Win.Trojan 588749, Win.Trojan.Bamital 1158, Win.Trojan.Agent 382794

buschreiter · 07.07.2013, 08:52

Hallo, ich habe wegen eines geänderten Laufzeitverhaltens meines Compis Desinfect mit ClamAV und Antivir laufen lassen. Es ergaben sich hier die o.g. Trojaner.
Der Scan mit OTL ergab folgende TXT:

Code:

ATTFilter

OTL logfile created on: 07.07.2013 09:35:09 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\PC\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 65,78% Memory free
8,00 Gb Paging File | 6,18 Gb Available in Paging File | 77,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 366,28 Gb Free Space | 78,66% Space Free | Partition Type: NTFS
 
Computer Name: PC-PC | User Name: PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\PC\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\PC\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe ()
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
PRC - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Biet-O-Matic\Biet-O-Matic.exe (www.bid-o-matic.org)
PRC - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Windows\vsnp325.exe ()
PRC - C:\Windows\tsnp325.exe ()
PRC - C:\Windows\FixCamera.exe ()
PRC - C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\98e8641e2ca570f03352a91836b0b97a\System.ServiceModel.Routing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0e5d2997438866de453e8b1401d84398\System.ServiceModel.Discovery.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4dbbfceeddfc9180d5f621f0fc586e2c\System.ServiceModel.Activities.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\3a75004c8363a598f4997686c16ae55e\System.ServiceModel.Channels.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\be692307d47b83000bba8bb6b484aff0\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\6ff6bd832b03b5d6ea275ba9bee2d3ef\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\019ed4a55ecc7d1f5b933c27970dce9b\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2609614ca03927f7a99418c74844059b\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8732d692f02402dbd81280b0d3c4f6a9\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll ()
MOD - C:\Users\PC\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe ()
MOD - C:\Users\PC\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Users\PC\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\vsnp325.exe ()
MOD - C:\Windows\tsnp325.exe ()
MOD - C:\Windows\FixCamera.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Garmin Core Update Service) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AVM IGD CTRL Service) -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (de_serv) -- C:\Program Files (x86)\Common Files\AVM\De_serv.exe (AVM Berlin)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (ysusb64) -- C:\Windows\SysNative\drivers\ysusb64.sys (Yamaha Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TASCAM_US600_USB) -- C:\Windows\SysNative\drivers\tus600_u.sys (TASCAM)
DRV:64bit: - (TASCAM_US600_WDM) -- C:\Windows\SysNative\drivers\tus600_a.sys (TASCAM)
DRV:64bit: - (TASCAM_US600_MIDI) -- C:\Windows\SysNative\drivers\tus600_m.sys (TASCAM)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (LgBttPort) -- C:\Windows\SysNative\drivers\lgbtpt64.sys (LG Electronics Inc.)
DRV:64bit: - (LGVMODEM) -- C:\Windows\SysNative\drivers\lgvmdm64.sys (LG Electronics Inc.)
DRV:64bit: - (lgbusenum) -- C:\Windows\SysNative\drivers\lgbtbs64.sys (LG Electronics Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64k.sys (Microsoft Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (FlashUSB) -- C:\Windows\SysNative\drivers\FlashUSB_x64.sys (Danish Wireless Design A/S)
DRV:64bit: - (SNP325) -- C:\Windows\SysNative\drivers\snp325.sys (Sonix Co. Ltd.)
DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)
DRV:64bit: - (SynasUSB) -- C:\Windows\SysNative\drivers\synUSB64.sys (SIA Syncrosoft)
DRV - (StarOpen) -- C:\Windows\SysWow64\StarOpen.sys ()
DRV - (HWiNFO32) -- C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS (REALiX(tm))
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (FlashUSB) -- C:\Windows\SysWOW64\drivers\FlashUsb_x64.sys (Danish Wireless Design A/S)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 49 E8 71 C7 18 B0 CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "WEB.DE Suche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: info%40virustotal.com:1.5
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.10
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: YoutubeDownloader%40PeterOlayev.com:2.0.9
FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.2.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:0.9.4
FF - prefs.js..extensions.enabledItems: jsobrier@zscaler.com:1.5
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\PC\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}: C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.10 16:08:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.07.06 13:40:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.06 13:40:57 | 000,000,000 | ---D | M]
 
