Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: inkasso mail mit anhang geöfnet

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.06.2013, 19:46   #1
faust63
 
inkasso mail mit anhang geöfnet - Standard

inkasso mail mit anhang geöfnet



Hallo zusammen,

meine tochter hat gestern eine Mail von einem angeblichen Inkassobüro mit Anhang erhalten.da sie sehr aufgeregt war über email von inkaso büro hatte ich mir email
angeschaut und zip datei auf pc gespeichert ,dann habe ich zip datei entpackt und es kam
eine weitere zip datei zum vorschein,die ich dann nicht mehr entpackt habe,da wurde ich misstrauisch und hab alles gelöscht.
Waren meine Aktionen schon zuviel? Oder bin ich noch safe, da ich die innerste Datei nicht geöffnet habe?

ich habe dann meinen rechner mit trojan mover gescannt es wurde aber nix gefunden.
gibt es noch ein anderes programm wo ich pc scannen kann oder brauch ich mir da keine gedanken mehr zu machen das ich mir etwas eingefangen habe?

vielen dank im vorraus schon mal für eure mühe

Alt 18.06.2013, 20:11   #2
schrauber
/// the machine
/// TB-Ausbilder
 

inkasso mail mit anhang geöfnet - Standard

inkasso mail mit anhang geöfnet



Hi,

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)
__________________

__________________

Alt 19.06.2013, 18:51   #3
faust63
 
inkasso mail mit anhang geöfnet - Standard

inkasso mail mit anhang geöfnet



hallo

erstmal vielen dank für deine hilfe , ich hab beide textdateien als anhang angehängt ,habs leider nicht anders geschafft , hoffe es geht so .

gruß rudi
__________________

Alt 19.06.2013, 19:51   #4
schrauber
/// the machine
/// TB-Ausbilder
 

inkasso mail mit anhang geöfnet - Standard

inkasso mail mit anhang geöfnet



Logs wennn nötig aufteilen und bitte in Codetags posten.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.06.2013, 20:19   #5
faust63
 
