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Portrait Displays\PremierColor\dthtml.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Portrait Displays Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Farbar) C:\Users\Mirko\Desktop\02_FRST64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-02-05] (IDT, Inc.)
HKLM\...\Run: [IntelPROSet] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4805936 2012-08-23] (Intel(R) Corporation)
HKLM\...\Run: [TdmNotify] - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [371024 2013-03-05] (Wave Systems Corp.)
HKLM\...\Run: [DFEPApplication] - C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077432 2012-08-15] (Dell Inc.)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1382568 2013-09-16] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [216928 2013-08-29] (Trend Micro Inc.)
HKLM\...\Run: [WLM] - C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe [39528 2013-01-31] (Trend Micro Inc.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1840720 2007-04-03] (CANON INC.)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-12-04] ()
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [DT DL2] - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [120400 2012-07-23] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [SSBkgdUpdate] - C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OpwareSE4] - C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2359832 2013-10-29] (Sony Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624056 2011-08-30] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
HKU\S-1-5-21-664203464-2089694265-3020698547-1002\...\Run: [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-664203464-2089694265-3020698547-1002\...\Run: [tsiVideo] - C:\Windows\SysWOW64\rundll32.exe C:\Users\Mirko\AppData\Local\Temp\\mdi064.dll,runme <===== ATTENTION
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [184048 2013-12-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-12-04] (NVIDIA Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Admin_Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Analoguhr.lnk
ShortcutTarget: Analoguhr.lnk -> C:\Users\Mirko\AppData\Local\Temp\Temp1_clock.zip\CLOCK.EXE ()
Startup: C:\Users\Admin_Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Admin_Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13-comm.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {90699434-2CF0-45A9-B20C-CE9A2C807EDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
SearchScopes: HKLM - {90699434-2CF0-45A9-B20C-CE9A2C807EDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
SearchScopes: HKLM-x32 - DefaultScope {90699434-2CF0-45A9-B20C-CE9A2C807EDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
SearchScopes: HKLM-x32 - {90699434-2CF0-45A9-B20C-CE9A2C807EDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Tcpip\..\Interfaces\{40D7FC1B-8AF7-4B01-BA89-D973FE645C48}: [NameServer]192.168.200.2

FireFox:
========
FF ProfilePath: C:\Users\Mirko\AppData\Roaming\Mozilla\Firefox\Profiles\jybocd2l.default
FF Homepage: www.google.at
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Bluhell Firewall - C:\Users\Mirko\AppData\Roaming\Mozilla\Firefox\Profiles\jybocd2l.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-12-29]
FF Extension: Tab Mix Plus - C:\Users\Mirko\AppData\Roaming\Mozilla\Firefox\Profiles\jybocd2l.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-09-02]
FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2013-10-08]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2013-10-08]
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2013-08-27]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ []

==================== Services (Whitelisted) =================

S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [79360 2013-09-02] (Autodesk)
R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-15] (Dell Inc.)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [136784 2012-07-23] (Portrait Displays, Inc.)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [231792 2013-03-11] ()
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] ()
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-05-23] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166432 2012-10-23] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] ()
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [1290016 2013-12-04] (NVIDIA Corporation)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [21504 2013-01-21] (Dell, Inc.)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2013-10-29] (Sony Corporation)
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-05-23] ()
S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] ()
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1773056 2013-02-26] (Wave Systems Corp.)
S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254824 2013-03-08] (Wave Systems Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]

==================== Drivers (Whitelisted) ====================

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2013-08-03] (Broadcom Corporation.)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-05-23] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-04] (NVIDIA Corporation)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-05-23] ()
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-21] (STMicroelectronics)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [109072 2013-09-04] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [175528 2013-09-04] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-24] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [77184 2013-09-04] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [210232 2012-07-06] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-05-02] (Trend Micro Inc.)
R5 tmeevw; C:\Windows\System32\Drivers\tmeevw.sys [94520 2012-12-07] (Trend Micro Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-04 15:32 - 2014-02-04 15:32 - 00021524 _____ () C:\Users\Mirko\Desktop\FRST.txt
2014-02-04 15:32 - 2014-02-04 15:32 - 00000000 ____D () C:\FRST
2014-02-04 15:31 - 2014-02-04 15:31 - 00000000 _____ () C:\Users\Admin_Mirko\defogger_reenable
2014-02-04 15:30 - 2014-02-04 15:27 - 02080256 _____ (Farbar) C:\Users\Mirko\Desktop\02_FRST64.exe
2014-02-04 15:30 - 2014-02-04 15:27 - 00380416 _____ () C:\Users\Mirko\Desktop\03_Gmer-19357.exe
2014-02-04 15:30 - 2014-02-04 15:23 - 00050477 _____ () C:\Users\Mirko\Desktop\01_Defogger.exe
2014-02-04 12:45 - 2014-02-04 12:45 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\Malwarebytes
2014-02-04 12:35 - 2014-02-04 12:35 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\Malwarebytes
2014-02-04 12:34 - 2014-02-04 12:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-04 12:34 - 2014-02-04 12:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-04 12:34 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-03 11:53 - 2014-02-03 12:00 - 00000000 ___RD () C:\Users\Admin_Mirko\Virtual Machines
2014-02-03 11:43 - 2014-02-04 11:47 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Local\CrashDumps
2014-01-27 14:19 - 2014-01-27 14:19 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\PDF Writer
2014-01-27 14:19 - 2014-01-27 14:19 - 00000000 ____D () C:\Users\Mirko\AppData\Local\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\ProgramData\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Program Files\Common Files\Bullzip
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Program Files\Bullzip
2014-01-27 14:13 - 2014-01-09 09:37 - 00147456 _____ (Bullzip) C:\Windows\SysWOW64\bzpdfc.dll
2014-01-27 14:13 - 2013-09-01 11:59 - 01103872 _____ () C:\Windows\SysWOW64\CBLCtlsU.ocx
2014-01-27 14:13 - 2013-07-13 11:15 - 00805376 _____ () C:\Windows\SysWOW64\EditCtlsU.ocx
2014-01-27 14:13 - 2013-07-12 21:57 - 00539648 _____ () C:\Windows\SysWOW64\LblCtlsU.ocx
2014-01-27 14:13 - 2013-04-05 12:55 - 00476160 _____ () C:\Windows\SysWOW64\TabStripCtlU.ocx
2014-01-27 14:13 - 2013-03-28 22:13 - 00645632 _____ () C:\Windows\SysWOW64\BtnCtlsU.ocx
2014-01-27 14:13 - 2013-03-03 13:37 - 01061888 _____ () C:\Windows\SysWOW64\ExLvwU.ocx
2014-01-27 14:13 - 2008-10-30 09:37 - 00227840 _____ (Bullzip) C:\Windows\SysWOW64\bzFlRdr.dll
2014-01-27 14:13 - 2008-07-09 09:37 - 00103424 _____ (Bullzip) C:\Windows\SysWOW64\bzDCT.dll
2014-01-17 15:14 - 2014-01-17 15:14 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\BR
2014-01-17 15:13 - 2014-01-17 15:13 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\BR
2014-01-16 08:27 - 2014-01-16 08:27 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\WinRAR
2014-01-16 08:25 - 2014-01-16 08:25 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-16 08:25 - 2014-01-16 08:25 - 00000000 ____D () C:\Program Files\WinRAR
2014-01-10 11:02 - 2014-01-10 11:02 - 00000175 _____ () C:\ProgramData\OutlookFail.20140110.log
2014-01-09 13:55 - 2014-01-09 14:32 - 43703296 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd831_all_incr.msp
2014-01-09 12:28 - 2014-01-09 12:37 - 44644864 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd830_all_incr.msp
2014-01-09 12:27 - 2014-01-09 12:47 - 43396608 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd826_all_incr.msp
2014-01-09 12:22 - 2014-01-09 12:34 - 43589632 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd825_all_incr.msp
2014-01-09 12:19 - 2014-01-09 12:46 - 45099008 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd822_all_incr.msp
2014-01-09 12:19 - 2014-01-09 12:28 - 42970624 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd823_all_incr.msp
2014-01-09 12:19 - 2014-01-09 12:22 - 09225216 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd824_all_incr.msp
2014-01-09 12:18 - 2014-01-09 12:47 - 49241088 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd820_all_incr.msp
2014-01-09 12:18 - 2014-01-09 12:45 - 45229056 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd817_all_incr.msp
2014-01-09 12:18 - 2014-01-09 12:19 - 02953728 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd821_all_incr.msp
2014-01-09 12:17 - 2014-01-09 12:27 - 18554368 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd816_all_incr.msp
2014-01-09 12:17 - 2014-01-09 12:18 - 03162624 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd815_all_incr.msp
2014-01-09 12:16 - 2014-01-09 12:18 - 10935296 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd814_all_incr.msp
2014-01-09 12:16 - 2014-01-09 12:17 - 04498944 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd814_all_ce_incr.msp
2014-01-09 12:16 - 2014-01-09 12:17 - 04436992 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd814_all_me_incr.msp
2014-01-09 12:11 - 2007-03-23 16:55 - 00035928 _____ (Adobe Systems Incorporated.) C:\Windows\system32\AdobePDF64.dll
2014-01-09 12:07 - 2014-01-09 12:11 - 40293888 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd813_all_incr.msp
2014-01-09 12:04 - 2014-01-09 12:05 - 02251776 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatReaderUpd812_SU1_all.msi
2014-01-09 12:03 - 2014-01-09 12:05 - 20783104 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd812_all_incr.msp
2014-01-09 12:01 - 2014-01-09 12:02 - 11395584 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd811_all_incr.msp
2014-01-09 11:54 - 2014-01-09 11:57 - 37983232 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd810_efgj_incr.msp
2014-01-09 10:57 - 2006-09-29 12:48 - 00033368 ____R (Adobe Systems Incorporated.) C:\Windows\SysWOW64\AdobePDF.dll
2014-01-09 10:14 - 2014-01-09 10:14 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-01-06 16:49 - 2014-01-06 16:49 - 00000175 _____ () C:\ProgramData\OutlookFail.20140106.log
2014-01-06 16:43 - 2014-01-06 16:43 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\EDrawings
2014-01-06 16:38 - 2014-01-06 16:41 - 00000000 ____D () C:\Users\Mirko\AppData\Local\TempSWSicherungsverzeichnis
2014-01-06 16:38 - 2014-01-06 16:38 - 00000000 ____D () C:\Users\Mirko\AppData\Local\SolidWorks
2014-01-06 16:32 - 2014-01-06 16:32 - 00000000 ____D () C:\ProgramData\Simpoe
2014-01-06 16:31 - 2014-01-06 16:31 - 00000000 ____D () C:\Program Files (x86)\SolidWorks Corp
2014-01-06 16:29 - 2014-01-06 16:29 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\help_images_otherUI
2014-01-06 16:29 - 2014-01-06 16:29 - 00000000 _____ () C:\Windows\eDrawingOfficeAutomator.INI
2014-01-06 16:28 - 2014-01-06 16:28 - 00000000 ____D () C:\Users\Admin_Mirko\Documents\SolidWorks Visual Studio Tools for Applications
2014-01-06 16:28 - 2014-01-06 16:28 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\DassaultSystemes
2014-01-06 16:28 - 2014-01-06 16:28 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Local\DassaultSystemes
2014-01-06 16:28 - 2014-01-06 16:28 - 00000000 ____D () C:\ProgramData\DassaultSystemes
2014-01-06 16:07 - 2014-01-06 16:32 - 00000000 ____D () C:\Program Files\SolidWorks Corp
2014-01-06 16:07 - 2014-01-06 16:31 - 00000000 ____D () C:\Program Files\Common Files\SolidWorks Shared
2014-01-06 16:07 - 2014-01-06 16:07 - 00000000 ____D () C:\ProgramData\SolidWorks
2014-01-06 16:07 - 2014-01-06 16:07 - 00000000 ____D () C:\Program Files\Common Files\Macrovision Shared
2014-01-06 16:06 - 2014-01-06 16:06 - 00000000 ____D () C:\Users\Admin_Mirko\Documents\Visual Studio 2005
2014-01-06 16:06 - 2014-01-06 16:06 - 00000000 ____D () C:\ProgramData\Apple
2014-01-06 16:06 - 2014-01-06 16:06 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2014-01-06 16:06 - 2014-01-06 16:06 - 00000000 ____D () C:\Program Files\Bonjour
2014-01-06 16:06 - 2014-01-06 16:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-01-06 16:06 - 2014-01-06 16:06 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-01-06 16:05 - 2014-01-06 16:10 - 00000000 ____D () C:\SolidWorks Data
2014-01-06 16:05 - 2014-01-06 16:05 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-01-06 15:48 - 2014-01-06 16:05 - 00000000 ____D () C:\Windows\SolidWorks
2014-01-06 15:48 - 2014-01-06 15:48 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\SolidWorks
2014-01-06 15:47 - 2014-01-19 19:51 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\SolidWorks
2014-01-06 15:38 - 2014-01-06 15:38 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\DAEMON Tools Lite
2014-01-06 15:17 - 2014-01-06 15:33 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\DAEMON Tools Lite
2014-01-06 15:16 - 2014-01-06 15:33 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite

