Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.07.2013, 18:09   #1
saufbiene
 
backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar - Standard

backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar



hi habe ein problem dieser virus wurde identifiziert
backdoor.WIN32.ZAccess.mbs

kann windows seit er desinfiziert wurde nur noch über abgesicherten modus starten
andere möglichkeit nicht möglich -.-

log usw.
keine ahnung ob ich ihn erstellen kann ich werde es mal versuchen

und weis leider net wie lange er den abgesicherten modus noch ausführt nutze nämlich gerade den lapyp damit mit netzwerktreibern -.-*

Geändert von saufbiene (27.07.2013 um 19:03 Uhr)

Alt 27.07.2013, 18:15   #2
schrauber
/// the machine
/// TB-Ausbilder
 

backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar - Standard

backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 27.07.2013, 18:32   #3
saufbiene
 
backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar - Standard

backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar



hier der frst log


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-07-2013 04
Ran by Rolf (administrator) on 27-07-2013 19:17:59
Running from C:\Users\Rolf\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Rolf\Desktop\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-11] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11548264 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2181224 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [Seagull Drivers] - ssdal_nc.exe startup [x]
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [HP Color LaserJet CM1312 MFP Series Fax] - C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe [3700736 2009-09-22] (Hewlett-Packard Company)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKCU\...\Run: [AdobeBridge] - C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe [13145448 2008-08-28] (Adobe Systems, Inc.)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-11-05] ()
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Rolf\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKCU\...\Run: [Personal ID] - C:\PROGRA~2\COOLSP~1\PERSON~1\PID.EXE [1132984 2012-01-02] (coolspot AG, Düsseldorf)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKLM-x32\...\Run: [HotkeyApp] - C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] - C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2009-12-12] (Wistron Corp.)
HKLM-x32\...\Run: [Wbutton] - C:\Program Files (x86)\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2010-10-29] (CyberLink)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642816 2012-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] - C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPUsageTracking] - C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe [24576 2009-05-11] (Hewlett-Packard Company)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-02-28] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NeroFilterCheck] - C:\Windows\system32\NeroCheck.exe [x]
HKU\Default\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
HKU\Default User\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Rolf\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk /p \??\G:autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {CCD070F4-F55B-4DAD-AB73-CB473677714E} URL = 
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
Handler: msdaipp - No CLSID Value - 
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value - 
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 11 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 11 mswsock.dll File Not found (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3CD1F7EC-0802-45A4-AFC1-73A4D005F5B9}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{75BC5AA5-7F30-41CC-B2FA-80D600FCEF44}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{83AAB742-4324-4A41-B1E3-9AC77F1D09A4}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{B571EA15-83F6-456F-A557-A15763023944}: [NameServer]193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\unwm0rcp.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Rolf\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: No Name - C:\Users\Rolf\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: torntv - C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\unwm0rcp.default\Extensions\torntv@torntv.com.xpi
FF Extension: No Name - C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\unwm0rcp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\unwm0rcp.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions:  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome: 
=======
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Zylom Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll (Zylom)
CHR Plugin: (AdobeExManDetect) - C:\Program Files (x86)\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Turn Off the Lights) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.2.0.12_0
CHR Extension: (convert2mp3.net Online Video Converter) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhklmhadmpdfcgimodhdapodbllnjjll\1.7_0
CHR Extension: (YouTube) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Cake Mania Main Street) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohogdkongdgejlnndnnhamjgfnbfoon\0.1_0
CHR Extension: (Fruit Ninja HD) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceieijcdaiaaflfpnfbeclgnfbhglkde\1.0.0_0
CHR Extension: (Comics and Manga online) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\chmidfbpiiicmkfimcbcoagpmchgmkpl\1.4.3_0
CHR Extension: (Monster Dash) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknghehebaconkajgiobncfleofebcog\2.2_0
CHR Extension: (Search by Image (by Google)) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.4.3_0
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.2_0
CHR Extension: (Content Blocker) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_1
CHR Extension: (Cake Mania) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckjnbilaljpiclmpmnomoapakjmoapj\0.1_0
CHR Extension: (SparkChess 6) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem\6.1.0.1_0
CHR Extension: (Sand 2) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\klicmgamjpclmbhppmdeamffedflmkcn\1.1_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR Extension: (YouTube Unblocker) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl\0.4.4_0
CHR Extension: (Anti-Banner) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0
CHR Extension: (LoL Guides) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcpejbpddihleognngdlmbnpgoaolgl\2.2.6.3_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hempmfkijmahkaddljkmchcmjbojoedl] - C:\Users\Rolf\AppData\Local\CRE\hempmfkijmahkaddljkmchcmjbojoedl.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\adawaretb\chrome-newtab-search.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx

==================== Services (Whitelisted) =================

S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
S3 Akamai; c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll [3417376 2012-03-28] ()
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-02-28] (Kaspersky Lab ZAO)
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2430128 2011-12-06] (mobile concepts GmbH)
S2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project)
S3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [5124464 2012-12-16] (INCA Internet Co., Ltd.)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-03-05] (Overwolf Ltd)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] ()
S2 StarMoney Business 4.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 4.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2013-03-02] (TuneUp Software)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-11-21] (TuneUp Software)
S3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
S2 x10nets; C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe [20480 2009-11-07] (X10)

==================== Drivers (Whitelisted) ====================

S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-23] (GFI Software)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-26] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2013-02-28] (Kaspersky Lab)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2013-02-28] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-26] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [913888 2009-09-24] (DiBcom SA)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.)
S3 NxpCap64; C:\Windows\System32\DRIVERS\NxpCap64.sys [1888864 2010-02-04] (NXP Semiconductors Germany GmbH)
S3 TrdCap64; C:\Windows\System32\DRIVERS\TrdCap64.sys [1887528 2010-06-09] (Trident Microsystems, Inc.)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-25] (TuneUp Software)
S3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S3 wolf; \??\C:\AeriaGames\WolfTeam-DE\avital\wolf64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