inkasso mail mit anhang geöfnet - Standard

inkasso mail mit anhang geöfnet



FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-06-2013
Ran by Ich (administrator) on 19-06-2013 19:39:23
Running from C:\Users\Ich\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Logitech Inc.) C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Logitech Inc.) C:\PROGRA~2\SQUEEZ~1\server\SQUEEZ~3.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mischel Internet Security) C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\system32\wwahost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PMMUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4  [1212048 2012-06-07] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] "C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe" [x]
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3933496 2012-09-20] (Logitech, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Atheros Communications))
HKCU\...\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart [3456080 2013-06-04] (Electronic Arts)
HKCU\...\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background [x]
MountPoints2: {0554b607-b30c-11e2-bf48-b888e3b3844c} - "F:\LaunchU3.exe" -a
MountPoints2: {fa3afa14-989e-11e2-bef4-b888e3b3844c} - "F:\Startme.exe" 
HKLM-x32\...\Run: [LManager]  [x]
HKLM-x32\...\Run: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [THGuard] "C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe" [1088280 2011-10-04] (Mischel Internet Security)
HKLM-x32\...\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot [1648400 2013-04-26] (Simply Super Software)
HKU\Default\...\RunOnce: [RegAutoPlay] C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe /r [1845392 2012-08-21] (Acer Incorporated)
HKU\Default User\...\RunOnce: [RegAutoPlay] C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe /r [1845392 2012-08-21] (Acer Incorporated)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [247144 2012-10-11] (NVIDIA Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Logitech Media Server-Taskleisten-Tool.lnk
ShortcutTarget: Logitech Media Server-Taskleisten-Tool.lnk -> C:\Program Files (x86)\Squeezebox\SqueezeTray.exe (Logitech Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Quicken 2014 Zahlungserinnerung.lnk
ShortcutTarget: Quicken 2014 Zahlungserinnerung.lnk -> C:\Windows\Installer\{E60036CF-1E46-4DFE-832F-5476574B30FF}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe (Macrovision Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Quicken Jubiläumsversion Zahlungserinnerung.lnk
ShortcutTarget: Quicken Jubiläumsversion Zahlungserinnerung.lnk -> C:\Windows\Installer\{A907A713-DA24-4352-8786-96C7A6944646}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe (Macrovision Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://t-online.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKCU SearchScopes: DefaultScope {46F3D5CC-0151-489C-8DFB-EB32C0888D07} URL = 
SearchScopes: HKCU - {46F3D5CC-0151-489C-8DFB-EB32C0888D07} URL = 
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\wjhxw3dr.default
FF Homepage: t-online.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations)
R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
S2 CLKMSVC10_96E434EB; C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\NavFilter\kmsvc.exe [243728 2012-07-24] (CyberLink)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [85904 2012-09-05] (ELAN Microelectronics Corp.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-02] (NTI Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-06] (Microsoft Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-12-30] (Dritek System INC.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-12-30] (Dritek System Inc.)
R1 UimBus; C:\Windows\System32\drivers\uimx64.sys [90960 2012-12-13] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2012-12-13] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2012-12-13] (Paragon)
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-19 19:39 - 2013-06-19 19:39 - 00000000 ____D C:\FRST
2013-06-19 19:39 - 2013-06-19 19:38 - 01928350 ____A (Farbar) C:\Users\Ich\Desktop\FRST64.exe
2013-06-18 18:56 - 2013-06-18 19:03 - 00000000 ____D C:\Users\Ich\Desktop\Neuer Ordner
2013-06-18 15:21 - 2013-06-18 15:21 - 00001103 ____A C:\Users\Public\Desktop\Trojan Remover.lnk
2013-06-18 15:21 - 2013-06-18 15:21 - 00000000 ____D C:\Users\Ich\Documents\Simply Super Software
2013-06-18 15:21 - 2013-06-18 15:21 - 00000000 ____D C:\Users\Ich\AppData\Roaming\Simply Super Software
2013-06-18 15:21 - 2013-06-18 15:21 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-06-18 15:21 - 2013-06-18 15:21 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2013-06-18 15:20 - 2013-06-18 15:20 - 00431720 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-17 21:24 - 2013-06-17 21:24 - 00000000 ____D C:\Users\Ich\AppData\Roaming\TrojanHunter
2013-06-17 20:37 - 2013-06-18 15:27 - 00000000 ____D C:\Program Files (x86)\TrojanHunter 5.5
2013-06-17 20:37 - 2013-06-17 20:37 - 00059392 ____R C:\Windows\SysWOW64\streamhlp.dll
2013-06-17 20:37 - 2013-06-17 20:37 - 00000969 ____A C:\Users\Ich\Desktop\TrojanHunter.lnk
2013-06-17 20:37 - 2013-06-17 20:37 - 00000000 ____D C:\ProgramData\TrojanHunter
2013-06-17 18:50 - 2013-05-31 01:24 - 01257472 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-06-17 18:50 - 2013-05-31 01:08 - 00974848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-06-17 17:44 - 2013-05-24 01:01 - 01300992 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-06-17 17:44 - 2013-05-24 00:27 - 01022464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-06-16 13:44 - 2013-05-15 04:25 - 00888320 ____A (Microsoft Corporation) C:\Windows\System32\autochk.exe
2013-06-16 13:44 - 2013-05-15 04:25 - 00542208 ____A (Microsoft Corporation) C:\Windows\System32\untfs.dll
2013-06-16 13:44 - 2013-05-15 04:24 - 00793088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe
2013-06-16 13:44 - 2013-05-15 04:24 - 00482816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2013-06-16 12:16 - 2013-05-04 09:58 - 00120736 ____A (Microsoft Corporation) C:\Windows\System32\AuthHost.exe
2013-06-16 12:16 - 2013-05-04 09:34 - 00446720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBHUB3.SYS
2013-06-16 12:16 - 2013-05-04 09:34 - 00284416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
2013-06-16 12:16 - 2013-05-04 09:34 - 00213248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\UCX01000.SYS
2013-06-16 12:16 - 2013-05-04 09:30 - 00058312 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2013-06-16 12:16 - 2013-05-04 08:59 - 13644288 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2013-06-16 12:16 - 2013-05-04 08:59 - 03241472 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2013-06-16 12:16 - 2013-05-04 08:59 - 01619968 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2013-06-16 12:16 - 2013-05-04 08:59 - 01483776 ____A (Microsoft Corporation) C:\Windows\System32\VSSVC.exe
2013-06-16 12:16 - 2013-05-04 08:59 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\Magnify.exe
2013-06-16 12:16 - 2013-05-04 08:59 - 00760320 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2013-06-16 12:16 - 2013-05-04 08:59 - 00251904 ____A (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll
2013-06-16 12:16 - 2013-05-04 08:59 - 00141824 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2013-06-16 12:16 - 2013-05-04 08:59 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2013-06-16 12:16 - 2013-05-04 08:59 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2013-06-16 12:16 - 2013-05-04 08:58 - 10116096 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll
2013-06-16 12:16 - 2013-05-04 08:58 - 01332736 ____A (Microsoft Corporation) C:\Windows\System32\sysmain.dll
2013-06-16 12:16 - 2013-05-04 08:58 - 00470528 ____A (Microsoft Corporation) C:\Windows\System32\netprofmsvc.dll
2013-06-16 12:16 - 2013-05-04 08:58 - 00330240 ____A (Microsoft Corporation) C:\Windows\System32\stobject.dll
2013-06-16 12:16 - 2013-05-04 08:58 - 00328192 ____A (Microsoft Corporation) C:\Windows\System32\ubpm.dll
2013-06-16 12:16 - 2013-05-04 08:58 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\storewuauth.dll
2013-06-16 12:16 - 2013-05-04 08:58 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\netplwiz.dll
2013-06-16 12:16 - 2013-05-04 08:58 - 00151552 ____A (Microsoft Corporation) C:\Windows\System32\netprofm.dll
2013-06-16 12:16 - 2013-05-04 08:58 - 00093696 ____A (Microsoft Corporation) C:\Windows\System32\psmsrv.dll
2013-06-16 12:16 - 2013-05-04 08:57 - 02305024 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-06-16 12:16 - 2013-05-04 08:57 - 01131520 ____A (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll
2013-06-16 12:16 - 2013-05-04 08:57 - 00708096 ____A (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.dll
2013-06-16 12:16 - 2013-05-04 08:57 - 00560640 ____A (Microsoft Corporation) C:\Windows\System32\mfmp4srcsnk.dll
2013-06-16 12:16 - 2013-05-04 08:57 - 00501760 ____A (Microsoft Corporation) C:\Windows\System32\DevicePairing.dll
2013-06-16 12:16 - 2013-05-04 08:57 - 00389120 ____A (Microsoft Corporation) C:\Windows\System32\BCP47Langs.dll
2013-06-16 12:16 - 2013-05-04 08:57 - 00179712 ____A (Microsoft Corporation) C:\Windows\System32\bisrv.dll
2013-06-16 12:16 - 2013-05-04 08:57 - 00122368 ____A (Microsoft Corporation) C:\Windows\System32\biwinrt.dll
2013-06-16 12:16 - 2013-05-04 08:57 - 00017408 ____A (Microsoft Corporation) C:\Windows\System32\muifontsetup.dll
2013-06-16 12:16 - 2013-05-04 08:56 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl
2013-06-16 12:16 - 2013-05-04 06:58 - 00758784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Magnify.exe
2013-06-16 12:16 - 2013-05-04 06:58 - 00621056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-06-16 12:16 - 2013-05-04 06:58 - 00125952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-06-16 12:16 - 2013-05-04 06:58 - 00083968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-06-16 12:16 - 2013-05-04 06:58 - 00034304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-06-16 12:16 - 2013-05-04 06:57 - 10788864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-06-16 12:16 - 2013-05-04 06:57 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-06-16 12:16 - 2013-05-04 06:57 - 00303616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2013-06-16 12:16 - 2013-05-04 06:57 - 00247296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-06-16 12:16 - 2013-05-04 06:57 - 00151040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netplwiz.dll
2013-06-16 12:16 - 2013-05-04 06:57 - 00115712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netprofm.dll
2013-06-16 12:16 - 2013-05-04 06:57 - 00018432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\npmproxy.dll
2013-06-16 12:16 - 2013-05-04 06:57 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\muifontsetup.dll
2013-06-16 12:16 - 2013-05-04 06:56 - 02035712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-06-16 12:16 - 2013-05-04 06:56 - 00449536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2013-06-16 12:16 - 2013-05-04 06:56 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2013-06-16 12:16 - 2013-05-04 06:56 - 00309760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\BCP47Langs.dll
2013-06-16 12:16 - 2013-05-04 06:56 - 00092160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\biwinrt.dll
2013-06-16 12:16 - 2013-05-04 06:55 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2013-06-16 12:16 - 2013-05-04 06:51 - 00014848 ____A (Microsoft) C:\Windows\System32\rars.rs
2013-06-16 12:16 - 2013-05-04 06:48 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-06-16 12:16 - 2013-05-04 06:48 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2013-06-16 12:16 - 2013-05-04 06:47 - 00427520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys
2013-06-16 12:16 - 2013-05-04 06:10 - 00014848 ____A (Microsoft) C:\Windows\SysWOW64\rars.rs
2013-06-16 12:16 - 2013-05-03 00:04 - 00386646 ____A C:\Windows\System32\ApnDatabase.xml
2013-06-12 23:38 - 2013-05-16 00:37 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-06-12 23:38 - 2013-05-16 00:36 - 14320640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 23:38 - 2013-05-16 00:35 - 19230720 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 23:38 - 2013-05-16 00:35 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll
2013-06-12 23:38 - 2013-05-14 15:14 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 23:38 - 2013-05-14 11:23 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 23:38 - 2013-05-04 09:45 - 02233600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 23:38 - 2013-04-29 00:30 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 23:38 - 2013-04-29 00:30 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 23:38 - 2013-04-29 00:30 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 23:38 - 2013-04-29 00:30 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 23:38 - 2013-04-29 00:30 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 23:38 - 2013-04-29 00:30 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 23:38 - 2013-04-29 00:30 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 23:38 - 2013-04-29 00:28 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 23:38 - 2013-04-29 00:28 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 23:38 - 2013-04-29 00:28 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 23:38 - 2013-04-29 00:28 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2013-06-12 23:38 - 2013-04-29 00:28 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 23:38 - 2013-04-29 00:28 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 23:38 - 2013-04-29 00:27 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 23:38 - 2013-04-29 00:27 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 23:38 - 2013-04-29 00:27 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 23:38 - 2013-04-27 07:20 - 00733184 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 23:38 - 2013-04-24 01:13 - 01013248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 23:38 - 2013-04-24 01:12 - 01569792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 23:38 - 2013-04-24 01:12 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 23:38 - 2013-04-24 00:56 - 01255936 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 23:38 - 2013-04-24 00:55 - 01889280 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 23:38 - 2013-04-24 00:55 - 00141312 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 23:38 - 2013-04-24 00:55 - 00068096 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 23:38 - 2013-04-03 01:37 - 00025088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 23:38 - 2013-04-03 01:12 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-02 16:47 - 2013-06-02 16:47 - 00000000 ____D C:\Users\Ich\AppData\Local\SniperV2
2013-06-02 16:47 - 2013-06-02 16:47 - 00000000 ____D C:\Users\Ich\AppData\Local\SKIDROW
2013-06-02 16:25 - 2013-06-02 16:25 - 00000000 ____D C:\ProgramData\Steam
2013-06-02 16:25 - 2013-06-02 16:25 - 00000000 ____D C:\ProgramData\Codemasters
2013-06-02 12:38 - 2013-06-02 12:38 - 00910330 ____A C:\Users\Ich\Desktop\1.Juni.2013.ZIP
2013-06-02 11:22 - 2013-06-02 11:22 - 00002908 ____A C:\Users\Public\Desktop\Quicken 2014.lnk
2013-05-27 19:12 - 2013-05-27 19:12 - 00000000 ____D C:\Users\Ich\AppData\Local\Franzis
2013-05-27 19:06 - 2013-05-27 19:06 - 00001113 ____A C:\Users\Public\Desktop\3D-Eisenbahnplaner 12.lnk
2013-05-27 19:06 - 2013-05-27 19:06 - 00000000 ____D C:\Users\Ich\Documents\Franzis
2013-05-27 19:05 - 2013-05-27 19:05 - 00000000 ____D C:\Program Files (x86)\Franzis
2013-05-25 09:56 - 2013-05-26 21:09 - 00000000 ____D C:\Users\Ich\Desktop\25.05.13
2013-05-23 23:30 - 2013-05-23 23:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-23 12:32 - 2013-04-09 07:33 - 00489576 ____A (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2013-05-23 12:32 - 2013-04-09 07:33 - 00446792 ____A (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2013-05-23 12:32 - 2013-04-09 07:33 - 00253544 ____A (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2013-05-23 12:32 - 2013-04-09 07:20 - 00306952 ____A (Microsoft Corporation) C:\Windows\System32\kd_02_10ec.dll
2013-05-23 12:32 - 2013-04-09 07:20 - 00086280 ____A (Microsoft Corporation) C:\Windows\System32\kdnet.dll
2013-05-23 12:32 - 2013-04-09 07:18 - 00077960 ____A (Microsoft Corporation) C:\Windows\System32\kdvm.dll
2013-05-23 12:32 - 2013-04-09 07:17 - 01829408 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-05-23 12:32 - 2013-04-09 06:52 - 00816128 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2013-05-23 12:32 - 2013-04-09 06:52 - 00804352 ____A (Microsoft Corporation) C:\Windows\System32\RecoveryDrive.exe
2013-05-23 12:32 - 2013-04-09 06:52 - 00373760 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2013-05-23 12:32 - 2013-04-09 06:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2013-05-23 12:32 - 2013-04-09 06:52 - 00126464 ____A (Microsoft Corporation) C:\Windows\System32\Robocopy.exe
2013-05-23 12:32 - 2013-04-09 06:51 - 14267904 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll
2013-05-23 12:32 - 2013-04-09 06:51 - 03552768 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2013-05-23 12:32 - 2013-04-09 06:51 - 00595456 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.dll
2013-05-23 12:32 - 2013-04-09 06:51 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-23 12:32 - 2013-04-09 06:51 - 00456704 ____A (Microsoft Corporation) C:\Windows\System32\wpncore.dll
2013-05-23 12:32 - 2013-04-09 06:51 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-05-23 12:32 - 2013-04-09 06:51 - 00367616 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-05-23 12:32 - 2013-04-09 06:51 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wscsvc.dll
2013-05-23 12:32 - 2013-04-09 06:50 - 02107904 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2013-05-23 12:32 - 2013-04-09 06:50 - 01285632 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2013-05-23 12:32 - 2013-04-09 06:50 - 00745984 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2013-05-23 12:32 - 2013-04-09 06:50 - 00435200 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2013-05-23 12:32 - 2013-04-09 06:50 - 00422400 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-05-23 12:32 - 2013-04-09 06:50 - 00414720 ____A (Microsoft Corporation) C:\Windows\System32\GenuineCenter.dll
2013-05-23 12:32 - 2013-04-09 06:50 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mssprxy.dll
2013-05-23 12:32 - 2013-04-09 06:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2013-05-23 12:32 - 2013-04-09 06:50 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\msshooks.dll
2013-05-23 12:32 - 2013-04-09 06:49 - 01444864 ____A (Microsoft Corporation) C:\Windows\System32\MSAudDecMFT.dll
2013-05-23 12:32 - 2013-04-09 06:49 - 00817152 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2013-05-23 12:32 - 2013-04-09 06:49 - 00468992 ____A (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll
2013-05-23 12:32 - 2013-04-09 06:49 - 00281088 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2013-05-23 12:32 - 2013-04-09 06:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\fhengine.dll
2013-05-23 12:32 - 2013-04-09 06:49 - 00210432 ____A (Microsoft Corporation) C:\Windows\System32\iuilp.dll
2013-05-23 12:32 - 2013-04-09 06:49 - 00196096 ____A (Microsoft Corporation) C:\Windows\System32\dmvdsitf.dll
2013-05-23 12:32 - 2013-04-09 06:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\dwmredir.dll
2013-05-23 12:32 - 2013-04-09 06:49 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\fmifs.dll
2013-05-23 12:32 - 2013-04-09 06:48 - 00785408 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2013-05-23 12:32 - 2013-04-09 06:48 - 00169472 ____A (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
2013-05-23 12:32 - 2013-04-09 04:35 - 04038144 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-23 12:32 - 2013-04-09 04:34 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys
2013-05-23 12:32 - 2013-04-09 04:33 - 00623104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2013-05-23 12:32 - 2013-04-09 04:33 - 00060416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
2013-05-23 12:32 - 2013-04-09 04:32 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
2013-05-23 12:32 - 2013-04-09 04:31 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2013-05-23 12:32 - 2013-04-09 04:31 - 00083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
2013-05-23 12:32 - 2013-04-09 01:44 - 00123880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2013-05-23 12:32 - 2013-04-09 01:39 - 01408896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-05-23 12:32 - 2013-04-09 01:37 - 00426024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2013-05-23 12:32 - 2013-04-09 01:37 - 00324368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2013-05-23 12:32 - 2013-04-08 23:52 - 11878912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-05-23 12:32 - 2013-04-08 23:52 - 00670208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2013-05-23 12:32 - 2013-04-08 23:52 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-05-23 12:32 - 2013-04-08 23:52 - 00302592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2013-05-23 12:32 - 2013-04-08 23:52 - 00171008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2013-05-23 12:32 - 2013-04-08 23:52 - 00106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2013-05-23 12:32 - 2013-04-08 23:51 - 02767360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2013-05-23 12:32 - 2013-04-08 23:51 - 01593344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2013-05-23 12:32 - 2013-04-08 23:51 - 01113600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
2013-05-23 12:32 - 2013-04-08 23:51 - 00659456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2013-05-23 12:32 - 2013-04-08 23:51 - 00656896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-05-23 12:32 - 2013-04-08 23:51 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2013-05-23 12:32 - 2013-04-08 23:51 - 00403968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2013-05-23 12:32 - 2013-04-08 23:51 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2013-05-23 12:32 - 2013-04-08 23:51 - 00324096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-05-23 12:32 - 2013-04-08 23:51 - 00268800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-05-23 12:32 - 2013-04-08 23:51 - 00214528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2013-05-23 12:32 - 2013-04-08 23:51 - 00186880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2013-05-23 12:32 - 2013-04-08 23:51 - 00155648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll
2013-05-23 12:32 - 2013-04-08 23:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll
2013-05-23 12:32 - 2013-04-08 23:51 - 00035328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2013-05-23 12:32 - 2013-04-08 23:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2013-05-23 12:32 - 2013-04-05 01:30 - 00503080 ____A (Microsoft Corporation) C:\Windows\System32\ci.dll
2013-05-23 12:32 - 2013-03-30 20:16 - 01403784 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
2013-05-23 12:32 - 2013-03-30 20:16 - 01267424 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2013-05-23 12:32 - 2013-03-29 00:09 - 01217328 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
2013-05-23 12:32 - 2013-03-29 00:09 - 01093880 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2013-05-23 12:32 - 2013-03-16 00:05 - 00298456 ____A (Microsoft Corporation) C:\Windows\System32\rsaenh.dll
2013-05-23 12:32 - 2013-03-16 00:05 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2013-05-23 12:32 - 2012-12-13 06:00 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-05-23 12:32 - 2012-12-13 05:59 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-05-20 16:50 - 2013-04-16 04:34 - 01455368 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys

==================== One Month Modified Files and Folders =======

2013-06-19 19:39 - 2013-06-19 19:39 - 00000000 ____D C:\FRST
2013-06-19 19:38 - 2013-06-19 19:39 - 01928350 ____A (Farbar) C:\Users\Ich\Desktop\FRST64.exe
2013-06-19 19:34 - 2012-12-30 11:29 - 00753134 ____A C:\Windows\System32\perfh007.dat
2013-06-19 19:34 - 2012-12-30 11:29 - 00155826 ____A C:\Windows\System32\perfc007.dat
2013-06-19 19:34 - 2012-07-26 09:28 - 01745416 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-19 19:28 - 2013-02-01 21:28 - 00000000 ____D C:\Program Files (x86)\Origin
2013-06-19 19:28 - 2012-07-26 09:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-18 21:13 - 2012-07-26 07:26 - 00786432 __ASH C:\Windows\System32\config\BBI
2013-06-18 21:02 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\sru
2013-06-18 21:01 - 2013-01-31 16:51 - 01965680 ____A C:\Windows\WindowsUpdate.log
2013-06-18 20:24 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-06-18 20:16 - 2013-01-31 17:59 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-18 19:14 - 2013-01-31 21:20 - 00000000 ____D C:\Users\Ich\AppData\Roaming\vlc
2013-06-18 19:03 - 2013-06-18 18:56 - 00000000 ____D C:\Users\Ich\Desktop\Neuer Ordner
2013-06-18 15:27 - 2013-06-17 20:37 - 00000000 ____D C:\Program Files (x86)\TrojanHunter 5.5
2013-06-18 15:21 - 2013-06-18 15:21 - 00001103 ____A C:\Users\Public\Desktop\Trojan Remover.lnk
2013-06-18 15:21 - 2013-06-18 15:21 - 00000000 ____D C:\Users\Ich\Documents\Simply Super Software
2013-06-18 15:21 - 2013-06-18 15:21 - 00000000 ____D C:\Users\Ich\AppData\Roaming\Simply Super Software
2013-06-18 15:21 - 2013-06-18 15:21 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-06-18 15:21 - 2013-06-18 15:21 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2013-06-18 15:20 - 2013-06-18 15:20 - 00431720 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-17 22:25 - 2013-02-01 21:56 - 00000000 ____D C:\Users\Ich\AppData\Local\CrashDumps
2013-06-17 22:13 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-06-17 21:24 - 2013-06-17 21:24 - 00000000 ____D C:\Users\Ich\AppData\Roaming\TrojanHunter
2013-06-17 21:24 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2013-06-17 21:24 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-06-17 21:24 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-06-17 21:24 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-06-17 21:24 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-06-17 21:24 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\System32\Dism
2013-06-17 20:37 - 2013-06-17 20:37 - 00059392 ____R C:\Windows\SysWOW64\streamhlp.dll
2013-06-17 20:37 - 2013-06-17 20:37 - 00000969 ____A C:\Users\Ich\Desktop\TrojanHunter.lnk
2013-06-17 20:37 - 2013-06-17 20:37 - 00000000 ____D C:\ProgramData\TrojanHunter
2013-06-17 20:29 - 2013-02-01 11:03 - 00000000 ____D C:\Users\Ich\AppData\Local\Deployment
2013-06-15 23:46 - 2013-02-03 20:15 - 00000000 ____D C:\Users\Ich\AppData\Roaming\Skype
2013-06-15 17:47 - 2013-02-03 20:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-15 17:47 - 2013-02-03 20:15 - 00000000 ____D C:\ProgramData\Skype
2013-06-14 11:56 - 2012-11-02 05:02 - 00045958 ____A C:\Windows\PFRO.log
2013-06-13 23:55 - 2013-04-25 15:17 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-06-13 12:07 - 2013-02-01 20:28 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-05 00:09 - 2012-07-26 10:14 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-05 00:09 - 2012-07-26 10:14 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-04 15:05 - 2013-02-01 21:29 - 00000000 ____D C:\Users\Ich\AppData\Roaming\Origin
2013-06-04 15:05 - 2013-02-01 21:29 - 00000000 ____D C:\Users\Ich\AppData\Local\Origin
2013-06-02 20:46 - 2012-07-26 09:21 - 00071961 ____A C:\Windows\setupact.log
2013-06-02 19:03 - 2013-01-31 16:51 - 00000000 ____D C:\Users\Ich\AppData\Local\Packages
2013-06-02 16:47 - 2013-06-02 16:47 - 00000000 ____D C:\Users\Ich\AppData\Local\SniperV2
2013-06-02 16:47 - 2013-06-02 16:47 - 00000000 ____D C:\Users\Ich\AppData\Local\SKIDROW
2013-06-02 16:25 - 2013-06-02 16:25 - 00000000 ____D C:\ProgramData\Steam
2013-06-02 16:25 - 2013-06-02 16:25 - 00000000 ____D C:\ProgramData\Codemasters
2013-06-02 16:25 - 2013-03-08 20:00 - 00000000 ____D C:\Users\Ich\Documents\My Games
2013-06-02 12:38 - 2013-06-02 12:38 - 00910330 ____A C:\Users\Ich\Desktop\1.Juni.2013.ZIP
2013-06-02 11:22 - 2013-06-02 11:22 - 00002908 ____A C:\Users\Public\Desktop\Quicken 2014.lnk
2013-06-02 11:22 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\Help
2013-05-31 01:24 - 2013-06-17 18:50 - 01257472 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-05-31 01:08 - 2013-06-17 18:50 - 00974848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-05-27 19:12 - 2013-05-27 19:12 - 00000000 ____D C:\Users\Ich\AppData\Local\Franzis
2013-05-27 19:06 - 2013-05-27 19:06 - 00001113 ____A C:\Users\Public\Desktop\3D-Eisenbahnplaner 12.lnk
2013-05-27 19:06 - 2013-05-27 19:06 - 00000000 ____D C:\Users\Ich\Documents\Franzis
2013-05-27 19:05 - 2013-05-27 19:05 - 00000000 ____D C:\Program Files (x86)\Franzis
2013-05-27 19:05 - 2013-02-01 21:44 - 00037414 ____A C:\Windows\DirectX.log
2013-05-26 21:09 - 2013-05-25 09:56 - 00000000 ____D C:\Users\Ich\Desktop\25.05.13
2013-05-24 23:19 - 2013-01-31 16:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-24 01:01 - 2013-06-17 17:44 - 01300992 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-05-24 00:27 - 2013-06-17 17:44 - 01022464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-05-23 23:30 - 2013-05-23 23:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-20 21:02 - 2013-02-01 21:55 - 00000000 ____D C:\Users\Ich\Documents\FIFA 13

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-13 12:05

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-06-2013
Ran by Ich at 2013-06-19 19:39:41 Run:
Running from C:\Users\Ich\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 clear.fi SDK - Video 2 (Version: 2.1.1925)
 clear.fi SDK- Movie 2 (Version: 2.1.2008)
Acer Backup Manager (Version: 4.0.0.0071)
Acer Device Fast-lane (Version: 1.00.3007)
Acer Instant Update Service (Version: 1.00.3013)
Acer Power Management (Version: 7.00.3006)
Acer Recovery Management (Version: 6.00.3011)
AcerCloud (Version: 2.01.3115)
AcerCloud Docs (Version: 1.00.3201)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03)
Amazon MP3-Downloader 1.0.17 (Version: 1.0.17)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Backup Manager v4 (Version: 4.0.0.0071)
Bonjour (Version: 3.0.0.10)
Broadcom Card Reader Driver Installer (Version: 15.4.7.1)
Carbon (Version: 1.0.0)
clear.fi Media (Version: 2.01.3108)
clear.fi Photo (Version: 2.01.3108)
CyberLink MediaEspresso 6.5 (Version: 6.5.3103_44819)
DDBAC (Version: 5.3.10)
Dolby Home Theater v4 (Version: 7.2.8000.13)
ElsterFormular (Version: 14.1.11318)
ETDWare PS/2-X64 11.6.9.001_WHQL (Version: 11.6.9.001)
Euro Truck Simulator 2 (Version: 1.0.2)
F1 2012 Version V1.0 (Version: V1.0)
FIFA 13 (Version: 1.0.0.0)
Franzis 3D-Eisenbahnplaner 12 (Version: 12.09)
Identity Card (Version: 2.00.3004)
iLivid (Version: 4.0.0.2624)
Intel(R) Management Engine Components (Version: 8.1.0.1252)
Intel(R) Processor Graphics (Version: 9.17.10.2867)
Intel(R) Rapid Storage Technology (Version: 11.5.0.1207)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
iTunes (Version: 11.0.2.26)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 21 (Version: 6.0.210)
Landwirtschafts Simulator 2013 (Version: 1.0)
Launch Manager (Version: 7.0.5)
Lexware Info Service (Version: 2.90.00.0009)
Lexware online banking (Version: 19.00.00.0059)
Live Updater (Version: 2.00.3004)
Logitech Media Server 7.7.2 (Version: 7.7.2)
Media Go (Version: 2.4.256)
Media Go Video Playback Engine 1.116.109.02030 (Version: 1.116.109.02030)
Microsoft Office Professional Plus 2013 - de-de (Version: 15.0.4505.1510)
Microsoft Silverlight (Version: 4.0.51204.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Mozilla Firefox 21.0 (x86 de) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MyWinLocker (Version: 4.0.14.35)
MyWinLocker 4 (Version: 4.0.14.35)
MyWinLocker Suite (Version: 4.0.14.24)
NTI Media Maker 9 (Version: 9.0.2.9008)
NVIDIA Grafiktreiber 307.17 (Version: 307.17)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA PhysX (Version: 9.12.0613)
NVIDIA PhysX-Systemsoftware 9.12.0613 (Version: 9.12.0613)
NVIDIA Systemsteuerung 307.17 (Version: 307.17)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4505.1510)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4505.1510)
Office 15 Click-to-Run Localization Component (Version: 15.0.4505.1510)
Office Addin (Version: 2.01.3200)
Origin (Version: 9.0.10.69)
Paragon Backup and Recovery™ 12 Home (Version: 90.00.0003)
Paragon Partition Manager™ 12 Professional (Version: 90.00.0003)
Picasa 3 (Version: 3.9)
PlayStation(R)Store (Version: 4.14.6.15183)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.220)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (Version: 11.41)
Quicken 2014 (Version: 21.31.00.0109)
Quicken Import Export Server Jubiläumsversion (Version: 20.30.00.0099)
Quicken Jubiläumsversion (Version: 20.36.00.0134)
Realtek High Definition Audio Driver (Version: 6.0.1.6657)
SAMSUNG USB Driver for Mobile Phones (Version: 1.4.4.0)
Shared C Run-time for x64 (Version: 10.0.0)
Shredder (Version: 2.0.8.9)
Skype™ 6.3 (Version: 6.3.107)
Sony Ericsson Update Engine (Version: 2.13.4.20)
Sony PC Companion 2.10.155 (Version: 2.10.155)
Spotify (Version: 0.8.4.99.ga249b5f1)
Trojan Remover 6.8.6 (Version: 6.8.6)
TrojanHunter 5.5 (Version: 5.5)
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.30729)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (Version: 1)
VLC media player 2.0.6 (Version: 2.0.6)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)