==================== One Month Modified Files and Folders =======

2014-02-04 15:32 - 2014-02-04 15:32 - 00021524 _____ () C:\Users\Mirko\Desktop\FRST.txt
2014-02-04 15:32 - 2014-02-04 15:32 - 00000000 ____D () C:\FRST
2014-02-04 15:31 - 2014-02-04 15:31 - 00000000 _____ () C:\Users\Admin_Mirko\defogger_reenable
2014-02-04 15:31 - 2013-08-19 19:02 - 00000000 ____D () C:\Users\Admin_Mirko
2014-02-04 15:30 - 2010-11-21 07:50 - 00701236 _____ () C:\Windows\system32\perfh007.dat
2014-02-04 15:30 - 2010-11-21 07:50 - 00150104 _____ () C:\Windows\system32\perfc007.dat
2014-02-04 15:30 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-04 15:29 - 2009-07-14 05:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-04 15:29 - 2009-07-14 05:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-04 15:27 - 2014-02-04 15:30 - 02080256 _____ (Farbar) C:\Users\Mirko\Desktop\02_FRST64.exe
2014-02-04 15:27 - 2014-02-04 15:30 - 00380416 _____ () C:\Users\Mirko\Desktop\03_Gmer-19357.exe
2014-02-04 15:25 - 2013-08-03 23:54 - 01326277 _____ () C:\Windows\WindowsUpdate.log
2014-02-04 15:23 - 2014-02-04 15:30 - 00050477 _____ () C:\Users\Mirko\Desktop\01_Defogger.exe
2014-02-04 15:22 - 2013-08-04 00:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-04 15:22 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-04 15:22 - 2009-07-14 05:51 - 00062248 _____ () C:\Windows\setupact.log
2014-02-04 14:38 - 2013-12-19 16:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-04 14:01 - 2010-11-21 04:47 - 00471340 _____ () C:\Windows\PFRO.log
2014-02-04 12:58 - 2014-01-04 13:43 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Local\genienext
2014-02-04 12:45 - 2014-02-04 12:45 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\Malwarebytes
2014-02-04 12:35 - 2014-02-04 12:35 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\Malwarebytes
2014-02-04 12:35 - 2014-02-04 12:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-04 12:34 - 2014-02-04 12:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-04 11:47 - 2014-02-03 11:43 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Local\CrashDumps
2014-02-03 12:00 - 2014-02-03 11:53 - 00000000 ___RD () C:\Users\Admin_Mirko\Virtual Machines
2014-02-03 11:45 - 2014-01-02 16:52 - 00000000 ___RD () C:\Users\Mirko\Virtual Machines
2014-02-03 11:39 - 2013-12-23 15:53 - 00000000 ____D () C:\Users\Mirko\AppData\Local\CrashDumps
2014-01-27 14:19 - 2014-01-27 14:19 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\PDF Writer
2014-01-27 14:19 - 2014-01-27 14:19 - 00000000 ____D () C:\Users\Mirko\AppData\Local\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\ProgramData\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Program Files\Common Files\Bullzip
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Program Files\Bullzip
2014-01-20 20:19 - 2013-08-19 19:07 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Local\Adobe
2014-01-20 20:18 - 2013-08-03 23:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-20 20:18 - 2013-08-03 23:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-19 19:51 - 2014-01-06 15:47 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\SolidWorks
2014-01-18 07:10 - 2013-11-11 07:15 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\Skype
2014-01-17 15:14 - 2014-01-17 15:14 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\BR
2014-01-17 15:13 - 2014-01-17 15:13 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\BR
2014-01-16 08:32 - 2010-11-21 08:00 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-01-16 08:27 - 2014-01-16 08:27 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\WinRAR
2014-01-16 08:25 - 2014-01-16 08:25 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-16 08:25 - 2014-01-16 08:25 - 00000000 ____D () C:\Program Files\WinRAR
2014-01-12 23:26 - 2013-11-11 07:15 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-01-12 23:26 - 2013-11-11 07:15 - 00000000 ____D () C:\ProgramData\Skype
2014-01-10 11:02 - 2014-01-10 11:02 - 00000175 _____ () C:\ProgramData\OutlookFail.20140110.log
2014-01-09 14:32 - 2014-01-09 13:55 - 43703296 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd831_all_incr.msp
2014-01-09 12:47 - 2014-01-09 12:27 - 43396608 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd826_all_incr.msp
2014-01-09 12:47 - 2014-01-09 12:18 - 49241088 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd820_all_incr.msp
2014-01-09 12:46 - 2014-01-09 12:19 - 45099008 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd822_all_incr.msp
2014-01-09 12:45 - 2014-01-09 12:18 - 45229056 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd817_all_incr.msp
2014-01-09 12:37 - 2014-01-09 12:28 - 44644864 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd830_all_incr.msp
2014-01-09 12:34 - 2014-01-09 12:22 - 43589632 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd825_all_incr.msp
2014-01-09 12:28 - 2014-01-09 12:19 - 42970624 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd823_all_incr.msp
2014-01-09 12:27 - 2014-01-09 12:17 - 18554368 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd816_all_incr.msp
2014-01-09 12:22 - 2014-01-09 12:19 - 09225216 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd824_all_incr.msp
2014-01-09 12:19 - 2014-01-09 12:18 - 02953728 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd821_all_incr.msp
2014-01-09 12:18 - 2014-01-09 12:17 - 03162624 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd815_all_incr.msp
2014-01-09 12:18 - 2014-01-09 12:16 - 10935296 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd814_all_incr.msp
2014-01-09 12:17 - 2014-01-09 12:16 - 04498944 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd814_all_ce_incr.msp
2014-01-09 12:17 - 2014-01-09 12:16 - 04436992 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd814_all_me_incr.msp
2014-01-09 12:11 - 2014-01-09 12:07 - 40293888 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd813_all_incr.msp
2014-01-09 12:06 - 2013-08-04 00:09 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-01-09 12:05 - 2014-01-09 12:04 - 02251776 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatReaderUpd812_SU1_all.msi
2014-01-09 12:05 - 2014-01-09 12:03 - 20783104 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd812_all_incr.msp
2014-01-09 12:02 - 2014-01-09 12:01 - 11395584 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd811_all_incr.msp
2014-01-09 11:57 - 2014-01-09 11:54 - 37983232 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd810_efgj_incr.msp
2014-01-09 10:35 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-01-09 10:23 - 2013-08-04 00:09 - 00000000 ____D () C:\ProgramData\Adobe
2014-01-09 10:14 - 2014-01-09 10:14 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-01-09 09:37 - 2014-01-27 14:13 - 00147456 _____ (Bullzip) C:\Windows\SysWOW64\bzpdfc.dll
2014-01-07 13:31 - 2013-08-19 19:03 - 00117416 _____ () C:\Users\Admin_Mirko\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-07 12:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-01-06 16:49 - 2014-01-06 16:49 - 00000175 _____ () C:\ProgramData\OutlookFail.20140106.log
2014-01-06 16:43 - 2014-01-06 16:43 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\EDrawings
2014-01-06 16:41 - 2014-01-06 16:38 - 00000000 ____D () C:\Users\Mirko\AppData\Local\TempSWSicherungsverzeichnis
2014-01-06 16:38 - 2014-01-06 16:38 - 00000000 ____D () C:\Users\Mirko\AppData\Local\SolidWorks
2014-01-06 16:38 - 2013-11-13 09:30 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\NVIDIA
2014-01-06 16:34 - 2013-08-29 09:47 - 00117416 _____ () C:\Users\Mirko\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-06 16:34 - 2009-07-14 05:45 - 00404232 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-06 16:32 - 2014-01-06 16:32 - 00000000 ____D () C:\ProgramData\Simpoe
2014-01-06 16:32 - 2014-01-06 16:07 - 00000000 ____D () C:\Program Files\SolidWorks Corp
2014-01-06 16:31 - 2014-01-06 16:31 - 00000000 ____D () C:\Program Files (x86)\SolidWorks Corp
2014-01-06 16:31 - 2014-01-06 16:07 - 00000000 ____D () C:\Program Files\Common Files\SolidWorks Shared
2014-01-06 16:29 - 2014-01-06 16:29 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\help_images_otherUI
2014-01-06 16:29 - 2014-01-06 16:29 - 00000000 _____ () C:\Windows\eDrawingOfficeAutomator.INI
2014-01-06 16:28 - 2014-01-06 16:28 - 00000000 ____D () C:\Users\Admin_Mirko\Documents\SolidWorks Visual Studio Tools for Applications
2014-01-06 16:28 - 2014-01-06 16:28 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\DassaultSystemes
2014-01-06 16:28 - 2014-01-06 16:28 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Local\DassaultSystemes
2014-01-06 16:28 - 2014-01-06 16:28 - 00000000 ____D () C:\ProgramData\DassaultSystemes
2014-01-06 16:28 - 2013-08-27 23:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-06 16:10 - 2014-01-06 16:05 - 00000000 ____D () C:\SolidWorks Data
2014-01-06 16:07 - 2014-01-06 16:07 - 00000000 ____D () C:\ProgramData\SolidWorks
2014-01-06 16:07 - 2014-01-06 16:07 - 00000000 ____D () C:\Program Files\Common Files\Macrovision Shared
2014-01-06 16:06 - 2014-01-06 16:06 - 00000000 ____D () C:\Users\Admin_Mirko\Documents\Visual Studio 2005
2014-01-06 16:06 - 2014-01-06 16:06 - 00000000 ____D () C:\ProgramData\Apple
2014-01-06 16:06 - 2014-01-06 16:06 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2014-01-06 16:06 - 2014-01-06 16:06 - 00000000 ____D () C:\Program Files\Bonjour
2014-01-06 16:06 - 2014-01-06 16:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-01-06 16:06 - 2014-01-06 16:06 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-01-06 16:06 - 2013-08-27 23:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-01-06 16:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-01-06 16:05 - 2014-01-06 16:05 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-01-06 16:05 - 2014-01-06 15:48 - 00000000 ____D () C:\Windows\SolidWorks
2014-01-06 16:05 - 2013-11-18 14:08 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-01-06 15:48 - 2014-01-06 15:48 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\SolidWorks
2014-01-06 15:38 - 2014-01-06 15:38 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\DAEMON Tools Lite
2014-01-06 15:33 - 2014-01-06 15:17 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\DAEMON Tools Lite
2014-01-06 15:33 - 2014-01-06 15:16 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite

Files to move or delete:
====================
C:\Windows\SysWOW64\nvinit.dll


Some content of TEMP:
====================
C:\Users\Admin_Mirko\AppData\Local\Temp\AcDeltree.exe
C:\Users\Admin_Mirko\AppData\Local\Temp\htmlayout.dll
C:\Users\Admin_Mirko\AppData\Local\Temp\mdi064.dll
C:\Users\Admin_Mirko\AppData\Local\Temp\mdi164.dll
C:\Users\Admin_Mirko\AppData\Local\Temp\mdi264.dll
C:\Users\Admin_Mirko\AppData\Local\Temp\mdi364.dll
C:\Users\Admin_Mirko\AppData\Local\Temp\mdi464.dll
C:\Users\Admin_Mirko\AppData\Local\Temp\mdi564.dll
C:\Users\Admin_Mirko\AppData\Local\Temp\toolbar2603500.exe
C:\Users\Admin_Mirko\AppData\Local\Temp\uninstall2911743.exe
C:\Users\Admin_Mirko\AppData\Local\Temp\uninstall2912881.exe
C:\Users\Admin_Mirko\AppData\Local\Temp\Updater.exe
C:\Users\Mirko\AppData\Local\Temp\mdi064.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2014
Ran by Mirko at 2014-02-04 15:32:45
Running from C:\Users\Mirko\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Trend Micro Titanium (Enabled - Up to date) {B7599298-8445-728A-A5C7-A26A082C8BDA}
AS: Trend Micro Titanium (Enabled - Up to date) {0C38737C-A27F-7D04-9F77-991873ABC167}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Acrobat 8 Professional - English, Français, Deutsch (x32 Version: 8.3.1 - Adobe Systems) Hidden
Adobe Acrobat 8.3.1 - CPSID_83708 (x32 Version:  - Adobe Systems Incorporated)
Adobe Acrobat 8.3.1 Professional (x32 Version: 8.3.1 - Adobe Systems)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (x32 Version: 8.1.2 - Adobe Systems, Inc) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Bullzip PDF Printer 10.2.0.2141 (Version: 10.2.0.2141 - Bullzip)
Canon MP Navigator EX 1.0 (x32 Version:  - )
Canon MP210 series (Version:  - )
Canon MP210 series Benutzerregistrierung (x32 Version:  - )
Canon My Printer (Version:  - )
Canon Utilities Easy-PhotoPrint EX (x32 Version:  - )
Canon Utilities Solution Menu (x32 Version:  - )
Custom (Version: 01.00.00.002 - Wave Systems Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
Dell Client System Update (x32 Version: 1.3.0 - Dell Inc.)
Dell Data Protection | Access (Version: 2.3.00003.072 - Dell Inc.)
Dell Digital Delivery (x32 Version: 2.8.1000.0 - Dell Products, LP)
Dell Edoc Viewer (Version: 1.0.0 - Dell Inc)
Dell Feature Enhancement Pack (Version: 2.2.1 - Dell)
Dell Protected Workspace (x32 Version: 2.3.15502 - Invincea, Inc.)
Dell Touchpad (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (x32 Version: 1.40.54 - Creative Technology Ltd)
DellAccess (Version: 01.03.00.078 - Wave Systems Corp.) Hidden
EMBASSY Client Core (Version: 01.03.00.123 - Wave Systems Corp.) Hidden
ERAS Connector (Version: 02.09.05.0335 - Wave Systems Corp) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
GemPcCCID (Version: 2.0.1 - Gemalto) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Control Center (x32 Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 8.1.20.1337 - Intel Corporation)
Intel(R) Network Connections 17.2.154.0 (Version: 17.2.154.0 - Intel)
Intel(R) Network Connections 17.2.154.0 (Version: 17.2.154.0 - Intel) Hidden
Intel(R) Processor Graphics (x32 Version: 8.15.10.2639 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.2.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.8.251 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (Version: 15.03.1000.1637 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.26.242.3 - Intel Corporation) Hidden
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Logitech Unifying-Software 2.10 (Version: 2.10.37 - Logitech)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
MergeModule_x64 (Version: 8.0.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (x32 Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Online Services-Anmeldeassistent (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual Basic for Applications 7.1 (x64) (Version: 7.1.00.00 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) English (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.57232 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.52572 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version: 8.0.50727.146 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 327.62 (Version: 327.62 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.62 (Version: 327.62 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.23.1 (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.141.953 - NVIDIA Corporation) Hidden
NVIDIA nView 140.75 (Version: 140.75 - NVIDIA Corporation)
NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2762 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.62 (Version: 327.62 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
NVIDIA WMI 2.14.0 (Version: 2.14.0 - NVIDIA Corporation)
Paint.NET v3.5.11 (Version: 3.61.0 - dotPDN LLC)
PBA Driver-x64 (Version: 1.0.1.8 - Dell Inc.) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PIXMA Extended Survey Program (x32 Version:  - )
PlayMemories Home (x32 Version: 8.0.10.10290 - Sony Corporation)
Preboot Manager (Version: 03.05.00.043 - Wave Systems Corp.) Hidden
PremierColor (x32 Version: 2.00.053 - Portrait Displays, Inc.)
Private Information Manager (Version: 07.03.00.032 - Wave Systems Corp.) Hidden
ScanSoft OmniPage SE 4 (x32 Version: 15.2.0020 - Nuance Communications, Inc.)
SDK (x32 Version: 2.31.009 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SI TSS (Version: 2.1.41 - Security Innovation) Hidden
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
SOHLib for PlayMemories Home (Version: 1.0.0.09130 - Sony Corporation) Hidden
SolidWorks 2013 x64 Edition SP0 (Version: 21.100.5024 - SolidWorks) Hidden
SolidWorks 2013 x64 Edition SP0 (x32 Version: 21.0.0.5024 - SolidWorks Corporation)
SolidWorks 2013 x64 German Resources (Version: 21.100.5024 - SolidWorks Corporation) Hidden
SolidWorks eDrawings 2013 x64 Edition SP0 (Version: 13.0.5016 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Explorer 2013 SP0 x64 Edition (Version: 21.00.5024 - SolidWorks Corporation) Hidden
SolidWorks Plastics 2013 SP0 x64 Edition (Version: 21.00.5024 - SolidWorks Corporation) Hidden
SPBA (WBF) 5.9 (Version: 5.9.7.7232 - Authentec Inc.) Hidden
ST Microelectronics 3 Axis Digital Accelerometer Solution (x32 Version: 4.10.0036 - ST Microelectronics)
toolkit32for64bit (x32 Version: 7.70.13.0001 - Wave Systems Corp) Hidden
Trend Micro Titanium (Version: 6.0 - Trend Micro Inc.)
Trend Micro Titanium (Version: 6.00 - Trend Micro Inc.) Hidden
Trusted Drive Manager (Version: 5.0.2.24 - Wave Systems Corp.) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)
VBA (2627.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VBA (2701.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VNC Viewer 5.0.5 (Version: 5.0.5 - RealVNC Ltd)
Wave Crypto Runtime 2.0.9.0 x64 (Version: 02.00.09.0000 - Wave Systems Corp) Hidden
Wave Crypto Runtime 2.0.9.0 x86 (x32 Version: 02.00.09.0000 - Wave Systems Corp) Hidden
Wave Infrastructure Installer (Version: 07.70.13.0001 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.15.00.024 - Wave Systems Corp) Hidden
WIDCOMM Bluetooth Software (Version: 6.5.1.2410 - Broadcom Corporation)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Small Business Server 2008 ClientAgent (Version: 6.0.5601.6 - Microsoft Corporation)
Windows XP Mode (Version: 1.3.7600.16422 - Microsoft Corporation)
WinRAR 5.01 (64-Bit) (Version: 5.01.0 - win.rar GmbH)

==================== Restore Points  =========================

Could not list Restore Points. Check WMI.


==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?

==================== Loaded Modules (whitelisted) =============

2013-08-04 00:01 - 2012-07-23 22:42 - 00080976 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\msgHook64.dll
2013-08-03 23:59 - 2013-12-04 02:22 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-08-04 00:01 - 2012-07-23 22:42 - 00268368 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dthook.dll
2013-08-04 01:40 - 2012-02-01 19:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-08-27 22:51 - 2012-05-02 20:27 - 00049664 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_49.dll
2013-08-27 22:51 - 2012-05-02 20:24 - 00064512 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_49.dll
2012-09-28 05:50 - 2012-09-28 05:50 - 00272488 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\sldBodyDiffu.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:517
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:569
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:670

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/04/2014 03:22:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 02:49:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 02:01:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 01:06:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 00:59:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 00:43:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 11:49:06 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 11:47:30 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: key.exe, Version: 0.0.0.0, Zeitstempel: 0x52e3653e
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x030f2553
ID des fehlerhaften Prozesses: 0x17ec
Startzeit der fehlerhaften Anwendung: 0xkey.exe0
Pfad der fehlerhaften Anwendung: key.exe1
Pfad des fehlerhaften Moduls: key.exe2
Berichtskennung: key.exe3

Error: (02/04/2014 08:02:37 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 01:38:26 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: key.exe, Version: 0.0.0.0, Zeitstempel: 0x52e3653e
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x02f02553
ID des fehlerhaften Prozesses: 0x13b4
Startzeit der fehlerhaften Anwendung: 0xkey.exe0
Pfad der fehlerhaften Anwendung: key.exe1
Pfad des fehlerhaften Moduls: key.exe2
Berichtskennung: key.exe3


System errors:
=============
Error: (02/04/2014 03:24:45 PM) (Source: TermService) (User: )
Description: Der Terminalserver kann den Dienstprinzipalnamen "TERMSRV", der für die Serverauthentifizierung verwendet werden soll, nicht registrieren. Der folgende Fehler ist aufgetreten: Die angegebene Domäne ist nicht vorhanden, oder es konnte keine Verbindung hergestellt werden.
.

Error: (02/04/2014 03:22:48 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT-AUTORITÄT)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.

Error: (02/04/2014 03:22:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WvPCR" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0

Error: (02/04/2014 03:22:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SI TSS v1.2.1.41 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0

Error: (02/04/2014 03:22:44 PM) (Source: NETLOGON) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne SEMTEC aufgrund der folgenden
Ursache nicht einrichten: 
%%1311

Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.



ZUSÄTZLICHE INFORMATIONEN

Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.

Error: (02/04/2014 02:51:51 PM) (Source: TermService) (User: )
Description: Der Terminalserver kann den Dienstprinzipalnamen "TERMSRV", der für die Serverauthentifizierung verwendet werden soll, nicht registrieren. Der folgende Fehler ist aufgetreten: Die angegebene Domäne ist nicht vorhanden, oder es konnte keine Verbindung hergestellt werden.
.

Error: (02/04/2014 02:49:54 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT-AUTORITÄT)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.