Error(0) reading file: "C:\Windows\system32\ "
2013-07-27 19:17 - 2013-07-27 19:17 - 01780815 ____C (Farbar) C:\Users\Rolf\Desktop\FRST64 (1).exe
2013-07-27 19:17 - 2013-07-27 19:17 - 00000000 ___DC C:\FRST
2013-07-27 18:31 - 2013-07-27 18:32 - 00000005 ____C C:\Users\Rolf\AppData\Roaming\mbam.context.scan
2013-07-27 17:43 - 2013-07-27 17:43 - 00002136 ____C C:\Users\Rolf\Downloads\Ashampoo_Burning_Studio_Elements_10.0.9__Setup_+_Keygen.torrent
2013-07-27 17:41 - 2013-07-27 17:41 - 00002182 ____C C:\Users\Rolf\Downloads\[torrent.cd].Ashampoo_Burning_Studio_Elements_10.0.9_Setup_+_Keygen.torrent
2013-07-27 17:21 - 2013-07-27 17:21 - 72114856 ____C (Ashampoo GmbH & Co. KG                                      ) C:\Users\Rolf\Downloads\ashampoo_burning_studio_elements_10.0.9_sm.exe
2013-07-27 17:00 - 2013-07-27 17:00 - 00001883 ____C C:\Users\Public\Desktop\MyKeyFinder.lnk
2013-07-27 17:00 - 2013-07-27 17:00 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Abelssoft
2013-07-27 17:00 - 2013-07-27 17:00 - 00000000 ___DC C:\Program Files (x86)\MyKeyFinder
2013-07-27 16:59 - 2013-07-27 16:59 - 02962000 ____C (Abelssoft                                                   ) C:\Users\Rolf\Downloads\mykeyfinder.exe
2013-07-26 22:01 - 2013-07-26 22:01 - 00000000 ___DC C:\Users\Rolf\Documents\MAGIX
2013-07-26 21:07 - 2013-07-26 21:07 - 00666633 ____C C:\Users\Rolf\Downloads\adwcleaner.exe
2013-07-26 20:39 - 2013-07-26 20:40 - 05093969 ____C (Swearware) C:\Users\Rolf\Downloads\ComboFix.exe
2013-07-25 20:55 - 2013-07-25 20:55 - 01779761 ____C (Farbar) C:\Users\Rolf\Downloads\FRST64.exe
2013-07-25 15:53 - 2013-07-27 19:03 - 00001742 ____C C:\Windows\PFRO.log
2013-07-24 23:52 - 2013-07-24 23:53 - 01392906 ____C C:\Users\Rolf\Downloads\licensecrawler130.zip
2013-07-24 23:52 - 2013-07-24 23:52 - 00022220 ____C C:\Users\Rolf\Downloads\language_pack.zip
2013-07-24 18:40 - 2013-07-24 18:40 - 00957248 ____C (DivX, LLC) C:\Users\Rolf\Downloads\DivXInstaller.exe
2013-07-24 18:40 - 2013-07-24 18:40 - 00000000 ___DC C:\Program Files (x86)\AC3 Player
2013-07-24 18:40 - 2013-07-24 18:40 - 00000000 ____C C:\END
2013-07-24 18:39 - 2013-07-24 18:40 - 06328694 ____C (ac3directshowfilter.com                                     ) C:\Users\Rolf\Downloads\ac3player_setup.exe
2013-07-24 18:33 - 2013-07-24 18:33 - 15730048 ____C (Adobe Systems Inc.) C:\Users\Rolf\Downloads\Shockwave_Installer_Full.exe
2013-07-24 18:30 - 2013-07-24 18:30 - 00000000 ___DC C:\Windows\SysWOW64\Adobe
2013-07-24 18:26 - 2013-07-24 18:28 - 07876512 ____C (Adobe Systems Inc.) C:\Users\Rolf\Downloads\Shockwave_Installer_Slim.exe
2013-07-24 17:12 - 2013-07-24 17:12 - 00291890 ____C C:\Users\Rolf\Downloads\CraftGuide-1.6.7.3.zip
2013-07-24 17:11 - 2013-07-24 17:11 - 00287669 ____C C:\Users\Rolf\Downloads\CraftGuide-1.6.7.3-modloader.zip
2013-07-24 17:03 - 2013-07-24 17:03 - 00073973 ____C C:\Users\Rolf\Downloads\Railcraft_API_1.5.2-7.3.0.0.zip
2013-07-24 17:02 - 2013-07-24 17:03 - 02513074 ____C C:\Users\Rolf\Downloads\Railcraft_1.5.2-7.3.0.0.jar
2013-07-24 16:58 - 2013-07-24 16:58 - 00025282 ____C C:\Users\Rolf\Downloads\Elemental-Arrows-Mod-1.5.2.zip
2013-07-24 14:56 - 2013-07-24 14:56 - 00001157 ____C C:\DelFix.txt
2013-07-24 14:56 - 2013-07-24 14:56 - 00000000 ___DC C:\Windows\ERUNT
2013-07-24 14:41 - 2013-07-24 14:41 - 21703480 ____C (Mozilla) C:\Users\Rolf\Downloads\Firefox Setup 22.0.exe
2013-07-24 14:08 - 2013-07-24 14:08 - 12931078 ____C C:\Users\Rolf\Downloads\SCFanpackage.zip
2013-07-24 04:21 - 2013-07-24 04:21 - 00001379 ____C C:\Users\Rolf\Desktop\aestool - Verknüpfung.lnk
2013-07-23 23:13 - 2013-07-24 14:54 - 00000000 ___DC C:\Windows\erdnt
2013-07-23 22:52 - 2013-07-23 22:52 - 00246561 ____C C:\Users\Rolf\Downloads\superfish adware mit blockierung des antiviren programs - Trojaner-Board.htm
2013-07-23 22:52 - 2013-07-23 22:52 - 00000000 ___DC C:\Users\Rolf\Downloads\superfish adware mit blockierung des antiviren programs - Trojaner-Board_files
2013-07-23 19:30 - 2013-07-23 19:30 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\LavasoftStatistics
2013-07-23 19:18 - 2013-07-23 19:18 - 00000000 ___DC C:\ProgramData\Downloaded Installations
2013-07-23 19:17 - 2013-07-23 19:17 - 00000000 ___DC C:\Program Files (x86)\Toolbar Cleaner
2013-07-23 19:14 - 2013-07-23 19:14 - 05616264 ____C (Lavasoft Limited) C:\Users\Rolf\Downloads\Adaware53_Installer.exe
2013-07-23 19:14 - 2013-07-23 19:14 - 00014456 ____C (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-07-23 17:47 - 2013-07-23 17:47 - 07937056 ____C C:\Users\Rolf\Downloads\Nightcore - Dynamite.mp4
2013-07-23 17:46 - 2013-07-23 17:46 - 06018938 ____C C:\Users\Rolf\Downloads\Nightcore - Chipz In Black.mp4
2013-07-23 16:36 - 2013-07-23 16:36 - 00726464 ____C (Enigma Software Group USA, LLC.) C:\Users\Rolf\Downloads\SpyHunter-Installer.exe
2013-07-22 14:52 - 2013-07-22 14:52 - 00000000 ___DC C:\Users\Rolf\Documents\My Games
2013-07-21 12:21 - 2013-07-21 12:26 - 321314481 ____C C:\Users\Rolf\Downloads\Winx Club Staffel 5 Folge 1 Die Ölkatastrophe HD Ganze Folge Deutsch _ German.mp4
