Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7 - Beim Öffnen von Websites öffnen sich Popups und Tabs mit Werbung (https://www.trojaner-board.de/148683-windows-7-beim-offnen-websites-oeffnen-popups-tabs-werbung.html)

Artyrius 26.01.2014 13:53
Windows 7 - Beim Öffnen von Websites öffnen sich Popups und Tabs mit Werbung
 
Hallo liebe Trojaner-Board-Team,

nachdem Ihr meinen Laptop komplett bereinigt habt, brauche ich nun Hilfe bei meinem PC.

Beim Öffnen verschiedener Websiten öffnen sich automatisch massenweise Popups, sowie Tabs mit Werbung, sowie Downloadvorschläge zur Systembereinigung. Des Weiteren will er immer wieder, dass ich eine Setup.exe downloade (auch dieses öffnet sich einfach so, als ob ich irgendwo auf Download klicken würde).

Außerdem schliesst er dauernd eure Website und sagt mir folgendes ´´

Als Betrugsversuch gemeldete Webseite!
Die Webseite auf download.adobaoom.com wurde als Betrugsversuch gemeldet und gemäß Ihrer Sicherheitseinstellungen blockiert
Mit Betrugsseiten versuchen Kriminelle Sie dazu zu bringen, persönliche oder finanzielle Daten preiszugeben. Dabei ahmen sie in betrügerischer Absicht Webseiten oder E-Mails nach, denen Sie eventuell vertrauen.
Falls Sie hier persönliche Daten eingeben, müssen Sie mit Identitätsdiebstahl oder sonstigem Betrug rechnen.´´

Über eure Hilfe wäre ich sehr dankbar.

Logfiles:

FRST:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-01-2014 01
Ran by Artyrius (administrator) on RAMSIS on 26-01-2014 13:28:59
Running from C:\Users\Artyrius\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek) C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) D:\Itunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - D:\Itunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin [839560 2013-12-18] (Adobe Systems Incorporated)
HKU\Mein Kleines\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
Startup: C:\Users\Artyrius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Mein Kleines\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{B9ED0378-DE4A-4E0F-968C-92EB130CC32F}: [NameServer]8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default
FF SearchEngineOrder.1: Ask Search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Itunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: SuperLyrics-16 - C:\Users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com [2014-01-17]
FF Extension: Battlefield Play4Free - C:\Users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\Extensions\battlefieldplay4free@ea.com [2012-08-25]
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012-03-19]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012-03-19]
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012-03-19]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (SuperLyrics-16) - C:\Users\Artyrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc [2013-11-10]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\urladvisor.crx [2011-10-13]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\virtkbd.crx [2011-10-13]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\ab.crx [2011-10-13]

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-02] ()