Error: (02/04/2014 02:49:50 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WvPCR" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0

Error: (02/04/2014 02:49:50 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SI TSS v1.2.1.41 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0

Error: (02/04/2014 02:49:50 PM) (Source: NETLOGON) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne SEMTEC aufgrund der folgenden
Ursache nicht einrichten: 
%%1311

Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.



ZUSÄTZLICHE INFORMATIONEN

Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.


Microsoft Office Sessions:
=========================
Error: (02/04/2014 03:22:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 02:49:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 02:01:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 01:06:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 00:59:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 00:43:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 11:49:06 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 11:47:30 AM) (Source: Application Error)(User: )
Description: key.exe0.0.0.052e3653eunknown0.0.0.000000000c0000005030f255317ec01cf21967fb1e32aC:\Users\ADMIN_~1\AppData\Local\Temp\7zE692FA50\key.exeunknownbe91806e-8d89-11e3-ad0e-f01faf30a743

Error: (02/04/2014 08:02:37 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 01:38:26 PM) (Source: Application Error)(User: )
Description: key.exe0.0.0.052e3653eunknown0.0.0.000000000c000000502f0255313b401cf20dcd53a4cd5C:\Users\ADMIN_~1\AppData\Local\Temp\7z64BB73B0\key.exeunknown133c8940-8cd0-11e3-83a7-6c8814f7dfa8


==================== Memory info =========================== 

Percentage of memory in use: 16%
Total physical RAM: 16267.77 MB
Available physical RAM: 13541.88 MB
Total Pagefile: 32533.72 MB
Available Pagefile: 29674.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:237.7 GB) (Free:122.13 GB) NTFS
Drive j: (Kingston) (Removable) (Total:0.96 GB) (Free:0.4 GB) FAT

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         
Gmer:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-04 15:40:26
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 LITEONIT rev.DC81 238,47GB
Running: 03_Gmer-19357.exe; Driver: C:\Users\ADMIN_~1\AppData\Local\Temp\uwdyiuoc.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                            0000000077811465 2 bytes [81, 77]
.text    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                           00000000778114bb 2 bytes [81, 77]
.text    ...                                                                                                                                                                      * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                     0000000077811465 2 bytes [81, 77]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    00000000778114bb 2 bytes [81, 77]
.text    ...                                                                                                                                                                      * 2
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                              0000000077811465 2 bytes [81, 77]
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                             00000000778114bb 2 bytes [81, 77]
.text    ...                                                                                                                                                                      * 2
.text    C:\Windows\system32\Dwm.exe[4496] C:\Windows\system32\kernel32.dll!RegSetValueExW                                                                                        000000007754af40 7 bytes JMP 000000016fff0260
.text    C:\Windows\system32\Dwm.exe[4496] C:\Windows\system32\kernel32.dll!RegQueryValueExW                                                                                      0000000077554a60 5 bytes JMP 000000016fff01b8
.text    C:\Windows\system32\Dwm.exe[4496] C:\Windows\system32\kernel32.dll!RegDeleteValueW                                                                                       0000000077572990 5 bytes JMP 000000016fff01f0
.text    C:\Windows\system32\Dwm.exe[4496] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                                 000000007757efe0 5 bytes JMP 000000016fff0148
.text    C:\Windows\system32\Dwm.exe[4496] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                               00000000775a99b0 7 bytes JMP 000000016fff00d8
.text    C:\Windows\system32\Dwm.exe[4496] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                               00000000775b94d0 5 bytes JMP 000000016fff0180
.text    C:\Windows\system32\Dwm.exe[4496] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                                               00000000775b9640 5 bytes JMP 000000016fff0110
.text    C:\Windows\system32\Dwm.exe[4496] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                                        00000000775da500 7 bytes JMP 000000016fff0228
.text    C:\Windows\system32\Dwm.exe[4496] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                         000007fefd732db0 5 bytes JMP 000007fffd720180
.text    C:\Windows\system32\Dwm.exe[4496] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                    000007fefd7337d0 7 bytes JMP 000007fffd7200d8
.text    C:\Windows\system32\Dwm.exe[4496] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                      000007fefd738ef0 6 bytes JMP 000007fffd720148
.text    C:\Windows\system32\Dwm.exe[4496] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                  000007fefd74af60 5 bytes JMP 000007fffd720110
.text    C:\Windows\system32\Dwm.exe[4496] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                   000007fefe4a89e0 8 bytes JMP 000007fffd7201f0
.text    C:\Windows\system32\Dwm.exe[4496] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                 000007fefe4abe40 8 bytes JMP 000007fffd7201b8
.text    C:\Windows\system32\Dwm.exe[4496] C:\Windows\system32\dxgi.dll!CreateDXGIFactory                                                                                         000007fef336dc88 5 bytes JMP 000007fff31600d8
.text    C:\Windows\system32\Dwm.exe[4496] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1                                                                                        000007fef336de10 5 bytes JMP 000007fff3160110
.text    C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                 0000000077811465 2 bytes [81, 77]
.text    C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                00000000778114bb 2 bytes [81, 77]
.text    ...                                                                                                                                                                      * 2
.text    C:\Windows\SysWOW64\rundll32.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                           0000000077811465 2 bytes [81, 77]
.text    C:\Windows\SysWOW64\rundll32.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                          00000000778114bb 2 bytes [81, 77]
.text    ...                                                                                                                                                                      * 2
.text    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000077811465 2 bytes [81, 77]
.text    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000778114bb 2 bytes [81, 77]
.text    ...                                                                                                                                                                      * 2
.text    C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe[4548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                  0000000077811465 2 bytes [81, 77]
.text    C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe[4548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                 00000000778114bb 2 bytes [81, 77]
.text    ...                                                                                                                                                                      * 2
.text    C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[4864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                              0000000077811465 2 bytes [81, 77]
.text    C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[4864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                             00000000778114bb 2 bytes [81, 77]
.text    ...                                                                                                                                                                      * 2
.text    C:\Program Files (x86)\Portrait Displays\PremierColor\DTHtml.exe[4712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                           0000000077811465 2 bytes [81, 77]
.text    C:\Program Files (x86)\Portrait Displays\PremierColor\DTHtml.exe[4712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                          00000000778114bb 2 bytes [81, 77]
.text    ...                                                                                                                                                                      * 2
.text    C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                           0000000077811465 2 bytes [81, 77]
.text    C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                          00000000778114bb 2 bytes [81, 77]
.text    ...                                                                                                                                                                      * 2
.text    C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe[5448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              0000000077811465 2 bytes [81, 77]
.text    C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe[5448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                             00000000778114bb 2 bytes [81, 77]
.text    ...                                                                                                                                                                      * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              0000000077811465 2 bytes [81, 77]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                             00000000778114bb 2 bytes [81, 77]
.text    ...                                                                                                                                                                      * 2
.text    c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                           0000000077811465 2 bytes [81, 77]
.text    c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                          00000000778114bb 2 bytes [81, 77]
.text    ...                                                                                                                                                                      * 2
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   0000000077811465 2 bytes [81, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  00000000778114bb 2 bytes [81, 77]
.text    ...                                                                                                                                                                      * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                             0000000077811465 2 bytes [81, 77]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                            00000000778114bb 2 bytes [81, 77]
.text    ...                                                                                                                                                                      * 2
.text    C:\Users\Mirko\Desktop\03_Gmer-19357.exe[6304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                   0000000077811465 2 bytes [81, 77]
.text    C:\Users\Mirko\Desktop\03_Gmer-19357.exe[6304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                  00000000778114bb 2 bytes [81, 77]
.text    ...                                                                                                                                                                      * 2

---- Threads - GMER 2.1 ----

Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [6308:6808]                                                                                                           000007fefb492a7c
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [6308:6980]                                                                                                           000007fee0ca4830
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [6308:7112]                                                                                                           000007fef78f5124
---- Processes - GMER 2.1 ----

Library  C:\Users\Mirko\AppData\Local\Temp\mdi064.dll (*** suspicious ***) @ C:\Windows\SysWOW64\rundll32.exe [4336](2014-02-03 10:39:40)                                         00000000732d0000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\24fd5237bd0c                                                                                              
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\24fd5237bd0c (not active ControlSet)                                                                          

---- EOF - GMER 2.1 ----
         
Schon vorab vielen Dank,
newi

Alt 04.02.2014, 16:17   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen - Standard

Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen



Hi,

Logfiles von Trend Micro`?
__________________

__________________

Alt 04.02.2014, 16:34   #3
newi
 
Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen - Standard

Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen



Hallo,

hier der file (ich hab ih gekürzt damit er in den thread passt, die Einträge sind immer die selben):

TrendMicro:
Code:
ATTFilter
Datum/Uhrzeit,Name der Bedrohung,Infizierte Datei,Maßnahme,Entdeckt von,Von,An,Betreff,Protokoll
03.02.2014 16:40,HKTL_COINMINE,C:\Users\Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
03.02.2014 16:40,HKTL_COINMINE,C:\Users\Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
03.02.2014 16:40,HKTL_COINMINE,C:\Users\Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:24,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:24,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:24,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:24,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:24,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:24,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:24,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:24,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:24,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:24,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:24,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:24,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:24,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:24,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:24,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:25,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:25,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:25,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:25,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:25,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:25,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:25,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:25,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:52,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:52,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:52,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:52,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:52,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:52,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:54,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:54,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:54,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:54,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:54,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:54,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:54,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:54,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:54,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:54,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:54,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:54,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:54,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:54,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:55,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:56,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:57,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:58,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 14:59,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:00,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:01,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:02,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:02,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:02,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:02,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:02,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:02,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:02,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:02,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:02,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:02,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:02,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:02,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:02,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:02,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:03,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:03,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:03,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:03,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:03,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:03,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:03,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:03,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:03,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:03,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:03,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:03,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:03,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:03,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:03,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:03,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:03,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:03,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:03,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:03,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:03,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:03,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:03,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:04,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:05,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:06,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:07,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:08,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:09,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:10,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:11,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:12,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:13,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:14,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:15,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:16,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:17,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:18,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
04.02.2014 15:20,HKTL_COINMINE,C:\Users\Admin_Mirko\AppData\Local\Temp\iswizard05\iswizard.7z,Entfernt,Echtzeitsuche,
         
SG,
newi
__________________

Alt 05.02.2014, 09:32   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen - Standard

Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen



Ok. Unsere Tools brauchen immer Adminrechte.



Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.02.2014, 08:54   #5
newi
 
Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen - Standard

Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen



Hier das logfile von Combofix:

Code:
ATTFilter
ComboFix 14-02-05.02 - Admin_Mirko 05.02.2014   9:41:02.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.43.1031.18.16268.13817 [GMT 1:00]
ausgeführt von:: C:\Users\Mirko\Desktop\04_ComboFix.exe
AV: Trend Micro Titanium *Disabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
SP: Trend Micro Titanium *Disabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
         
Nach dem automatischen (von Combofix initiierten) Neustart kam folgende Fehlermeldung:

"Run DLL

Problem beim Starten von

C:\Users\"User"\AppData\Local\Temp\mdi064.dll

Das angegebene Modul wurde nicht gefunden"

und das Fenster von Combofix flimmerte über den Bildschirm.

Ich hab dann den Rechner manuell neu gestartet, da war dann zuerst das selbe Szenario, das flimmern hörte aber dann auf und ich konnte die Fehlermeldung mit "OK" schließen.
Das Combofix-Fenster steht jetzt geöffnet, ohne Text da.

06.01.2014
Nachtrag zum gestrigen Eintrag:

nach dem hochfahren heute morgen steht die gestern erwähnte Fehlermeldung wieder am Screen und das Combofix-Fenster flimmert wieder über den Bildschirm - bis dato habe ich es auch noch nicht geschafft das wegzubekommen.

SG,


Alt 07.02.2014, 07:57   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen - Standard

Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen



Combofix schliessen.

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen

Alt 07.02.2014, 13:46   #7
newi
 
Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen - Standard

Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen



Hallo,

nachdem Combofix wieder eine Zeit lang über den Bildschirm geflimmert ist kam heute folgende Fehlermeldung:

"NirCmd.3xe-Anwendungsfehler

Die Anwendung konnte nicht korrekt gestartet werden (0x0000142).
Klicken Sie auf "OK" um die Anwendung zu schließen."

Hier die logfiles:

Malwarebytes:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.07.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16750
Admin_Mirko :: MIRKOS_DELL [Administrator]

Schutz: Aktiviert

07.02.2014 09:27:32
mbam-log-2014-02-07 (09-27-32).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 311502
Laufzeit: 3 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Adwcleaner:
Code:
ATTFilter
# AdwCleaner v3.018 - Bericht erstellt am 07/02/2014 um 09:34:25
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Admin_Mirko - MIRKOS_DELL
# Gestartet von : C:\Users\Mirko\Desktop\05_adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Admin_Mirko\AppData\Roaming\goforfiles
Ordner Gelöscht : C:\Users\Mirko\AppData\Roaming\goforfiles
Datei Gelöscht : C:\Windows\System32\Tasks\GoforFilesUpdate

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\heoldelcflnigdllmlopiefhkkobendj
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16750


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\m.warmuth\AppData\Roaming\Mozilla\Firefox\Profiles\smmvp5k3.default\prefs.js ]


[ Datei : C:\Users\Admin_Mirko\AppData\Roaming\Mozilla\Firefox\Profiles\j8u6eq4c.default\prefs.js ]


[ Datei : C:\Users\Mirko\AppData\Roaming\Mozilla\Firefox\Profiles\jybocd2l.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1482 octets] - [07/02/2014 09:33:43]
AdwCleaner[S0].txt - [1359 octets] - [07/02/2014 09:34:25]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [1419 octets] ##########
         
JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Professional x64
Ran by Admin_Mirko on 07.02.2014 at 13:21:28,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.02.2014 at 13:30:21,58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST aktuell:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2014
Ran by Admin_Mirko (administrator) on MIRKOS_DELL on 07-02-2014 13:34:04
Running from C:\Users\Admin_Mirko\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(O2Micro International) C:\Windows\System32\o2flash.exe
(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Portrait Displays\PremierColor\dthtml.exe
(Portrait Displays Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Flexera Software, Inc.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Farbar) C:\Users\Admin_Mirko\Desktop\02_FRST64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-02-05] (IDT, Inc.)
HKLM\...\Run: [IntelPROSet] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4805936 2012-08-23] (Intel(R) Corporation)
HKLM\...\Run: [TdmNotify] - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [371024 2013-03-05] (Wave Systems Corp.)
HKLM\...\Run: [DFEPApplication] - C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077432 2012-08-15] (Dell Inc.)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1382568 2013-09-16] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [216928 2013-08-29] (Trend Micro Inc.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1840720 2007-04-03] (CANON INC.)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-12-04] ()
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [combofix] - C:\04_ComboFix\Combobatch.bat [8275 2014-02-05] ()
HKLM\...\Run: [WLM] - C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe [39528 2013-01-31] (Trend Micro Inc.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [DT DL2] - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [120400 2012-07-23] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [SSBkgdUpdate] - C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OpwareSE4] - C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2359832 2013-10-29] (Sony Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624056 2011-08-30] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Runonce: [combofix] - C:\04_ComboFix\CF14351.3XE /c C:\04_ComboFixCombobatch.bat
HKLM\...\runonceex: [flags] - 8
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
HKU\S-1-5-21-664203464-2089694265-3020698547-1002\...\Run: [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-664203464-2089694265-3020698547-1002\...\Run: [tsiVideo] - C:\Windows\SysWOW64\rundll32.exe C:\Users\Mirko\AppData\Local\Temp\\mdi064.dll,runme <===== ATTENTION
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [184048 2013-12-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-12-04] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Admin_Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Analoguhr.lnk
ShortcutTarget: Analoguhr.lnk -> C:\Users\Mirko\AppData\Local\Temp\Temp1_clock.zip\CLOCK.EXE (No File)
Startup: C:\Users\Admin_Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Admin_Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\m.warmuth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {90699434-2CF0-45A9-B20C-CE9A2C807EDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
SearchScopes: HKLM - {90699434-2CF0-45A9-B20C-CE9A2C807EDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
SearchScopes: HKLM-x32 - {90699434-2CF0-45A9-B20C-CE9A2C807EDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
SearchScopes: HKCU - {90699434-2CF0-45A9-B20C-CE9A2C807EDB} URL = 
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Tcpip\..\Interfaces\{40D7FC1B-8AF7-4B01-BA89-D973FE645C48}: [NameServer]192.168.200.2

FireFox:
========
FF ProfilePath: C:\Users\Admin_Mirko\AppData\Roaming\Mozilla\Firefox\Profiles\j8u6eq4c.default
FF Homepage: www.google.at
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Tab Mix Plus - C:\Users\Admin_Mirko\AppData\Roaming\Mozilla\Firefox\Profiles\j8u6eq4c.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-01-09]
FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2013-10-08]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2013-10-08]
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2013-08-27]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ []

==================== Services (Whitelisted) =================

S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [79360 2013-09-02] (Autodesk)
R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-15] (Dell Inc.)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [136784 2012-07-23] (Portrait Displays, Inc.)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [231792 2013-03-11] ()
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] ()
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-05-23] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166432 2012-10-23] (Intel Corporation)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] ()
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [1290016 2013-12-04] (NVIDIA Corporation)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [21504 2013-01-21] (Dell, Inc.)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2013-10-29] (Sony Corporation)
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-05-23] ()
S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] ()
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1773056 2013-02-26] (Wave Systems Corp.)
S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254824 2013-03-08] (Wave Systems Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]