[2011.08.25 15:38:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Extensions
[2011.08.25 15:38:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.05.27 07:30:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de
[2013.07.04 06:04:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\rvl0z6x9.default\extensions
[2012.12.01 10:58:10 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\rvl0z6x9.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2013.05.16 17:41:41 | 000,000,000 | ---D | M] (WOT) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\rvl0z6x9.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.06.30 08:27:28 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\rvl0z6x9.default\extensions\https-everywhere@eff.org
[2010.11.26 14:43:12 | 000,000,000 | ---D | M] ("BlackSheep") -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\rvl0z6x9.default\extensions\jsobrier@zscaler.com
[2012.07.27 08:21:27 | 000,017,212 | ---- | M] () (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\rvl0z6x9.default\extensions\info@virustotal.com.xpi
[2013.06.26 22:12:00 | 000,033,312 | ---- | M] () (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\rvl0z6x9.default\extensions\YoutubeDownloader@PeterOlayev.com.xpi
[2013.07.04 06:04:33 | 000,534,371 | ---- | M] () (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\rvl0z6x9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.12.20 18:35:48 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\rvl0z6x9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.05.10 07:46:12 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\rvl0z6x9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.08.10 05:57:12 | 000,002,209 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\rvl0z6x9.default\searchplugins\englische-ergebnisse.xml
[2012.08.10 05:57:12 | 000,010,506 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\rvl0z6x9.default\searchplugins\gmx-suche.xml
[2012.08.10 05:57:12 | 000,002,368 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\rvl0z6x9.default\searchplugins\lastminute.xml
[2012.08.10 05:57:12 | 000,005,489 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\rvl0z6x9.default\searchplugins\webde-suche.xml
[2013.07.04 06:14:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.07.04 06:14:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013.02.01 16:01:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (SplitButtonBHO Class) - {C0C86BBE-9509-4296-8459-FDBFDAF4B673} - C:\Programme\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [snp325] C:\Windows\vsnp325.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [tsnp325] C:\Windows\tsnp325.exe ()
O4 - HKCU..\Run: [AmazonMP3DownloaderHelper] C:\Users\PC\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe ()
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Biet-O-Matic.exe - Verknüpfung.lnk = C:\Program Files (x86)\Biet-O-Matic\Biet-O-Matic.exe (www.bid-o-matic.org)
O4 - Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: FRITZ!Box Dial - C:\Programme\FRITZ!Box\AddOn (IE)\fb_addon_dial_ie.htm ()
O8 - Extra context menu item: FRITZ!Box Dial - C:\Programme\FRITZ!Box\AddOn (IE)\fb_addon_dial_ie.htm ()
O9:64bit: - Extra Button: FRITZ!Box AddOn - {328ECD19-C167-40eb-A0C7-16FE7634105F} - C:\Programme\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\FRITZ!DSL\SARAH.DLL (AVM Berlin)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://navigram.com/engine/v1026/Navigram.cab (Navigram Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD19B5BE-7C64-4AB8-9B5A-944A9C86D52D}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.07 09:23:37 | 000,000,000 | ---D | C] -- C:\Users\PC\Documents\aa_HUK 24
[2013.07.06 13:48:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.07.06 13:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.07.06 13:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.07.06 13:48:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.07.06 13:48:01 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.07.06 13:46:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.07.06 13:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.07.06 13:40:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013.07.04 06:14:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010.08.14 20:16:01 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\PC\AppData\Roaming\pcouffin.sys
[2010.08.04 16:51:06 | 011,405,816 | ---- | C] (DVDVideoSoft Limited.                                       ) -- C:\Program Files (x86)\Videos schneiden.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.07 09:32:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.07 09:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.07 09:21:16 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.07 09:21:16 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.07 09:13:43 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.07 09:13:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.07 09:13:25 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.06 13:48:21 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.07.02 13:46:55 | 001,533,474 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.02 13:46:55 | 000,658,988 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.02 13:46:55 | 000,620,174 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.02 13:46:55 | 000,132,558 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.02 13:46:55 | 000,108,356 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.27 14:32:46 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.06.12 09:20:34 | 000,020,500 | ---- | M] () -- C:\Users\PC\Documents\Zusammenstellung Songs Plättbrett.ods
 