2013-07-20 20:13 - 2013-07-20 20:18 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy
2013-07-20 20:13 - 2013-07-20 20:13 - 00000000 ___DC C:\Windows\System32\Tasks\Safer-Networking
2013-07-20 18:16 - 2013-07-20 18:34 - 417923699 ____C C:\Users\Rolf\Downloads\OM M.rar
2013-07-20 17:49 - 2013-07-20 17:49 - 00659797 ____C C:\Users\Rolf\Downloads\VisualBoyAdvance-1.8.0-beta3.zip
2013-07-20 17:49 - 2013-07-20 17:49 - 00108176 ____C C:\Users\Rolf\Downloads\Metroid 2 - Return of Samus.zip
2013-07-20 17:43 - 2013-07-20 17:48 - 296225020 ____C C:\Users\Rolf\Downloads\Metroid Prime 3 - Trilogy Remaster.zip
2013-07-20 17:24 - 2013-07-20 17:25 - 36271144 ____C (Safer-Networking Ltd.                                       ) C:\Users\Rolf\Downloads\spybot-2.1.exe
2013-07-20 16:00 - 2013-07-20 16:00 - 00000000 ___DC C:\ProgramData\StarApp
2013-07-20 16:00 - 2013-07-20 16:00 - 00000000 ___DC C:\ProgramData\InstallMate
2013-07-20 15:33 - 2013-07-20 15:33 - 00001073 ____C C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-20 15:33 - 2013-07-20 15:33 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-20 15:33 - 2013-04-04 14:50 - 00025928 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-20 15:23 - 2013-07-20 15:23 - 10285040 ____C (Malwarebytes Corporation                                    ) C:\Users\Rolf\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-20 02:51 - 2013-07-20 02:51 - 17355680 ____C C:\Users\Rolf\Downloads\Crazy Frog - Popcorn.mp4
2013-07-20 02:45 - 2013-07-20 02:45 - 09920468 ____C C:\Users\Rolf\Downloads\CRAZY FROG - Daddy DJ (Clip Officiel).mp4
2013-07-20 02:41 - 2013-07-20 02:41 - 11178752 ____C C:\Users\Rolf\Downloads\Crazy Frog - We Are The Champions.mp4
2013-07-19 23:19 - 2013-07-19 23:19 - 01492584 ____C (Skype Technologies S.A.) C:\Users\Rolf\Downloads\SkypeSetup.exe
2013-07-19 22:34 - 2013-07-19 22:34 - 04179944 ____C (TeamViewer) C:\Users\Rolf\Downloads\TeamViewerQS_de.exe
2013-07-19 19:04 - 2013-07-19 19:05 - 00000000 ___DC C:\Users\Rolf\Downloads\93655
2013-07-19 18:48 - 2013-07-19 18:48 - 00050433 ____C C:\Users\Rolf\Downloads\convert2mp3_video_converter_1.7.crx
2013-07-19 18:46 - 2013-07-19 18:47 - 16658002 ____C C:\Users\Rolf\Downloads\CH!PZ - 1001 Arabian Nights (HQ) OFFICIAL VIDEO FULL HD.mp4
2013-07-19 18:17 - 2013-07-19 18:57 - 123504950 ____C C:\Users\Rolf\Downloads\BSS0H5eVmj9SFYaw-avXtf0rlxafo5XO6bA85w3nUtU.rar
2013-07-19 12:44 - 2013-07-19 12:51 - 00000000 ___DC C:\Windows\system32\MRT
2013-07-18 22:40 - 2013-07-18 22:40 - 00000182 ____C C:\Users\Rolf\Downloads\stream.asx
2013-07-18 03:02 - 2013-07-18 03:01 - 00927399 ____C C:\Users\Rolf\Downloads\CryptMaster.exe
2013-07-18 02:48 - 2013-07-18 02:48 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Unity
2013-07-18 02:08 - 2013-07-18 02:08 - 00000973 ____C C:\Users\Public\Desktop\Anti-Twin.lnk
2013-07-18 02:08 - 2013-07-18 02:08 - 00000000 ___DC C:\Program Files (x86)\AntiTwin
2013-07-18 02:07 - 2013-07-18 02:07 - 00643592 ____C (Unity Technologies ApS) C:\Users\Rolf\Downloads\UnityWebPlayer.exe
2013-07-18 02:07 - 2013-07-18 02:07 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Unity
2013-07-17 15:50 - 2013-07-17 15:50 - 00816474 ____C C:\Users\Rolf\Downloads\AntiTwin_19Beta_Setup.exe
2013-07-16 20:18 - 2013-07-16 20:19 - 01327680 ____C C:\Users\Rolf\Downloads\CryptMaster-Downloader.exe
2013-07-16 18:04 - 2013-07-16 18:04 - 00085204 ____C C:\Users\Rolf\Documents\AdwCleaner[S1] gelöschte adwares.txt
2013-07-16 17:48 - 2013-07-16 17:49 - 00000098 ____C C:\Windows\DeleteOnReboot.bat
2013-07-16 16:03 - 2013-07-16 16:03 - 00018702 ____C C:\Users\Rolf\Downloads\044.crx
2013-07-16 14:14 - 2013-07-16 14:15 - 00000000 ___DC C:\Users\Rolf\Desktop\Bilder
2013-07-15 12:56 - 2013-07-15 12:56 - 00035058 ____C C:\Users\Rolf\Downloads\[FileCopter]turbomodelthingy.zip
2013-07-14 22:35 - 2013-07-14 22:40 - 111769046 ____C C:\Users\Rolf\Downloads\AetherII_Alpha_v1.0.2_MC1.5.1.zip
2013-07-14 22:35 - 2013-07-14 22:35 - 00967536 ____C C:\Users\Rolf\Downloads\AetherII_Alpha_v1.0.2_MC1.5.1.exe
2013-07-14 20:10 - 2013-07-14 20:13 - 03375803 ____C C:\Users\Rolf\Downloads\Industrial-Craft-2-Mod-1.5.2.jar
2013-07-14 19:47 - 2013-07-14 19:47 - 01153651 ____C C:\Users\Rolf\Downloads\Buildcraft Mod 1.5.2.jar
2013-07-14 19:45 - 2013-07-14 19:45 - 00008007 ____C C:\Users\Rolf\Downloads\Atomic-Science-API-1.5.2.zip
2013-07-14 17:24 - 2013-07-14 17:24 - 00967536 ____C C:\Users\Rolf\Downloads\der letzte sommer.exe
2013-07-13 15:12 - 2013-07-24 18:08 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\.minecraft
2013-07-13 03:17 - 2013-07-13 03:17 - 00000000 ___DC C:\My Games
2013-07-13 03:14 - 2013-07-13 03:14 - 00003006 ____C C:\Windows\System32\Tasks\{3A8EBCFF-7198-49CF-986E-A789C64F20A8}
2013-07-13 00:04 - 2013-07-13 00:04 - 00000000 ___DC C:\ProgramData\Sandlot Games
2013-07-13 00:01 - 2013-07-13 00:01 - 00000000 ___DC C:\Program Files (x86)\Cake Mania 2
2013-07-12 23:58 - 2013-07-12 23:58 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Big Fish
2013-07-12 23:57 - 2013-07-12 23:57 - 00000000 ___DC C:\Boonty
2013-07-12 18:58 - 2013-07-12 18:58 - 00001004 ____C C:\Users\Rolf\Desktop\tatoos - Verknüpfung.lnk