==================== Drivers (Whitelisted) ====================

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2013-08-03] (Broadcom Corporation.)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-05-23] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-04] (NVIDIA Corporation)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-05-23] ()
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-21] (STMicroelectronics)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [109072 2013-09-04] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [175528 2013-09-04] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-24] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [94520 2012-12-07] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [77184 2013-09-04] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [210232 2012-07-06] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-05-02] (Trend Micro Inc.)
S3 catchme; \??\C:\04_ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-07 13:34 - 2014-02-07 13:34 - 00025741 _____ () C:\Users\Admin_Mirko\Desktop\FRST.txt
2014-02-07 13:33 - 2014-02-04 15:27 - 02080256 _____ (Farbar) C:\Users\Admin_Mirko\Desktop\02_FRST64.exe
2014-02-07 13:30 - 2014-02-07 13:30 - 00000631 _____ () C:\Users\Admin_Mirko\Desktop\JRT.txt
2014-02-07 12:37 - 2014-02-07 12:37 - 00007676 _____ () C:\Users\Admin_Mirko\AppData\Local\Resmon.ResmonCfg
2014-02-07 09:43 - 2014-02-07 09:43 - 00000000 ____D () C:\Windows\ERUNT
2014-02-07 09:33 - 2014-02-07 09:34 - 00000000 ____D () C:\AdwCleaner
2014-02-07 09:32 - 2014-02-07 09:31 - 01037530 _____ (Thisisu) C:\Users\Mirko\Desktop\06_JRT.exe
2014-02-07 09:32 - 2014-02-07 09:30 - 01166132 _____ () C:\Users\Mirko\Desktop\05_adwcleaner.exe
2014-02-05 09:40 - 2014-02-05 09:50 - 00000000 ___SD () C:\04_ComboFix
2014-02-05 09:40 - 2014-02-05 09:40 - 00000000 ____D () C:\Qoobox
2014-02-05 09:40 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-05 09:40 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-05 09:40 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-05 09:40 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-05 09:40 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-05 09:40 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-05 09:40 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-05 09:40 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-05 09:39 - 2014-02-05 09:49 - 00000000 ____D () C:\Windows\erdnt
2014-02-05 09:38 - 2014-02-05 09:39 - 05180173 ____R (Swearware) C:\Users\Mirko\Desktop\04_ComboFix.exe
2014-02-04 15:39 - 2014-02-04 15:39 - 00014945 _____ () C:\Users\Admin_Mirko\Desktop\gmer.txt
2014-02-04 15:32 - 2014-02-07 13:34 - 00000000 ____D () C:\FRST
2014-02-04 15:31 - 2014-02-04 15:31 - 00000000 _____ () C:\Users\Admin_Mirko\defogger_reenable
2014-02-04 15:30 - 2014-02-04 15:27 - 02080256 _____ (Farbar) C:\Users\Mirko\Desktop\02_FRST64.exe
2014-02-04 15:30 - 2014-02-04 15:27 - 00380416 _____ () C:\Users\Mirko\Desktop\03_Gmer-19357.exe
2014-02-04 15:30 - 2014-02-04 15:23 - 00050477 _____ () C:\Users\Mirko\Desktop\01_Defogger.exe
2014-02-04 12:45 - 2014-02-04 12:45 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\Malwarebytes
2014-02-04 12:35 - 2014-02-04 12:35 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\Malwarebytes
2014-02-04 12:34 - 2014-02-04 12:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-04 12:34 - 2014-02-04 12:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-04 12:34 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-03 11:53 - 2014-02-03 12:00 - 00000000 ___RD () C:\Users\Admin_Mirko\Virtual Machines
2014-02-03 11:43 - 2014-02-04 11:47 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Local\CrashDumps
2014-01-27 14:19 - 2014-01-27 14:19 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\PDF Writer
2014-01-27 14:19 - 2014-01-27 14:19 - 00000000 ____D () C:\Users\Mirko\AppData\Local\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\ProgramData\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Program Files\Common Files\Bullzip
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Program Files\Bullzip
2014-01-27 14:13 - 2014-01-09 09:37 - 00147456 _____ (Bullzip) C:\Windows\SysWOW64\bzpdfc.dll
2014-01-27 14:13 - 2013-09-01 11:59 - 01103872 _____ () C:\Windows\SysWOW64\CBLCtlsU.ocx
2014-01-27 14:13 - 2013-07-13 11:15 - 00805376 _____ () C:\Windows\SysWOW64\EditCtlsU.ocx
2014-01-27 14:13 - 2013-07-12 21:57 - 00539648 _____ () C:\Windows\SysWOW64\LblCtlsU.ocx
2014-01-27 14:13 - 2013-04-05 12:55 - 00476160 _____ () C:\Windows\SysWOW64\TabStripCtlU.ocx
2014-01-27 14:13 - 2013-03-28 22:13 - 00645632 _____ () C:\Windows\SysWOW64\BtnCtlsU.ocx
2014-01-27 14:13 - 2013-03-03 13:37 - 01061888 _____ () C:\Windows\SysWOW64\ExLvwU.ocx
2014-01-27 14:13 - 2008-10-30 09:37 - 00227840 _____ (Bullzip) C:\Windows\SysWOW64\bzFlRdr.dll
2014-01-27 14:13 - 2008-07-09 09:37 - 00103424 _____ (Bullzip) C:\Windows\SysWOW64\bzDCT.dll
2014-01-17 15:14 - 2014-01-17 15:14 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\BR
2014-01-17 15:13 - 2014-01-17 15:13 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\BR
2014-01-16 08:27 - 2014-01-16 08:27 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\WinRAR
2014-01-16 08:25 - 2014-01-16 08:25 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-16 08:25 - 2014-01-16 08:25 - 00000000 ____D () C:\Program Files\WinRAR
2014-01-10 11:02 - 2014-01-10 11:02 - 00000175 _____ () C:\ProgramData\OutlookFail.20140110.log
2014-01-09 13:55 - 2014-01-09 14:32 - 43703296 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd831_all_incr.msp
2014-01-09 12:28 - 2014-01-09 12:37 - 44644864 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd830_all_incr.msp
2014-01-09 12:27 - 2014-01-09 12:47 - 43396608 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd826_all_incr.msp
2014-01-09 12:22 - 2014-01-09 12:34 - 43589632 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd825_all_incr.msp
2014-01-09 12:19 - 2014-01-09 12:46 - 45099008 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd822_all_incr.msp
2014-01-09 12:19 - 2014-01-09 12:28 - 42970624 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd823_all_incr.msp
2014-01-09 12:19 - 2014-01-09 12:22 - 09225216 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd824_all_incr.msp
2014-01-09 12:18 - 2014-01-09 12:47 - 49241088 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd820_all_incr.msp
2014-01-09 12:18 - 2014-01-09 12:45 - 45229056 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd817_all_incr.msp
2014-01-09 12:18 - 2014-01-09 12:19 - 02953728 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd821_all_incr.msp
2014-01-09 12:17 - 2014-01-09 12:27 - 18554368 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd816_all_incr.msp
2014-01-09 12:17 - 2014-01-09 12:18 - 03162624 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd815_all_incr.msp
2014-01-09 12:16 - 2014-01-09 12:18 - 10935296 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd814_all_incr.msp
2014-01-09 12:16 - 2014-01-09 12:17 - 04498944 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd814_all_ce_incr.msp
2014-01-09 12:16 - 2014-01-09 12:17 - 04436992 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd814_all_me_incr.msp
2014-01-09 12:11 - 2007-03-23 16:55 - 00035928 _____ (Adobe Systems Incorporated.) C:\Windows\system32\AdobePDF64.dll
2014-01-09 12:07 - 2014-01-09 12:11 - 40293888 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd813_all_incr.msp
2014-01-09 12:04 - 2014-01-09 12:05 - 02251776 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatReaderUpd812_SU1_all.msi
2014-01-09 12:03 - 2014-01-09 12:05 - 20783104 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd812_all_incr.msp
2014-01-09 12:01 - 2014-01-09 12:02 - 11395584 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd811_all_incr.msp
2014-01-09 11:54 - 2014-01-09 11:57 - 37983232 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd810_efgj_incr.msp
2014-01-09 10:57 - 2006-09-29 12:48 - 00033368 ____R (Adobe Systems Incorporated.) C:\Windows\SysWOW64\AdobePDF.dll
2014-01-09 10:14 - 2014-01-09 10:14 - 00000000 ____D () C:\Windows\system32\appmgmt

==================== One Month Modified Files and Folders =======

2014-02-07 13:34 - 2014-02-07 13:34 - 00025741 _____ () C:\Users\Admin_Mirko\Desktop\FRST.txt
2014-02-07 13:34 - 2014-02-04 15:32 - 00000000 ____D () C:\FRST
2014-02-07 13:32 - 2010-11-21 07:50 - 00701236 _____ () C:\Windows\system32\perfh007.dat
2014-02-07 13:32 - 2010-11-21 07:50 - 00150104 _____ () C:\Windows\system32\perfc007.dat
2014-02-07 13:32 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-07 13:30 - 2014-02-07 13:30 - 00000631 _____ () C:\Users\Admin_Mirko\Desktop\JRT.txt
2014-02-07 13:27 - 2013-09-13 11:20 - 00005014 _____ () C:\Windows\System32\Tasks\WSCEAA
2014-02-07 13:13 - 2009-07-14 05:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-07 13:13 - 2009-07-14 05:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-07 13:06 - 2013-08-04 00:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-07 13:06 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-07 13:06 - 2009-07-14 05:51 - 00062808 _____ () C:\Windows\setupact.log
2014-02-07 13:05 - 2013-08-03 23:54 - 01397662 _____ () C:\Windows\WindowsUpdate.log
2014-02-07 12:38 - 2013-12-19 16:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-07 12:37 - 2014-02-07 12:37 - 00007676 _____ () C:\Users\Admin_Mirko\AppData\Local\Resmon.ResmonCfg
2014-02-07 09:43 - 2014-02-07 09:43 - 00000000 ____D () C:\Windows\ERUNT
2014-02-07 09:34 - 2014-02-07 09:33 - 00000000 ____D () C:\AdwCleaner
2014-02-07 09:31 - 2014-02-07 09:32 - 01037530 _____ (Thisisu) C:\Users\Mirko\Desktop\06_JRT.exe
2014-02-07 09:30 - 2014-02-07 09:32 - 01166132 _____ () C:\Users\Mirko\Desktop\05_adwcleaner.exe
2014-02-07 09:25 - 2013-10-28 16:41 - 00000120 _____ () C:\Windows\system32\config\netlogon.ftl
2014-02-05 09:51 - 2010-11-21 04:47 - 00471874 _____ () C:\Windows\PFRO.log
2014-02-05 09:50 - 2014-02-05 09:40 - 00000000 ___SD () C:\04_ComboFix
2014-02-05 09:50 - 2009-07-14 03:34 - 91750400 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-02-05 09:50 - 2009-07-14 03:34 - 14942208 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-02-05 09:50 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-02-05 09:50 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-02-05 09:50 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-02-05 09:49 - 2014-02-05 09:39 - 00000000 ____D () C:\Windows\erdnt
2014-02-05 09:40 - 2014-02-05 09:40 - 00000000 ____D () C:\Qoobox
2014-02-05 09:39 - 2014-02-05 09:38 - 05180173 ____R (Swearware) C:\Users\Mirko\Desktop\04_ComboFix.exe
2014-02-04 15:39 - 2014-02-04 15:39 - 00014945 _____ () C:\Users\Admin_Mirko\Desktop\gmer.txt
2014-02-04 15:31 - 2014-02-04 15:31 - 00000000 _____ () C:\Users\Admin_Mirko\defogger_reenable
2014-02-04 15:31 - 2013-08-19 19:02 - 00000000 ____D () C:\Users\Admin_Mirko
2014-02-04 15:27 - 2014-02-07 13:33 - 02080256 _____ (Farbar) C:\Users\Admin_Mirko\Desktop\02_FRST64.exe
2014-02-04 15:27 - 2014-02-04 15:30 - 02080256 _____ (Farbar) C:\Users\Mirko\Desktop\02_FRST64.exe
2014-02-04 15:27 - 2014-02-04 15:30 - 00380416 _____ () C:\Users\Mirko\Desktop\03_Gmer-19357.exe
2014-02-04 15:23 - 2014-02-04 15:30 - 00050477 _____ () C:\Users\Mirko\Desktop\01_Defogger.exe
2014-02-04 12:58 - 2014-01-04 13:43 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Local\genienext
2014-02-04 12:45 - 2014-02-04 12:45 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\Malwarebytes
2014-02-04 12:35 - 2014-02-04 12:35 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\Malwarebytes
2014-02-04 12:35 - 2014-02-04 12:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-04 12:34 - 2014-02-04 12:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-04 11:47 - 2014-02-03 11:43 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Local\CrashDumps
2014-02-03 12:00 - 2014-02-03 11:53 - 00000000 ___RD () C:\Users\Admin_Mirko\Virtual Machines
2014-02-03 11:45 - 2014-01-02 16:52 - 00000000 ___RD () C:\Users\Mirko\Virtual Machines
2014-02-03 11:39 - 2013-12-23 15:53 - 00000000 ____D () C:\Users\Mirko\AppData\Local\CrashDumps
2014-01-27 14:19 - 2014-01-27 14:19 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\PDF Writer
2014-01-27 14:19 - 2014-01-27 14:19 - 00000000 ____D () C:\Users\Mirko\AppData\Local\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\ProgramData\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Program Files\Common Files\Bullzip
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Program Files\Bullzip
2014-01-20 20:19 - 2013-08-19 19:07 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Local\Adobe
2014-01-20 20:18 - 2013-12-19 16:00 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-20 20:18 - 2013-08-03 23:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-20 20:18 - 2013-08-03 23:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-19 19:51 - 2014-01-06 15:47 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\SolidWorks
2014-01-18 07:10 - 2013-11-11 07:15 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\Skype
2014-01-17 15:14 - 2014-01-17 15:14 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\BR
2014-01-17 15:13 - 2014-01-17 15:13 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\BR
2014-01-16 08:32 - 2010-11-21 08:00 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-01-16 08:27 - 2014-01-16 08:27 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\WinRAR
2014-01-16 08:25 - 2014-01-16 08:25 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-16 08:25 - 2014-01-16 08:25 - 00000000 ____D () C:\Program Files\WinRAR
2014-01-12 23:26 - 2013-11-11 07:15 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-01-12 23:26 - 2013-11-11 07:15 - 00000000 ____D () C:\ProgramData\Skype
2014-01-10 11:02 - 2014-01-10 11:02 - 00000175 _____ () C:\ProgramData\OutlookFail.20140110.log
2014-01-09 14:32 - 2014-01-09 13:55 - 43703296 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd831_all_incr.msp
2014-01-09 12:47 - 2014-01-09 12:27 - 43396608 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd826_all_incr.msp
2014-01-09 12:47 - 2014-01-09 12:18 - 49241088 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd820_all_incr.msp
2014-01-09 12:46 - 2014-01-09 12:19 - 45099008 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd822_all_incr.msp
2014-01-09 12:45 - 2014-01-09 12:18 - 45229056 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd817_all_incr.msp
2014-01-09 12:37 - 2014-01-09 12:28 - 44644864 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd830_all_incr.msp
2014-01-09 12:34 - 2014-01-09 12:22 - 43589632 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd825_all_incr.msp
2014-01-09 12:28 - 2014-01-09 12:19 - 42970624 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd823_all_incr.msp
2014-01-09 12:27 - 2014-01-09 12:17 - 18554368 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd816_all_incr.msp
2014-01-09 12:22 - 2014-01-09 12:19 - 09225216 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd824_all_incr.msp
2014-01-09 12:19 - 2014-01-09 12:18 - 02953728 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd821_all_incr.msp
2014-01-09 12:18 - 2014-01-09 12:17 - 03162624 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd815_all_incr.msp
2014-01-09 12:18 - 2014-01-09 12:16 - 10935296 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd814_all_incr.msp
2014-01-09 12:17 - 2014-01-09 12:16 - 04498944 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd814_all_ce_incr.msp
2014-01-09 12:17 - 2014-01-09 12:16 - 04436992 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd814_all_me_incr.msp
2014-01-09 12:11 - 2014-01-09 12:07 - 40293888 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd813_all_incr.msp
2014-01-09 12:06 - 2013-08-04 00:09 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-01-09 12:05 - 2014-01-09 12:04 - 02251776 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatReaderUpd812_SU1_all.msi
2014-01-09 12:05 - 2014-01-09 12:03 - 20783104 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd812_all_incr.msp
2014-01-09 12:02 - 2014-01-09 12:01 - 11395584 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd811_all_incr.msp
2014-01-09 11:57 - 2014-01-09 11:54 - 37983232 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd810_efgj_incr.msp
2014-01-09 10:35 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-01-09 10:23 - 2013-08-04 00:09 - 00000000 ____D () C:\ProgramData\Adobe
2014-01-09 10:14 - 2014-01-09 10:14 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-01-09 09:37 - 2014-01-27 14:13 - 00147456 _____ (Bullzip) C:\Windows\SysWOW64\bzpdfc.dll

Some content of TEMP:
====================
C:\Users\Admin_Mirko\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-29 08:50

==================== End Of Log ============================
         
--- --- ---

--- --- ---


SG,
newi

Alt 08.02.2014, 11:24   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen - Standard

Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.02.2014, 13:35   #9
newi
 
Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen - Standard

Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen



Hallo,

hat ein bisserl gedauert - mir kam ein Wochenende dazwischen...