========== Files Created - No Company Name ==========
 
[2013.02.06 20:27:27 | 000,000,239 | ---- | C] () -- C:\Users\PC\Uwe Reichenbächer.vcf
[2013.02.06 20:27:27 | 000,000,221 | ---- | C] () -- C:\Users\PC\Jessica Müller.vcf
[2013.02.06 20:27:27 | 000,000,190 | ---- | C] () -- C:\Users\PC\Holm_Geiermann@FA-5270_fin-nrw_de.vcf
[2013.02.06 20:27:27 | 000,000,190 | ---- | C] () -- C:\Users\PC\bizarr_it2827leta@members_ebay_de.vcf
[2013.02.06 20:27:27 | 000,000,164 | ---- | C] () -- C:\Users\PC\Praxis Hilde Henatsch.vcf
[2013.02.06 20:27:27 | 000,000,160 | ---- | C] () -- C:\Users\PC\Service@bild-energie_de.vcf
[2013.02.06 20:27:27 | 000,000,155 | ---- | C] () -- C:\Users\PC\Mag_ Christof Prammer.vcf
[2013.02.06 20:27:27 | 000,000,153 | ---- | C] () -- C:\Users\PC\Franziska Weber.vcf
[2013.02.06 20:27:27 | 000,000,146 | ---- | C] () -- C:\Users\PC\Stephan Wieczorek.vcf
[2013.02.06 20:27:27 | 000,000,140 | ---- | C] () -- C:\Users\PC\Manfred Kirfel.vcf
[2013.02.06 20:27:27 | 000,000,133 | ---- | C] () -- C:\Users\PC\FRITZ!Box.vcf
[2013.02.06 20:27:27 | 000,000,130 | ---- | C] () -- C:\Users\PC\Doris Hanuja.vcf
[2013.02.06 20:27:26 | 000,000,187 | ---- | C] () -- C:\Users\PC\giovin_fzw4707qh@members_ebay_it.vcf
[2013.02.06 20:27:26 | 000,000,172 | ---- | C] () -- C:\Users\PC\Kundendienst@maja-moebel_de.vcf
[2013.02.06 20:27:26 | 000,000,154 | ---- | C] () -- C:\Users\PC\Wolfgang Engber.vcf
[2013.02.06 20:27:26 | 000,000,152 | ---- | C] () -- C:\Users\PC\Wilhelm Friedrichs.vcf
[2013.02.06 20:27:26 | 000,000,151 | ---- | C] () -- C:\Users\PC\Patricia van Issem.vcf
[2013.02.06 20:27:26 | 000,000,150 | ---- | C] () -- C:\Users\PC\Winands, Hannelore.vcf
[2013.02.06 20:27:26 | 000,000,149 | ---- | C] () -- C:\Users\PC\Thomas Sztochaj.vcf
[2013.02.06 20:27:26 | 000,000,147 | ---- | C] () -- C:\Users\PC\Guitar-Hospital.vcf
[2013.02.06 20:27:26 | 000,000,146 | ---- | C] () -- C:\Users\PC\FoodonFootTours.vcf
[2013.02.06 20:27:26 | 000,000,145 | ---- | C] () -- C:\Users\PC\Zechmann Melanie.vcf
[2013.02.06 20:27:26 | 000,000,144 | ---- | C] () -- C:\Users\PC\Stefanie Hornig.vcf
[2013.02.06 20:27:26 | 000,000,144 | ---- | C] () -- C:\Users\PC\Stefanie Fellage.vcf
[2013.02.06 20:27:26 | 000,000,143 | ---- | C] () -- C:\Users\PC\vera becker.vcf
[2013.02.06 20:27:26 | 000,000,143 | ---- | C] () -- C:\Users\PC\Travel Center.vcf
[2013.02.06 20:27:26 | 000,000,142 | ---- | C] () -- C:\Users\PC\versand@cadooz_de.vcf
[2013.02.06 20:27:26 | 000,000,142 | ---- | C] () -- C:\Users\PC\Stephan Nobel.vcf
[2013.02.06 20:27:26 | 000,000,141 | ---- | C] () -- C:\Users\PC\Manuel Kaiser.vcf
[2013.02.06 20:27:26 | 000,000,139 | ---- | C] () -- C:\Users\PC\Andreas Defren.vcf
[2013.02.06 20:27:26 | 000,000,138 | ---- | C] () -- C:\Users\PC\klarmobil_de.vcf
[2013.02.06 20:27:26 | 000,000,136 | ---- | C] () -- C:\Users\PC\info@wbs-law_de.vcf
[2013.02.06 20:27:26 | 000,000,135 | ---- | C] () -- C:\Users\PC\Thomas Braun.vcf
[2013.02.06 20:27:26 | 000,000,135 | ---- | C] () -- C:\Users\PC\Peter Schati.vcf
[2013.02.06 20:27:26 | 000,000,134 | ---- | C] () -- C:\Users\PC\Knut Schwarz.vcf
[2013.02.06 20:27:26 | 000,000,134 | ---- | C] () -- C:\Users\PC\Gregor Hilden.vcf
[2013.02.06 20:27:26 | 000,000,133 | ---- | C] () -- C:\Users\PC\WEEHBO Effekte.vcf
[2013.02.06 20:27:26 | 000,000,133 | ---- | C] () -- C:\Users\PC\Sylvia Makel.vcf
[2013.02.06 20:27:26 | 000,000,133 | ---- | C] () -- C:\Users\PC\Susanne Loew.vcf
[2013.02.06 20:27:26 | 000,000,132 | ---- | C] () -- C:\Users\PC\Bernd Porada.vcf
[2013.02.06 20:27:26 | 000,000,130 | ---- | C] () -- C:\Users\PC\Yvonne S_.vcf
[2013.02.06 20:27:26 | 000,000,130 | ---- | C] () -- C:\Users\PC\Susanne.vcf
[2013.02.06 20:27:26 | 000,000,130 | ---- | C] () -- C:\Users\PC\ali sarici.vcf
[2013.02.06 20:27:26 | 000,000,129 | ---- | C] () -- C:\Users\PC\Axel Kramer.vcf