2013-07-11 00:49 - 2013-07-11 00:50 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 00:49 - 2013-07-11 00:50 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 00:49 - 2013-07-11 00:50 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 00:49 - 2013-07-11 00:50 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 00:49 - 2013-07-11 00:50 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 00:49 - 2013-07-11 00:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 00:23 - 2013-07-11 00:50 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 00:23 - 2013-07-11 00:50 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 00:23 - 2013-07-11 00:50 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 00:23 - 2013-07-11 00:50 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 00:23 - 2013-07-11 00:38 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 00:22 - 2013-07-11 00:31 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 00:22 - 2013-07-11 00:31 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 17:58 - 2013-07-10 17:59 - 00000078 ____C C:\Users\Rolf\Desktop\bankdaten für bud spencer film.txt
2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\IsolatedStorage
2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ___DC C:\Users\Rolf\AppData\Local\_
2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ___DC C:\ProgramData\IsolatedStorage
2013-07-10 15:53 - 2013-07-10 15:53 - 00000000 ___DC C:\Program Files\FileViewPro
2013-07-10 14:41 - 2013-07-11 00:31 - 00000000 ___DC C:\Program Files (x86)\AudioKonvertor
2013-07-10 14:40 - 2013-07-10 14:39 - 14178136 ____C C:\Users\Rolf\Downloads\install_audiokonvertor.exe
2013-07-10 00:38 - 2013-07-10 00:38 - 00000000 ___DC C:\Program Files (x86)\DVDVideoSoft
2013-07-10 00:27 - 2013-07-10 00:27 - 01211048 ____C (DVDVideoSoft Ltd.                                           ) C:\Users\Rolf\Downloads\FreeYouTubeToMP3Converter.exe
2013-07-08 21:44 - 2013-07-08 21:44 - 00000000 ___DC C:\Users\Rolf\Documents\CrypTool 2 Projects
2013-07-08 21:44 - 2013-07-08 21:44 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Distributed_Systems_Group
2013-07-08 21:42 - 2013-07-08 21:43 - 00000000 ___DC C:\Users\Rolf\Documents\.jcryptool
2013-07-08 21:41 - 2013-07-08 21:42 - 00000000 ___DC C:\Program Files (x86)\JCrypTool
2013-07-08 21:40 - 2013-07-08 21:40 - 00000000 ___DC C:\Users\Rolf\AppData\Local\CrypTool2
2013-07-08 21:39 - 2013-07-08 21:39 - 00000000 ___DC C:\Program Files (x86)\CrypTool 2
2013-07-05 12:32 - 2013-07-05 12:32 - 00012641 ____C C:\Users\Rolf\Downloads\YoutubeAutoHD.oex
2013-07-05 12:27 - 2013-07-05 12:27 - 00001701 ____C C:\Users\Rolf\Desktop\preisliste schulbücher.txt
2013-07-04 20:44 - 2013-07-27 00:15 - 00000049 ____C C:\Windows\NeroDigital.ini
2013-07-03 18:33 - 2013-07-03 18:33 - 00000835 ____C C:\Users\Public\Desktop\VLC media player.lnk
2013-07-03 18:25 - 2013-07-03 18:27 - 00000000 ___DC C:\Users\Rolf\Downloads\Koenigin.der.Verdammten.German.2002.AC3.DVDRiP.XViD.iNTERNAL-CiA
2013-07-02 13:32 - 2013-07-02 13:32 - 00739856 ____C (Google Inc.) C:\Users\Rolf\Downloads\chrome_installer_27.0.1453.116.exe
2013-07-02 13:31 - 2013-07-02 13:31 - 00219614 ____C C:\Users\Rolf\Documents\bookmarks_02.07.13.html
2013-06-30 13:11 - 2013-07-06 15:37 - 00000033 ____C C:\Users\Rolf\Desktop\BARsaufbienes Radio.m3u
2013-06-30 12:10 - 2013-06-30 12:15 - 00000000 ___DC C:\ProgramData\BlueStacksSetup
2013-06-29 00:31 - 2013-07-16 16:51 - 00000572 ____C C:\Users\Rolf\AppData\Roaming\AutoGK.ini
2013-06-29 00:27 - 2013-06-29 00:27 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2013-06-29 00:27 - 2013-06-29 00:27 - 00000000 ___DC C:\Program Files (x86)\XviD
2013-06-29 00:27 - 2013-06-29 00:27 - 00000000 ___DC C:\Program Files (x86)\AviSynth 2.5
2013-06-29 00:25 - 2013-06-29 00:25 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VobSub
2013-06-29 00:25 - 2013-06-29 00:25 - 00000000 ___DC C:\Program Files (x86)\Gabest
2013-06-29 00:23 - 2013-06-29 00:23 - 12341641 ____C C:\Users\Rolf\Downloads\AutoGordianKnot.2.55.Setup.exe
2013-06-28 15:14 - 2013-06-28 15:14 - 00263592 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-28 15:14 - 2013-06-28 15:14 - 00175016 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-28 15:14 - 2013-06-28 15:14 - 00175016 ____C (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-28 15:14 - 2013-06-28 15:14 - 00096168 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-27 23:19 - 2013-06-27 23:58 - 00000000 ___DC C:\Program Files (x86)\GetFLV
2013-06-27 20:49 - 2013-06-27 20:49 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\CrypTool
2013-06-27 20:49 - 2013-06-27 20:49 - 00000000 ___DC C:\Program Files (x86)\CrypTool
2013-06-27 20:19 - 2013-06-27 20:19 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-06-27 20:15 - 2013-06-27 20:19 - 00001080 ____C C:\Users\Public\Desktop\WinRAR.lnk
2013-06-27 15:59 - 2013-06-27 15:59 - 00002964 ____C C:\Windows\System32\Tasks\{06B7682F-68DE-4311-AE8C-3E50085DAD4F}
2013-06-27 15:58 - 2013-06-27 15:58 - 00002964 ____C C:\Windows\System32\Tasks\{49961235-AB9F-459D-869D-053562B45939}