ESET:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=aac5c436b9d53e44a64b4ef4d1052980
# engine=17006
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-10 09:12:42
# local_time=2014-02-10 10:12:42 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 14339669 143653412 0 0
# scanned=223093
# found=1
# cleaned=0
# scan_time=4286
sh=11267E56160096BDFE801812039F149F45E2BFA3 ft=1 fh=184892819634492e vn="a variant of Win32/Adware.Kazaa.A application" ac=I fn="E:\Privat\Musik\Alben\Eigene Musik\kmd.exe"
         
SecCheck:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
Trend Micro Titanium   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
  Adobe Flash Player 12.0.0.43 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (26.0) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Common Files Microsoft Shared Microsoft Online Services MSOIDSVC.EXE 
 Common Files Microsoft Shared Microsoft Online Services MSOIDSvcm.exe 
 Trend Micro AMSP coreServiceShell.exe  
 Trend Micro UniClient UiFrmWrk uiWatchDog.exe 
 Trend Micro AMSP coreFrameworkHost.exe  
 Trend Micro AMSP AMSP_LogServer.exe  
 Trend Micro UniClient UiFrmWrk uiSeAgnt.exe 
 Trend Micro Titanium plugin TMAS\TMAS_WLM\TMAS_WLMMon.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2014
Ran by Mirko (ATTENTION: The logged in user is not administrator) on MIRKOS_DELL on 10-02-2014 13:26:10
Running from C:\Users\Mirko\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Portrait Displays\PremierColor\dthtml.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Portrait Displays Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Farbar) C:\Users\Mirko\Desktop\02_FRST64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-02-05] (IDT, Inc.)
HKLM\...\Run: [IntelPROSet] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4805936 2012-08-23] (Intel(R) Corporation)
HKLM\...\Run: [TdmNotify] - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [371024 2013-03-05] (Wave Systems Corp.)
HKLM\...\Run: [DFEPApplication] - C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077432 2012-08-15] (Dell Inc.)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1382568 2013-09-16] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [216928 2013-08-29] (Trend Micro Inc.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1840720 2007-04-03] (CANON INC.)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-12-04] ()
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [combofix] - C:\04_ComboFix\Combobatch.bat [8275 2014-02-05] ()
HKLM\...\Run: [WLM] - C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe [39528 2013-01-31] (Trend Micro Inc.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [DT DL2] - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [120400 2012-07-23] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [SSBkgdUpdate] - C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OpwareSE4] - C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2359832 2013-10-29] (Sony Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624056 2011-08-30] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Runonce: [combofix] - C:\04_ComboFix\CF14351.3XE /c C:\04_ComboFixCombobatch.bat
HKLM\...\runonceex: [flags] - 8
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
HKU\S-1-5-21-664203464-2089694265-3020698547-1002\...\Run: [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-664203464-2089694265-3020698547-1002\...\Run: [tsiVideo] - C:\Windows\SysWOW64\rundll32.exe C:\Users\Mirko\AppData\Local\Temp\\mdi064.dll,runme <===== ATTENTION
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [184048 2013-12-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-12-04] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Admin_Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Analoguhr.lnk
ShortcutTarget: Analoguhr.lnk -> C:\Users\Mirko\AppData\Local\Temp\Temp1_clock.zip\CLOCK.EXE (No File)
Startup: C:\Users\Admin_Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Admin_Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13-comm.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {90699434-2CF0-45A9-B20C-CE9A2C807EDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
SearchScopes: HKLM - {90699434-2CF0-45A9-B20C-CE9A2C807EDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
SearchScopes: HKLM-x32 - {90699434-2CF0-45A9-B20C-CE9A2C807EDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Tcpip\..\Interfaces\{40D7FC1B-8AF7-4B01-BA89-D973FE645C48}: [NameServer]192.168.200.2

FireFox:
========
FF ProfilePath: C:\Users\Mirko\AppData\Roaming\Mozilla\Firefox\Profiles\jybocd2l.default
FF Homepage: www.google.at
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Bluhell Firewall - C:\Users\Mirko\AppData\Roaming\Mozilla\Firefox\Profiles\jybocd2l.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-12-29]
FF Extension: Tab Mix Plus - C:\Users\Mirko\AppData\Roaming\Mozilla\Firefox\Profiles\jybocd2l.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-09-02]
FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2013-10-08]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2013-10-08]
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2013-08-27]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ []

==================== Services (Whitelisted) =================

S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [79360 2013-09-02] (Autodesk)
R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-15] (Dell Inc.)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [136784 2012-07-23] (Portrait Displays, Inc.)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [231792 2013-03-11] ()
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] ()
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-05-23] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166432 2012-10-23] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] ()
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [1290016 2013-12-04] (NVIDIA Corporation)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [21504 2013-01-21] (Dell, Inc.)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2013-10-29] (Sony Corporation)
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-05-23] ()
S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] ()
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1773056 2013-02-26] (Wave Systems Corp.)
S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254824 2013-03-08] (Wave Systems Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]

==================== Drivers (Whitelisted) ====================

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2013-08-03] (Broadcom Corporation.)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-05-23] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-04] (NVIDIA Corporation)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-05-23] ()
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-21] (STMicroelectronics)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [109072 2013-09-04] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [175528 2013-09-04] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-24] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [77184 2013-09-04] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [210232 2012-07-06] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-05-02] (Trend Micro Inc.)
S3 catchme; \??\C:\04_ComboFix\catchme.sys [X]
R5 tmeevw; C:\Windows\System32\Drivers\tmeevw.sys [94520 2012-12-07] (Trend Micro Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-10 13:26 - 2014-02-10 13:26 - 00021665 _____ () C:\Users\Mirko\Desktop\FRST.txt
2014-02-10 10:17 - 2014-02-10 10:19 - 00987425 _____ () C:\Users\Mirko\Desktop\07_SecurityCheck.exe
2014-02-10 08:54 - 2014-02-10 08:54 - 02347384 _____ (ESET) C:\Users\Mirko\Desktop\esetsmartinstaller_enu.exe
2014-02-10 08:42 - 2013-11-27 02:42 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-02-10 08:42 - 2013-11-27 02:42 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-02-10 08:42 - 2013-11-27 02:42 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-02-10 08:42 - 2013-11-27 02:42 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-02-10 08:42 - 2013-11-27 02:42 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-02-10 08:42 - 2013-11-27 02:42 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-02-10 08:42 - 2013-11-27 02:42 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-02-10 08:42 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-02-10 08:42 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-02-07 13:34 - 2014-02-07 13:34 - 00043569 _____ () C:\Users\Admin_Mirko\Desktop\FRST.txt
2014-02-07 13:33 - 2014-02-04 15:27 - 02080256 _____ (Farbar) C:\Users\Admin_Mirko\Desktop\02_FRST64.exe
2014-02-07 13:30 - 2014-02-07 13:30 - 00000631 _____ () C:\Users\Admin_Mirko\Desktop\JRT.txt
2014-02-07 12:37 - 2014-02-07 12:37 - 00007676 _____ () C:\Users\Admin_Mirko\AppData\Local\Resmon.ResmonCfg
2014-02-07 09:43 - 2014-02-07 09:43 - 00000000 ____D () C:\Windows\ERUNT
2014-02-07 09:33 - 2014-02-07 09:34 - 00000000 ____D () C:\AdwCleaner
2014-02-07 09:32 - 2014-02-07 09:31 - 01037530 _____ (Thisisu) C:\Users\Mirko\Desktop\06_JRT.exe
2014-02-07 09:32 - 2014-02-07 09:30 - 01166132 _____ () C:\Users\Mirko\Desktop\05_adwcleaner.exe
2014-02-05 09:40 - 2014-02-05 09:50 - 00000000 ___SD () C:\04_ComboFix
2014-02-05 09:40 - 2014-02-05 09:40 - 00000000 ____D () C:\Qoobox
2014-02-05 09:40 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-05 09:40 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-05 09:40 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-05 09:40 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-05 09:40 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-05 09:40 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-05 09:40 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-05 09:40 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-05 09:39 - 2014-02-05 09:49 - 00000000 ____D () C:\Windows\erdnt
2014-02-05 09:38 - 2014-02-05 09:39 - 05180173 ____R (Swearware) C:\Users\Mirko\Desktop\04_ComboFix.exe
2014-02-04 15:39 - 2014-02-04 15:39 - 00014945 _____ () C:\Users\Admin_Mirko\Desktop\gmer.txt
2014-02-04 15:32 - 2014-02-10 13:26 - 00000000 ____D () C:\FRST
2014-02-04 15:31 - 2014-02-04 15:31 - 00000000 _____ () C:\Users\Admin_Mirko\defogger_reenable
2014-02-04 15:30 - 2014-02-04 15:27 - 02080256 _____ (Farbar) C:\Users\Mirko\Desktop\02_FRST64.exe
2014-02-04 15:30 - 2014-02-04 15:27 - 00380416 _____ () C:\Users\Mirko\Desktop\03_Gmer-19357.exe
2014-02-04 15:30 - 2014-02-04 15:23 - 00050477 _____ () C:\Users\Mirko\Desktop\01_Defogger.exe
2014-02-04 12:45 - 2014-02-04 12:45 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\Malwarebytes
2014-02-04 12:35 - 2014-02-04 12:35 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\Malwarebytes
2014-02-04 12:34 - 2014-02-04 12:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-04 12:34 - 2014-02-04 12:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-04 12:34 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-03 11:53 - 2014-02-03 12:00 - 00000000 ___RD () C:\Users\Admin_Mirko\Virtual Machines
2014-02-03 11:43 - 2014-02-04 11:47 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Local\CrashDumps
2014-01-27 14:19 - 2014-01-27 14:19 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\PDF Writer
2014-01-27 14:19 - 2014-01-27 14:19 - 00000000 ____D () C:\Users\Mirko\AppData\Local\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\ProgramData\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Program Files\Common Files\Bullzip
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Program Files\Bullzip
2014-01-27 14:13 - 2014-01-09 09:37 - 00147456 _____ (Bullzip) C:\Windows\SysWOW64\bzpdfc.dll
2014-01-27 14:13 - 2013-09-01 11:59 - 01103872 _____ () C:\Windows\SysWOW64\CBLCtlsU.ocx
2014-01-27 14:13 - 2013-07-13 11:15 - 00805376 _____ () C:\Windows\SysWOW64\EditCtlsU.ocx
2014-01-27 14:13 - 2013-07-12 21:57 - 00539648 _____ () C:\Windows\SysWOW64\LblCtlsU.ocx
2014-01-27 14:13 - 2013-04-05 12:55 - 00476160 _____ () C:\Windows\SysWOW64\TabStripCtlU.ocx
2014-01-27 14:13 - 2013-03-28 22:13 - 00645632 _____ () C:\Windows\SysWOW64\BtnCtlsU.ocx
2014-01-27 14:13 - 2013-03-03 13:37 - 01061888 _____ () C:\Windows\SysWOW64\ExLvwU.ocx
2014-01-27 14:13 - 2008-10-30 09:37 - 00227840 _____ (Bullzip) C:\Windows\SysWOW64\bzFlRdr.dll
2014-01-27 14:13 - 2008-07-09 09:37 - 00103424 _____ (Bullzip) C:\Windows\SysWOW64\bzDCT.dll
2014-01-17 15:14 - 2014-01-17 15:14 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\BR
2014-01-17 15:13 - 2014-01-17 15:13 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\BR
2014-01-16 08:27 - 2014-01-16 08:27 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\WinRAR
2014-01-16 08:25 - 2014-01-16 08:25 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-16 08:25 - 2014-01-16 08:25 - 00000000 ____D () C:\Program Files\WinRAR

==================== One Month Modified Files and Folders =======

2014-02-10 13:26 - 2014-02-10 13:26 - 00021665 _____ () C:\Users\Mirko\Desktop\FRST.txt
2014-02-10 13:26 - 2014-02-04 15:32 - 00000000 ____D () C:\FRST
2014-02-10 12:38 - 2013-12-19 16:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-10 10:39 - 2013-08-03 23:54 - 01545182 _____ () C:\Windows\WindowsUpdate.log
2014-02-10 10:36 - 2010-11-21 07:50 - 00701236 _____ () C:\Windows\system32\perfh007.dat
2014-02-10 10:36 - 2010-11-21 07:50 - 00150104 _____ () C:\Windows\system32\perfc007.dat
2014-02-10 10:36 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-10 10:35 - 2009-07-14 05:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-10 10:35 - 2009-07-14 05:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-10 10:28 - 2013-08-04 00:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-10 10:28 - 2010-11-21 04:47 - 00472708 _____ () C:\Windows\PFRO.log
2014-02-10 10:28 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-10 10:28 - 2009-07-14 05:51 - 00063032 _____ () C:\Windows\setupact.log
2014-02-10 10:19 - 2014-02-10 10:17 - 00987425 _____ () C:\Users\Mirko\Desktop\07_SecurityCheck.exe
2014-02-10 09:38 - 2013-08-03 23:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-10 09:38 - 2013-08-03 23:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-10 08:54 - 2014-02-10 08:54 - 02347384 _____ (ESET) C:\Users\Mirko\Desktop\esetsmartinstaller_enu.exe
2014-02-10 08:47 - 2009-07-14 05:45 - 00404232 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-10 08:44 - 2013-08-28 12:18 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-10 08:44 - 2013-08-28 12:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-07 13:34 - 2014-02-07 13:34 - 00043569 _____ () C:\Users\Admin_Mirko\Desktop\FRST.txt
2014-02-07 13:30 - 2014-02-07 13:30 - 00000631 _____ () C:\Users\Admin_Mirko\Desktop\JRT.txt
2014-02-07 12:37 - 2014-02-07 12:37 - 00007676 _____ () C:\Users\Admin_Mirko\AppData\Local\Resmon.ResmonCfg
2014-02-07 09:43 - 2014-02-07 09:43 - 00000000 ____D () C:\Windows\ERUNT
2014-02-07 09:34 - 2014-02-07 09:33 - 00000000 ____D () C:\AdwCleaner
2014-02-07 09:31 - 2014-02-07 09:32 - 01037530 _____ (Thisisu) C:\Users\Mirko\Desktop\06_JRT.exe
2014-02-07 09:30 - 2014-02-07 09:32 - 01166132 _____ () C:\Users\Mirko\Desktop\05_adwcleaner.exe
2014-02-05 09:50 - 2014-02-05 09:40 - 00000000 ___SD () C:\04_ComboFix
2014-02-05 09:49 - 2014-02-05 09:39 - 00000000 ____D () C:\Windows\erdnt
2014-02-05 09:40 - 2014-02-05 09:40 - 00000000 ____D () C:\Qoobox
2014-02-05 09:39 - 2014-02-05 09:38 - 05180173 ____R (Swearware) C:\Users\Mirko\Desktop\04_ComboFix.exe
2014-02-04 15:39 - 2014-02-04 15:39 - 00014945 _____ () C:\Users\Admin_Mirko\Desktop\gmer.txt
2014-02-04 15:31 - 2014-02-04 15:31 - 00000000 _____ () C:\Users\Admin_Mirko\defogger_reenable
2014-02-04 15:31 - 2013-08-19 19:02 - 00000000 ____D () C:\Users\Admin_Mirko
2014-02-04 15:27 - 2014-02-07 13:33 - 02080256 _____ (Farbar) C:\Users\Admin_Mirko\Desktop\02_FRST64.exe
2014-02-04 15:27 - 2014-02-04 15:30 - 02080256 _____ (Farbar) C:\Users\Mirko\Desktop\02_FRST64.exe
2014-02-04 15:27 - 2014-02-04 15:30 - 00380416 _____ () C:\Users\Mirko\Desktop\03_Gmer-19357.exe
2014-02-04 15:23 - 2014-02-04 15:30 - 00050477 _____ () C:\Users\Mirko\Desktop\01_Defogger.exe
2014-02-04 12:58 - 2014-01-04 13:43 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Local\genienext
2014-02-04 12:45 - 2014-02-04 12:45 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\Malwarebytes
2014-02-04 12:35 - 2014-02-04 12:35 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\Malwarebytes
2014-02-04 12:35 - 2014-02-04 12:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-04 12:34 - 2014-02-04 12:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-04 11:47 - 2014-02-03 11:43 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Local\CrashDumps
2014-02-03 12:00 - 2014-02-03 11:53 - 00000000 ___RD () C:\Users\Admin_Mirko\Virtual Machines
2014-02-03 11:45 - 2014-01-02 16:52 - 00000000 ___RD () C:\Users\Mirko\Virtual Machines
2014-02-03 11:39 - 2013-12-23 15:53 - 00000000 ____D () C:\Users\Mirko\AppData\Local\CrashDumps
2014-01-27 14:19 - 2014-01-27 14:19 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\PDF Writer
2014-01-27 14:19 - 2014-01-27 14:19 - 00000000 ____D () C:\Users\Mirko\AppData\Local\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\ProgramData\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Program Files\Common Files\Bullzip
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Program Files\Bullzip
2014-01-20 20:19 - 2013-08-19 19:07 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Local\Adobe
2014-01-19 19:51 - 2014-01-06 15:47 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\SolidWorks
2014-01-18 07:10 - 2013-11-11 07:15 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\Skype
2014-01-17 15:14 - 2014-01-17 15:14 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\BR
2014-01-17 15:13 - 2014-01-17 15:13 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\BR
2014-01-16 08:32 - 2010-11-21 08:00 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-01-16 08:27 - 2014-01-16 08:27 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\WinRAR
2014-01-16 08:25 - 2014-01-16 08:25 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-16 08:25 - 2014-01-16 08:25 - 00000000 ____D () C:\Program Files\WinRAR
2014-01-12 23:26 - 2013-11-11 07:15 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-01-12 23:26 - 2013-11-11 07:15 - 00000000 ____D () C:\ProgramData\Skype

Some content of TEMP:
====================
C:\Users\Admin_Mirko\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Das einzige Problem das ich jetzt noch hab ist eigentlich,
dass nach dem booten immer die bereits erwähnte Fehlermeldung erscheint und das ComboFix-Fenster über den Bildschirm flimmert.