[2013.02.06 20:27:26 | 000,000,128 | ---- | C] () -- C:\Users\PC\W_h_hunter.vcf
[2013.02.06 20:27:26 | 000,000,128 | ---- | C] () -- C:\Users\PC\Tamara Moog.vcf
[2013.02.06 20:27:26 | 000,000,125 | ---- | C] () -- C:\Users\PC\Udo Krupp.vcf
[2013.02.06 20:27:26 | 000,000,121 | ---- | C] () -- C:\Users\PC\Anne Neu.vcf
[2013.02.06 20:27:25 | 000,000,188 | ---- | C] () -- C:\Users\PC\NISSAN Kundenbetreuung.vcf
[2013.02.06 20:27:25 | 000,000,187 | ---- | C] () -- C:\Users\PC\Sigrid_Becker@FA-5218_fin-nrw_de.vcf
[2013.02.06 20:27:25 | 000,000,178 | ---- | C] () -- C:\Users\PC\r_lehnert@auto-cloppenburg_de.vcf
[2013.02.06 20:27:25 | 000,000,175 | ---- | C] () -- C:\Users\PC\OnlineFrankierung_de@dhl_com.vcf
[2013.02.06 20:27:25 | 000,000,169 | ---- | C] () -- C:\Users\PC\Nadine_Koch@deutschesee_de.vcf
[2013.02.06 20:27:25 | 000,000,166 | ---- | C] () -- C:\Users\PC\Mathias_Krines@telekom_de.vcf
[2013.02.06 20:27:25 | 000,000,166 | ---- | C] () -- C:\Users\PC\Kundenservice@t-mobile_de.vcf
[2013.02.06 20:27:25 | 000,000,163 | ---- | C] () -- C:\Users\PC\scholz-stein@t-online_de.vcf
[2013.02.06 20:27:25 | 000,000,162 | ---- | C] () -- C:\Users\PC\Reichenberger, Tanja.vcf
[2013.02.06 20:27:25 | 000,000,161 | ---- | C] () -- C:\Users\PC\Mercedes-Benz Bank.vcf
[2013.02.06 20:27:25 | 000,000,157 | ---- | C] () -- C:\Users\PC\service@stayfriends_de.vcf
[2013.02.06 20:27:25 | 000,000,157 | ---- | C] () -- C:\Users\PC\Sebi & Manuela Rick.vcf
[2013.02.06 20:27:25 | 000,000,154 | ---- | C] () -- C:\Users\PC\Matthias van der Straeten.vcf
[2013.02.06 20:27:25 | 000,000,152 | ---- | C] () -- C:\Users\PC\Margarete Bongardt.vcf
[2013.02.06 20:27:25 | 000,000,148 | ---- | C] () -- C:\Users\PC\softsell2007@web_de.vcf
[2013.02.06 20:27:25 | 000,000,148 | ---- | C] () -- C:\Users\PC\Natalie Wipperfeld.vcf
[2013.02.06 20:27:25 | 000,000,147 | ---- | C] () -- C:\Users\PC\Miriam Druckhammer.vcf
[2013.02.06 20:27:25 | 000,000,143 | ---- | C] () -- C:\Users\PC\Service Europe.vcf
[2013.02.06 20:27:25 | 000,000,143 | ---- | C] () -- C:\Users\PC\Markus Urbach.vcf
[2013.02.06 20:27:25 | 000,000,142 | ---- | C] () -- C:\Users\PC\Sabine Bender.vcf
[2013.02.06 20:27:25 | 000,000,141 | ---- | C] () -- C:\Users\PC\Markus Polauke.vcf
[2013.02.06 20:27:25 | 000,000,140 | ---- | C] () -- C:\Users\PC\Music Store Bass.vcf
[2013.02.06 20:27:25 | 000,000,139 | ---- | C] () -- C:\Users\PC\order@seeside_de.vcf
[2013.02.06 20:27:25 | 000,000,137 | ---- | C] () -- C:\Users\PC\Sebastian Bender.vcf
[2013.02.06 20:27:25 | 000,000,136 | ---- | C] () -- C:\Users\PC\Michael Zapf.vcf
[2013.02.06 20:27:25 | 000,000,135 | ---- | C] () -- C:\Users\PC\Ralf Vieren.vcf
[2013.02.06 20:27:25 | 000,000,134 | ---- | C] () -- C:\Users\PC\Stefan Schmitz.vcf
[2013.02.06 20:27:25 | 000,000,134 | ---- | C] () -- C:\Users\PC\Markus Schott.vcf
[2013.02.06 20:27:25 | 000,000,134 | ---- | C] () -- C:\Users\PC\Marco Klein.vcf
[2013.02.06 20:27:25 | 000,000,133 | ---- | C] () -- C:\Users\PC\Nicole Davis.vcf
[2013.02.06 20:27:25 | 000,000,131 | ---- | C] () -- C:\Users\PC\Michael Erbs.vcf
[2013.02.06 20:27:25 | 000,000,130 | ---- | C] () -- C:\Users\PC\Nadine Koch.vcf
[2013.02.06 20:27:25 | 000,000,128 | ---- | C] () -- C:\Users\PC\Lisa N_.vcf
[2013.02.06 20:27:25 | 000,000,126 | ---- | C] () -- C:\Users\PC\S_ Nobel.vcf
[2013.02.06 20:27:24 | 000,000,208 | ---- | C] () -- C:\Users\PC\Hans-Peter_Kirchmann@FA-5218_fin-nrw_de.vcf
[2013.02.06 20:27:24 | 000,000,184 | ---- | C] () -- C:\Users\PC\Dorothea_Langen@FA-5270_fin-nrw_de.vcf
[2013.02.06 20:27:24 | 000,000,181 | ---- | C] () -- C:\Users\PC\jeanette_hadaschik@uni-bonn_de.vcf
[2013.02.06 20:27:24 | 000,000,178 | ---- | C] () -- C:\Users\PC\esv-troisdorf@ist-einmalig_de.vcf
[2013.02.06 20:27:24 | 000,000,165 | ---- | C] () -- C:\Users\PC\Kellner, Hans-Joachim.vcf