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-02] (Disc Soft Ltd)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2012-10-31] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-26 13:28 - 2014-01-26 13:29 - 00010935 _____ C:\Users\Artyrius\Desktop\FRST.txt
2014-01-26 13:28 - 2014-01-26 13:28 - 00000000 ____D C:\FRST
2014-01-26 13:27 - 2014-01-26 13:27 - 02078208 _____ (Farbar) C:\Users\Artyrius\Desktop\FRST64.exe
2014-01-26 13:27 - 2014-01-26 13:27 - 00370971 _____ C:\Users\Artyrius\Desktop\gmer_2.1.19355.zip
2014-01-26 13:25 - 2014-01-26 13:25 - 00000548 _____ C:\Users\Artyrius\Desktop\defogger_disable.log
2014-01-26 13:25 - 2014-01-26 13:25 - 00000168 _____ C:\Users\Artyrius\defogger_reenable
2014-01-26 13:24 - 2014-01-26 13:24 - 00050477 _____ C:\Users\Artyrius\Desktop\Defogger.exe
2014-01-17 12:45 - 2014-01-17 12:45 - 01236282 _____ C:\Users\Artyrius\Desktop\adwcleaner_3.017.exe
2014-01-10 18:00 - 2014-01-10 18:00 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-10 18:00 - 2014-01-10 18:00 - 00000000 ____D C:\Program Files\iTunes
2014-01-10 18:00 - 2014-01-10 18:00 - 00000000 ____D C:\Program Files\iPod
2014-01-10 16:05 - 2014-01-10 18:03 - 00000000 ____D C:\Users\Artyrius\AppData\Roaming\Apple Computer
2014-01-03 01:19 - 2014-01-03 01:19 - 00000244 _____ C:\Users\Artyrius\Desktop\Battlefield 2 Complete Collection.lnk
2014-01-02 21:19 - 2014-01-02 21:19 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2014-01-02 21:18 - 2014-01-02 21:55 - 00000000 ____D C:\Users\Artyrius\AppData\Roaming\DAEMON Tools Lite
2014-01-02 21:18 - 2014-01-02 21:18 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-01-02 21:18 - 2014-01-02 21:18 - 00001954 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2014-01-02 21:18 - 2014-01-02 21:18 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2014-01-02 21:17 - 2014-01-02 21:18 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2014-01-02 21:16 - 2014-01-02 21:17 - 13485616 _____ (Disc Soft Ltd) C:\Users\Artyrius\Downloads\DTLite4481-0347.exe
2014-01-02 18:51 - 2014-01-02 18:51 - 00002153 _____ C:\Users\Artyrius\Desktop\Punkbuster Updatetool Win 3.4 Setup.lnk
2014-01-02 18:35 - 2014-01-02 18:35 - 00000648 _____ C:\Users\Artyrius\Desktop\Battlefield 2.lnk
2014-01-02 18:27 - 2014-01-02 18:27 - 00000937 _____ C:\Users\Public\Desktop\Battlefield Bad Company 2.lnk
2014-01-02 18:26 - 2014-01-02 18:26 - 02434856 _____ C:\Windows\SysWOW64\pbsvc.exe
2014-01-02 18:24 - 2014-01-02 18:24 - 00735889 _____ C:\Users\Artyrius\Downloads\pbsetup_3.4.zip
2014-01-02 18:21 - 2014-01-02 18:22 - 00614784 _____ C:\Users\Artyrius\Downloads\punkbuster-updatetool-win-3-4.exe
2014-01-02 16:14 - 2014-01-02 16:15 - 00000000 ____D C:\Users\Artyrius\Documents\Battlefield 4
2014-01-02 16:14 - 2014-01-02 16:14 - 00000000 ____D C:\Users\Artyrius\AppData\Local\ESN
2014-01-02 16:13 - 2014-01-02 16:13 - 03821064 _____ C:\Users\Artyrius\Downloads\battlelog-web-plugins_2.3.2_130(1).exe
2014-01-02 16:12 - 2014-01-02 16:13 - 03821064 _____ C:\Users\Artyrius\Downloads\battlelog-web-plugins_2.3.2_130.exe
2014-01-02 15:41 - 2014-01-10 15:54 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2014-01-02 15:41 - 2014-01-02 15:41 - 00000869 _____ C:\Users\Public\Desktop\Battlefield 4.lnk
2014-01-02 15:41 - 2014-01-02 15:41 - 00000853 _____ C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
2014-01-02 15:40 - 2014-01-02 15:40 - 00000000 ____D C:\ProgramData\Package Cache
2014-01-02 15:40 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-01-02 15:40 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-01-02 15:40 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-01-02 15:40 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-01-02 15:40 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-01-02 15:40 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-01-02 15:40 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-01-02 15:40 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-01-02 15:40 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-01-02 15:40 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-01-02 15:40 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-01-02 15:40 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-01-02 15:40 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-01-02 15:40 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-01-02 15:40 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-01-02 15:40 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-01-02 15:40 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-01-02 15:40 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-01-02 15:40 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-01-02 15:40 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-01-02 15:40 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-01-02 15:40 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-01-02 15:40 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-01-02 15:40 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-01-02 15:40 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-01-02 15:40 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2014-01-02 15:40 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-01-02 15:40 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-01-02 15:40 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-01-02 15:40 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-01-02 15:40 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-01-02 15:40 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-01-02 15:40 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-01-02 15:40 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-01-02 15:40 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-01-02 15:40 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-01-02 15:40 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-01-02 15:40 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2014-01-02 15:40 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-01-02 15:40 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-01-02 15:40 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-01-02 15:40 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-01-02 15:40 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-01-02 15:40 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-01-02 15:40 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-01-02 15:40 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-01-02 15:40 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-01-02 15:40 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-01-02 15:40 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-01-02 15:40 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2014-01-02 15:40 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-01-02 15:40 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2014-01-02 15:40 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-01-02 15:40 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-01-02 15:40 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-01-02 15:40 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-01-02 15:40 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-01-02 15:40 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-01-02 15:40 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-01-02 15:40 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-01-02 15:40 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-01-02 15:40 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-01-02 15:40 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-01-02 15:40 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-01-02 15:40 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-01-02 15:40 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-01-02 15:40 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-01-02 15:40 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-01-02 15:40 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-01-02 15:40 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-01-02 15:40 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-01-02 15:40 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-01-02 15:40 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-01-02 15:40 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-01-02 15:40 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-01-02 15:40 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-01-02 15:40 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-01-02 15:40 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-01-02 15:40 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-01-02 15:40 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2014-01-02 15:40 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2014-01-02 15:40 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-01-02 15:40 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-01-02 15:40 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2014-01-02 15:40 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2014-01-02 15:40 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-01-02 15:40 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-01-02 15:40 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2014-01-02 15:40 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-01-02 15:40 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2014-01-02 15:40 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-01-02 15:40 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2014-01-02 15:40 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2014-01-02 15:40 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-01-02 15:40 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-01-02 15:40 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2014-01-02 15:40 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-01-02 15:40 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2014-01-02 15:40 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-01-02 15:40 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2014-01-02 15:40 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-01-02 15:40 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2014-01-02 15:40 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-01-02 15:40 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2014-01-02 15:40 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-01-02 15:40 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2014-01-02 15:40 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-01-02 15:40 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2014-01-02 15:40 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-01-02 15:40 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2014-01-02 15:40 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-01-02 15:40 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2014-01-02 15:40 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-01-02 15:40 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2014-01-02 15:40 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-01-02 15:40 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2014-01-02 15:40 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-01-02 15:40 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2014-01-02 15:40 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-01-02 15:40 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2014-01-01 22:22 - 2014-01-01 22:22 - 00000000 ____D C:\Users\Artyrius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hard Justice
2014-01-01 21:55 - 2014-01-01 21:55 - 00000000 ____D C:\Program Files (x86)\EA GAMES
2014-01-01 20:36 - 2014-01-01 21:37 - 00000000 ____D C:\Users\Artyrius\Documents\Battlefield 2
2014-01-01 20:36 - 2014-01-01 20:36 - 00000000 ____D C:\Users\Artyrius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-01-01 20:35 - 2014-01-02 18:26 - 00203535 _____ C:\Windows\DirectX.log