==================== One Month Modified Files and Folders =======

2013-07-27 19:18 - 2011-11-04 20:56 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Skype
2013-07-27 19:17 - 2013-07-27 19:17 - 01780815 ____C (Farbar) C:\Users\Rolf\Desktop\FRST64 (1).exe
2013-07-27 19:17 - 2013-07-27 19:17 - 00000000 ___DC C:\FRST
2013-07-27 19:06 - 2011-01-23 15:15 - 01544281 ____C C:\Windows\WindowsUpdate.log
2013-07-27 19:03 - 2013-07-25 15:53 - 00001742 ____C C:\Windows\PFRO.log
2013-07-27 18:39 - 2013-06-10 13:43 - 00458752 ____C C:\Windows\system32\Ikeext.etl
2013-07-27 18:32 - 2013-07-27 18:31 - 00000005 ____C C:\Users\Rolf\AppData\Roaming\mbam.context.scan
2013-07-27 18:26 - 2009-07-14 01:19 - 00328704 ____C (Microsoft Corporation) C:\Windows\system32\services.exe
2013-07-27 18:17 - 2013-03-20 23:42 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\BitTorrent
2013-07-27 18:16 - 2012-07-02 19:38 - 00000000 ___DC C:\Users\Rolf\AppData\Local\CrashDumps
2013-07-27 18:13 - 2012-04-08 12:37 - 00000884 ____C C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-27 17:43 - 2013-07-27 17:43 - 00002136 ____C C:\Users\Rolf\Downloads\Ashampoo_Burning_Studio_Elements_10.0.9__Setup_+_Keygen.torrent
2013-07-27 17:41 - 2013-07-27 17:41 - 00002182 ____C C:\Users\Rolf\Downloads\[torrent.cd].Ashampoo_Burning_Studio_Elements_10.0.9_Setup_+_Keygen.torrent
2013-07-27 17:21 - 2013-07-27 17:21 - 72114856 ____C (Ashampoo GmbH & Co. KG                                      ) C:\Users\Rolf\Downloads\ashampoo_burning_studio_elements_10.0.9_sm.exe
2013-07-27 17:11 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\tracing
2013-07-27 17:00 - 2013-07-27 17:00 - 00001883 ____C C:\Users\Public\Desktop\MyKeyFinder.lnk
2013-07-27 17:00 - 2013-07-27 17:00 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Abelssoft
2013-07-27 17:00 - 2013-07-27 17:00 - 00000000 ___DC C:\Program Files (x86)\MyKeyFinder
2013-07-27 16:59 - 2013-07-27 16:59 - 02962000 ____C (Abelssoft                                                   ) C:\Users\Rolf\Downloads\mykeyfinder.exe
2013-07-27 16:23 - 2012-07-22 16:21 - 00000000 ___DC C:\ProgramData\Kaspersky Lab
2013-07-27 02:22 - 2012-10-22 23:07 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\TS3Client
2013-07-27 02:00 - 2011-01-23 18:34 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Adobe
2013-07-27 01:46 - 2013-03-16 19:34 - 00000000 ___DC C:\ProgramData\firebird
2013-07-27 00:15 - 2013-07-04 20:44 - 00000049 ____C C:\Windows\NeroDigital.ini
2013-07-26 22:01 - 2013-07-26 22:01 - 00000000 ___DC C:\Users\Rolf\Documents\MAGIX
2013-07-26 21:46 - 2011-01-23 15:24 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0AF23A97-653E-4B26-A3DD-52F6F8B9DA00}
2013-07-26 21:07 - 2013-07-26 21:07 - 00666633 ____C C:\Users\Rolf\Downloads\adwcleaner.exe
2013-07-26 20:40 - 2013-07-26 20:39 - 05093969 ____C (Swearware) C:\Users\Rolf\Downloads\ComboFix.exe
2013-07-26 20:09 - 2010-05-12 10:18 - 04754074 ____C C:\Windows\system32\perfh007.dat
2013-07-26 20:09 - 2010-05-12 10:18 - 01447222 ____C C:\Windows\system32\perfc007.dat
2013-07-26 20:09 - 2009-07-14 07:13 - 00006508 ____C C:\Windows\system32\PerfStringBackup.INI
2013-07-25 20:55 - 2013-07-25 20:55 - 01779761 ____C (Farbar) C:\Users\Rolf\Downloads\FRST64.exe
2013-07-25 16:29 - 2011-11-05 20:53 - 00000000 ___DC C:\Users\Rolf\AppData\Local\PMB Files
2013-07-25 16:07 - 2009-07-14 06:45 - 00009888 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-25 16:07 - 2009-07-14 06:45 - 00009888 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-25 15:59 - 2012-07-05 23:22 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Dropbox
2013-07-25 15:54 - 2012-04-13 16:39 - 00060926 ____C C:\Windows\setupact.log
2013-07-25 15:54 - 2009-07-14 07:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
2013-07-25 15:53 - 2012-11-09 17:09 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-25 07:32 - 2013-03-24 14:12 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\vlc
2013-07-25 04:08 - 2012-12-12 20:13 - 00000000 __RDC C:\Program Files (x86)\Skype
2013-07-25 04:08 - 2012-07-06 15:53 - 00000000 __RDC C:\Users\Rolf\Dropbox
2013-07-25 04:08 - 2011-11-04 20:55 - 00000000 ___DC C:\ProgramData\Skype
2013-07-24 23:53 - 2013-07-24 23:52 - 01392906 ____C C:\Users\Rolf\Downloads\licensecrawler130.zip