[2013.02.06 20:27:24 | 000,000,151 | ---- | C] () -- C:\Users\PC\info@hagu-mitwitz_de.vcf
[2013.02.06 20:27:24 | 000,000,150 | ---- | C] () -- C:\Users\PC\Jochen Schmidt.vcf
[2013.02.06 20:27:24 | 000,000,148 | ---- | C] () -- C:\Users\PC\Harald_bosch@web_de.vcf
[2013.02.06 20:27:24 | 000,000,148 | ---- | C] () -- C:\Users\PC\Franz-Peter Klein.vcf
[2013.02.06 20:27:24 | 000,000,146 | ---- | C] () -- C:\Users\PC\Juliette Bouvier.vcf
[2013.02.06 20:27:24 | 000,000,145 | ---- | C] () -- C:\Users\PC\KStA Leserbriefe.vcf
[2013.02.06 20:27:24 | 000,000,145 | ---- | C] () -- C:\Users\PC\kajigor@get2net_dk.vcf
[2013.02.06 20:27:24 | 000,000,145 | ---- | C] () -- C:\Users\PC\jan_mayer@wegoo_de.vcf
[2013.02.06 20:27:24 | 000,000,145 | ---- | C] () -- C:\Users\PC\Heller-Anna@web_de.vcf
[2013.02.06 20:27:24 | 000,000,143 | ---- | C] () -- C:\Users\PC\Henry Schultz.vcf
[2013.02.06 20:27:24 | 000,000,142 | ---- | C] () -- C:\Users\PC\Julia Schaper.vcf
[2013.02.06 20:27:24 | 000,000,142 | ---- | C] () -- C:\Users\PC\Jeanette.vcf
[2013.02.06 20:27:24 | 000,000,142 | ---- | C] () -- C:\Users\PC\info@comdirect_de.vcf
[2013.02.06 20:27:24 | 000,000,139 | ---- | C] () -- C:\Users\PC\Erik Trimborn.vcf
[2013.02.06 20:27:24 | 000,000,138 | ---- | C] () -- C:\Users\PC\Harald Eggert.vcf
[2013.02.06 20:27:24 | 000,000,137 | ---- | C] () -- C:\Users\PC\Gabi.vcf
[2013.02.06 20:27:24 | 000,000,134 | ---- | C] () -- C:\Users\PC\Karl.vcf
[2013.02.06 20:27:24 | 000,000,134 | ---- | C] () -- C:\Users\PC\Kai Bauer.vcf
[2013.02.06 20:27:24 | 000,000,133 | ---- | C] () -- C:\Users\PC\ks-jupp@gmx_de.vcf
[2013.02.06 20:27:24 | 000,000,133 | ---- | C] () -- C:\Users\PC\info@delti_com.vcf
[2013.02.06 20:27:24 | 000,000,132 | ---- | C] () -- C:\Users\PC\Greti 1 B_.vcf
[2013.02.06 20:27:24 | 000,000,131 | ---- | C] () -- C:\Users\PC\GMX Support.vcf
[2013.02.06 20:27:24 | 000,000,130 | ---- | C] () -- C:\Users\PC\heeke.vcf
[2013.02.06 20:27:24 | 000,000,126 | ---- | C] () -- C:\Users\PC\Greti 2.vcf
[2013.02.06 20:27:24 | 000,000,125 | ---- | C] () -- C:\Users\PC\Jonas Quecke.vcf
[2013.02.06 20:27:24 | 000,000,119 | ---- | C] () -- C:\Users\PC\Kulas.vcf
[2013.02.06 20:27:24 | 000,000,114 | ---- | C] () -- C:\Users\PC\ina.vcf
[2013.02.06 20:27:23 | 000,000,249 | ---- | C] () -- C:\Users\PC\GKBp Köln Poststelle.vcf
[2013.02.06 20:27:23 | 000,000,241 | ---- | C] () -- C:\Users\PC\Oktay Özgönenc.vcf
[2013.02.06 20:27:23 | 000,000,231 | ---- | C] () -- C:\Users\PC\Burger Gaststätte.vcf
[2013.02.06 20:27:23 | 000,000,223 | ---- | C] () -- C:\Users\PC\Biggi Räkers.vcf
[2013.02.06 20:27:23 | 000,000,193 | ---- | C] () -- C:\Users\PC\christoph_dierichsweiler@dekra_com.vcf
[2013.02.06 20:27:23 | 000,000,191 | ---- | C] () -- C:\Users\PC\Anja.vcf
[2013.02.06 20:27:23 | 000,000,185 | ---- | C] () -- C:\Users\PC\Manfred Eilers.vcf
[2013.02.06 20:27:23 | 000,000,184 | ---- | C] () -- C:\Users\PC\karadi_ft3107rg@members_ebay_de.vcf
[2013.02.06 20:27:23 | 000,000,160 | ---- | C] () -- C:\Users\PC\dieter_schmitt@koeln_de.vcf
[2013.02.06 20:27:23 | 000,000,158 | ---- | C] () -- C:\Users\PC\Daniela Mueller.vcf
[2013.02.06 20:27:23 | 000,000,157 | ---- | C] () -- C:\Users\PC\Seniorenstift Bochum.vcf
[2013.02.06 20:27:23 | 000,000,157 | ---- | C] () -- C:\Users\PC\bernd_webersinn@cbc_de.vcf
[2013.02.06 20:27:23 | 000,000,152 | ---- | C] () -- C:\Users\PC\Barbara Schieffer.vcf
[2013.02.06 20:27:23 | 000,000,150 | ---- | C] () -- C:\Users\PC\Thomas Reitmair.vcf
[2013.02.06 20:27:23 | 000,000,150 | ---- | C] () -- C:\Users\PC\Dagmar Schroeder.vcf
[2013.02.06 20:27:23 | 000,000,148 | ---- | C] () -- C:\Users\PC\derthomas@online_de.vcf
[2013.02.06 20:27:23 | 000,000,148 | ---- | C] () -- C:\Users\PC\Denise - Ofori Kuragu.vcf
[2013.02.06 20:27:23 | 000,000,148 | ---- | C] () -- C:\Users\PC\Barbara Schultz.vcf
[2013.02.06 20:27:23 | 000,000,147 | ---- | C] () -- C:\Users\PC\Gumtree Mail.vcf