2014-01-01 20:35 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-01-01 20:35 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2014-01-01 20:35 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-01-01 20:35 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2014-01-01 20:35 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-01-01 20:35 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2014-01-01 20:35 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-01-01 20:35 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2014-01-01 20:35 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-01-01 20:35 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2014-01-01 20:35 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-01-01 20:35 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-01-01 20:35 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-01-01 20:35 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2014-01-01 20:35 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-01-01 20:35 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2014-01-01 20:35 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-01-01 20:35 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2014-01-01 20:35 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-01-01 20:35 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2014-01-01 20:35 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-01-01 20:35 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2014-01-01 20:35 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2014-01-01 20:35 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-01-01 20:35 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-01-01 20:35 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2014-01-01 20:35 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-01-01 20:35 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2014-01-01 20:35 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2014-01-01 20:35 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2014-01-01 20:35 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2014-01-01 20:35 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-01-01 20:35 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-01-01 20:35 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-01-01 20:35 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2014-01-01 20:35 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2014-01-01 20:35 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2014-01-01 20:35 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-01-01 20:35 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-01-01 20:35 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2014-01-01 20:35 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-01-01 20:35 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2014-01-01 20:35 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-01-01 20:35 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2014-01-01 20:35 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-01-01 20:35 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2014-01-01 20:35 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-01-01 20:35 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2014-01-01 20:35 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-01-01 20:35 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2014-01-01 20:35 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-01-01 20:35 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2014-01-01 20:35 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-01-01 20:35 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2014-01-01 20:35 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-01-01 20:35 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2014-01-01 20:35 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2014-01-01 20:35 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2014-01-01 20:35 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-01-01 20:35 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2014-01-01 20:05 - 2014-01-01 20:05 - 00000000 ____D C:\Windows\rescache
2014-01-01 19:33 - 2014-01-01 19:33 - 00000000 ____D C:\Program Files (x86)\Origin Games
2014-01-01 19:32 - 2014-01-02 16:14 - 00000000 ____D C:\Users\Artyrius\AppData\Local\Origin
2014-01-01 19:32 - 2014-01-01 22:54 - 00000000 ____D C:\Users\Artyrius\AppData\Roaming\Origin
2014-01-01 19:31 - 2014-01-02 16:14 - 00000000 ____D C:\ProgramData\Origin
2014-01-01 19:31 - 2014-01-02 16:14 - 00000000 ____D C:\ProgramData\Electronic Arts
2014-01-01 19:31 - 2014-01-02 12:20 - 00000000 ____D C:\Program Files (x86)\Origin
2014-01-01 19:31 - 2014-01-01 19:31 - 00000983 _____ C:\Users\Public\Desktop\Origin.lnk
2014-01-01 19:29 - 2014-01-01 19:30 - 16952720 _____ (Electronic Arts, Inc.) C:\Users\Artyrius\Downloads\OriginThinSetup.exe
2014-01-01 19:26 - 2014-01-01 19:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-01-26 13:29 - 2014-01-26 13:28 - 00010935 _____ C:\Users\Artyrius\Desktop\FRST.txt
2014-01-26 13:28 - 2014-01-26 13:28 - 00000000 ____D C:\FRST
2014-01-26 13:28 - 2009-07-14 05:45 - 00020304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-26 13:28 - 2009-07-14 05:45 - 00020304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-26 13:27 - 2014-01-26 13:27 - 02078208 _____ (Farbar) C:\Users\Artyrius\Desktop\FRST64.exe
2014-01-26 13:27 - 2014-01-26 13:27 - 00370971 _____ C:\Users\Artyrius\Desktop\gmer_2.1.19355.zip
2014-01-26 13:26 - 2012-03-19 20:30 - 02021824 _____ C:\Windows\WindowsUpdate.log
2014-01-26 13:26 - 2011-04-12 08:43 - 00654150 _____ C:\Windows\system32\perfh007.dat
2014-01-26 13:26 - 2011-04-12 08:43 - 00130022 _____ C:\Windows\system32\perfc007.dat
2014-01-26 13:26 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-26 13:25 - 2014-01-26 13:25 - 00000548 _____ C:\Users\Artyrius\Desktop\defogger_disable.log
2014-01-26 13:25 - 2014-01-26 13:25 - 00000168 _____ C:\Users\Artyrius\defogger_reenable
2014-01-26 13:25 - 2012-03-19 20:30 - 00000000 ____D C:\Users\Artyrius
2014-01-26 13:24 - 2014-01-26 13:24 - 00050477 _____ C:\Users\Artyrius\Desktop\Defogger.exe
2014-01-26 13:24 - 2012-03-19 21:32 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-26 13:20 - 2013-11-10 18:36 - 00001978 _____ C:\Windows\Tasks\SuperLyrics-16-chromeinstaller.job
2014-01-26 13:20 - 2013-11-10 18:36 - 00001902 _____ C:\Windows\Tasks\SuperLyrics-16-firefoxinstaller.job
2014-01-26 13:20 - 2013-11-10 18:36 - 00001264 _____ C:\Windows\Tasks\SuperLyrics-16-codedownloader.job
2014-01-26 13:20 - 2012-03-19 20:33 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-26 13:20 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-26 13:20 - 2009-07-14 05:51 - 00077790 _____ C:\Windows\setupact.log
2014-01-17 12:47 - 2013-11-21 17:51 - 00000000 ____D C:\AdwCleaner
2014-01-17 12:45 - 2014-01-17 12:45 - 01236282 _____ C:\Users\Artyrius\Desktop\adwcleaner_3.017.exe
2014-01-12 19:17 - 2012-04-23 20:56 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-10 18:03 - 2014-01-10 16:05 - 00000000 ____D C:\Users\Artyrius\AppData\Roaming\Apple Computer
2014-01-10 18:01 - 2012-10-18 23:50 - 00001455 _____ C:\Users\Public\Desktop\iTunes.lnk
2014-01-10 18:00 - 2014-01-10 18:00 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-10 18:00 - 2014-01-10 18:00 - 00000000 ____D C:\Program Files\iTunes
2014-01-10 18:00 - 2014-01-10 18:00 - 00000000 ____D C:\Program Files\iPod
2014-01-10 15:54 - 2014-01-02 15:41 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2014-01-10 15:54 - 2010-11-21 04:47 - 00012912 _____ C:\Windows\PFRO.log
2014-01-03 01:19 - 2014-01-03 01:19 - 00000244 _____ C:\Users\Artyrius\Desktop\Battlefield 2 Complete Collection.lnk
2014-01-02 21:55 - 2014-01-02 21:18 - 00000000 ____D C:\Users\Artyrius\AppData\Roaming\DAEMON Tools Lite
2014-01-02 21:19 - 2014-01-02 21:19 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2014-01-02 21:18 - 2014-01-02 21:18 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-01-02 21:18 - 2014-01-02 21:18 - 00001954 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2014-01-02 21:18 - 2014-01-02 21:18 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2014-01-02 21:18 - 2014-01-02 21:17 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2014-01-02 21:17 - 2014-01-02 21:16 - 13485616 _____ (Disc Soft Ltd) C:\Users\Artyrius\Downloads\DTLite4481-0347.exe
2014-01-02 18:52 - 2012-08-24 00:18 - 00189472 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2014-01-02 18:52 - 2012-08-24 00:14 - 00189472 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2014-01-02 18:51 - 2014-01-02 18:51 - 00002153 _____ C:\Users\Artyrius\Desktop\Punkbuster Updatetool Win 3.4 Setup.lnk
2014-01-02 18:45 - 2012-08-24 00:14 - 00189472 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2014-01-02 18:35 - 2014-01-02 18:35 - 00000648 _____ C:\Users\Artyrius\Desktop\Battlefield 2.lnk
2014-01-02 18:27 - 2014-01-02 18:27 - 00000937 _____ C:\Users\Public\Desktop\Battlefield Bad Company 2.lnk
2014-01-02 18:26 - 2014-01-02 18:26 - 02434856 _____ C:\Windows\SysWOW64\pbsvc.exe
2014-01-02 18:26 - 2014-01-01 20:35 - 00203535 _____ C:\Windows\DirectX.log
2014-01-02 18:24 - 2014-01-02 18:24 - 00735889 _____ C:\Users\Artyrius\Downloads\pbsetup_3.4.zip
2014-01-02 18:22 - 2014-01-02 18:21 - 00614784 _____ C:\Users\Artyrius\Downloads\punkbuster-updatetool-win-3-4.exe
2014-01-02 17:43 - 2012-08-24 00:17 - 00000000 ____D C:\Users\Artyrius\AppData\Local\PunkBuster
2014-01-02 16:15 - 2014-01-02 16:14 - 00000000 ____D C:\Users\Artyrius\Documents\Battlefield 4
2014-01-02 16:14 - 2014-01-02 16:14 - 00000000 ____D C:\Users\Artyrius\AppData\Local\ESN
2014-01-02 16:14 - 2014-01-01 19:32 - 00000000 ____D C:\Users\Artyrius\AppData\Local\Origin
2014-01-02 16:14 - 2014-01-01 19:31 - 00000000 ____D C:\ProgramData\Origin
2014-01-02 16:14 - 2014-01-01 19:31 - 00000000 ____D C:\ProgramData\Electronic Arts
2014-01-02 16:13 - 2014-01-02 16:13 - 03821064 _____ C:\Users\Artyrius\Downloads\battlelog-web-plugins_2.3.2_130(1).exe
2014-01-02 16:13 - 2014-01-02 16:12 - 03821064 _____ C:\Users\Artyrius\Downloads\battlelog-web-plugins_2.3.2_130.exe
2014-01-02 15:41 - 2014-01-02 15:41 - 00000869 _____ C:\Users\Public\Desktop\Battlefield 4.lnk
2014-01-02 15:41 - 2014-01-02 15:41 - 00000853 _____ C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
2014-01-02 15:40 - 2014-01-02 15:40 - 00000000 ____D C:\ProgramData\Package Cache
2014-01-02 15:40 - 2012-08-24 00:14 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2014-01-02 12:20 - 2014-01-01 19:31 - 00000000 ____D C:\Program Files (x86)\Origin
2014-01-02 12:17 - 2012-05-29 13:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-01 22:54 - 2014-01-01 19:32 - 00000000 ____D C:\Users\Artyrius\AppData\Roaming\Origin
2014-01-01 22:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-01 22:22 - 2014-01-01 22:22 - 00000000 ____D C:\Users\Artyrius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hard Justice
2014-01-01 21:55 - 2014-01-01 21:55 - 00000000 ____D C:\Program Files (x86)\EA GAMES
2014-01-01 21:37 - 2014-01-01 20:36 - 00000000 ____D C:\Users\Artyrius\Documents\Battlefield 2
2014-01-01 20:36 - 2014-01-01 20:36 - 00000000 ____D C:\Users\Artyrius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-01-01 20:05 - 2014-01-01 20:05 - 00000000 ____D C:\Windows\rescache
2014-01-01 19:33 - 2014-01-01 19:33 - 00000000 ____D C:\Program Files (x86)\Origin Games
2014-01-01 19:31 - 2014-01-01 19:31 - 00000983 _____ C:\Users\Public\Desktop\Origin.lnk
2014-01-01 19:30 - 2014-01-01 19:29 - 16952720 _____ (Electronic Arts, Inc.) C:\Users\Artyrius\Downloads\OriginThinSetup.exe
2014-01-01 19:26 - 2014-01-01 19:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\Artyrius\AppData\Local\Temp\app.exe
C:\Users\Artyrius\AppData\Local\Temp\BackupSetup.exe
C:\Users\Artyrius\AppData\Local\Temp\IMsetup.exe
C:\Users\Artyrius\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Artyrius\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Artyrius\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Artyrius\AppData\Local\Temp\nsfF515.exe
C:\Users\Artyrius\AppData\Local\Temp\nsfFA44.exe
C:\Users\Artyrius\AppData\Local\Temp\nsl19C7.exe
C:\Users\Artyrius\AppData\Local\Temp\nsl1E0C.exe
C:\Users\Artyrius\AppData\Local\Temp\plus-hd-2-6.exe
C:\Users\Artyrius\AppData\Local\Temp\Quarantine.exe
C:\Users\Artyrius\AppData\Local\Temp\SeesimilarSetup-18-.exe
C:\Users\Artyrius\AppData\Local\Temp\Setup.exe
C:\Users\Artyrius\AppData\Local\Temp\setup__3862.exe
C:\Users\Artyrius\AppData\Local\Temp\sonarinst.exe
C:\Users\Artyrius\AppData\Local\Temp\SPSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-10 16:55