==================== Restore Points  =========================


==================== Scheduled Tasks (whitelisted) =============

Task: {0E52EC20-206D-402D-AE62-58B24385DD48} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {151DC32B-6BF6-407A-985C-3FEFBC194AC4} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {1BC6CD4F-C47F-4169-84FC-64FE71E55651} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-01-29] (Microsoft Corporation)
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {20A38B43-1CB9-45E3-A803-F57AE2316C39} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {20AEB2BE-C59C-4215-A534-6EA1509BB0C2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-01-29] (Microsoft Corporation)
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {27949D9D-ABF9-436E-A568-6B88DBF87C2B} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {3764ACD2-537D-4A2A-B876-701C956B9C2B} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-30] ()
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2012-07-26] (Microsoft Corporation)
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {4D02C09C-7EC1-4366-89F4-A63219B60ED6} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-23] ()
Task: {4F7077FA-924B-440E-B01D-813E83EF0CF6} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe [2012-08-15] (Microsoft Corporation)
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {5D1288AE-6512-4DC3-9CDC-DAA033BE0115} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-06-06] (Microsoft Corporation)
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {663EB214-F92A-40A7-A6C5-10F4EBA73482} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2639919565-979996941-1917665556-1002
Task: {69AC89AD-0274-4668-8047-BEEAA6D194B4} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {82B33C67-F329-458D-B9FC-BD1FEDEC1E40} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-23] ()
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {88E528C1-9C97-41D5-B6C9-E8D6C12330DF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-06-13] (Microsoft Corporation)
Task: {8D71B8DF-2A46-4C7B-90D9-CCFC5BFDBD95} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\Windows\System32\dism.exe [2012-07-26] (Microsoft Corporation)
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {ADC49FC3-377E-422F-B07A-70BCACB1A72F} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\Windows\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {B4ACA1C1-0B05-4B67-AFB7-D89F2782507D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {CB4911EC-ABF9-434B-B750-BF7C7CAE2855} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-01-29] (Microsoft Corporation)
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DDADEDBD-2B56-4634-9D9F-F4CED38F85BA} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {DFFB02A5-1584-478D-BAE7-AC542E680AA2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-01-29] (Microsoft Corporation)
Task: {E362B774-061C-4883-A305-3D84DD76F7EF} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {E4A7CAAA-1D90-466F-A3C8-356E649A5C16} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-06-13] (Microsoft Corporation)
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {F810CDB1-8847-4D0A-B1DC-0F5CEBD133B2} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2639919565-979996941-1917665556-1002 => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/18/2013 05:01:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1187

Error: (06/18/2013 05:01:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1187

Error: (06/18/2013 05:01:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/18/2013 03:40:46 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\srtasks.exe ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).

Error: (06/17/2013 10:24:57 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: TrojanHunter.exe, Version: 5.5.0.1002, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: TrojanHunter.exe, Version: 5.5.0.1002, Zeitstempel: 0x2a425e19
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004bb42
ID des fehlerhaften Prozesses: 0x195c
Startzeit der fehlerhaften Anwendung: 0xTrojanHunter.exe0
Pfad der fehlerhaften Anwendung: TrojanHunter.exe1
Pfad des fehlerhaften Moduls: TrojanHunter.exe2
Berichtskennung: TrojanHunter.exe3
Vollständiger Name des fehlerhaften Pakets: TrojanHunter.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: TrojanHunter.exe5

Error: (06/17/2013 07:11:07 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16455_none_624a7aa150f57306\TiWorker.exe -Embedding; Beschreibung = Windows Modules Installer; Fehler = 0x80070422).

Error: (06/17/2013 07:11:07 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070422).

Error: (06/16/2013 09:08:51 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24

Error: (06/16/2013 09:08:51 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23

Error: (06/16/2013 09:08:51 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22


System errors:
=============
Error: (06/15/2013 09:15:13 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?15.?06.?2013 um 20:52:01 unerwartet heruntergefahren.

Error: (06/13/2013 11:35:53 PM) (Source: DCOM) (User: Rudi)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}RudiIchS-1-5-21-2639919565-979996941-1917665556-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (06/03/2013 06:56:27 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?03.?06.?2013 um 18:54:22 unerwartet heruntergefahren.

Error: (06/02/2013 05:33:36 PM) (Source: DCOM) (User: Rudi)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (06/02/2013 05:33:36 PM) (Source: DCOM) (User: Rudi)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (05/26/2013 08:20:21 PM) (Source: DCOM) (User: Rudi)
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}


Microsoft Office Sessions:
=========================
Error: (06/18/2013 05:01:18 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1187

Error: (06/18/2013 05:01:18 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1187

Error: (06/18/2013 05:01:18 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/18/2013 03:40:46 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\srtasks.exe ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x80070422

Error: (06/17/2013 10:24:57 PM) (Source: Application Error)(User: )
Description: TrojanHunter.exe5.5.0.10022a425e19TrojanHunter.exe5.5.0.10022a425e19c00000050004bb42195c01ce6b92d1db9cafC:\Program Files (x86)\TrojanHunter 5.5\TrojanHunter.exeC:\Program Files (x86)\TrojanHunter 5.5\TrojanHunter.exef9b53ff3-d78b-11e2-bfa7-689423c66d06

Error: (06/17/2013 07:11:07 PM) (Source: System Restore)(User: )
Description: C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16455_none_624a7aa150f57306\TiWorker.exe -EmbeddingWindows Modules Installer0x80070422

Error: (06/17/2013 07:11:07 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422

Error: (06/16/2013 09:08:51 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24

Error: (06/16/2013 09:08:51 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23

Error: (06/16/2013 09:08:51 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22


==================== Memory info =========================== 

Percentage of memory in use: 26%
Total physical RAM: 8007.27 MB
Available physical RAM: 5903.77 MB
Total Pagefile: 9223.27 MB
Available Pagefile: 7134.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:97.09 GB) (Free:13.49 GB) NTFS (Disk=0 Partition=4)
Drive e: (Arbeit) (Fixed) (Total:122.07 GB) (Free:46.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238 GB) (Disk ID: 769CDBA7)

Partition: GPT Partition Type
==================== End Of Log ============================
         
Super wieder was gelernt , vielen Dank


Alt 20.06.2013, 08:05   #6
schrauber
/// the machine
/// TB-Ausbilder
 

inkasso mail mit anhang geöfnet - Standard

inkasso mail mit anhang geöfnet



Zitat:
Startup: C:\ProgramData\Start Menu\Programs\Startup\Quicken Jubiläumsversion Zahlungserinnerung.lnk
ShortcutTarget: Quicken Jubiläumsversion Zahlungserinnerung.lnk -> C:\Windows\Installer\{A907A713-DA24-4352-8786-96C7A6944646}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe (Macrovision Corporation)
Kennst Du die Einträge?
__________________
--> inkasso mail mit anhang geöfnet

Alt 20.06.2013, 19:30   #7
faust63
 
inkasso mail mit anhang geöfnet - Standard

inkasso mail mit anhang geöfnet



hallo ,

Quicken hab ich auf rechner , was mir aber nix sagt ist :

C:\Windows\Installer\{A907A713-DA24-4352-8786-96C7A6944646}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe (Macrovision Corporation)

gruß rudi

Alt 21.06.2013, 07:40   #8
schrauber
/// the machine
/// TB-Ausbilder
 

inkasso mail mit anhang geöfnet - Standard

inkasso mail mit anhang geöfnet



Das gehört aber zusammen, lass die letzte Datei mal bitte bei virustotal scannen und poste den Link zum Ergebnis.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.06.2013, 12:29   #9
faust63
 
inkasso mail mit anhang geöfnet - Standard

inkasso mail mit anhang geöfnet



hallo
ich hab bei mir auf rechner datei gefunden mit namen :

BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D

laut der ziffernfolge müsste das die letzte datei sein die du meinst,
laut virustotal ist datei ok.
kann ich jetzt davon ausgehen das mein rechner ok ist und ich wieder online banking machen kann ?

https://www.virustotal.com/de/file/b79b69a99bc054137fe04e2043db1e31c17c53c107732419bccd83fbbd4abab3/analysis/1371986715/

schönen sonntag noch und vielen dank für die mühe.

Alt 23.06.2013, 16:18   #10
schrauber
/// the machine
/// TB-Ausbilder
 

inkasso mail mit anhang geöfnet - Standard

inkasso mail mit anhang geöfnet



Nicht so schnell, wir haben doch erst angefangen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST Log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.06.2013, 17:24   #11
faust63
 
inkasso mail mit anhang geöfnet - Standard

inkasso mail mit anhang geöfnet



guten abend,

Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 23/06/2013 um 17:59:54 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzer : Ich - RUDI
# Bootmodus : Normal
# Ausgeführt unter : E:\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****

Gefunden : WebCake Desktop Updater

***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
Datei Gefunden : C:\Users\Ich\Desktop\Optimizer Pro.lnk
Ordner Gefunden : C:\Program Files (x86)\Optimizer Pro
Ordner Gefunden : C:\Program Files (x86)\WebCake
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\Users\Ich\AppData\Local\Ilivid
Ordner Gefunden : C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\wjhxw3dr.default\extensions\plugin@getwebcake.com
Ordner Gefunden : C:\Users\Ich\AppData\Roaming\Optimizer Pro
Ordner Gefunden : C:\Users\Ich\AppData\Roaming\WebCake

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\ilivid
Schlüssel Gefunden : HKCU\Software\Optimizer Pro
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\WebCakeIEClient.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers.1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Schlüssel Gefunden : HKLM\SOFTWARE\Tarma Installer
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WebCake Desktop]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\wjhxw3dr.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3789 octets] - [23/06/2013 17:59:26]
AdwCleaner[R2].txt - [3726 octets] - [23/06/2013 17:59:54]

########## EOF - C:\AdwCleaner[R2].txt - [3786 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 8 x64
Ran by Ich on 23.06.2013 at 18:21:05,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetup.exe



~~~ Files

Successfully deleted: [File] "C:\Users\Ich\AppData\Roaming\microsoft\windows\start menu\programs\ilivid.lnk"



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\tarma installer"
Failed to delete: [Folder] "C:\Users\Ich\appdata\local\ilivid"
Failed to delete: [Folder] "C:\Program Files (x86)\optimizer pro"