SG,
newi

Alt 11.02.2014, 09:08   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen - Standard

Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen



FRST bitte mit Adminrechten scannen lassen. Den Fund von ESET bitte manuell löschen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.02.2014, 12:15   #11
newi
 
Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen - Standard

Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen



Fund gelöscht, hier FRST-log neu:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014 01
Ran by Admin_Mirko (administrator) on MIRKOS_DELL on 11-02-2014 12:12:09
Running from C:\Users\Mirko\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvwmi64.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(O2Micro International) C:\Windows\system32\o2flash.exe
(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Dell Products, LP.) c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Portrait Displays\PremierColor\DTHtml.exe
(Portrait Displays Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-02-05] (IDT, Inc.)
HKLM\...\Run: [IntelPROSet] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4805936 2012-08-23] (Intel(R) Corporation)
HKLM\...\Run: [TdmNotify] - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [371024 2013-03-05] (Wave Systems Corp.)
HKLM\...\Run: [DFEPApplication] - C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077432 2012-08-15] (Dell Inc.)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1382568 2013-09-16] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [216928 2013-08-29] (Trend Micro Inc.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1840720 2007-04-03] (CANON INC.)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-12-04] ()
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [combofix] - C:\04_ComboFix\Combobatch.bat [8275 2014-02-05] ()
HKLM\...\Run: [WLM] - C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe [39528 2013-01-31] (Trend Micro Inc.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [DT DL2] - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [120400 2012-07-23] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [SSBkgdUpdate] - C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OpwareSE4] - C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Runonce: [combofix] - C:\04_ComboFix\CF14351.3XE /c C:\04_ComboFixCombobatch.bat
HKLM\...\runonceex: [flags] - 8
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
HKU\S-1-5-21-664203464-2089694265-3020698547-1002\...\Run: [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-664203464-2089694265-3020698547-1002\...\Run: [tsiVideo] - C:\Windows\SysWOW64\rundll32.exe C:\Users\Mirko\AppData\Local\Temp\\mdi064.dll,runme <===== ATTENTION
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [184048 2013-12-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-12-04] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Admin_Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Admin_Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\m.warmuth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {90699434-2CF0-45A9-B20C-CE9A2C807EDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
SearchScopes: HKLM - {90699434-2CF0-45A9-B20C-CE9A2C807EDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
SearchScopes: HKLM-x32 - {90699434-2CF0-45A9-B20C-CE9A2C807EDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
SearchScopes: HKCU - {90699434-2CF0-45A9-B20C-CE9A2C807EDB} URL = 
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Tcpip\..\Interfaces\{40D7FC1B-8AF7-4B01-BA89-D973FE645C48}: [NameServer]192.168.200.2

FireFox:
========
FF ProfilePath: C:\Users\Admin_Mirko\AppData\Roaming\Mozilla\Firefox\Profiles\j8u6eq4c.default
FF Homepage: www.google.at
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Tab Mix Plus - C:\Users\Admin_Mirko\AppData\Roaming\Mozilla\Firefox\Profiles\j8u6eq4c.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-01-09]
FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2013-10-08]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2013-10-08]
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2013-08-27]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ []

==================== Services (Whitelisted) =================

S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [79360 2013-09-02] (Autodesk)
R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-15] (Dell Inc.)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [136784 2012-07-23] (Portrait Displays, Inc.)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [231792 2013-03-11] ()
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] ()
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-05-23] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166432 2012-10-23] (Intel Corporation)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] ()
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [1290016 2013-12-04] (NVIDIA Corporation)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [21504 2013-01-21] (Dell, Inc.)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2013-10-29] (Sony Corporation)
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-05-23] ()
S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] ()
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1773056 2013-02-26] (Wave Systems Corp.)
S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254824 2013-03-08] (Wave Systems Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]

==================== Drivers (Whitelisted) ====================

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2013-08-03] (Broadcom Corporation.)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-05-23] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-04] (NVIDIA Corporation)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-05-23] ()
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-21] (STMicroelectronics)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [109072 2013-09-04] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [175528 2013-09-04] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-24] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [94520 2012-12-07] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [77184 2013-09-04] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [210232 2012-07-06] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-05-02] (Trend Micro Inc.)
S3 catchme; \??\C:\04_ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-11 12:10 - 2014-02-11 12:12 - 00025264 _____ () C:\Users\Mirko\Desktop\FRST.txt
2014-02-11 12:09 - 2014-02-11 12:09 - 02151424 _____ (Farbar) C:\Users\Mirko\Desktop\FRST64.exe
2014-02-11 12:09 - 2014-02-11 12:09 - 00000000 ____D () C:\Users\Mirko\Desktop\FRST-OlderVersion
2014-02-11 10:46 - 2014-02-11 10:46 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-10 14:11 - 2014-02-10 14:11 - 00000000 ____D () C:\Windows\pss
2014-02-10 10:17 - 2014-02-10 10:19 - 00987425 _____ () C:\Users\Mirko\Desktop\07_SecurityCheck.exe
2014-02-10 08:54 - 2014-02-10 08:54 - 02347384 _____ (ESET) C:\Users\Mirko\Desktop\esetsmartinstaller_enu.exe
2014-02-10 08:42 - 2013-11-27 02:42 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-02-10 08:42 - 2013-11-27 02:42 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-02-10 08:42 - 2013-11-27 02:42 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-02-10 08:42 - 2013-11-27 02:42 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-02-10 08:42 - 2013-11-27 02:42 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-02-10 08:42 - 2013-11-27 02:42 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-02-10 08:42 - 2013-11-27 02:42 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-02-10 08:42 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-02-10 08:42 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-02-07 13:34 - 2014-02-07 13:34 - 00043569 _____ () C:\Users\Admin_Mirko\Desktop\FRST.txt
2014-02-07 13:33 - 2014-02-04 15:27 - 02080256 _____ (Farbar) C:\Users\Admin_Mirko\Desktop\02_FRST64.exe
2014-02-07 13:30 - 2014-02-07 13:30 - 00000631 _____ () C:\Users\Admin_Mirko\Desktop\JRT.txt
2014-02-07 12:37 - 2014-02-07 12:37 - 00007676 _____ () C:\Users\Admin_Mirko\AppData\Local\Resmon.ResmonCfg
2014-02-07 09:43 - 2014-02-07 09:43 - 00000000 ____D () C:\Windows\ERUNT
2014-02-07 09:33 - 2014-02-07 09:34 - 00000000 ____D () C:\AdwCleaner
2014-02-07 09:32 - 2014-02-07 09:31 - 01037530 _____ (Thisisu) C:\Users\Mirko\Desktop\06_JRT.exe
2014-02-07 09:32 - 2014-02-07 09:30 - 01166132 _____ () C:\Users\Mirko\Desktop\05_adwcleaner.exe
2014-02-05 09:40 - 2014-02-05 09:50 - 00000000 ___SD () C:\04_ComboFix
2014-02-05 09:40 - 2014-02-05 09:40 - 00000000 ____D () C:\Qoobox
2014-02-05 09:40 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-05 09:40 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-05 09:40 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-05 09:40 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-05 09:40 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-05 09:40 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-05 09:40 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-05 09:40 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-05 09:39 - 2014-02-05 09:49 - 00000000 ____D () C:\Windows\erdnt
2014-02-04 15:39 - 2014-02-04 15:39 - 00014945 _____ () C:\Users\Admin_Mirko\Desktop\gmer.txt
2014-02-04 15:32 - 2014-02-11 12:12 - 00000000 ____D () C:\FRST
2014-02-04 15:31 - 2014-02-04 15:31 - 00000000 _____ () C:\Users\Admin_Mirko\defogger_reenable
2014-02-04 15:30 - 2014-02-04 15:27 - 00380416 _____ () C:\Users\Mirko\Desktop\03_Gmer-19357.exe
2014-02-04 15:30 - 2014-02-04 15:23 - 00050477 _____ () C:\Users\Mirko\Desktop\01_Defogger.exe
2014-02-04 12:45 - 2014-02-04 12:45 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\Malwarebytes
2014-02-04 12:35 - 2014-02-04 12:35 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\Malwarebytes
2014-02-04 12:34 - 2014-02-04 12:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-04 12:34 - 2014-02-04 12:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-04 12:34 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-03 11:53 - 2014-02-03 12:00 - 00000000 ___RD () C:\Users\Admin_Mirko\Virtual Machines
2014-02-03 11:43 - 2014-02-04 11:47 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Local\CrashDumps
2014-01-27 14:19 - 2014-01-27 14:19 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\PDF Writer
2014-01-27 14:19 - 2014-01-27 14:19 - 00000000 ____D () C:\Users\Mirko\AppData\Local\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\ProgramData\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Program Files\Common Files\Bullzip
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Program Files\Bullzip
2014-01-27 14:13 - 2014-01-09 09:37 - 00147456 _____ (Bullzip) C:\Windows\SysWOW64\bzpdfc.dll
2014-01-27 14:13 - 2013-09-01 11:59 - 01103872 _____ () C:\Windows\SysWOW64\CBLCtlsU.ocx
2014-01-27 14:13 - 2013-07-13 11:15 - 00805376 _____ () C:\Windows\SysWOW64\EditCtlsU.ocx
2014-01-27 14:13 - 2013-07-12 21:57 - 00539648 _____ () C:\Windows\SysWOW64\LblCtlsU.ocx
2014-01-27 14:13 - 2013-04-05 12:55 - 00476160 _____ () C:\Windows\SysWOW64\TabStripCtlU.ocx
2014-01-27 14:13 - 2013-03-28 22:13 - 00645632 _____ () C:\Windows\SysWOW64\BtnCtlsU.ocx
2014-01-27 14:13 - 2013-03-03 13:37 - 01061888 _____ () C:\Windows\SysWOW64\ExLvwU.ocx
2014-01-27 14:13 - 2008-10-30 09:37 - 00227840 _____ (Bullzip) C:\Windows\SysWOW64\bzFlRdr.dll
2014-01-27 14:13 - 2008-07-09 09:37 - 00103424 _____ (Bullzip) C:\Windows\SysWOW64\bzDCT.dll
2014-01-17 15:14 - 2014-01-17 15:14 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\BR
2014-01-17 15:13 - 2014-01-17 15:13 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\BR
2014-01-16 08:27 - 2014-01-16 08:27 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\WinRAR
2014-01-16 08:25 - 2014-01-16 08:25 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-16 08:25 - 2014-01-16 08:25 - 00000000 ____D () C:\Program Files\WinRAR

==================== One Month Modified Files and Folders =======

2014-02-11 12:12 - 2014-02-11 12:10 - 00025264 _____ () C:\Users\Mirko\Desktop\FRST.txt
2014-02-11 12:12 - 2014-02-04 15:32 - 00000000 ____D () C:\FRST
2014-02-11 12:09 - 2014-02-11 12:09 - 02151424 _____ (Farbar) C:\Users\Mirko\Desktop\FRST64.exe
2014-02-11 12:09 - 2014-02-11 12:09 - 00000000 ____D () C:\Users\Mirko\Desktop\FRST-OlderVersion
2014-02-11 12:09 - 2013-09-13 11:20 - 00005014 _____ () C:\Windows\System32\Tasks\WSCEAA
2014-02-11 12:05 - 2013-08-03 23:54 - 01630089 _____ () C:\Windows\WindowsUpdate.log
2014-02-11 11:38 - 2013-12-19 16:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-11 10:47 - 2010-11-21 07:50 - 00701236 _____ () C:\Windows\system32\perfh007.dat
2014-02-11 10:47 - 2010-11-21 07:50 - 00150104 _____ () C:\Windows\system32\perfc007.dat
2014-02-11 10:47 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-11 10:46 - 2014-02-11 10:46 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-11 08:43 - 2009-07-14 05:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-11 08:43 - 2009-07-14 05:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-11 08:36 - 2013-10-28 16:41 - 00000120 _____ () C:\Windows\system32\config\netlogon.ftl
2014-02-11 08:36 - 2013-08-04 00:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-11 08:36 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-11 08:36 - 2009-07-14 05:51 - 00063200 _____ () C:\Windows\setupact.log
2014-02-10 15:38 - 2013-12-19 16:00 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-10 15:38 - 2013-08-03 23:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-10 15:38 - 2013-08-03 23:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-10 14:11 - 2014-02-10 14:11 - 00000000 ____D () C:\Windows\pss
2014-02-10 14:11 - 2013-08-19 19:02 - 00000000 ___RD () C:\Users\Admin_Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-10 10:28 - 2010-11-21 04:47 - 00472708 _____ () C:\Windows\PFRO.log
2014-02-10 10:19 - 2014-02-10 10:17 - 00987425 _____ () C:\Users\Mirko\Desktop\07_SecurityCheck.exe
2014-02-10 08:54 - 2014-02-10 08:54 - 02347384 _____ (ESET) C:\Users\Mirko\Desktop\esetsmartinstaller_enu.exe
2014-02-10 08:47 - 2009-07-14 05:45 - 00404232 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-10 08:45 - 2013-08-28 12:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-10 08:44 - 2013-08-28 12:18 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-07 13:34 - 2014-02-07 13:34 - 00043569 _____ () C:\Users\Admin_Mirko\Desktop\FRST.txt
2014-02-07 13:30 - 2014-02-07 13:30 - 00000631 _____ () C:\Users\Admin_Mirko\Desktop\JRT.txt
2014-02-07 12:37 - 2014-02-07 12:37 - 00007676 _____ () C:\Users\Admin_Mirko\AppData\Local\Resmon.ResmonCfg
2014-02-07 09:43 - 2014-02-07 09:43 - 00000000 ____D () C:\Windows\ERUNT
2014-02-07 09:34 - 2014-02-07 09:33 - 00000000 ____D () C:\AdwCleaner
2014-02-07 09:31 - 2014-02-07 09:32 - 01037530 _____ (Thisisu) C:\Users\Mirko\Desktop\06_JRT.exe
2014-02-07 09:30 - 2014-02-07 09:32 - 01166132 _____ () C:\Users\Mirko\Desktop\05_adwcleaner.exe
2014-02-05 09:50 - 2014-02-05 09:40 - 00000000 ___SD () C:\04_ComboFix
2014-02-05 09:50 - 2009-07-14 03:34 - 91750400 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-02-05 09:50 - 2009-07-14 03:34 - 14942208 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-02-05 09:50 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-02-05 09:50 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-02-05 09:50 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-02-05 09:49 - 2014-02-05 09:39 - 00000000 ____D () C:\Windows\erdnt
2014-02-05 09:40 - 2014-02-05 09:40 - 00000000 ____D () C:\Qoobox
2014-02-04 15:39 - 2014-02-04 15:39 - 00014945 _____ () C:\Users\Admin_Mirko\Desktop\gmer.txt
2014-02-04 15:31 - 2014-02-04 15:31 - 00000000 _____ () C:\Users\Admin_Mirko\defogger_reenable
2014-02-04 15:31 - 2013-08-19 19:02 - 00000000 ____D () C:\Users\Admin_Mirko
2014-02-04 15:27 - 2014-02-07 13:33 - 02080256 _____ (Farbar) C:\Users\Admin_Mirko\Desktop\02_FRST64.exe
2014-02-04 15:27 - 2014-02-04 15:30 - 00380416 _____ () C:\Users\Mirko\Desktop\03_Gmer-19357.exe
2014-02-04 15:23 - 2014-02-04 15:30 - 00050477 _____ () C:\Users\Mirko\Desktop\01_Defogger.exe
2014-02-04 12:58 - 2014-01-04 13:43 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Local\genienext
2014-02-04 12:45 - 2014-02-04 12:45 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\Malwarebytes
2014-02-04 12:35 - 2014-02-04 12:35 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\Malwarebytes
2014-02-04 12:35 - 2014-02-04 12:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-04 12:34 - 2014-02-04 12:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-04 11:47 - 2014-02-03 11:43 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Local\CrashDumps
2014-02-03 12:00 - 2014-02-03 11:53 - 00000000 ___RD () C:\Users\Admin_Mirko\Virtual Machines
2014-02-03 11:45 - 2014-01-02 16:52 - 00000000 ___RD () C:\Users\Mirko\Virtual Machines
2014-02-03 11:39 - 2013-12-23 15:53 - 00000000 ____D () C:\Users\Mirko\AppData\Local\CrashDumps
2014-01-27 14:19 - 2014-01-27 14:19 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\PDF Writer
2014-01-27 14:19 - 2014-01-27 14:19 - 00000000 ____D () C:\Users\Mirko\AppData\Local\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\ProgramData\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Program Files\Common Files\Bullzip
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Program Files\Bullzip
2014-01-20 20:19 - 2013-08-19 19:07 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Local\Adobe
2014-01-19 19:51 - 2014-01-06 15:47 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\SolidWorks
2014-01-18 07:10 - 2013-11-11 07:15 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\Skype
2014-01-17 15:14 - 2014-01-17 15:14 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\BR
2014-01-17 15:13 - 2014-01-17 15:13 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\BR
2014-01-16 08:32 - 2010-11-21 08:00 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-01-16 08:27 - 2014-01-16 08:27 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\WinRAR
2014-01-16 08:25 - 2014-01-16 08:25 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-16 08:25 - 2014-01-16 08:25 - 00000000 ____D () C:\Program Files\WinRAR
2014-01-12 23:26 - 2013-11-11 07:15 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-01-12 23:26 - 2013-11-11 07:15 - 00000000 ____D () C:\ProgramData\Skype