==================== End Of Log ============================
--- --- ---


Addition:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-01-2014 01
Ran by Artyrius at 2014-01-26 13:29:37
Running from C:\Users\Artyrius\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
AS: Kaspersky Internet Security (Enabled - Up to date) {95CBD341-38DB-14AC-AF6A-08054B41A339}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

==================== Installed Programs ======================

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Battlefield 2 (x32 Version: 1.5.0.0 - Electronic Arts)
Battlefield 4™ (x32 Version: 1.0.0.1 - Electronic Arts)
Battlefield Play4Free (x32 Version:  - EA Digital illusions)
Battlefield: Bad Company™ 2 (x32 Version: 1.0.1.0 - Electronic Arts)
Battlelog Web Plugins (x32 Version: 2.3.2 - EA Digital Illusions CE AB)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (x32 Version:  - )
Canon iP4700 series Printer Driver (Version:  - )
Canon MP Navigator EX 4.0 (x32 Version:  - )
CanoScan LiDE 110 Scanner Driver (Version:  - )
DAEMON Tools Lite (x32 Version: 4.48.1.0347 - Disc Soft Ltd)
ElsterFormular (x32 Version: 14.0.0.10899 - Landesfinanzdirektion Thüringen)
ESN Sonar (x32 Version: 0.70.4 - ESN Social Software AB)
ffdshow v1.2.4422 [2012-04-09] (x32 Version: 1.2.4422.0 - )
Hard Justice (x32 Version: 1.31 - The Hard Justice Mod Team)
Hard Justice Map Pack 1 (x32 Version: 1.2 - wccsquad.com)
iCloud (Version: 3.1.0.40 - Apple Inc.)
IrfanView (remove only) (x32 Version: 4.35 - Irfan Skiljan)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kaspersky Anti-Virus 2012 (x32 Version: 12.0.0.374 - Kaspersky Lab) Hidden
Kaspersky Internet Security 2012 (x32 Version: 12.0.0.374 - Kaspersky Lab)
K-Lite Codec Pack 5.9.0 (64-bit) (Version: 5.9.0 - )
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Nur Entfernen der CopyTrans Suite möglich (HKCU Version: 2.37 - WindSolutions)
NVIDIA 3D Vision Controller-Treiber 295.73 (Version: 295.73 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0209 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.0209 (Version: 9.12.0209 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenOffice.org 3.3 (x32 Version: 3.3.9567 - OpenOffice.org)
Origin (x32 Version: 9.3.11.2762 - Electronic Arts, Inc.)
Picasa 3 (x32 Version: 3.9 - Google, Inc.)
PunkBuster Services (x32 Version: 0.988 - Even Balance, Inc.)
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
REALTEK Wireless LAN Driver and Utility (x32 Version: 1.00.0145 - REALTEK Semiconductor Corp.)
Star Wars: The Old Republic (x32 Version: 1.00 - Electronic Arts, Inc.)
SuperLyrics-16 (x32 Version: 1.30.153.0 - 10superSoftabcd) <==== ATTENTION
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
VLC media player 2.0.1 (x32 Version: 2.0.1 - VideoLAN)
World of Warcraft (x32 Version:  - Blizzard Entertainment)