~~~ FireFox

Successfully deleted: [File] C:\Users\Ich\AppData\Roaming\mozilla\firefox\profiles\wjhxw3dr.default\user.js
Emptied folder: C:\Users\Ich\AppData\Roaming\mozilla\firefox\profiles\wjhxw3dr.default\minidumps [64 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.06.2013 at 18:22:44,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-06-2013
Ran by Ich (administrator) on 23-06-2013 18:26:04
Running from C:\Users\Ich\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Logitech Inc.) C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Logitech Inc.) C:\PROGRA~2\SQUEEZ~1\server\SQUEEZ~3.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mischel Internet Security) C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PMMUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4  [1212048 2012-06-07] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] "C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe" [x]
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3933496 2012-09-20] (Logitech, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Atheros Communications))
HKCU\...\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart [3456080 2013-06-04] (Electronic Arts)
HKCU\...\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background [x]
MountPoints2: {0554b607-b30c-11e2-bf48-b888e3b3844c} - "F:\LaunchU3.exe" -a
MountPoints2: {fa3afa14-989e-11e2-bef4-b888e3b3844c} - "F:\Startme.exe" 
HKLM-x32\...\Run: [LManager]  [x]
HKLM-x32\...\Run: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\RunOnce: [RegAutoPlay] C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe /r [1845392 2012-08-21] (Acer Incorporated)
HKU\Default User\...\RunOnce: [RegAutoPlay] C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe /r [1845392 2012-08-21] (Acer Incorporated)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [247144 2012-10-11] (NVIDIA Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Logitech Media Server-Taskleisten-Tool.lnk
ShortcutTarget: Logitech Media Server-Taskleisten-Tool.lnk -> C:\Program Files (x86)\Squeezebox\SqueezeTray.exe (Logitech Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Quicken 2014 Zahlungserinnerung.lnk
ShortcutTarget: Quicken 2014 Zahlungserinnerung.lnk -> C:\Windows\Installer\{E60036CF-1E46-4DFE-832F-5476574B30FF}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe (Macrovision Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Quicken Jubiläumsversion Zahlungserinnerung.lnk
ShortcutTarget: Quicken Jubiläumsversion Zahlungserinnerung.lnk -> C:\Windows\Installer\{A907A713-DA24-4352-8786-96C7A6944646}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe (Macrovision Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://t-online.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKCU SearchScopes: DefaultScope {46F3D5CC-0151-489C-8DFB-EB32C0888D07} URL = 
SearchScopes: HKCU - {46F3D5CC-0151-489C-8DFB-EB32C0888D07} URL = 
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\wjhxw3dr.default
FF Homepage: t-online.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations)
R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
S2 CLKMSVC10_96E434EB; C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\NavFilter\kmsvc.exe [243728 2012-07-24] (CyberLink)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [85904 2012-09-05] (ELAN Microelectronics Corp.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-02] (NTI Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-06] (Microsoft Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-12-30] (Dritek System INC.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-12-30] (Dritek System Inc.)
R1 UimBus; C:\Windows\System32\drivers\uimx64.sys [90960 2012-12-13] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2012-12-13] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2012-12-13] (Paragon)
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-23 18:22 - 2013-06-23 18:22 - 00001328 ____A C:\Users\Ich\Desktop\JRT.txt
2013-06-23 18:21 - 2013-06-23 18:21 - 00000000 ____D C:\Windows\ERUNT
2013-06-23 18:20 - 2013-06-23 18:20 - 00000000 ____D C:\JRT
2013-06-23 18:09 - 2013-06-23 18:09 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-06-23 18:00 - 2013-06-23 18:00 - 00003909 ____A C:\AdwCleaner[R3].txt
2013-06-23 18:00 - 2013-06-23 18:00 - 00003849 ____A C:\Users\Ich\Desktop\AdwCleaner[R2].txt
2013-06-23 17:59 - 2013-06-23 17:59 - 00003849 ____A C:\AdwCleaner[R2].txt
2013-06-23 17:59 - 2013-06-23 17:59 - 00003789 ____A C:\AdwCleaner[R1].txt
2013-06-23 17:57 - 2013-06-23 18:04 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-06-22 16:35 - 2013-06-22 16:41 - 00000000 ____D C:\Users\Ich\Desktop\sabse
2013-06-21 17:44 - 2013-06-21 17:44 - 00002011 ____A C:\Users\Ich\Desktop\VirusTotal Uploader 2.0.lnk
2013-06-21 17:44 - 2013-06-21 17:44 - 00000000 ____D C:\Program Files (x86)\VirusTotalUploader2
2013-06-19 21:41 - 2013-06-19 21:41 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 21:41 - 2013-06-12 21:43 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-19 19:39 - 2013-06-19 19:39 - 00000000 ____D C:\FRST
2013-06-19 19:39 - 2013-06-19 19:38 - 01928350 ____A (Farbar) C:\Users\Ich\Desktop\FRST64.exe
2013-06-18 15:21 - 2013-06-18 15:21 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-06-18 15:20 - 2013-06-18 15:20 - 00431720 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-17 21:24 - 2013-06-17 21:24 - 00000000 ____D C:\Users\Ich\AppData\Roaming\TrojanHunter
2013-06-17 20:37 - 2013-06-23 18:04 - 00000000 ____D C:\Program Files (x86)\TrojanHunter 5.5
2013-06-17 20:37 - 2013-06-17 20:37 - 00059392 ____R C:\Windows\SysWOW64\streamhlp.dll
2013-06-17 18:50 - 2013-05-31 01:24 - 01257472 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-06-17 18:50 - 2013-05-31 01:08 - 00974848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-06-17 17:44 - 2013-05-24 01:01 - 01300992 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-06-17 17:44 - 2013-05-24 00:27 - 01022464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-06-16 13:44 - 2013-05-15 04:25 - 00888320 ____A (Microsoft Corporation) C:\Windows\System32\autochk.exe
2013-06-16 13:44 - 2013-05-15 04:25 - 00542208 ____A (Microsoft Corporation) C:\Windows\System32\untfs.dll
2013-06-16 13:44 - 2013-05-15 04:24 - 00793088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe
2013-06-16 13:44 - 2013-05-15 04:24 - 00482816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2013-06-16 12:16 - 2013-05-04 09:58 - 00120736 ____A (Microsoft Corporation) C:\Windows\System32\AuthHost.exe
2013-06-16 12:16 - 2013-05-04 09:34 - 00446720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBHUB3.SYS
2013-06-16 12:16 - 2013-05-04 09:34 - 00284416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
2013-06-16 12:16 - 2013-05-04 09:34 - 00213248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\UCX01000.SYS
2013-06-16 12:16 - 2013-05-04 09:30 - 00058312 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2013-06-16 12:16 - 2013-05-04 08:59 - 13644288 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2013-06-16 12:16 - 2013-05-04 08:59 - 03241472 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2013-06-16 12:16 - 2013-05-04 08:59 - 01619968 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2013-06-16 12:16 - 2013-05-04 08:59 - 01483776 ____A (Microsoft Corporation) C:\Windows\System32\VSSVC.exe
2013-06-16 12:16 - 2013-05-04 08:59 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\Magnify.exe
2013-06-16 12:16 - 2013-05-04 08:59 - 00760320 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2013-06-16 12:16 - 2013-05-04 08:59 - 00251904 ____A (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll
2013-06-16 12:16 - 2013-05-04 08:59 - 00141824 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2013-06-16 12:16 - 2013-05-04 08:59 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2013-06-16 12:16 - 2013-05-04 08:59 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2013-06-16 12:16 - 2013-05-04 08:58 - 10116096 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll
2013-06-16 12:16 - 2013-05-04 08:58 - 01332736 ____A (Microsoft Corporation) C:\Windows\System32\sysmain.dll
2013-06-16 12:16 - 2013-05-04 08:58 - 00470528 ____A (Microsoft Corporation) C:\Windows\System32\netprofmsvc.dll
2013-06-16 12:16 - 2013-05-04 08:58 - 00330240 ____A (Microsoft Corporation) C:\Windows\System32\stobject.dll
2013-06-16 12:16 - 2013-05-04 08:58 - 00328192 ____A (Microsoft Corporation) C:\Windows\System32\ubpm.dll
2013-06-16 12:16 - 2013-05-04 08:58 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\storewuauth.dll
2013-06-16 12:16 - 2013-05-04 08:58 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\netplwiz.dll
2013-06-16 12:16 - 2013-05-04 08:58 - 00151552 ____A (Microsoft Corporation) C:\Windows\System32\netprofm.dll
2013-06-16 12:16 - 2013-05-04 08:58 - 00093696 ____A (Microsoft Corporation) C:\Windows\System32\psmsrv.dll
2013-06-16 12:16 - 2013-05-04 08:57 - 02305024 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-06-16 12:16 - 2013-05-04 08:57 - 01131520 ____A (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll
2013-06-16 12:16 - 2013-05-04 08:57 - 00708096 ____A (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.dll
2013-06-16 12:16 - 2013-05-04 08:57 - 00560640 ____A (Microsoft Corporation) C:\Windows\System32\mfmp4srcsnk.dll
2013-06-16 12:16 - 2013-05-04 08:57 - 00501760 ____A (Microsoft Corporation) C:\Windows\System32\DevicePairing.dll
2013-06-16 12:16 - 2013-05-04 08:57 - 00389120 ____A (Microsoft Corporation) C:\Windows\System32\BCP47Langs.dll
2013-06-16 12:16 - 2013-05-04 08:57 - 00179712 ____A (Microsoft Corporation) C:\Windows\System32\bisrv.dll
2013-06-16 12:16 - 2013-05-04 08:57 - 00122368 ____A (Microsoft Corporation) C:\Windows\System32\biwinrt.dll
2013-06-16 12:16 - 2013-05-04 08:57 - 00017408 ____A (Microsoft Corporation) C:\Windows\System32\muifontsetup.dll
2013-06-16 12:16 - 2013-05-04 08:56 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl
2013-06-16 12:16 - 2013-05-04 06:58 - 00758784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Magnify.exe
2013-06-16 12:16 - 2013-05-04 06:58 - 00621056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-06-16 12:16 - 2013-05-04 06:58 - 00125952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-06-16 12:16 - 2013-05-04 06:58 - 00083968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-06-16 12:16 - 2013-05-04 06:58 - 00034304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-06-16 12:16 - 2013-05-04 06:57 - 10788864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-06-16 12:16 - 2013-05-04 06:57 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-06-16 12:16 - 2013-05-04 06:57 - 00303616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2013-06-16 12:16 - 2013-05-04 06:57 - 00247296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-06-16 12:16 - 2013-05-04 06:57 - 00151040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netplwiz.dll
2013-06-16 12:16 - 2013-05-04 06:57 - 00115712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netprofm.dll
2013-06-16 12:16 - 2013-05-04 06:57 - 00018432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\npmproxy.dll
2013-06-16 12:16 - 2013-05-04 06:57 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\muifontsetup.dll
2013-06-16 12:16 - 2013-05-04 06:56 - 02035712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-06-16 12:16 - 2013-05-04 06:56 - 00449536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2013-06-16 12:16 - 2013-05-04 06:56 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2013-06-16 12:16 - 2013-05-04 06:56 - 00309760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\BCP47Langs.dll
2013-06-16 12:16 - 2013-05-04 06:56 - 00092160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\biwinrt.dll
2013-06-16 12:16 - 2013-05-04 06:55 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2013-06-16 12:16 - 2013-05-04 06:51 - 00014848 ____A (Microsoft) C:\Windows\System32\rars.rs
2013-06-16 12:16 - 2013-05-04 06:48 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-06-16 12:16 - 2013-05-04 06:48 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2013-06-16 12:16 - 2013-05-04 06:47 - 00427520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys
2013-06-16 12:16 - 2013-05-04 06:10 - 00014848 ____A (Microsoft) C:\Windows\SysWOW64\rars.rs
2013-06-16 12:16 - 2013-05-03 00:04 - 00386646 ____A C:\Windows\System32\ApnDatabase.xml
2013-06-12 23:38 - 2013-05-16 00:37 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-06-12 23:38 - 2013-05-16 00:36 - 14320640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 23:38 - 2013-05-16 00:35 - 19230720 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 23:38 - 2013-05-16 00:35 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll
2013-06-12 23:38 - 2013-05-14 15:14 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 23:38 - 2013-05-14 11:23 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 23:38 - 2013-05-04 09:45 - 02233600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 23:38 - 2013-04-29 00:30 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 23:38 - 2013-04-29 00:30 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 23:38 - 2013-04-29 00:30 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 23:38 - 2013-04-29 00:30 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 23:38 - 2013-04-29 00:30 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 23:38 - 2013-04-29 00:30 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 23:38 - 2013-04-29 00:30 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 23:38 - 2013-04-29 00:28 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 23:38 - 2013-04-29 00:28 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 23:38 - 2013-04-29 00:28 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 23:38 - 2013-04-29 00:28 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2013-06-12 23:38 - 2013-04-29 00:28 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 23:38 - 2013-04-29 00:28 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 23:38 - 2013-04-29 00:27 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 23:38 - 2013-04-29 00:27 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 23:38 - 2013-04-29 00:27 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 23:38 - 2013-04-27 07:20 - 00733184 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 23:38 - 2013-04-24 01:13 - 01013248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 23:38 - 2013-04-24 01:12 - 01569792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 23:38 - 2013-04-24 01:12 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 23:38 - 2013-04-24 00:56 - 01255936 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 23:38 - 2013-04-24 00:55 - 01889280 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 23:38 - 2013-04-24 00:55 - 00141312 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 23:38 - 2013-04-24 00:55 - 00068096 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 23:38 - 2013-04-03 01:37 - 00025088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 23:38 - 2013-04-03 01:12 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-02 16:47 - 2013-06-02 16:47 - 00000000 ____D C:\Users\Ich\AppData\Local\SniperV2
2013-06-02 16:47 - 2013-06-02 16:47 - 00000000 ____D C:\Users\Ich\AppData\Local\SKIDROW
2013-06-02 16:25 - 2013-06-02 16:25 - 00000000 ____D C:\ProgramData\Steam
2013-06-02 16:25 - 2013-06-02 16:25 - 00000000 ____D C:\ProgramData\Codemasters
2013-06-02 12:38 - 2013-06-02 12:38 - 00910330 ____A C:\Users\Ich\Desktop\1.Juni.2013.ZIP
2013-06-02 11:22 - 2013-06-02 11:22 - 00002908 ____A C:\Users\Public\Desktop\Quicken 2014.lnk
2013-05-27 19:12 - 2013-05-27 19:12 - 00000000 ____D C:\Users\Ich\AppData\Local\Franzis
2013-05-27 19:06 - 2013-05-27 19:06 - 00001113 ____A C:\Users\Public\Desktop\3D-Eisenbahnplaner 12.lnk
2013-05-27 19:06 - 2013-05-27 19:06 - 00000000 ____D C:\Users\Ich\Documents\Franzis
2013-05-27 19:05 - 2013-05-27 19:05 - 00000000 ____D C:\Program Files (x86)\Franzis