2013-07-24 23:52 - 2013-07-24 23:52 - 00022220 ____C C:\Users\Rolf\Downloads\language_pack.zip
2013-07-24 22:52 - 2012-03-05 21:07 - 00000000 __RDC C:\Users\Rolf\Desktop\Dj Musik
2013-07-24 18:42 - 2013-03-01 02:16 - 00001614 ____C C:\Users\Rolf\Desktop\DivX Movies.lnk
2013-07-24 18:42 - 2013-03-01 02:11 - 00000000 ___DC C:\Program Files (x86)\DivX
2013-07-24 18:42 - 2013-03-01 02:10 - 00000000 ___DC C:\ProgramData\DivX
2013-07-24 18:40 - 2013-07-24 18:40 - 00957248 ____C (DivX, LLC) C:\Users\Rolf\Downloads\DivXInstaller.exe
2013-07-24 18:40 - 2013-07-24 18:40 - 00000000 ___DC C:\Program Files (x86)\AC3 Player
2013-07-24 18:40 - 2013-07-24 18:40 - 00000000 ____C C:\END
2013-07-24 18:40 - 2013-07-24 18:39 - 06328694 ____C (ac3directshowfilter.com                                     ) C:\Users\Rolf\Downloads\ac3player_setup.exe
2013-07-24 18:33 - 2013-07-24 18:33 - 15730048 ____C (Adobe Systems Inc.) C:\Users\Rolf\Downloads\Shockwave_Installer_Full.exe
2013-07-24 18:30 - 2013-07-24 18:30 - 00000000 ___DC C:\Windows\SysWOW64\Adobe
2013-07-24 18:30 - 2010-11-02 11:41 - 00000000 ___DC C:\Windows\SysWOW64\Macromed
2013-07-24 18:28 - 2013-07-24 18:26 - 07876512 ____C (Adobe Systems Inc.) C:\Users\Rolf\Downloads\Shockwave_Installer_Slim.exe
2013-07-24 18:08 - 2013-07-13 15:12 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\.minecraft
2013-07-24 17:12 - 2013-07-24 17:12 - 00291890 ____C C:\Users\Rolf\Downloads\CraftGuide-1.6.7.3.zip
2013-07-24 17:11 - 2013-07-24 17:11 - 00287669 ____C C:\Users\Rolf\Downloads\CraftGuide-1.6.7.3-modloader.zip
2013-07-24 17:03 - 2013-07-24 17:03 - 00073973 ____C C:\Users\Rolf\Downloads\Railcraft_API_1.5.2-7.3.0.0.zip
2013-07-24 17:03 - 2013-07-24 17:02 - 02513074 ____C C:\Users\Rolf\Downloads\Railcraft_1.5.2-7.3.0.0.jar
2013-07-24 16:58 - 2013-07-24 16:58 - 00025282 ____C C:\Users\Rolf\Downloads\Elemental-Arrows-Mod-1.5.2.zip
2013-07-24 14:56 - 2013-07-24 14:56 - 00001157 ____C C:\DelFix.txt
2013-07-24 14:56 - 2013-07-24 14:56 - 00000000 ___DC C:\Windows\ERUNT
2013-07-24 14:54 - 2013-07-23 23:13 - 00000000 ___DC C:\Windows\erdnt
2013-07-24 14:43 - 2012-11-09 17:10 - 00001111 ____C C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-24 14:43 - 2011-01-27 10:56 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2013-07-24 14:41 - 2013-07-24 14:41 - 21703480 ____C (Mozilla) C:\Users\Rolf\Downloads\Firefox Setup 22.0.exe
2013-07-24 14:30 - 2010-10-13 12:37 - 00000000 ___DC C:\Program Files\Java
2013-07-24 14:08 - 2013-07-24 14:08 - 12931078 ____C C:\Users\Rolf\Downloads\SCFanpackage.zip
2013-07-24 04:21 - 2013-07-24 04:21 - 00001379 ____C C:\Users\Rolf\Desktop\aestool - Verknüpfung.lnk
2013-07-24 00:02 - 2009-07-14 05:20 - 00000000 _RHDC C:\Users\Default
2013-07-23 23:46 - 2009-07-14 04:34 - 00000215 ____C C:\Windows\system.ini
2013-07-23 22:52 - 2013-07-23 22:52 - 00246561 ____C C:\Users\Rolf\Downloads\superfish adware mit blockierung des antiviren programs - Trojaner-Board.htm
2013-07-23 22:52 - 2013-07-23 22:52 - 00000000 ___DC C:\Users\Rolf\Downloads\superfish adware mit blockierung des antiviren programs - Trojaner-Board_files
2013-07-23 22:44 - 2013-06-26 17:09 - 00000000 ___DC C:\Program Files (x86)\Plus-HD-1.6
2013-07-23 19:30 - 2013-07-23 19:30 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\LavasoftStatistics
2013-07-23 19:18 - 2013-07-23 19:18 - 00000000 ___DC C:\ProgramData\Downloaded Installations
2013-07-23 19:17 - 2013-07-23 19:17 - 00000000 ___DC C:\Program Files (x86)\Toolbar Cleaner
2013-07-23 19:14 - 2013-07-23 19:14 - 05616264 ____C (Lavasoft Limited) C:\Users\Rolf\Downloads\Adaware53_Installer.exe
2013-07-23 19:14 - 2013-07-23 19:14 - 00014456 ____C (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-07-23 19:14 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\system32\NDF
2013-07-23 17:53 - 2013-04-28 14:43 - 00000000 ___DC C:\Users\Rolf\Desktop\sound fx daten
2013-07-23 17:47 - 2013-07-23 17:47 - 07937056 ____C C:\Users\Rolf\Downloads\Nightcore - Dynamite.mp4
2013-07-23 17:46 - 2013-07-23 17:46 - 06018938 ____C C:\Users\Rolf\Downloads\Nightcore - Chipz In Black.mp4
2013-07-23 16:36 - 2013-07-23 16:36 - 00726464 ____C (Enigma Software Group USA, LLC.) C:\Users\Rolf\Downloads\SpyHunter-Installer.exe
2013-07-22 14:52 - 2013-07-22 14:52 - 00000000 ___DC C:\Users\Rolf\Documents\My Games