==================== Restore Points  =========================

10-01-2014 17:27:10 Windows Update
12-01-2014 18:00:11 Windows-Sicherung
26-01-2014 12:23:37 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {28DFB9F6-3F41-493D-8551-7FA308169492} - \Plus-HD-2.6-firefoxinstaller No Task File
Task: {2D4EE823-F86F-4FFA-8BC4-91A29D5EBAE5} - \DealPlyUpdate No Task File
Task: {337D4059-48F8-41EC-99D9-A499F3887B37} - \Plus-HD-2.6-codedownloader No Task File
Task: {4473CA5F-6D41-4B11-8B74-24E76330DABF} - \SuperLyrics-16-chromeinstaller No Task File
Task: {64780FBE-5D65-4D6B-BC46-BBE2A00493F1} - \Plus-HD-2.6-updater No Task File
Task: {72EBDAFB-DF31-44FD-9ACF-131A74730665} - \SuperLyrics-16-codedownloader No Task File
Task: {8DD33BF2-3D96-41E3-82A7-AE9834B44EE2} - \DealPly No Task File
Task: {91A84CBC-273D-4030-9E95-C1DBEF22A6EB} - \Plus-HD-2.6-enabler No Task File
Task: {A5DA7EF6-5172-49F0-9D73-834C303F340D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AECD4BBC-C4C5-4206-ACF3-8740BC7E0844} - \SuperLyrics-16-firefoxinstaller No Task File
Task: {D763376F-6DCF-4065-8657-2721095B3B74} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {E18E63AB-7888-4526-AB02-64B10DA6D9D5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-18] (Adobe Systems Incorporated)
Task: {E4DCFF77-55C2-4792-8B6D-22DF722196E2} - \HDvid Codec V1-codedownloader No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\SuperLyrics-16-chromeinstaller.job => C:\Program Files (x86)\SuperLyrics-16\SuperLyrics-16-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\SuperLyrics-16-codedownloader.job => C:\Program Files (x86)\SuperLyrics-16\SuperLyrics-16-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\SuperLyrics-16-firefoxinstaller.job => C:\Program Files (x86)\SuperLyrics-16\SuperLyrics-16-firefoxinstaller.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-03-19 21:15 - 2009-12-09 21:20 - 00126976 _____ () C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\EnumDevLib.dll
2011-01-17 16:19 - 2012-03-19 20:36 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 02118032 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtCore4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 07008656 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtGui4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 02089360 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtDeclarative4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 01270160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtScript4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 00192912 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtSql4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 00758160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtNetwork4.dll
2011-04-20 19:56 - 2011-04-20 19:56 - 00025088 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll
2014-01-01 19:26 - 2014-01-01 19:26 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-12-18 20:17 - 2013-12-18 20:17 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/26/2014 01:22:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2014 00:49:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2014 00:42:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/12/2014 06:53:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/10/2014 06:03:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/10/2014 03:56:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2014 06:24:38 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/02/2014 04:13:45 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/02/2014 00:19:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2014 02:30:29 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BF2.exe, Version: 0.0.0.0, Zeitstempel: 0x4a8d6629
Name des fehlerhaften Moduls: Memory.dll, Version: 0.0.0.0, Zeitstempel: 0x497ec791
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001ddc
ID des fehlerhaften Prozesses: 0x1694
Startzeit der fehlerhaften Anwendung: 0xBF2.exe0
Pfad der fehlerhaften Anwendung: BF2.exe1
Pfad des fehlerhaften Moduls: BF2.exe2
Berichtskennung: BF2.exe3


System errors:
=============
Error: (01/26/2014 01:23:48 PM) (Source: atapi) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden.

Error: (01/26/2014 01:22:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (01/26/2014 01:22:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/26/2014 01:20:45 PM) (Source: atapi) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden.

Error: (01/26/2014 01:20:45 PM) (Source: atapi) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden.

Error: (01/17/2014 00:50:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (01/17/2014 00:50:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/17/2014 00:44:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (01/17/2014 00:44:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/12/2014 07:08:30 PM) (Source: atapi) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.


Microsoft Office Sessions:
=========================
Error: (01/26/2014 01:22:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2014 00:49:48 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2014 00:42:59 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/12/2014 06:53:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/10/2014 06:03:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/10/2014 03:56:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2014 06:24:38 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Artyrius\Downloads\SoftonicDownloader_fuer_wowmatrix.exe

Error: (01/02/2014 04:13:45 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Artyrius\Downloads\SoftonicDownloader_fuer_wowmatrix.exe

Error: (01/02/2014 00:19:11 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2014 02:30:29 AM) (Source: Application Error)(User: )
Description: BF2.exe0.0.0.04a8d6629Memory.dll0.0.0.0497ec791c000000500001ddc169401cf075a0f6d35afE:\Spiele\Spiele zum Installieren\Battlefield 2 Complete Collection\BF2.exeE:\Spiele\Spiele zum Installieren\Battlefield 2 Complete Collection\Memory.dll7614fbc6-734d-11e3-be83-001e8cdb7bcb