[2013.02.06 20:27:23 | 000,000,144 | ---- | C] () -- C:\Users\PC\Holm Geiermann.vcf
[2013.02.06 20:27:23 | 000,000,142 | ---- | C] () -- C:\Users\PC\Bernd Webersinn.vcf
[2013.02.06 20:27:23 | 000,000,142 | ---- | C] () -- C:\Users\PC\aranka patt.vcf
[2013.02.06 20:27:23 | 000,000,142 | ---- | C] () -- C:\Users\PC\Alexander Mitsche.vcf
[2013.02.06 20:27:23 | 000,000,142 | ---- | C] () -- C:\Users\PC\A Hauchwitz.vcf
[2013.02.06 20:27:23 | 000,000,141 | ---- | C] () -- C:\Users\PC\Duden, Sandra.vcf
[2013.02.06 20:27:23 | 000,000,141 | ---- | C] () -- C:\Users\PC\andre brathe.vcf
[2013.02.06 20:27:23 | 000,000,140 | ---- | C] () -- C:\Users\PC\Margit Chojetzki.vcf
[2013.02.06 20:27:23 | 000,000,139 | ---- | C] () -- C:\Users\PC\Susan's Mailbox.vcf
[2013.02.06 20:27:23 | 000,000,139 | ---- | C] () -- C:\Users\PC\Achim Hofmann.vcf
[2013.02.06 20:27:23 | 000,000,137 | ---- | C] () -- C:\Users\PC\Chris Bargon.vcf
[2013.02.06 20:27:23 | 000,000,137 | ---- | C] () -- C:\Users\PC\Andrea Hauchwitz.vcf
[2013.02.06 20:27:23 | 000,000,136 | ---- | C] () -- C:\Users\PC\Frank Baltus.vcf
[2013.02.06 20:27:23 | 000,000,136 | ---- | C] () -- C:\Users\PC\Achim Hofmann (1).vcf
[2013.02.06 20:27:23 | 000,000,133 | ---- | C] () -- C:\Users\PC\Ates, Birgit.vcf
[2013.02.06 20:27:23 | 000,000,124 | ---- | C] () -- C:\Users\PC\Alex Gross.vcf
[2013.02.06 20:27:23 | 000,000,121 | ---- | C] () -- C:\Users\PC\Don Mack.vcf
[2013.02.06 20:27:22 | 000,000,257 | ---- | C] () -- C:\Users\PC\Vera Glöckner-Burgtorf.vcf
[2013.02.06 20:27:22 | 000,000,230 | ---- | C] () -- C:\Users\PC\Günter Andres.vcf
[2013.02.06 20:27:22 | 000,000,190 | ---- | C] () -- C:\Users\PC\remusi_lud4249tgf@members_ebay_de.vcf
[2013.02.06 20:27:22 | 000,000,171 | ---- | C] () -- C:\Users\PC\Andrea (OFD-Rhld) Derkum.vcf
[2013.02.06 20:27:22 | 000,000,166 | ---- | C] () -- C:\Users\PC\norbert_redlich@fv_nrw_de.vcf
[2013.02.06 20:27:22 | 000,000,163 | ---- | C] () -- C:\Users\PC\guenter_andres@fv-nrw_de.vcf
[2013.02.06 20:27:22 | 000,000,148 | ---- | C] () -- C:\Users\PC\Manfred Kierdorf.vcf
[2013.02.06 20:27:22 | 000,000,145 | ---- | C] () -- C:\Users\PC\Norbert Redlich.vcf
[2013.02.06 20:27:22 | 000,000,145 | ---- | C] () -- C:\Users\PC\Gerd Essmann.vcf
[2013.02.06 20:27:22 | 000,000,139 | ---- | C] () -- C:\Users\PC\Rina Cervinski.vcf
[2013.02.06 20:27:22 | 000,000,139 | ---- | C] () -- C:\Users\PC\Ralf Goebbels.vcf
[2013.02.01 15:47:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.01 15:47:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.01 15:47:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.01 15:47:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.01 15:47:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.29 19:15:20 | 000,000,000 | ---- | C] () -- C:\Users\PC\defogger_reenable
[2012.12.08 16:42:10 | 000,000,244 | ---- | C] () -- C:\Users\PC\.swfinfo
[2012.08.13 11:08:08 | 000,014,217 | ---- | C] () -- C:\Program Files (x86)\readme.html
[2012.05.08 14:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files (x86)\basis-link
[2012.03.03 11:06:39 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ2414N.DAT
[2011.12.19 07:38:48 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2011.10.12 18:28:35 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2011.10.12 18:26:25 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2011.10.11 14:14:27 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll
[2011.10.11 14:13:04 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011.10.11 14:12:33 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011.10.11 14:03:27 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2010.12.30 11:47:40 | 000,005,536 | ---- | C] () -- C:\Users\PC\AppData\Roaming\mdbu.bin
[2010.12.24 18:03:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.14 20:16:01 | 000,007,859 | ---- | C] () -- C:\Users\PC\AppData\Roaming\pcouffin.cat