2013-07-21 12:26 - 2013-07-21 12:21 - 321314481 ____C C:\Users\Rolf\Downloads\Winx Club Staffel 5 Folge 1 Die Ölkatastrophe HD Ganze Folge Deutsch _ German.mp4
2013-07-20 20:18 - 2013-07-20 20:13 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy
2013-07-20 20:13 - 2013-07-20 20:13 - 00000000 ___DC C:\Windows\System32\Tasks\Safer-Networking
2013-07-20 19:51 - 2011-10-25 19:43 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\WinRAR
2013-07-20 18:34 - 2013-07-20 18:16 - 417923699 ____C C:\Users\Rolf\Downloads\OM M.rar
2013-07-20 17:49 - 2013-07-20 17:49 - 00659797 ____C C:\Users\Rolf\Downloads\VisualBoyAdvance-1.8.0-beta3.zip
2013-07-20 17:49 - 2013-07-20 17:49 - 00108176 ____C C:\Users\Rolf\Downloads\Metroid 2 - Return of Samus.zip
2013-07-20 17:48 - 2013-07-20 17:43 - 296225020 ____C C:\Users\Rolf\Downloads\Metroid Prime 3 - Trilogy Remaster.zip
2013-07-20 17:25 - 2013-07-20 17:24 - 36271144 ____C (Safer-Networking Ltd.                                       ) C:\Users\Rolf\Downloads\spybot-2.1.exe
2013-07-20 16:00 - 2013-07-20 16:00 - 00000000 ___DC C:\ProgramData\StarApp
2013-07-20 16:00 - 2013-07-20 16:00 - 00000000 ___DC C:\ProgramData\InstallMate
2013-07-20 15:33 - 2013-07-20 15:33 - 00001073 ____C C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-20 15:33 - 2013-07-20 15:33 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-20 15:23 - 2013-07-20 15:23 - 10285040 ____C (Malwarebytes Corporation                                    ) C:\Users\Rolf\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-20 02:51 - 2013-07-20 02:51 - 17355680 ____C C:\Users\Rolf\Downloads\Crazy Frog - Popcorn.mp4
2013-07-20 02:45 - 2013-07-20 02:45 - 09920468 ____C C:\Users\Rolf\Downloads\CRAZY FROG - Daddy DJ (Clip Officiel).mp4
2013-07-20 02:41 - 2013-07-20 02:41 - 11178752 ____C C:\Users\Rolf\Downloads\Crazy Frog - We Are The Champions.mp4
2013-07-19 23:19 - 2013-07-19 23:19 - 01492584 ____C (Skype Technologies S.A.) C:\Users\Rolf\Downloads\SkypeSetup.exe
2013-07-19 22:34 - 2013-07-19 22:34 - 04179944 ____C (TeamViewer) C:\Users\Rolf\Downloads\TeamViewerQS_de.exe
2013-07-19 19:05 - 2013-07-19 19:04 - 00000000 ___DC C:\Users\Rolf\Downloads\93655
2013-07-19 18:57 - 2013-07-19 18:17 - 123504950 ____C C:\Users\Rolf\Downloads\BSS0H5eVmj9SFYaw-avXtf0rlxafo5XO6bA85w3nUtU.rar
2013-07-19 18:48 - 2013-07-19 18:48 - 00050433 ____C C:\Users\Rolf\Downloads\convert2mp3_video_converter_1.7.crx
2013-07-19 18:47 - 2013-07-19 18:46 - 16658002 ____C C:\Users\Rolf\Downloads\CH!PZ - 1001 Arabian Nights (HQ) OFFICIAL VIDEO FULL HD.mp4
2013-07-19 12:51 - 2013-07-19 12:44 - 00000000 ___DC C:\Windows\system32\MRT
2013-07-18 22:40 - 2013-07-18 22:40 - 00000182 ____C C:\Users\Rolf\Downloads\stream.asx
2013-07-18 03:01 - 2013-07-18 03:02 - 00927399 ____C C:\Users\Rolf\Downloads\CryptMaster.exe
2013-07-18 02:59 - 2013-04-28 14:43 - 00000000 ___DC C:\Users\Rolf\Desktop\tevion usb stick daten
2013-07-18 02:48 - 2013-07-18 02:48 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Unity
2013-07-18 02:08 - 2013-07-18 02:08 - 00000973 ____C C:\Users\Public\Desktop\Anti-Twin.lnk
2013-07-18 02:08 - 2013-07-18 02:08 - 00000000 ___DC C:\Program Files (x86)\AntiTwin
2013-07-18 02:07 - 2013-07-18 02:07 - 00643592 ____C (Unity Technologies ApS) C:\Users\Rolf\Downloads\UnityWebPlayer.exe
2013-07-18 02:07 - 2013-07-18 02:07 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Unity
2013-07-17 15:50 - 2013-07-17 15:50 - 00816474 ____C C:\Users\Rolf\Downloads\AntiTwin_19Beta_Setup.exe
2013-07-16 20:19 - 2013-07-16 20:18 - 01327680 ____C C:\Users\Rolf\Downloads\CryptMaster-Downloader.exe
2013-07-16 18:04 - 2013-07-16 18:04 - 00085204 ____C C:\Users\Rolf\Documents\AdwCleaner[S1] gelöschte adwares.txt
2013-07-16 17:49 - 2013-07-16 17:48 - 00000098 ____C C:\Windows\DeleteOnReboot.bat
2013-07-16 16:51 - 2013-06-29 00:31 - 00000572 ____C C:\Users\Rolf\AppData\Roaming\AutoGK.ini
2013-07-16 16:03 - 2013-07-16 16:03 - 00018702 ____C C:\Users\Rolf\Downloads\044.crx
2013-07-16 15:51 - 2011-01-23 15:21 - 00000000 ___DC C:\Users\Rolf\AppData\Local\VirtualStore
2013-07-16 14:15 - 2013-07-16 14:14 - 00000000 ___DC C:\Users\Rolf\Desktop\Bilder
2013-07-15 12:56 - 2013-07-15 12:56 - 00035058 ____C C:\Users\Rolf\Downloads\[FileCopter]turbomodelthingy.zip
2013-07-14 22:40 - 2013-07-14 22:35 - 111769046 ____C C:\Users\Rolf\Downloads\AetherII_Alpha_v1.0.2_MC1.5.1.zip