==================== One Month Modified Files and Folders =======

2013-06-23 18:22 - 2013-06-23 18:22 - 00001328 ____A C:\Users\Ich\Desktop\JRT.txt
2013-06-23 18:21 - 2013-06-23 18:21 - 00000000 ____D C:\Windows\ERUNT
2013-06-23 18:21 - 2013-04-02 19:31 - 00000000 ____D C:\Users\Ich\AppData\Local\iLivid
2013-06-23 18:20 - 2013-06-23 18:20 - 00000000 ____D C:\JRT
2013-06-23 18:16 - 2013-01-31 17:59 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-23 18:09 - 2013-06-23 18:09 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-06-23 18:04 - 2013-06-23 17:57 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-06-23 18:04 - 2013-06-17 20:37 - 00000000 ____D C:\Program Files (x86)\TrojanHunter 5.5
2013-06-23 18:02 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\sru
2013-06-23 18:00 - 2013-06-23 18:00 - 00003909 ____A C:\AdwCleaner[R3].txt
2013-06-23 18:00 - 2013-06-23 18:00 - 00003849 ____A C:\Users\Ich\Desktop\AdwCleaner[R2].txt
2013-06-23 17:59 - 2013-06-23 17:59 - 00003849 ____A C:\AdwCleaner[R2].txt
2013-06-23 17:59 - 2013-06-23 17:59 - 00003789 ____A C:\AdwCleaner[R1].txt
2013-06-23 16:42 - 2013-01-31 21:20 - 00000000 ____D C:\Users\Ich\AppData\Roaming\vlc
2013-06-23 16:20 - 2012-12-30 11:29 - 00753134 ____A C:\Windows\System32\perfh007.dat
2013-06-23 16:20 - 2012-12-30 11:29 - 00155826 ____A C:\Windows\System32\perfc007.dat
2013-06-23 16:20 - 2012-07-26 09:28 - 01745416 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-23 16:17 - 2012-07-26 09:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-23 16:17 - 2012-07-26 07:26 - 00786432 __ASH C:\Windows\System32\config\BBI
2013-06-23 14:54 - 2013-02-01 21:28 - 00000000 ____D C:\Program Files (x86)\Origin
2013-06-22 19:30 - 2013-01-31 16:51 - 01323057 ____A C:\Windows\WindowsUpdate.log
2013-06-22 17:56 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-06-22 16:41 - 2013-06-22 16:35 - 00000000 ____D C:\Users\Ich\Desktop\sabse
2013-06-22 12:12 - 2013-02-01 11:03 - 00000000 ____D C:\Users\Ich\AppData\Local\Deployment
2013-06-21 21:51 - 2013-02-01 21:56 - 00000000 ____D C:\Users\Ich\AppData\Local\CrashDumps
2013-06-21 17:44 - 2013-06-21 17:44 - 00002011 ____A C:\Users\Ich\Desktop\VirusTotal Uploader 2.0.lnk
2013-06-21 17:44 - 2013-06-21 17:44 - 00000000 ____D C:\Program Files (x86)\VirusTotalUploader2
2013-06-19 21:41 - 2013-06-19 21:41 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 21:41 - 2013-02-01 12:24 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-19 19:39 - 2013-06-19 19:39 - 00000000 ____D C:\FRST
2013-06-19 19:38 - 2013-06-19 19:39 - 01928350 ____A (Farbar) C:\Users\Ich\Desktop\FRST64.exe
2013-06-18 15:21 - 2013-06-18 15:21 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-06-18 15:20 - 2013-06-18 15:20 - 00431720 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-17 22:13 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-06-17 21:24 - 2013-06-17 21:24 - 00000000 ____D C:\Users\Ich\AppData\Roaming\TrojanHunter
2013-06-17 21:24 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2013-06-17 21:24 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-06-17 21:24 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-06-17 21:24 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-06-17 21:24 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-06-17 21:24 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\System32\Dism
2013-06-17 20:37 - 2013-06-17 20:37 - 00059392 ____R C:\Windows\SysWOW64\streamhlp.dll
2013-06-15 23:46 - 2013-02-03 20:15 - 00000000 ____D C:\Users\Ich\AppData\Roaming\Skype
2013-06-15 17:47 - 2013-02-03 20:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-15 17:47 - 2013-02-03 20:15 - 00000000 ____D C:\ProgramData\Skype
2013-06-14 11:56 - 2012-11-02 05:02 - 00045958 ____A C:\Windows\PFRO.log
2013-06-13 23:55 - 2013-04-25 15:17 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-06-13 12:07 - 2013-02-01 20:28 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 21:48 - 2013-02-17 18:05 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-12 21:48 - 2013-02-01 12:25 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-12 21:47 - 2013-03-17 12:19 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-12 21:43 - 2013-06-19 21:41 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-12 21:43 - 2013-02-01 12:25 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-12 21:43 - 2013-02-01 12:25 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-05 00:09 - 2012-07-26 10:14 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-05 00:09 - 2012-07-26 10:14 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-04 15:05 - 2013-02-01 21:29 - 00000000 ____D C:\Users\Ich\AppData\Roaming\Origin
2013-06-04 15:05 - 2013-02-01 21:29 - 00000000 ____D C:\Users\Ich\AppData\Local\Origin
2013-06-02 20:46 - 2012-07-26 09:21 - 00071961 ____A C:\Windows\setupact.log
2013-06-02 19:03 - 2013-01-31 16:51 - 00000000 ____D C:\Users\Ich\AppData\Local\Packages
2013-06-02 16:47 - 2013-06-02 16:47 - 00000000 ____D C:\Users\Ich\AppData\Local\SniperV2
2013-06-02 16:47 - 2013-06-02 16:47 - 00000000 ____D C:\Users\Ich\AppData\Local\SKIDROW
2013-06-02 16:25 - 2013-06-02 16:25 - 00000000 ____D C:\ProgramData\Steam
2013-06-02 16:25 - 2013-06-02 16:25 - 00000000 ____D C:\ProgramData\Codemasters
2013-06-02 16:25 - 2013-03-08 20:00 - 00000000 ____D C:\Users\Ich\Documents\My Games
2013-06-02 12:38 - 2013-06-02 12:38 - 00910330 ____A C:\Users\Ich\Desktop\1.Juni.2013.ZIP
2013-06-02 11:22 - 2013-06-02 11:22 - 00002908 ____A C:\Users\Public\Desktop\Quicken 2014.lnk
2013-06-02 11:22 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\Help
2013-05-31 01:24 - 2013-06-17 18:50 - 01257472 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-05-31 01:08 - 2013-06-17 18:50 - 00974848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-05-27 19:12 - 2013-05-27 19:12 - 00000000 ____D C:\Users\Ich\AppData\Local\Franzis
2013-05-27 19:06 - 2013-05-27 19:06 - 00001113 ____A C:\Users\Public\Desktop\3D-Eisenbahnplaner 12.lnk
2013-05-27 19:06 - 2013-05-27 19:06 - 00000000 ____D C:\Users\Ich\Documents\Franzis
2013-05-27 19:05 - 2013-05-27 19:05 - 00000000 ____D C:\Program Files (x86)\Franzis
2013-05-27 19:05 - 2013-02-01 21:44 - 00037414 ____A C:\Windows\DirectX.log
2013-05-24 23:19 - 2013-01-31 16:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-24 01:01 - 2013-06-17 17:44 - 01300992 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-05-24 00:27 - 2013-06-17 17:44 - 01022464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-21 17:52

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Bitte schön , schönen abend noch danke

Alt 23.06.2013, 20:34   #12
schrauber
/// the machine
/// TB-Ausbilder
 

inkasso mail mit anhang geöfnet - Standard

inkasso mail mit anhang geöfnet



Supi,


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST Log. Gibt es noch Probleme mit dem Rechner?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.06.2013, 08:47   #13
faust63
 
inkasso mail mit anhang geöfnet - Standard

inkasso mail mit anhang geöfnet



guten morgen ,

rechner macht keine probleme , läuft wie immer,

gruß rudi

Alt 24.06.2013, 11:00   #14
schrauber
/// the machine
/// TB-Ausbilder
 

inkasso mail mit anhang geöfnet - Standard

inkasso mail mit anhang geöfnet



Gut, die Scans bitte trotzdem noch machen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.06.2013, 15:12   #15
faust63
 