[2010.08.14 20:16:01 | 000,001,167 | ---- | C] () -- C:\Users\PC\AppData\Roaming\pcouffin.inf
[2010.08.14 19:58:16 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.08.11 21:33:56 | 000,000,017 | ---- | C] () -- C:\Users\PC\AppData\Local\resmon.resmoncfg
[2010.02.19 17:22:48 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.02.19 16:41:55 | 004,096,000 | ---- | C] () -- C:\Users\PC\FRITZ.Box_Fon_5140.AnnexB.43.04.67.image
[2010.02.19 16:41:20 | 000,000,278 | ---- | C] () -- C:\Users\PC\plakat.pdf
[2010.02.19 16:40:59 | 000,310,784 | ---- | C] () -- C:\Users\PC\Wochenbericht G-u-KBP.dot
[2007.03.12 18:59:00 | 000,299,008 | ---- | C] () -- C:\Program Files (x86)\navigram_register.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.05.22 18:03:54 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Amazon
[2010.10.28 10:02:31 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Audacity
[2010.02.21 20:25:31 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Auslogics
[2012.12.22 16:11:02 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\avidemux
[2012.03.03 16:23:18 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Azureus
[2010.02.19 17:54:55 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Canneverbe Limited
[2012.03.03 11:09:01 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Canon
[2013.02.01 15:58:01 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\convert
[2013.07.07 09:15:08 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Dropbox
[2012.04.06 13:21:14 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\DVDVideoSoft
[2011.03.24 17:45:03 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.11.05 09:50:56 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\elsterformular
[2010.04.28 14:57:34 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\FreeFLVConverter
[2010.08.12 20:58:43 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\FreeVideoConverter
[2013.05.23 11:46:13 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\FRITZ!
[2013.05.28 16:12:51 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\GARMIN
[2010.11.17 21:13:13 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\GetRightToGo
[2012.10.09 15:49:59 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\GitarreroSoftware
[2011.05.27 15:42:59 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Haufe
[2011.05.27 07:30:08 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Haufe Mediengruppe
[2012.04.24 16:18:29 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\HTC
[2012.04.24 16:20:19 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2010.10.17 12:13:35 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Leadertech
[2010.09.28 17:09:26 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\LG Electronics
[2011.10.11 14:19:14 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\MAGIX
[2010.05.26 17:51:28 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\ML
[2010.10.28 12:20:19 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Music Editor Free
[2010.02.19 17:38:49 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\OpenOffice.org
[2011.05.29 09:19:29 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Panda Security
[2010.09.11 11:38:21 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\PersBackup5
[2011.02.10 17:01:29 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\pschmid.net
[2012.07.08 14:28:34 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\QuickScan
[2012.07.15 12:36:51 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Scribus
[2013.02.02 19:26:02 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Steinberg
[2011.05.29 09:18:46 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\SurfSecret Privacy Suite