CodeIntegrity Errors:
===================================
  Date: 2013-02-25 21:31:52.060
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-25 21:31:52.017
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-25 21:31:21.257
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-25 21:31:21.213
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-25 21:30:52.656
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-25 21:30:52.626
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 31%
Total physical RAM: 8191.11 MB
Available physical RAM: 5636.3 MB
Total Pagefile: 16380.41 MB
Available Pagefile: 13691.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:55.8 GB) (Free:6.56 GB) NTFS
Drive d: (Filme und Daten) (Fixed) (Total:1397.26 GB) (Free:346.8 GB) NTFS
Drive e: (Filme und Spiele) (Fixed) (Total:1397.26 GB) (Free:122.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 56 GB) (Disk ID: F1BEC7A3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=56 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 5607C364)
Partition 1: (Not Active) - (Size=-698723860480) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 5607C367)
Partition 1: (Not Active) - (Size=-698723860480) - (Type=07 NTFS)

==================== End Of Log ============================
gmer.txt:

Code:
GMER 2.1.19355 - hxxp://www.gmer.net
Rootkit scan 2014-01-26 13:42:55
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 Corsair_Force_GT rev.1.3.3 55,90GB
Running: gmer.exe; Driver: C:\Users\Artyrius\AppData\Local\Temp\pwldrpoc.sys


---- User code sections - GMER 2.1 ----

.text    C:\Windows\SysWOW64\PnkBstrA.exe[1848] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                                                                                                                                0000000072981a22 2 bytes [98, 72]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1848] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                                                                                                                                0000000072981ad0 2 bytes [98, 72]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1848] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                                                                                                                                0000000072981b08 2 bytes [98, 72]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1848] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                                                                                                                                0000000072981bba 2 bytes [98, 72]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1848] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                                                                                                                                0000000072981bda 2 bytes [98, 72]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                                                          0000000076b31465 2 bytes [B3, 76]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                                                        0000000076b314bb 2 bytes [B3, 76]
.text    ...                                                                                                                                                                                                                                                                    * 2
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                              0000000076b31465 2 bytes [B3, 76]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                              0000000076b314bb 2 bytes [B3, 76]
.text    ...                                                                                                                                                                                                                                                                    * 2
---- Processes - GMER 2.1 ----

Library  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{51661971-47BE-4DFB-95CE-A2D95482A077}\mpengine.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [5392] (Microsoft Malware Protection Engine/Microsoft Corporation SIGNED)(2014-01-26 12:25:31)  000007feea7b0000
Process  C:\Users\Artyrius\AppData\Local\Temp\Temp1_gmer_2.1.19355.zip\gmer.exe (*** suspicious ***) @ C:\Users\Artyrius\AppData\Local\Temp\Temp1_gmer_2.1.19355.zip\gmer.exe [4228]                                                                                            0000000000400000