inkasso mail mit anhang geöfnet - Standard

inkasso mail mit anhang geöfnet



Hallo,
sorry hat etwas gedauert
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=31dbdeffdc22ef43b21eb4bf91977ee0
# engine=14145
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-24 04:04:11
# local_time=2013-06-24 06:04:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=5893 16776573 100 94 11272 12678950 0 0
# scanned=280966
# found=0
# cleaned=0
# scan_time=5363
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=31dbdeffdc22ef43b21eb4bf91977ee0
# engine=14149
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-25 12:20:23
# local_time=2013-06-25 02:20:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=5893 16776573 100 94 84244 12751922 0 0
# scanned=281766
# found=0
# cleaned=0
# scan_time=5559
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.64  
   x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 VirusTotal Uploader 2.0   
 Java(TM) 6 Update 21  
 Java 7 Update 25  
 Java version out of Date! 
 Adobe Flash Player 	11.7.700.224  
 Adobe Reader XI  
 Mozilla Firefox (21.0) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Windows Defender MsMpEng.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-06-2013 (ATTENTION: FRST version is 6 days old)
Ran by Ich (administrator) on 25-06-2013 16:02:33
Running from C:\Users\Ich\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Logitech Inc.) C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Logitech Inc.) C:\PROGRA~2\SQUEEZ~1\server\SQUEEZ~3.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PMMUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4  [1212048 2012-06-07] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] "C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe" [x]
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3933496 2012-09-20] (Logitech, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Atheros Communications))
HKCU\...\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart [3456080 2013-06-04] (Electronic Arts)
HKCU\...\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background [x]
MountPoints2: {0554b607-b30c-11e2-bf48-b888e3b3844c} - "F:\LaunchU3.exe" -a
MountPoints2: {fa3afa14-989e-11e2-bef4-b888e3b3844c} - "F:\Startme.exe" 
HKLM-x32\...\Run: [LManager]  [x]
HKLM-x32\...\Run: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\RunOnce: [RegAutoPlay] C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe /r [1845392 2012-08-21] (Acer Incorporated)
HKU\Default User\...\RunOnce: [RegAutoPlay] C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe /r [1845392 2012-08-21] (Acer Incorporated)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [247144 2012-10-11] (NVIDIA Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Logitech Media Server-Taskleisten-Tool.lnk
ShortcutTarget: Logitech Media Server-Taskleisten-Tool.lnk -> C:\Program Files (x86)\Squeezebox\SqueezeTray.exe (Logitech Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Quicken 2014 Zahlungserinnerung.lnk
ShortcutTarget: Quicken 2014 Zahlungserinnerung.lnk -> C:\Windows\Installer\{E60036CF-1E46-4DFE-832F-5476574B30FF}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe (Macrovision Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Quicken Jubiläumsversion Zahlungserinnerung.lnk
ShortcutTarget: Quicken Jubiläumsversion Zahlungserinnerung.lnk -> C:\Windows\Installer\{A907A713-DA24-4352-8786-96C7A6944646}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe (Macrovision Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://t-online.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKCU SearchScopes: DefaultScope {46F3D5CC-0151-489C-8DFB-EB32C0888D07} URL = 
SearchScopes: HKCU - {46F3D5CC-0151-489C-8DFB-EB32C0888D07} URL = 
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\wjhxw3dr.default
FF Homepage: t-online.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations)
R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
S2 CLKMSVC10_96E434EB; C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\NavFilter\kmsvc.exe [243728 2012-07-24] (CyberLink)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [85904 2012-09-05] (ELAN Microelectronics Corp.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-02] (NTI Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-06] (Microsoft Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-12-30] (Dritek System INC.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-12-30] (Dritek System Inc.)
R1 UimBus; C:\Windows\System32\drivers\uimx64.sys [90960 2012-12-13] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2012-12-13] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2012-12-13] (Paragon)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-25 16:02 - 2013-06-25 16:02 - 00000884 ____A C:\Users\Ich\Desktop\checkup.txt
2013-06-24 16:33 - 2013-06-24 09:48 - 00890839 ____A C:\Users\Ich\Desktop\SecurityCheck.exe
2013-06-23 18:21 - 2013-06-23 18:21 - 00000000 ____D C:\Windows\ERUNT
2013-06-23 18:20 - 2013-06-23 18:20 - 00000000 ____D C:\JRT
2013-06-23 18:09 - 2013-06-23 18:09 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-06-23 18:00 - 2013-06-23 18:00 - 00003909 ____A C:\AdwCleaner[R3].txt
2013-06-23 17:59 - 2013-06-23 17:59 - 00003849 ____A C:\AdwCleaner[R2].txt
2013-06-23 17:59 - 2013-06-23 17:59 - 00003789 ____A C:\AdwCleaner[R1].txt
2013-06-23 17:57 - 2013-06-23 18:04 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-06-22 16:35 - 2013-06-22 16:41 - 00000000 ____D C:\Users\Ich\Desktop\sabse
2013-06-21 17:44 - 2013-06-21 17:44 - 00002011 ____A C:\Users\Ich\Desktop\VirusTotal Uploader 2.0.lnk
2013-06-21 17:44 - 2013-06-21 17:44 - 00000000 ____D C:\Program Files (x86)\VirusTotalUploader2
2013-06-19 21:41 - 2013-06-19 21:41 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 21:41 - 2013-06-12 21:43 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-19 19:39 - 2013-06-19 19:39 - 00000000 ____D C:\FRST
2013-06-19 19:39 - 2013-06-19 19:38 - 01928350 ____A (Farbar) C:\Users\Ich\Desktop\FRST64.exe
2013-06-18 15:21 - 2013-06-18 15:21 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-06-18 15:20 - 2013-06-18 15:20 - 00431720 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-17 21:24 - 2013-06-17 21:24 - 00000000 ____D C:\Users\Ich\AppData\Roaming\TrojanHunter
2013-06-17 20:37 - 2013-06-23 18:04 - 00000000 ____D C:\Program Files (x86)\TrojanHunter 5.5
2013-06-17 20:37 - 2013-06-17 20:37 - 00059392 ____R C:\Windows\SysWOW64\streamhlp.dll
2013-06-17 18:50 - 2013-05-31 01:24 - 01257472 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-06-17 18:50 - 2013-05-31 01:08 - 00974848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-06-17 17:44 - 2013-05-24 01:01 - 01300992 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-06-17 17:44 - 2013-05-24 00:27 - 01022464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-06-16 13:44 - 2013-05-15 04:25 - 00888320 ____A (Microsoft Corporation) C:\Windows\System32\autochk.exe
2013-06-16 13:44 - 2013-05-15 04:25 - 00542208 ____A (Microsoft Corporation) C:\Windows\System32\untfs.dll
2013-06-16 13:44 - 2013-05-15 04:24 - 00793088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe
2013-06-16 13:44 - 2013-05-15 04:24 - 00482816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2013-06-16 12:16 - 2013-05-04 09:58 - 00120736 ____A (Microsoft Corporation) C:\Windows\System32\AuthHost.exe
2013-06-16 12:16 - 2013-05-04 09:34 - 00446720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBHUB3.SYS
2013-06-16 12:16 - 2013-05-04 09:34 - 00284416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
2013-06-16 12:16 - 2013-05-04 09:34 - 00213248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\UCX01000.SYS
2013-06-16 12:16 - 2013-05-04 09:30 - 00058312 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2013-06-16 12:16 - 2013-05-04 08:59 - 13644288 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2013-06-16 12:16 - 2013-05-04 08:59 - 03241472 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2013-06-16 12:16 - 2013-05-04 08:59 - 01619968 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2013-06-16 12:16 - 2013-05-04 08:59 - 01483776 ____A (Microsoft Corporation) C:\Windows\System32\VSSVC.exe
2013-06-16 12:16 - 2013-05-04 08:59 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\Magnify.exe
2013-06-16 12:16 - 2013-05-04 08:59 - 00760320 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2013-06-16 12:16 - 2013-05-04 08:59 - 00251904 ____A (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll
2013-06-16 12:16 - 2013-05-04 08:59 - 00141824 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2013-06-16 12:16 - 2013-05-04 08:59 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2013-06-16 12:16 - 2013-05-04 08:59 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2013-06-16 12:16 - 2013-05-04 08:58 - 10116096 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll
2013-06-16 12:16 - 2013-05-04 08:58 - 01332736 ____A (Microsoft Corporation) C:\Windows\System32\sysmain.dll
2013-06-16 12:16 - 2013-05-04 08:58 - 00470528 ____A (Microsoft Corporation) C:\Windows\System32\netprofmsvc.dll
2013-06-16 12:16 - 2013-05-04 08:58 - 00330240 ____A (Microsoft Corporation) C:\Windows\System32\stobject.dll
2013-06-16 12:16 - 2013-05-04 08:58 - 00328192 ____A (Microsoft Corporation) C:\Windows\System32\ubpm.dll
2013-06-16 12:16 - 2013-05-04 08:58 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\storewuauth.dll
2013-06-16 12:16 - 2013-05-04 08:58 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\netplwiz.dll
2013-06-16 12:16 - 2013-05-04 08:58 - 00151552 ____A (Microsoft Corporation) C:\Windows\System32\netprofm.dll
2013-06-16 12:16 - 2013-05-04 08:58 - 00093696 ____A (Microsoft Corporation) C:\Windows\System32\psmsrv.dll
2013-06-16 12:16 - 2013-05-04 08:57 - 02305024 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-06-16 12:16 - 2013-05-04 08:57 - 01131520 ____A (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll
2013-06-16 12:16 - 2013-05-04 08:57 - 00708096 ____A (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.dll
2013-06-16 12:16 - 2013-05-04 08:57 - 00560640 ____A (Microsoft Corporation) C:\Windows\System32\mfmp4srcsnk.dll
2013-06-16 12:16 - 2013-05-04 08:57 - 00501760 ____A (Microsoft Corporation) C:\Windows\System32\DevicePairing.dll
2013-06-16 12:16 - 2013-05-04 08:57 - 00389120 ____A (Microsoft Corporation) C:\Windows\System32\BCP47Langs.dll
2013-06-16 12:16 - 2013-05-04 08:57 - 00179712 ____A (Microsoft Corporation) C:\Windows\System32\bisrv.dll
2013-06-16 12:16 - 2013-05-04 08:57 - 00122368 ____A (Microsoft Corporation) C:\Windows\System32\biwinrt.dll
2013-06-16 12:16 - 2013-05-04 08:57 - 00017408 ____A (Microsoft Corporation) C:\Windows\System32\muifontsetup.dll
2013-06-16 12:16 - 2013-05-04 08:56 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl
2013-06-16 12:16 - 2013-05-04 06:58 - 00758784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Magnify.exe
2013-06-16 12:16 - 2013-05-04 06:58 - 00621056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-06-16 12:16 - 2013-05-04 06:58 - 00125952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-06-16 12:16 - 2013-05-04 06:58 - 00083968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-06-16 12:16 - 2013-05-04 06:58 - 00034304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-06-16 12:16 - 2013-05-04 06:57 - 10788864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-06-16 12:16 - 2013-05-04 06:57 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-06-16 12:16 - 2013-05-04 06:57 - 00303616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2013-06-16 12:16 - 2013-05-04 06:57 - 00247296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-06-16 12:16 - 2013-05-04 06:57 - 00151040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netplwiz.dll
2013-06-16 12:16 - 2013-05-04 06:57 - 00115712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netprofm.dll
2013-06-16 12:16 - 2013-05-04 06:57 - 00018432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\npmproxy.dll
2013-06-16 12:16 - 2013-05-04 06:57 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\muifontsetup.dll
2013-06-16 12:16 - 2013-05-04 06:56 - 02035712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-06-16 12:16 - 2013-05-04 06:56 - 00449536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2013-06-16 12:16 - 2013-05-04 06:56 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2013-06-16 12:16 - 2013-05-04 06:56 - 00309760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\BCP47Langs.dll
2013-06-16 12:16 - 2013-05-04 06:56 - 00092160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\biwinrt.dll
2013-06-16 12:16 - 2013-05-04 06:55 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2013-06-16 12:16 - 2013-05-04 06:51 - 00014848 ____A (Microsoft) C:\Windows\System32\rars.rs
2013-06-16 12:16 - 2013-05-04 06:48 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-06-16 12:16 - 2013-05-04 06:48 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2013-06-16 12:16 - 2013-05-04 06:47 - 00427520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys
2013-06-16 12:16 - 2013-05-04 06:10 - 00014848 ____A (Microsoft) C:\Windows\SysWOW64\rars.rs
2013-06-16 12:16 - 2013-05-03 00:04 - 00386646 ____A C:\Windows\System32\ApnDatabase.xml
2013-06-12 23:38 - 2013-05-16 00:37 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-06-12 23:38 - 2013-05-16 00:36 - 14320640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 23:38 - 2013-05-16 00:35 - 19230720 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 23:38 - 2013-05-16 00:35 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll
2013-06-12 23:38 - 2013-05-14 15:14 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 23:38 - 2013-05-14 11:23 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 23:38 - 2013-05-04 09:45 - 02233600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 23:38 - 2013-04-29 00:30 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 23:38 - 2013-04-29 00:30 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 23:38 - 2013-04-29 00:30 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 23:38 - 2013-04-29 00:30 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 23:38 - 2013-04-29 00:30 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 23:38 - 2013-04-29 00:30 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 23:38 - 2013-04-29 00:30 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 23:38 - 2013-04-29 00:28 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 23:38 - 2013-04-29 00:28 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 23:38 - 2013-04-29 00:28 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 23:38 - 2013-04-29 00:28 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2013-06-12 23:38 - 2013-04-29 00:28 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 23:38 - 2013-04-29 00:28 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 23:38 - 2013-04-29 00:27 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 23:38 - 2013-04-29 00:27 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 23:38 - 2013-04-29 00:27 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 23:38 - 2013-04-27 07:20 - 00733184 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 23:38 - 2013-04-24 01:13 - 01013248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 23:38 - 2013-04-24 01:12 - 01569792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 23:38 - 2013-04-24 01:12 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 23:38 - 2013-04-24 00:56 - 01255936 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 23:38 - 2013-04-24 00:55 - 01889280 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 23:38 - 2013-04-24 00:55 - 00141312 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 23:38 - 2013-04-24 00:55 - 00068096 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 23:38 - 2013-04-03 01:37 - 00025088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 23:38 - 2013-04-03 01:12 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-02 16:47 - 2013-06-02 16:47 - 00000000 ____D C:\Users\Ich\AppData\Local\SniperV2
2013-06-02 16:47 - 2013-06-02 16:47 - 00000000 ____D C:\Users\Ich\AppData\Local\SKIDROW
2013-06-02 16:25 - 2013-06-02 16:25 - 00000000 ____D C:\ProgramData\Steam
2013-06-02 16:25 - 2013-06-02 16:25 - 00000000 ____D C:\ProgramData\Codemasters
2013-06-02 12:38 - 2013-06-02 12:38 - 00910330 ____A C:\Users\Ich\Desktop\1.Juni.2013.ZIP
2013-06-02 11:22 - 2013-06-02 11:22 - 00002908 ____A C:\Users\Public\Desktop\Quicken 2014.lnk
2013-05-27 19:12 - 2013-05-27 19:12 - 00000000 ____D C:\Users\Ich\AppData\Local\Franzis
2013-05-27 19:06 - 2013-05-27 19:06 - 00001113 ____A C:\Users\Public\Desktop\3D-Eisenbahnplaner 12.lnk
2013-05-27 19:06 - 2013-05-27 19:06 - 00000000 ____D C:\Users\Ich\Documents\Franzis
2013-05-27 19:05 - 2013-05-27 19:05 - 00000000 ____D C:\Program Files (x86)\Franzis