[2012.10.26 07:40:19 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\TC-Helicon
[2011.08.25 15:38:38 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\TomTom
[2010.11.11 20:28:56 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\TrafficMonitor
[2012.04.06 13:19:50 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Vso
[2011.12.16 12:15:24 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\VST3 Presets
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013.02.06 20:27:26 | 000,000,244 | ---- | M] ()(C:\Users\PC\Thomas K?nigs.vcf) -- C:\Users\PC\Thomas K�nigs.vcf
[2013.02.06 20:27:26 | 000,000,244 | ---- | C] ()(C:\Users\PC\Thomas K?nigs.vcf) -- C:\Users\PC\Thomas K�nigs.vcf
[2013.02.06 20:27:26 | 000,000,233 | ---- | M] ()(C:\Users\PC\Thomas K?nigs (1).vcf) -- C:\Users\PC\Thomas K�nigs (1).vcf
[2013.02.06 20:27:26 | 000,000,233 | ---- | C] ()(C:\Users\PC\Thomas K?nigs (1).vcf) -- C:\Users\PC\Thomas K�nigs (1).vcf
[2013.02.06 20:27:25 | 000,000,241 | ---- | M] ()(C:\Users\PC\Robert Kaltenb?ck.vcf) -- C:\Users\PC\Robert Kaltenb�ck.vcf
[2013.02.06 20:27:25 | 000,000,241 | ---- | C] ()(C:\Users\PC\Robert Kaltenb?ck.vcf) -- C:\Users\PC\Robert Kaltenb�ck.vcf
[2013.02.06 20:27:25 | 000,000,236 | ---- | M] ()(C:\Users\PC\markus m?ller.vcf) -- C:\Users\PC\markus m�ller.vcf
[2013.02.06 20:27:25 | 000,000,236 | ---- | C] ()(C:\Users\PC\markus m?ller.vcf) -- C:\Users\PC\markus m�ller.vcf
[2013.02.06 20:27:25 | 000,000,233 | ---- | M] ()(C:\Users\PC\Ralf Maa?en.vcf) -- C:\Users\PC\Ralf Maa�en.vcf
[2013.02.06 20:27:25 | 000,000,233 | ---- | C] ()(C:\Users\PC\Ralf Maa?en.vcf) -- C:\Users\PC\Ralf Maa�en.vcf
[2013.02.06 20:27:25 | 000,000,228 | ---- | M] ()(C:\Users\PC\Ralf Maa?en (1).vcf) -- C:\Users\PC\Ralf Maa�en (1).vcf
[2013.02.06 20:27:25 | 000,000,228 | ---- | C] ()(C:\Users\PC\Ralf Maa?en (1).vcf) -- C:\Users\PC\Ralf Maa�en (1).vcf
[2013.02.06 20:27:24 | 000,000,251 | ---- | M] ()(C:\Users\PC\D?ster Volker.vcf) -- C:\Users\PC\D�ster Volker.vcf
[2013.02.06 20:27:24 | 000,000,251 | ---- | C] ()(C:\Users\PC\D?ster Volker.vcf) -- C:\Users\PC\D�ster Volker.vcf
[2013.02.06 20:27:24 | 000,000,250 | ---- | M] ()(C:\Users\PC\Kerstin L?neburger.vcf) -- C:\Users\PC\Kerstin L�neburger.vcf
[2013.02.06 20:27:24 | 000,000,250 | ---- | C] ()(C:\Users\PC\Kerstin L?neburger.vcf) -- C:\Users\PC\Kerstin L�neburger.vcf
[2013.02.06 20:27:24 | 000,000,242 | ---- | M] ()(C:\Users\PC\Dirk Wildsch?tz.vcf) -- C:\Users\PC\Dirk Wildsch�tz.vcf
[2013.02.06 20:27:24 | 000,000,242 | ---- | C] ()(C:\Users\PC\Dirk Wildsch?tz.vcf) -- C:\Users\PC\Dirk Wildsch�tz.vcf
[2013.02.06 20:27:24 | 000,000,234 | ---- | M] ()(C:\Users\PC\Hanni M?ller.vcf) -- C:\Users\PC\Hanni M�ller.vcf
[2013.02.06 20:27:24 | 000,000,234 | ---- | C] ()(C:\Users\PC\Hanni M?ller.vcf) -- C:\Users\PC\Hanni M�ller.vcf
[2013.02.06 20:27:24 | 000,000,229 | ---- | M] ()(C:\Users\PC\J?rgen Quint.vcf) -- C:\Users\PC\J�rgen Quint.vcf
[2013.02.06 20:27:24 | 000,000,229 | ---- | C] ()(C:\Users\PC\J?rgen Quint.vcf) -- C:\Users\PC\J�rgen Quint.vcf
[2013.02.06 20:27:23 | 000,000,235 | ---- | M] ()(C:\Users\PC\Daniela M?ller.vcf) -- C:\Users\PC\Daniela M�ller.vcf
[2013.02.06 20:27:23 | 000,000,235 | ---- | C] ()(C:\Users\PC\Daniela M?ller.vcf) -- C:\Users\PC\Daniela M�ller.vcf
[2013.02.06 20:27:23 | 000,000,229 | ---- | M] ()(C:\Users\PC\Dieter R?kers.vcf) -- C:\Users\PC\Dieter R�kers.vcf
[2013.02.06 20:27:23 | 000,000,229 | ---- | C] ()(C:\Users\PC\Dieter R?kers.vcf) -- C:\Users\PC\Dieter R�kers.vcf

< End of report >

Eine Extra.txt wurde nicht erstellt??!!

Win.Trojan 588749, Win.Trojan.Bamital 1158, Win.Trojan.Agent 382794

Log-Analyse und Auswertung: Win.Trojan 588749, Win.Trojan.Bamital 1158, Win.Trojan.Agent 382794

Win.Trojan 588749, Win.Trojan.Bamital 1158, Win.Trojan.Agent 382794

Ähnliche Themen: Win.Trojan 588749, Win.Trojan.Bamital 1158, Win.Trojan.Agent 382794