---- EOF - GMER 2.1 ----
Vielen Dank

LG Artyrius

schrauber 26.01.2014 17:00
hi,
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Artyrius 26.01.2014 17:28
Code:
ComboFix 14-01-23.02 - Artyrius 26.01.2014  17:17:35.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.8191.6007 [GMT 1:00]
ausgeführt von:: c:\users\Artyrius\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe
c:\program files (x86)\SuperLyrics-16
c:\program files (x86)\SuperLyrics-16\44162.crx
c:\program files (x86)\SuperLyrics-16\44162.xpi
c:\program files (x86)\SuperLyrics-16\superlyrics-16-chromeinstaller.exe
c:\program files (x86)\SuperLyrics-16\superlyrics-16-firefoxinstaller.exe
c:\users\Artyrius\AppData\Local\._Revolution_
c:\users\Artyrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc
c:\users\Artyrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\background.html
c:\users\Artyrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\crossriderManifest.json
c:\users\Artyrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\manifest.xml
c:\users\Artyrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins.json
c:\users\Artyrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\icons\actions\1.png
c:\users\Artyrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\icons\icon128.png
c:\users\Artyrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\icons\icon16.png
c:\users\Artyrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\icons\icon48.png
c:\users\Artyrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\manifest.json
c:\users\Artyrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\popup.html
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome.manifest
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\asyncDB.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\background.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\browserAction.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\contextMenu.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\dbManager.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\dom_bg.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\fileManager.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\firefox.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\firefoxNotifications.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\firefoxOmnibox.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\message.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\pageAction.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\request.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\tabs.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\webRequest.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\windowsMessagingHandler.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\background.html
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\baseObject.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\browser.xul
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\addressBarChangeObserver.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\console.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\consts.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\delegate.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\extensionDataStore.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\folderIOWrapper.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\httpObserver.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\IDBWrapper.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\installer.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\logFile.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\prefs.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\progressListenerObserver.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\registry.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\reloadObserver.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\reports.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\requestObject.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\searchSettings.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\uninstallObserver.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\updateManager.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\utils.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\xhr.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\dialog.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\ffCoreFilesIndex.txt
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\main.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\options.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\options.xul
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\platformVersion.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\search_dialog.xul
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\defaults\preferences\prefs.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\manifest.xml
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins.json
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\1_base.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\17_jQuery.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\177_crossriderDashboard.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\182_openUrl.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\183_tabsWrapper.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\207_dbWrapper.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\21_debug.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\22_resources.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\28_initializer.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\47_resources_background.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\64_appApiMessage.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\72_appApiValidation.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\98_omniCommands.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\userCode\background.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\userCode\extension.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\install.rdf
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\locale\en-US\translations.dtd
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\button1.png
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\button2.png
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\button3.png
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\button4.png
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\button5.png
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\crossrider_statusbar.png
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\icon128.png
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\icon16.png
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\icon24.png
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\icon48.png
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\panelarrow-up.png
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\popup.html
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\skin.css
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\update.css
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-12-26 bis 2014-01-26  ))))))))))))))))))))))))))))))
.
.
2014-01-26 12:28 . 2014-01-26 12:28        --------        d-----w-        C:\FRST
2014-01-26 12:25 . 2013-12-04 03:28        10315576        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{51661971-47BE-4DFB-95CE-A2D95482A077}\mpengine.dll
2014-01-26 12:25 . 2013-11-26 11:40        376768        ----a-w-        c:\windows\system32\drivers\netio.sys
2014-01-26 12:24 . 2013-11-27 01:41        343040        ----a-w-        c:\windows\system32\drivers\usbhub.sys
2014-01-26 12:24 . 2013-11-27 01:41        99840        ----a-w-        c:\windows\system32\drivers\usbccgp.sys
2014-01-26 12:24 . 2013-11-27 01:41        53248        ----a-w-        c:\windows\system32\drivers\usbehci.sys
2014-01-26 12:24 . 2013-11-27 01:41        325120        ----a-w-        c:\windows\system32\drivers\usbport.sys
2014-01-26 12:24 . 2013-11-27 01:41        25600        ----a-w-        c:\windows\system32\drivers\usbohci.sys
2014-01-26 12:24 . 2013-11-27 01:41        30720        ----a-w-        c:\windows\system32\drivers\usbuhci.sys
2014-01-26 12:24 . 2013-11-27 01:41        7808        ----a-w-        c:\windows\system32\drivers\usbd.sys
2014-01-26 12:24 . 2013-11-26 10:32        3156480        ----a-w-        c:\windows\system32\win32k.sys
2014-01-10 17:00 . 2014-01-10 17:00        --------        d-----w-        c:\program files\iPod
2014-01-10 17:00 . 2014-01-10 17:00        --------        d-----w-        c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-10 17:00 . 2014-01-10 17:00        --------        d-----w-        c:\program files\iTunes
2014-01-10 15:05 . 2014-01-10 17:03        --------        d-----w-        c:\users\Artyrius\AppData\Roaming\Apple Computer
2014-01-06 19:23 . 2014-01-06 19:23        4558848        ----a-w-        c:\windows\SysWow64\GPhotos.scr
2014-01-02 20:18 . 2014-01-02 20:18        283064        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2014-01-02 20:18 . 2014-01-02 20:55        --------        d-----w-        c:\users\Artyrius\AppData\Roaming\DAEMON Tools Lite
2014-01-02 20:18 . 2014-01-02 20:18        --------        d-----w-        c:\program files (x86)\DAEMON Tools Lite
2014-01-02 20:17 . 2014-01-02 20:18        --------        d-----w-        c:\programdata\DAEMON Tools Lite
2014-01-02 17:26 . 2014-01-02 17:26        2434856        ----a-w-        c:\windows\SysWow64\pbsvc.exe
2014-01-02 15:14 . 2014-01-02 15:14        --------        d-----w-        c:\users\Artyrius\AppData\Local\ESN
2014-01-02 14:41 . 2014-01-02 17:27        --------        d--h--w-        c:\program files (x86)\Common Files\EAInstaller
2014-01-02 14:41 . 2014-01-10 14:54        --------        d-----w-        c:\program files (x86)\Battlelog Web Plugins
2014-01-01 20:55 . 2014-01-01 20:55        --------        d-----w-        c:\program files (x86)\EA GAMES
2014-01-01 19:05 . 2014-01-01 19:05        --------        d-----w-        c:\windows\rescache
2014-01-01 18:33 . 2014-01-01 18:33        --------        d-----w-        c:\program files (x86)\Origin Games
2014-01-01 18:32 . 2014-01-01 21:54        --------        d-----w-        c:\users\Artyrius\AppData\Roaming\Origin
2014-01-01 18:32 . 2014-01-02 15:14        --------        d-----w-        c:\users\Artyrius\AppData\Local\Origin
2014-01-01 18:31 . 2014-01-02 15:14        --------        d-----w-        c:\programdata\Origin
2014-01-01 18:31 . 2014-01-02 15:14        --------        d-----w-        c:\programdata\Electronic Arts
2014-01-01 18:31 . 2014-01-02 11:20        --------        d-----w-        c:\program files (x86)\Origin