==================== One Month Modified Files and Folders =======

2013-06-25 16:02 - 2013-06-25 16:02 - 00000884 ____A C:\Users\Ich\Desktop\checkup.txt
2013-06-25 16:02 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\sru
2013-06-25 15:58 - 2013-02-01 21:56 - 00000000 ____D C:\Users\Ich\AppData\Local\CrashDumps
2013-06-25 15:47 - 2013-01-31 16:51 - 01502094 ____A C:\Windows\WindowsUpdate.log
2013-06-25 15:16 - 2013-01-31 17:59 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-25 14:20 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-06-25 12:47 - 2012-12-30 11:29 - 00753134 ____A C:\Windows\System32\perfh007.dat
2013-06-25 12:47 - 2012-12-30 11:29 - 00155826 ____A C:\Windows\System32\perfc007.dat
2013-06-25 12:47 - 2012-07-26 09:28 - 01745416 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-25 12:44 - 2013-02-01 11:03 - 00000000 ____D C:\Users\Ich\AppData\Local\Deployment
2013-06-25 12:40 - 2013-02-01 21:28 - 00000000 ____D C:\Program Files (x86)\Origin
2013-06-25 12:40 - 2012-11-02 05:02 - 00046498 ____A C:\Windows\PFRO.log
2013-06-25 12:40 - 2012-07-26 09:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-24 19:30 - 2012-07-26 07:26 - 00786432 __ASH C:\Windows\System32\config\BBI
2013-06-24 09:48 - 2013-06-24 16:33 - 00890839 ____A C:\Users\Ich\Desktop\SecurityCheck.exe
2013-06-23 18:21 - 2013-06-23 18:21 - 00000000 ____D C:\Windows\ERUNT
2013-06-23 18:21 - 2013-04-02 19:31 - 00000000 ____D C:\Users\Ich\AppData\Local\iLivid
2013-06-23 18:20 - 2013-06-23 18:20 - 00000000 ____D C:\JRT
2013-06-23 18:09 - 2013-06-23 18:09 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-06-23 18:04 - 2013-06-23 17:57 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-06-23 18:04 - 2013-06-17 20:37 - 00000000 ____D C:\Program Files (x86)\TrojanHunter 5.5
2013-06-23 18:00 - 2013-06-23 18:00 - 00003909 ____A C:\AdwCleaner[R3].txt
2013-06-23 17:59 - 2013-06-23 17:59 - 00003849 ____A C:\AdwCleaner[R2].txt
2013-06-23 17:59 - 2013-06-23 17:59 - 00003789 ____A C:\AdwCleaner[R1].txt
2013-06-23 16:42 - 2013-01-31 21:20 - 00000000 ____D C:\Users\Ich\AppData\Roaming\vlc
2013-06-22 16:41 - 2013-06-22 16:35 - 00000000 ____D C:\Users\Ich\Desktop\sabse
2013-06-21 17:44 - 2013-06-21 17:44 - 00002011 ____A C:\Users\Ich\Desktop\VirusTotal Uploader 2.0.lnk
2013-06-21 17:44 - 2013-06-21 17:44 - 00000000 ____D C:\Program Files (x86)\VirusTotalUploader2
2013-06-19 21:41 - 2013-06-19 21:41 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 21:41 - 2013-02-01 12:24 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-19 19:39 - 2013-06-19 19:39 - 00000000 ____D C:\FRST
2013-06-19 19:38 - 2013-06-19 19:39 - 01928350 ____A (Farbar) C:\Users\Ich\Desktop\FRST64.exe
2013-06-18 15:21 - 2013-06-18 15:21 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-06-18 15:20 - 2013-06-18 15:20 - 00431720 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-17 22:13 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-06-17 21:24 - 2013-06-17 21:24 - 00000000 ____D C:\Users\Ich\AppData\Roaming\TrojanHunter
2013-06-17 21:24 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2013-06-17 21:24 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-06-17 21:24 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-06-17 21:24 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-06-17 21:24 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-06-17 21:24 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\System32\Dism
2013-06-17 20:37 - 2013-06-17 20:37 - 00059392 ____R C:\Windows\SysWOW64\streamhlp.dll
2013-06-15 23:46 - 2013-02-03 20:15 - 00000000 ____D C:\Users\Ich\AppData\Roaming\Skype
2013-06-15 17:47 - 2013-02-03 20:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-15 17:47 - 2013-02-03 20:15 - 00000000 ____D C:\ProgramData\Skype
2013-06-13 23:55 - 2013-04-25 15:17 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-06-13 12:07 - 2013-02-01 20:28 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 21:48 - 2013-02-17 18:05 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-12 21:48 - 2013-02-01 12:25 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-12 21:47 - 2013-03-17 12:19 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-12 21:43 - 2013-06-19 21:41 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-12 21:43 - 2013-02-01 12:25 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-12 21:43 - 2013-02-01 12:25 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-05 00:09 - 2012-07-26 10:14 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-05 00:09 - 2012-07-26 10:14 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-04 15:05 - 2013-02-01 21:29 - 00000000 ____D C:\Users\Ich\AppData\Roaming\Origin
2013-06-04 15:05 - 2013-02-01 21:29 - 00000000 ____D C:\Users\Ich\AppData\Local\Origin
2013-06-02 20:46 - 2012-07-26 09:21 - 00071961 ____A C:\Windows\setupact.log
2013-06-02 19:03 - 2013-01-31 16:51 - 00000000 ____D C:\Users\Ich\AppData\Local\Packages
2013-06-02 16:47 - 2013-06-02 16:47 - 00000000 ____D C:\Users\Ich\AppData\Local\SniperV2
2013-06-02 16:47 - 2013-06-02 16:47 - 00000000 ____D C:\Users\Ich\AppData\Local\SKIDROW
2013-06-02 16:25 - 2013-06-02 16:25 - 00000000 ____D C:\ProgramData\Steam
2013-06-02 16:25 - 2013-06-02 16:25 - 00000000 ____D C:\ProgramData\Codemasters
2013-06-02 16:25 - 2013-03-08 20:00 - 00000000 ____D C:\Users\Ich\Documents\My Games
2013-06-02 12:38 - 2013-06-02 12:38 - 00910330 ____A C:\Users\Ich\Desktop\1.Juni.2013.ZIP
2013-06-02 11:22 - 2013-06-02 11:22 - 00002908 ____A C:\Users\Public\Desktop\Quicken 2014.lnk
2013-06-02 11:22 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\Help
2013-05-31 01:24 - 2013-06-17 18:50 - 01257472 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-05-31 01:08 - 2013-06-17 18:50 - 00974848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-05-27 19:12 - 2013-05-27 19:12 - 00000000 ____D C:\Users\Ich\AppData\Local\Franzis
2013-05-27 19:06 - 2013-05-27 19:06 - 00001113 ____A C:\Users\Public\Desktop\3D-Eisenbahnplaner 12.lnk
2013-05-27 19:06 - 2013-05-27 19:06 - 00000000 ____D C:\Users\Ich\Documents\Franzis
2013-05-27 19:05 - 2013-05-27 19:05 - 00000000 ____D C:\Program Files (x86)\Franzis
2013-05-27 19:05 - 2013-02-01 21:44 - 00037414 ____A C:\Windows\DirectX.log

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-21 17:52

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Dankeschön und schönen Abend noch

Antwort

Themen zu inkasso mail mit anhang geöfnet
anderes, angeblichen, anhang, brauch, datei, eingefangen, email, erhalte, gefangen, gen, gescannt, gespeichert, gestern, hallo zusammen, inkasso, mail, nicht mehr, programm, rechner, scanne, scannen, troja, trojan, zusammen, zuviel



Ähnliche Themen: inkasso mail mit anhang geöfnet


  1. Fake Inkasso Email mit Anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 29.09.2015 (16)
  2. Zip Datei aus Inkasso-Mail am MAC geöffnet
    Alles rund um Mac OSX & Linux - 28.01.2015 (12)
  3. Amazon Inkasso Mail - zip-Datei geöffnet am IMAC
    Plagegeister aller Art und deren Bekämpfung - 09.11.2014 (13)
  4. Amazon Inkasso - Anhang geöffnet
    Log-Analyse und Auswertung - 08.10.2014 (3)
  5. Amazon Inkasso Mail erhalten und zip datei geöffnet!!!
    Log-Analyse und Auswertung - 15.09.2014 (7)
  6. Amazon Inkasso Mail --> Chefin hat eventuell die Zip geöffnet
    Plagegeister aller Art und deren Bekämpfung - 18.08.2014 (3)
  7. Vermeintliche Email von Inkasso PayPal:Anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 24.07.2014 (28)
  8. Win 7 Home Premium 64Bit - Inkasso Email - ZIP Anhang angeklickt
    Log-Analyse und Auswertung - 06.06.2014 (3)
  9. E-Mail von Media Center GmbH - Abo 39€ - E-Mail, nicht Anhang geöffnet, Antivirenprogramm meldet sich.
    Plagegeister aller Art und deren Bekämpfung - 24.04.2014 (5)
  10. Online Inkasso-Mail Anhang
    Plagegeister aller Art und deren Bekämpfung - 04.04.2014 (5)
  11. E-mail Account verschickt Spam Mail mit Viren Anhang an alle Kontakte
    Log-Analyse und Auswertung - 29.10.2013 (16)
  12. Trojaner-Verdacht in E-Mail Anhang "Vertragliche Mahnung vom 13.05.2013 inkasso.com"
    Log-Analyse und Auswertung - 13.09.2013 (8)
  13. Dringender Verdacht auf Trojaner durch scheinbare Inkasso Mail
    Log-Analyse und Auswertung - 27.08.2013 (11)
  14. E-Mail einer Inkasso Anwaltschaft erhalten
    Überwachung, Datenschutz und Spam - 22.08.2013 (3)
  15. Inkasso-Mail: Anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 14.06.2013 (3)
  16. Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes
    Log-Analyse und Auswertung - 19.05.2013 (25)
  17. e-mail erhalten über eine angeblich Rechnung mit Mahnung u. drohung mit Inkasso u. datei anhang
    Log-Analyse und Auswertung - 14.03.2013 (5)

Zum Thema inkasso mail mit anhang geöfnet - Hallo zusammen, meine tochter hat gestern eine Mail von einem angeblichen Inkassobüro mit Anhang erhalten.da sie sehr aufgeregt war über email von inkaso büro hatte ich mir email angeschaut und - inkasso mail mit anhang geöfnet...
Archiv
Du betrachtest: inkasso mail mit anhang geöfnet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.