Some content of TEMP:
====================
C:\Users\Admin_Mirko\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-10 11:21

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 11.02.2014, 19:13   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen - Standard

Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKLM\...\Run: [combofix] - C:\04_ComboFix\Combobatch.bat [8275 2014-02-05] ()
HKLM\...\Runonce: [combofix] - C:\04_ComboFix\CF14351.3XE /c C:\04_ComboFixCombobatch.bat
HKLM\...\runonceex: [flags] - 8
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Rechner neu starten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.02.2014, 14:03   #13
newi
 
Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen - Standard

Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen



Hier das Logfile:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-02-2014 01
Ran by Admin_Mirko at 2014-02-13 08:16:57 Run:1
Running from C:\Users\Mirko\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [combofix] - C:\04_ComboFix\Combobatch.bat [8275 2014-02-05] ()
HKLM\...\Runonce: [combofix] - C:\04_ComboFix\CF14351.3XE /c C:\04_ComboFixCombobatch.bat
HKLM\...\runonceex: [flags] - 8
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\combofix => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\combofix => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\runonceex\\flags => Value deleted successfully.

==== End of Fixlog ====
         
Jetzt flimmert nix mehr (), es kommt nur noch die Fehlermeldung
"RunDLL ..... mdi064.dll ...... Modul nicht gefunden".
Ansonsten war´s das glaub ich.

Nachtrag:

Da das ursprüngliche Problem ja bereits gelöst ist, ich eure Seite echt genial finde und im Normalfall für die Hilfe ein(ige) Bierchen ausgegeben hätte hab ich schon mal was gespendet - ich denke ihr werdet das intern gerecht verteilen

Alt 14.02.2014, 15:09   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen - Standard

Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen



Danke

Bitte mal FRST öffnen, Haken setzen bei Additional und scannen, poste beide Logs. DIe Meldung bekommen wir auch noch weg
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.02.2014, 08:49   #15
newi
 
Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen - Standard

Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen



Gerne!
Ich finde eure Seite wie gesagt echt super und ich möchte dazu beitragen dass sie weiter bestehen kann.

Hier die logs:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2014 01
Ran by Admin_Mirko (administrator) on MIRKOS_DELL on 17-02-2014 08:41:17
Running from C:\Users\Mirko\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvwmi64.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(O2Micro International) C:\Windows\system32\o2flash.exe
(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Portrait Displays\PremierColor\DTHtml.exe
(Portrait Displays Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Dell Products, LP.) c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-02-05] (IDT, Inc.)
HKLM\...\Run: [IntelPROSet] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4805936 2012-08-23] (Intel(R) Corporation)
HKLM\...\Run: [TdmNotify] - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [371024 2013-03-05] (Wave Systems Corp.)
HKLM\...\Run: [DFEPApplication] - C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077432 2012-08-15] (Dell Inc.)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1382568 2013-09-16] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [216928 2013-08-29] (Trend Micro Inc.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1840720 2007-04-03] (CANON INC.)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-12-04] ()
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [WLM] - C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe [39528 2013-01-31] (Trend Micro Inc.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [DT DL2] - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [120400 2012-07-23] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [SSBkgdUpdate] - C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OpwareSE4] - C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
HKU\S-1-5-21-664203464-2089694265-3020698547-1002\...\Run: [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-664203464-2089694265-3020698547-1002\...\Run: [tsiVideo] - C:\Windows\SysWOW64\rundll32.exe C:\Users\Mirko\AppData\Local\Temp\\mdi064.dll,runme <===== ATTENTION
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [184048 2013-12-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-12-04] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Admin_Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Admin_Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\m.warmuth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {90699434-2CF0-45A9-B20C-CE9A2C807EDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
SearchScopes: HKLM - {90699434-2CF0-45A9-B20C-CE9A2C807EDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
SearchScopes: HKLM-x32 - {90699434-2CF0-45A9-B20C-CE9A2C807EDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
SearchScopes: HKCU - {90699434-2CF0-45A9-B20C-CE9A2C807EDB} URL = 
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Tcpip\..\Interfaces\{40D7FC1B-8AF7-4B01-BA89-D973FE645C48}: [NameServer]192.168.200.2

FireFox:
========
FF ProfilePath: C:\Users\Admin_Mirko\AppData\Roaming\Mozilla\Firefox\Profiles\j8u6eq4c.default
FF Homepage: www.google.at
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Tab Mix Plus - C:\Users\Admin_Mirko\AppData\Roaming\Mozilla\Firefox\Profiles\j8u6eq4c.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-01-09]
FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2013-10-08]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2013-10-08]
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2013-08-27]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ []

==================== Services (Whitelisted) =================

S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [79360 2013-09-02] (Autodesk)
R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-15] (Dell Inc.)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [136784 2012-07-23] (Portrait Displays, Inc.)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [231792 2013-03-11] ()
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] ()
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-05-23] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166432 2012-10-23] (Intel Corporation)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] ()
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [1290016 2013-12-04] (NVIDIA Corporation)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [21504 2013-01-21] (Dell, Inc.)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2013-10-29] (Sony Corporation)
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-05-23] ()
S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] ()
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1773056 2013-02-26] (Wave Systems Corp.)
S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254824 2013-03-08] (Wave Systems Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]

==================== Drivers (Whitelisted) ====================

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2013-08-03] (Broadcom Corporation.)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-05-23] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-04] (NVIDIA Corporation)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-05-23] ()
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-21] (STMicroelectronics)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [109072 2013-09-04] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [175528 2013-09-04] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-24] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [94520 2012-12-07] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [77184 2013-09-04] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [210232 2012-07-06] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-05-02] (Trend Micro Inc.)
S3 catchme; \??\C:\04_ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-11 12:10 - 2014-02-17 08:41 - 00024987 _____ () C:\Users\Mirko\Desktop\FRST.txt
2014-02-11 12:09 - 2014-02-13 08:16 - 02152448 _____ (Farbar) C:\Users\Mirko\Desktop\FRST64.exe
2014-02-10 14:11 - 2014-02-10 14:11 - 00000000 ____D () C:\Windows\pss
2014-02-10 10:17 - 2014-02-10 10:19 - 00987425 _____ () C:\Users\Mirko\Desktop\07_SecurityCheck.exe
2014-02-10 08:54 - 2014-02-10 08:54 - 02347384 _____ (ESET) C:\Users\Mirko\Desktop\esetsmartinstaller_enu.exe
2014-02-10 08:42 - 2013-11-27 02:42 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-02-10 08:42 - 2013-11-27 02:42 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-02-10 08:42 - 2013-11-27 02:42 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-02-10 08:42 - 2013-11-27 02:42 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-02-10 08:42 - 2013-11-27 02:42 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-02-10 08:42 - 2013-11-27 02:42 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-02-10 08:42 - 2013-11-27 02:42 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-02-10 08:42 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-02-10 08:42 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-02-07 13:34 - 2014-02-07 13:34 - 00043569 _____ () C:\Users\Admin_Mirko\Desktop\FRST.txt
2014-02-07 13:33 - 2014-02-04 15:27 - 02080256 _____ (Farbar) C:\Users\Admin_Mirko\Desktop\02_FRST64.exe
2014-02-07 13:30 - 2014-02-07 13:30 - 00000631 _____ () C:\Users\Admin_Mirko\Desktop\JRT.txt
2014-02-07 12:37 - 2014-02-07 12:37 - 00007676 _____ () C:\Users\Admin_Mirko\AppData\Local\Resmon.ResmonCfg
2014-02-07 09:43 - 2014-02-07 09:43 - 00000000 ____D () C:\Windows\ERUNT
2014-02-07 09:33 - 2014-02-07 09:34 - 00000000 ____D () C:\AdwCleaner
2014-02-07 09:32 - 2014-02-07 09:31 - 01037530 _____ (Thisisu) C:\Users\Mirko\Desktop\06_JRT.exe
2014-02-07 09:32 - 2014-02-07 09:30 - 01166132 _____ () C:\Users\Mirko\Desktop\05_adwcleaner.exe
2014-02-05 09:40 - 2014-02-05 09:50 - 00000000 ___SD () C:\04_ComboFix
2014-02-05 09:40 - 2014-02-05 09:40 - 00000000 ____D () C:\Qoobox
2014-02-05 09:40 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-05 09:40 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-05 09:40 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-05 09:40 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-05 09:40 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-05 09:40 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-05 09:40 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-05 09:40 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-05 09:39 - 2014-02-05 09:49 - 00000000 ____D () C:\Windows\erdnt
2014-02-04 15:39 - 2014-02-04 15:39 - 00014945 _____ () C:\Users\Admin_Mirko\Desktop\gmer.txt
2014-02-04 15:32 - 2014-02-17 08:41 - 00000000 ____D () C:\FRST
2014-02-04 15:31 - 2014-02-04 15:31 - 00000000 _____ () C:\Users\Admin_Mirko\defogger_reenable
2014-02-04 15:30 - 2014-02-04 15:27 - 00380416 _____ () C:\Users\Mirko\Desktop\03_Gmer-19357.exe
2014-02-04 15:30 - 2014-02-04 15:23 - 00050477 _____ () C:\Users\Mirko\Desktop\01_Defogger.exe
2014-02-04 12:45 - 2014-02-04 12:45 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\Malwarebytes
2014-02-04 12:35 - 2014-02-04 12:35 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\Malwarebytes
2014-02-04 12:34 - 2014-02-04 12:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-04 12:34 - 2014-02-04 12:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-04 12:34 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-03 11:53 - 2014-02-03 12:00 - 00000000 ___RD () C:\Users\Admin_Mirko\Virtual Machines
2014-02-03 11:43 - 2014-02-04 11:47 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Local\CrashDumps
2014-01-27 14:19 - 2014-01-27 14:19 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\PDF Writer
2014-01-27 14:19 - 2014-01-27 14:19 - 00000000 ____D () C:\Users\Mirko\AppData\Local\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\ProgramData\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Program Files\Common Files\Bullzip
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Program Files\Bullzip
2014-01-27 14:13 - 2014-01-09 09:37 - 00147456 _____ (Bullzip) C:\Windows\SysWOW64\bzpdfc.dll
2014-01-27 14:13 - 2013-09-01 11:59 - 01103872 _____ () C:\Windows\SysWOW64\CBLCtlsU.ocx
2014-01-27 14:13 - 2013-07-13 11:15 - 00805376 _____ () C:\Windows\SysWOW64\EditCtlsU.ocx
2014-01-27 14:13 - 2013-07-12 21:57 - 00539648 _____ () C:\Windows\SysWOW64\LblCtlsU.ocx
2014-01-27 14:13 - 2013-04-05 12:55 - 00476160 _____ () C:\Windows\SysWOW64\TabStripCtlU.ocx
2014-01-27 14:13 - 2013-03-28 22:13 - 00645632 _____ () C:\Windows\SysWOW64\BtnCtlsU.ocx
2014-01-27 14:13 - 2013-03-03 13:37 - 01061888 _____ () C:\Windows\SysWOW64\ExLvwU.ocx
2014-01-27 14:13 - 2008-10-30 09:37 - 00227840 _____ (Bullzip) C:\Windows\SysWOW64\bzFlRdr.dll
2014-01-27 14:13 - 2008-07-09 09:37 - 00103424 _____ (Bullzip) C:\Windows\SysWOW64\bzDCT.dll

==================== One Month Modified Files and Folders =======

2014-02-17 08:41 - 2014-02-11 12:10 - 00024987 _____ () C:\Users\Mirko\Desktop\FRST.txt
2014-02-17 08:41 - 2014-02-04 15:32 - 00000000 ____D () C:\FRST
2014-02-17 08:39 - 2009-07-14 05:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-17 08:39 - 2009-07-14 05:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-17 08:38 - 2013-12-19 16:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-17 08:37 - 2010-11-21 07:50 - 00701236 _____ () C:\Windows\system32\perfh007.dat
2014-02-17 08:37 - 2010-11-21 07:50 - 00150104 _____ () C:\Windows\system32\perfc007.dat
2014-02-17 08:37 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-17 08:36 - 2013-08-03 23:54 - 01896307 _____ () C:\Windows\WindowsUpdate.log
2014-02-17 08:35 - 2013-09-13 11:20 - 00005014 _____ () C:\Windows\System32\Tasks\WSCEAA
2014-02-17 08:32 - 2013-10-28 16:41 - 00000120 _____ () C:\Windows\system32\config\netlogon.ftl
2014-02-17 08:32 - 2013-08-04 00:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-17 08:32 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-17 08:32 - 2009-07-14 05:51 - 00063536 _____ () C:\Windows\setupact.log
2014-02-13 08:16 - 2014-02-11 12:09 - 02152448 _____ (Farbar) C:\Users\Mirko\Desktop\FRST64.exe
2014-02-10 15:38 - 2013-12-19 16:00 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-10 15:38 - 2013-08-03 23:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-10 15:38 - 2013-08-03 23:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-10 14:11 - 2014-02-10 14:11 - 00000000 ____D () C:\Windows\pss
2014-02-10 14:11 - 2013-08-19 19:02 - 00000000 ___RD () C:\Users\Admin_Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-10 10:28 - 2010-11-21 04:47 - 00472708 _____ () C:\Windows\PFRO.log
2014-02-10 10:19 - 2014-02-10 10:17 - 00987425 _____ () C:\Users\Mirko\Desktop\07_SecurityCheck.exe
2014-02-10 08:54 - 2014-02-10 08:54 - 02347384 _____ (ESET) C:\Users\Mirko\Desktop\esetsmartinstaller_enu.exe
2014-02-10 08:47 - 2009-07-14 05:45 - 00404232 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-10 08:45 - 2013-08-28 12:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-10 08:44 - 2013-08-28 12:18 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-07 13:34 - 2014-02-07 13:34 - 00043569 _____ () C:\Users\Admin_Mirko\Desktop\FRST.txt
2014-02-07 13:30 - 2014-02-07 13:30 - 00000631 _____ () C:\Users\Admin_Mirko\Desktop\JRT.txt
2014-02-07 12:37 - 2014-02-07 12:37 - 00007676 _____ () C:\Users\Admin_Mirko\AppData\Local\Resmon.ResmonCfg
2014-02-07 09:43 - 2014-02-07 09:43 - 00000000 ____D () C:\Windows\ERUNT
2014-02-07 09:34 - 2014-02-07 09:33 - 00000000 ____D () C:\AdwCleaner
2014-02-07 09:31 - 2014-02-07 09:32 - 01037530 _____ (Thisisu) C:\Users\Mirko\Desktop\06_JRT.exe
2014-02-07 09:30 - 2014-02-07 09:32 - 01166132 _____ () C:\Users\Mirko\Desktop\05_adwcleaner.exe
2014-02-05 09:50 - 2014-02-05 09:40 - 00000000 ___SD () C:\04_ComboFix
2014-02-05 09:50 - 2009-07-14 03:34 - 91750400 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-02-05 09:50 - 2009-07-14 03:34 - 14942208 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-02-05 09:50 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-02-05 09:50 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-02-05 09:50 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-02-05 09:49 - 2014-02-05 09:39 - 00000000 ____D () C:\Windows\erdnt
2014-02-05 09:40 - 2014-02-05 09:40 - 00000000 ____D () C:\Qoobox
2014-02-04 15:39 - 2014-02-04 15:39 - 00014945 _____ () C:\Users\Admin_Mirko\Desktop\gmer.txt
2014-02-04 15:31 - 2014-02-04 15:31 - 00000000 _____ () C:\Users\Admin_Mirko\defogger_reenable
2014-02-04 15:31 - 2013-08-19 19:02 - 00000000 ____D () C:\Users\Admin_Mirko
2014-02-04 15:27 - 2014-02-07 13:33 - 02080256 _____ (Farbar) C:\Users\Admin_Mirko\Desktop\02_FRST64.exe
2014-02-04 15:27 - 2014-02-04 15:30 - 00380416 _____ () C:\Users\Mirko\Desktop\03_Gmer-19357.exe
2014-02-04 15:23 - 2014-02-04 15:30 - 00050477 _____ () C:\Users\Mirko\Desktop\01_Defogger.exe
2014-02-04 12:58 - 2014-01-04 13:43 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Local\genienext
2014-02-04 12:45 - 2014-02-04 12:45 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\Malwarebytes
2014-02-04 12:35 - 2014-02-04 12:35 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\Malwarebytes
2014-02-04 12:35 - 2014-02-04 12:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-04 12:34 - 2014-02-04 12:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-04 11:47 - 2014-02-03 11:43 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Local\CrashDumps
2014-02-03 12:00 - 2014-02-03 11:53 - 00000000 ___RD () C:\Users\Admin_Mirko\Virtual Machines
2014-02-03 11:45 - 2014-01-02 16:52 - 00000000 ___RD () C:\Users\Mirko\Virtual Machines
2014-02-03 11:39 - 2013-12-23 15:53 - 00000000 ____D () C:\Users\Mirko\AppData\Local\CrashDumps
2014-01-27 14:19 - 2014-01-27 14:19 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\PDF Writer
2014-01-27 14:19 - 2014-01-27 14:19 - 00000000 ____D () C:\Users\Mirko\AppData\Local\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\ProgramData\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Program Files\Common Files\Bullzip
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Program Files\Bullzip
2014-01-20 20:19 - 2013-08-19 19:07 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Local\Adobe
2014-01-19 19:51 - 2014-01-06 15:47 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\SolidWorks
2014-01-18 07:10 - 2013-11-11 07:15 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\Skype