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-02 17:52 . 2012-08-23 23:18        189472        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2014-01-02 17:52 . 2012-08-23 23:14        189472        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2014-01-02 17:45 . 2012-08-23 23:14        189472        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2014-01-02 14:40 . 2012-08-23 23:14        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2013-12-18 19:17 . 2012-04-23 19:56        692616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-18 19:17 . 2012-03-20 17:40        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-18 05:13 . 2010-11-21 03:27        270496        ------w-        c:\windows\system32\MpSigStub.exe
2013-11-26 18:07 . 2013-11-26 18:07        940032        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-26 18:07 . 2013-11-26 18:07        194048        ----a-w-        c:\windows\SysWow64\elshyph.dll
2013-11-26 18:07 . 2013-11-26 18:07        74240        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-26 18:07 . 2013-11-26 18:07        71680        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-26 18:07 . 2013-11-26 18:07        645120        ----a-w-        c:\windows\SysWow64\jsIntl.dll
2013-11-26 18:07 . 2013-11-26 18:07        62464        ----a-w-        c:\windows\SysWow64\tdc.ocx
2013-11-26 18:07 . 2013-11-26 18:07        61952        ----a-w-        c:\windows\SysWow64\MshtmlDac.dll
2013-11-26 18:07 . 2013-11-26 18:07        61952        ----a-w-        c:\windows\SysWow64\iesetup.dll
2013-11-26 18:07 . 2013-11-26 18:07        51200        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll
2013-11-26 18:07 . 2013-11-26 18:07        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2013-11-26 18:07 . 2013-11-26 18:07        454656        ----a-w-        c:\windows\SysWow64\vbscript.dll
2013-11-26 18:07 . 2013-11-26 18:07        36352        ----a-w-        c:\windows\SysWow64\imgutil.dll
2013-11-26 18:07 . 2013-11-26 18:07        34816        ----a-w-        c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-26 18:07 . 2013-11-26 18:07        337408        ----a-w-        c:\windows\SysWow64\html.iec
2013-11-26 18:07 . 2013-11-26 18:07        24576        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2013-11-26 18:07 . 2013-11-26 18:07        235008        ----a-w-        c:\windows\system32\elshyph.dll
2013-11-26 18:07 . 2013-11-26 18:07        182272        ----a-w-        c:\windows\SysWow64\msls31.dll
2013-11-26 18:07 . 2013-11-26 18:07        151552        ----a-w-        c:\windows\SysWow64\iexpress.exe
2013-11-26 18:07 . 2013-11-26 18:07        139264        ----a-w-        c:\windows\SysWow64\wextract.exe
2013-11-26 18:07 . 2013-11-26 18:07        13312        ----a-w-        c:\windows\SysWow64\mshta.exe
2013-11-26 18:07 . 2013-11-26 18:07        112128        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2013-11-26 18:07 . 2013-11-26 18:07        111616        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2013-11-26 18:07 . 2013-11-26 18:07        1051136        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2013-11-26 18:07 . 2013-11-26 18:07        942592        ----a-w-        c:\windows\system32\jsIntl.dll
2013-11-26 18:07 . 2013-11-26 18:07        90112        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2013-11-26 18:07 . 2013-11-26 18:07        86016        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2013-11-26 18:07 . 2013-11-26 18:07        86016        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2013-11-26 18:07 . 2013-11-26 18:07        84992        ----a-w-        c:\windows\system32\mshtmled.dll
2013-11-26 18:07 . 2013-11-26 18:07        83968        ----a-w-        c:\windows\system32\MshtmlDac.dll
2013-11-26 18:07 . 2013-11-26 18:07        81408        ----a-w-        c:\windows\system32\icardie.dll
2013-11-26 18:07 . 2013-11-26 18:07        774144        ----a-w-        c:\windows\system32\jscript.dll
2013-11-26 18:07 . 2013-11-26 18:07        77312        ----a-w-        c:\windows\system32\tdc.ocx
2013-11-26 18:07 . 2013-11-26 18:07        626176        ----a-w-        c:\windows\system32\msfeeds.dll
2013-11-26 18:07 . 2013-11-26 18:07        62464        ----a-w-        c:\windows\system32\pngfilt.dll
2013-11-26 18:07 . 2013-11-26 18:07        616104        ----a-w-        c:\windows\system32\ieapfltr.dat
2013-11-26 18:07 . 2013-11-26 18:07        548352        ----a-w-        c:\windows\system32\vbscript.dll
2013-11-26 18:07 . 2013-11-26 18:07        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll
2013-11-26 18:07 . 2013-11-26 18:07        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2013-11-26 18:07 . 2013-11-26 18:07        48128        ----a-w-        c:\windows\system32\imgutil.dll
2013-11-26 18:07 . 2013-11-26 18:07        453120        ----a-w-        c:\windows\system32\dxtmsft.dll
2013-11-26 18:07 . 2013-11-26 18:07        413696        ----a-w-        c:\windows\system32\html.iec
2013-11-26 18:07 . 2013-11-26 18:07        40448        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 18:07 . 2013-11-26 18:07        30208        ----a-w-        c:\windows\system32\licmgr10.dll
2013-11-26 18:07 . 2013-11-26 18:07        296960        ----a-w-        c:\windows\system32\dxtrans.dll
2013-11-26 18:07 . 2013-11-26 18:07        263376        ----a-w-        c:\windows\system32\iedkcs32.dll
2013-11-26 18:07 . 2013-11-26 18:07        247808        ----a-w-        c:\windows\system32\msls31.dll
2013-11-26 18:07 . 2013-11-26 18:07        243200        ----a-w-        c:\windows\system32\webcheck.dll
2013-11-26 18:07 . 2013-11-26 18:07        235520        ----a-w-        c:\windows\system32\url.dll
2013-11-26 18:07 . 2013-11-26 18:07        195584        ----a-w-        c:\windows\system32\msrating.dll
2013-11-26 18:07 . 2013-11-26 18:07        167424        ----a-w-        c:\windows\system32\iexpress.exe
2013-11-26 18:07 . 2013-11-26 18:07        147968        ----a-w-        c:\windows\system32\occache.dll
2013-11-26 18:07 . 2013-11-26 18:07        143872        ----a-w-        c:\windows\system32\wextract.exe
2013-11-26 18:07 . 2013-11-26 18:07        13824        ----a-w-        c:\windows\system32\mshta.exe
2013-11-26 18:07 . 2013-11-26 18:07        135680        ----a-w-        c:\windows\system32\iepeers.dll
2013-11-26 18:07 . 2013-11-26 18:07        13312        ----a-w-        c:\windows\system32\msfeedssync.exe
2013-11-26 18:07 . 2013-11-26 18:07        131072        ----a-w-        c:\windows\system32\IEAdvpack.dll
2013-11-26 18:07 . 2013-11-26 18:07        1228800        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2013-11-26 18:07 . 2013-11-26 18:07        105984        ----a-w-        c:\windows\system32\iesysprep.dll
2013-11-26 18:07 . 2013-11-26 18:07        101376        ----a-w-        c:\windows\system32\inseng.dll
2013-11-26 11:54 . 2013-12-18 20:01        23183360        ----a-w-        c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-18 20:01        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-18 20:01        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-18 20:01        66048        ----a-w-        c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-18 20:01        48640        ----a-w-        c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-18 20:01        2764288        ----a-w-        c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-18 20:01        53760        ----a-w-        c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-18 20:01        33792        ----a-w-        c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-18 20:01        2724864        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-18 20:01        574976        ----a-w-        c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-18 20:01        139264        ----a-w-        c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-18 20:01        111616        ----a-w-        c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-18 20:01        708608        ----a-w-        c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-18 20:01        218624        ----a-w-        c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-18 20:01        5769216        ----a-w-        c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-18 20:01        553472        ----a-w-        c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-18 20:01        4243968        ----a-w-        c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-18 20:01        1995264        ----a-w-        c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-18 20:01        12996608        ----a-w-        c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-18 20:01        1928192        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-18 20:01        2334208        ----a-w-        c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-18 20:01        1395200        ----a-w-        c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-18 20:01        817664        ----a-w-        c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-18 20:01        1820160        ----a-w-        c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-18 19:08        417792        ----a-w-        c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-18 19:08        465920        ----a-w-        c:\windows\system32\WMPhoto.dll
2013-11-21 16:46 . 2013-11-21 16:46        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-12 02:23 . 2013-12-18 19:08        2048        ----a-w-        c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-18 19:08        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2013-10-30 02:32 . 2013-12-18 19:08        335360        ----a-w-        c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-18 19:08        301568        ----a-w-        c:\windows\SysWow64\msieftp.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2012-10-31 206448]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2013-11-01 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8187.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys;c:\windows\SYSNATIVE\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S2 Realtek87B;Realtek87B;c:\program files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe;c:\program files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-01-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 19:17]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B9ED0378-DE4A-4E0F-968C-92EB130CC32F}: NameServer = 8.8.8.8
FF - ProfilePath - c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
c:\users\Mein Kleines\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe
c:\users\Artyrius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-SuperLyrics-16 - c:\program files (x86)\SuperLyrics-16\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-01-26  17:25:09
ComboFix-quarantined-files.txt  2014-01-26 16:25
.
Vor Suchlauf: 8.749.133.824 Bytes frei
Nach Suchlauf: 9.653.088.256 Bytes frei
.
- - End Of File - - DC130DBD77CC4FEDD09BBEEFB4647E7C
A36C5E4F47E84449FF07ED3517B43A31

schrauber 27.01.2014 10:59
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:22 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131