Some content of TEMP:
====================
C:\Users\Admin_Mirko\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-10 11:21

==================== End Of Log ============================
         
--- --- ---

--- --- ---
[/CODE

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2014 01
Ran by Admin_Mirko at 2014-02-17 08:41:42
Running from C:\Users\Mirko\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Trend Micro Titanium (Enabled - Up to date) {B7599298-8445-728A-A5C7-A26A082C8BDA}
AS: Trend Micro Titanium (Enabled - Up to date) {0C38737C-A27F-7D04-9F77-991873ABC167}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Acrobat 8 Professional - English, Français, Deutsch (x32 Version: 8.3.1 - Adobe Systems) Hidden
Adobe Acrobat 8.3.1 - CPSID_83708 (x32 Version:  - Adobe Systems Incorporated)
Adobe Acrobat 8.3.1 Professional (x32 Version: 8.3.1 - Adobe Systems)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (x32 Version: 8.1.2 - Adobe Systems, Inc) Hidden
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Bullzip PDF Printer 10.2.0.2141 (Version: 10.2.0.2141 - Bullzip)
Canon MP Navigator EX 1.0 (x32 Version:  - )
Canon MP210 series (Version:  - )
Canon MP210 series Benutzerregistrierung (x32 Version:  - )
Canon My Printer (Version:  - )
Canon Utilities Easy-PhotoPrint EX (x32 Version:  - )
Canon Utilities Solution Menu (x32 Version:  - )
Custom (Version: 01.00.00.002 - Wave Systems Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
Dell Client System Update (x32 Version: 1.3.0 - Dell Inc.)
Dell Data Protection | Access (Version: 2.3.00003.072 - Dell Inc.)
Dell Digital Delivery (x32 Version: 2.8.1000.0 - Dell Products, LP)
Dell Edoc Viewer (Version: 1.0.0 - Dell Inc)
Dell Feature Enhancement Pack (Version: 2.2.1 - Dell)
Dell Protected Workspace (x32 Version: 2.3.15502 - Invincea, Inc.)
Dell Touchpad (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (x32 Version: 1.40.54 - Creative Technology Ltd)
DellAccess (Version: 01.03.00.078 - Wave Systems Corp.) Hidden
EMBASSY Client Core (Version: 01.03.00.123 - Wave Systems Corp.) Hidden
ERAS Connector (Version: 02.09.05.0335 - Wave Systems Corp) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
GemPcCCID (Version: 2.0.1 - Gemalto) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Control Center (x32 Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 8.1.20.1337 - Intel Corporation)
Intel(R) Network Connections 17.2.154.0 (Version: 17.2.154.0 - Intel)
Intel(R) Network Connections 17.2.154.0 (Version: 17.2.154.0 - Intel) Hidden
Intel(R) Processor Graphics (x32 Version: 8.15.10.2639 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.2.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.8.251 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (Version: 15.03.1000.1637 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.26.242.3 - Intel Corporation) Hidden
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Logitech Unifying-Software 2.10 (Version: 2.10.37 - Logitech)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
MergeModule_x64 (Version: 8.0.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (x32 Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Online Services-Anmeldeassistent (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual Basic for Applications 7.1 (x64) (Version: 7.1.00.00 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) English (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.57232 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.52572 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version: 8.0.50727.146 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 327.62 (Version: 327.62 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.62 (Version: 327.62 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.23.1 (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.141.953 - NVIDIA Corporation) Hidden
NVIDIA nView 140.75 (Version: 140.75 - NVIDIA Corporation)
NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2762 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.62 (Version: 327.62 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
NVIDIA WMI 2.14.0 (Version: 2.14.0 - NVIDIA Corporation)
Paint.NET v3.5.11 (Version: 3.61.0 - dotPDN LLC)
PBA Driver-x64 (Version: 1.0.1.8 - Dell Inc.) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PIXMA Extended Survey Program (x32 Version:  - )
PlayMemories Home (x32 Version: 8.0.10.10290 - Sony Corporation)
Preboot Manager (Version: 03.05.00.043 - Wave Systems Corp.) Hidden
PremierColor (x32 Version: 2.00.053 - Portrait Displays, Inc.)
Private Information Manager (Version: 07.03.00.032 - Wave Systems Corp.) Hidden
ScanSoft OmniPage SE 4 (x32 Version: 15.2.0020 - Nuance Communications, Inc.)
SDK (x32 Version: 2.31.009 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SI TSS (Version: 2.1.41 - Security Innovation) Hidden
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
SOHLib for PlayMemories Home (Version: 1.0.0.09130 - Sony Corporation) Hidden
SolidWorks 2013 x64 Edition SP0 (Version: 21.100.5024 - SolidWorks) Hidden
SolidWorks 2013 x64 Edition SP0 (x32 Version: 21.0.0.5024 - SolidWorks Corporation)
SolidWorks 2013 x64 German Resources (Version: 21.100.5024 - SolidWorks Corporation) Hidden
SolidWorks eDrawings 2013 x64 Edition SP0 (Version: 13.0.5016 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Explorer 2013 SP0 x64 Edition (Version: 21.00.5024 - SolidWorks Corporation) Hidden
SolidWorks Plastics 2013 SP0 x64 Edition (Version: 21.00.5024 - SolidWorks Corporation) Hidden
SPBA (WBF) 5.9 (Version: 5.9.7.7232 - Authentec Inc.) Hidden
ST Microelectronics 3 Axis Digital Accelerometer Solution (x32 Version: 4.10.0036 - ST Microelectronics)
toolkit32for64bit (x32 Version: 7.70.13.0001 - Wave Systems Corp) Hidden
Trend Micro Titanium (Version: 6.0 - Trend Micro Inc.)
Trend Micro Titanium (Version: 6.00 - Trend Micro Inc.) Hidden
Trusted Drive Manager (Version: 5.0.2.24 - Wave Systems Corp.) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)
VBA (2627.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VBA (2701.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VNC Viewer 5.0.5 (Version: 5.0.5 - RealVNC Ltd)
Wave Crypto Runtime 2.0.9.0 x64 (Version: 02.00.09.0000 - Wave Systems Corp) Hidden
Wave Crypto Runtime 2.0.9.0 x86 (x32 Version: 02.00.09.0000 - Wave Systems Corp) Hidden
Wave Infrastructure Installer (Version: 07.70.13.0001 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.15.00.024 - Wave Systems Corp) Hidden
WIDCOMM Bluetooth Software (Version: 6.5.1.2410 - Broadcom Corporation)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Small Business Server 2008 ClientAgent (Version: 6.0.5601.6 - Microsoft Corporation)
Windows XP Mode (Version: 1.3.7600.16422 - Microsoft Corporation)
WinRAR 5.01 (64-Bit) (Version: 5.01.0 - win.rar GmbH)

==================== Restore Points  =========================

08-01-2014 16:06:00 Windows Update
09-01-2014 09:14:07 Removed Adobe Reader XI (11.0.05)  MUI.
09-01-2014 09:45:15 Removed Adobe Reader XI (11.0.05) - Deutsch.
09-01-2014 11:06:22 Installed Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
21-01-2014 10:36:56 Geplanter Prüfpunkt
29-01-2014 07:57:49 Geplanter Prüfpunkt
05-02-2014 08:40:09 ComboFix created restore point
10-02-2014 07:44:01 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2014-02-05 09:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1127D185-BC16-48DD-BFBB-5C7D5FDF1C9B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-10] (Adobe Systems Incorporated)
Task: {2893E59A-8FBC-4FEF-A67A-17088989EEAF} - System32\Tasks\WSCEAA => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\WSCEAA.exe [2012-11-28] (Wave Systems Corp.)
Task: {B3881316-C62A-46D4-BD3C-AB87EFFF2247} - \GoforFilesUpdate No Task File
Task: {F5EC396B-1892-46E6-9711-C3D2E9FF8A04} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2013-09-12] (Sony Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-08-04 00:01 - 2012-07-23 22:42 - 00080976 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\msgHook64.dll
2013-08-04 00:01 - 2012-07-23 22:42 - 00268368 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dthook.dll
2013-08-04 01:40 - 2012-02-01 19:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-08-27 22:51 - 2012-05-02 20:27 - 00049664 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_49.dll
2013-08-27 22:51 - 2012-05-02 20:24 - 00064512 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_49.dll
2012-09-28 05:50 - 2012-09-28 05:50 - 00272488 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\sldBodyDiffu.dll
2013-10-26 12:07 - 2007-04-13 07:49 - 00101528 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-08-04 00:01 - 2012-07-23 22:42 - 00079440 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\msgHook.dll
2013-10-26 11:46 - 2013-09-16 16:44 - 00719248 _____ () C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\WLMailApiCore.dll
2013-08-04 00:01 - 2012-07-23 22:21 - 00180224 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll
2013-08-04 00:01 - 2012-07-23 22:42 - 00132688 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe
2013-11-12 10:04 - 2013-11-12 10:04 - 00110088 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2013-08-28 13:01 - 2013-08-28 13:01 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\d5fbd408c39e0de3296b93ac03a5c147\IsdiInterop.ni.dll
2013-08-03 23:57 - 2012-05-30 19:55 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-08-03 23:56 - 2012-10-23 01:22 - 01199648 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:517
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:569
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:670

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^Admin_Mirko^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Analoguhr.lnk => C:\Windows\pss\Analoguhr.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/17/2014 08:32:37 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/14/2014 08:18:12 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2014 08:22:13 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2014 08:18:53 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2014 08:04:39 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2014 00:14:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2014 10:46:51 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/11/2014 10:46:38 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/11/2014 10:46:38 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/11/2014 08:36:14 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/17/2014 08:32:37 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WvPCR" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0

Error: (02/17/2014 08:32:37 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SI TSS v1.2.1.41 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0

Error: (02/17/2014 08:32:37 AM) (Source: NETLOGON) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne SEMTEC aufgrund der folgenden
Ursache nicht einrichten: 
%%1311

Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.



ZUSÄTZLICHE INFORMATIONEN

Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.

Error: (02/14/2014 08:18:11 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WvPCR" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0

Error: (02/14/2014 08:18:11 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SI TSS v1.2.1.41 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0

Error: (02/14/2014 08:18:11 AM) (Source: NETLOGON) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne SEMTEC aufgrund der folgenden
Ursache nicht einrichten: 
%%1311

Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.



ZUSÄTZLICHE INFORMATIONEN

Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.

Error: (02/13/2014 00:58:24 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ST0031",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{40D7FC1B-8AF7-4B01-BA89-D973FE645C48}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (02/13/2014 00:22:19 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ST0031",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{40D7FC1B-8AF7-4B01-BA89-D973FE645C48}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (02/13/2014 00:10:19 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ST0031",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{40D7FC1B-8AF7-4B01-BA89-D973FE645C48}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (02/13/2014 11:52:57 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ST0031",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{40D7FC1B-8AF7-4B01-BA89-D973FE645C48}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.


Microsoft Office Sessions:
=========================
Error: (02/17/2014 08:32:37 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/14/2014 08:18:12 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2014 08:22:13 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2014 08:18:53 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2014 08:04:39 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2014 00:14:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2014 10:46:51 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Mirko\Desktop\esetsmartinstaller_enu.exe

Error: (02/11/2014 10:46:38 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Mirko\Desktop\esetsmartinstaller_enu.exe

Error: (02/11/2014 10:46:38 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Mirko\Desktop\esetsmartinstaller_enu.exe

Error: (02/11/2014 08:36:14 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-02-05 09:45:20.038
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\04_ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-02-05 09:45:20.007
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\04_ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 16%
Total physical RAM: 16267.77 MB
Available physical RAM: 13636.77 MB
Total Pagefile: 32533.72 MB
Available Pagefile: 29755.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:237.7 GB) (Free:118.14 GB) NTFS
Drive e: (Elements) (Fixed) (Total:931.51 GB) (Free:862.19 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 238 GB) (Disk ID: 6B9985F4)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=238 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 0002846E)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Antwort

Themen zu Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen
administrator, browser, defender, excel, explorer, firewall, flash player, home, homepage, malware, mobogenie, mobogenie entfernen, mozilla, nvidia, registry, rundll, security, services.exe, svchost.exe, system, win32/adware.kazaa.a, windows, winlogon.exe



Ähnliche Themen: Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen


  1. Ordner läst sich trotz "Unlocker" nicht Löschen
    Alles rund um Windows - 18.10.2015 (16)
  2. Schädliche Datei "hotvideo_0729.apk" lässt sich nicht deinstallieren
    Smartphone, Tablet & Handy Security - 03.08.2015 (2)
  3. Windows 7 32-Bit: Antivir stellt Trojaner "TR/Sirefef.AB.78" fest. Lässt sich nicht löschen
    Log-Analyse und Auswertung - 04.06.2015 (23)
  4. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  5. Windows 7: Auf Festplattenpartition für Daten befindet sich ein Ordner "SoftwareUpdater" mit einer Datei "SoftwareUpdater.Bootstrapper"
    Plagegeister aller Art und deren Bekämpfung - 10.02.2014 (13)
  6. Firefox "Neuer Tab": mixidj.delta-search.com, lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 27.04.2013 (24)
  7. Ordner wie "Anwendungsdaten" oder "Lokale Einstellungen" werden im Explorer nicht angezeigt
    Plagegeister aller Art und deren Bekämpfung - 08.02.2013 (5)
  8. AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 16.05.2012 (7)
  9. "SuperantiSpyware" erkennt "Adware.tracking cookie" kann aber das nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 20.12.2010 (21)
  10. Trojaner "TR/PSW.Papras.AB" gefunden, lässt sich jedoch nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 03.08.2010 (13)
  11. TR/Agent.ruo im Ordner "windows/system32" in der Datei "d3stez.dll"
    Plagegeister aller Art und deren Bekämpfung - 27.03.2010 (1)
  12. Spion "URLSearchHook" lässt sich nicht löschen!
    Plagegeister aller Art und deren Bekämpfung - 07.10.2008 (5)
  13. Helios Lite gibt für Registry-Key "Acess Denied" aus und key lässt sich nicht löschen
    Antiviren-, Firewall- und andere Schutzprogramme - 20.06.2008 (20)
  14. in temporary internet files" ordner lässt sich eine datei nicht löschen.trojaner?
    Plagegeister aller Art und deren Bekämpfung - 16.06.2008 (4)
  15. Virusbefallener Ordner lässt sich nicht löschen -.-"
    Plagegeister aller Art und deren Bekämpfung - 03.01.2007 (6)
  16. Gelöschte Datei lässt sich nicht "entgültig" löschen
    Alles rund um Windows - 08.03.2006 (2)
  17. Startseite: "searchfor" lässt sich nicht löschen. Außerdem lässtige Nachrichtena
    Log-Analyse und Auswertung - 10.01.2005 (7)

Zum Thema Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen - Hallo Trojaner-Board-Profis, ich bin das erste Mal auf eurer Seite und hoffe alles nach euren Regeln auszführen. Also: Anscheinend durch einen USB-Stick eines Bekannten habe ich irgendeine Malware auf meinen - Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen...
Archiv
Du betrachtest: Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.