2013-07-14 22:35 - 2013-07-14 22:35 - 00967536 ____C C:\Users\Rolf\Downloads\AetherII_Alpha_v1.0.2_MC1.5.1.exe
2013-07-14 20:13 - 2013-07-14 20:10 - 03375803 ____C C:\Users\Rolf\Downloads\Industrial-Craft-2-Mod-1.5.2.jar
2013-07-14 19:47 - 2013-07-14 19:47 - 01153651 ____C C:\Users\Rolf\Downloads\Buildcraft Mod 1.5.2.jar
2013-07-14 19:45 - 2013-07-14 19:45 - 00008007 ____C C:\Users\Rolf\Downloads\Atomic-Science-API-1.5.2.zip
2013-07-14 19:01 - 2011-12-01 13:17 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\ObviousIdea
2013-07-14 17:24 - 2013-07-14 17:24 - 00967536 ____C C:\Users\Rolf\Downloads\der letzte sommer.exe
2013-07-14 15:31 - 2012-04-08 12:37 - 00692104 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-14 15:31 - 2012-04-08 12:37 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-14 15:31 - 2011-07-28 16:06 - 00071048 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-14 14:48 - 2011-01-23 15:18 - 00001110 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-14 14:48 - 2011-01-23 15:18 - 00001106 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-13 09:57 - 2011-01-23 15:18 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 09:57 - 2011-01-23 15:18 - 00003856 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 03:18 - 2011-10-29 23:19 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\PlayFirst
2013-07-13 03:18 - 2011-10-29 23:19 - 00000000 ___DC C:\ProgramData\PlayFirst
2013-07-13 03:17 - 2013-07-13 03:17 - 00000000 ___DC C:\My Games
2013-07-13 03:16 - 2011-09-15 12:22 - 00000000 ___DC C:\Program Files (x86)\Zylom Games
2013-07-13 03:14 - 2013-07-13 03:14 - 00003006 ____C C:\Windows\System32\Tasks\{3A8EBCFF-7198-49CF-986E-A789C64F20A8}
2013-07-13 00:04 - 2013-07-13 00:04 - 00000000 ___DC C:\ProgramData\Sandlot Games
2013-07-13 00:01 - 2013-07-13 00:01 - 00000000 ___DC C:\Program Files (x86)\Cake Mania 2
2013-07-12 23:58 - 2013-07-12 23:58 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Big Fish
2013-07-12 23:57 - 2013-07-12 23:57 - 00000000 ___DC C:\Boonty
2013-07-12 18:58 - 2013-07-12 18:58 - 00001004 ____C C:\Users\Rolf\Desktop\tatoos - Verknüpfung.lnk
2013-07-11 23:57 - 2012-01-02 21:17 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Utherverse
2013-07-11 03:20 - 2009-07-14 06:45 - 08769616 ____C C:\Windows\system32\FNTCACHE.DAT
2013-07-11 03:17 - 2013-03-13 20:55 - 00000000 ___DC C:\Program Files\Microsoft Silverlight
2013-07-11 03:17 - 2013-03-13 20:55 - 00000000 ___DC C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 03:16 - 2009-07-14 09:45 - 00000000 ___DC C:\Program Files\Windows Journal
2013-07-11 03:16 - 2009-07-14 07:32 - 00000000 ___DC C:\Program Files\Windows Defender
2013-07-11 03:16 - 2009-07-14 07:32 - 00000000 ___DC C:\Program Files (x86)\Windows Defender
2013-07-11 00:57 - 2009-07-14 04:34 - 00000534 ____C C:\Windows\win.ini
2013-07-11 00:50 - 2013-07-11 00:49 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 00:50 - 2013-07-11 00:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 00:50 - 2013-07-11 00:49 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 00:50 - 2013-07-11 00:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 00:50 - 2013-07-11 00:49 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 00:50 - 2013-07-11 00:49 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 00:50 - 2013-07-11 00:23 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 00:50 - 2013-07-11 00:23 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 00:50 - 2013-07-11 00:23 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 00:50 - 2013-07-11 00:23 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 00:38 - 2013-07-11 00:23 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 00:31 - 2013-07-11 00:22 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 00:31 - 2013-07-11 00:22 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 00:31 - 2013-07-10 14:41 - 00000000 ___DC C:\Program Files (x86)\AudioKonvertor
2013-07-10 17:59 - 2013-07-10 17:58 - 00000078 ____C C:\Users\Rolf\Desktop\bankdaten für bud spencer film.txt
2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\IsolatedStorage
2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ___DC C:\Users\Rolf\AppData\Local\_
2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ___DC C:\ProgramData\IsolatedStorage
2013-07-10 15:53 - 2013-07-10 15:53 - 00000000 ___DC C:\Program Files\FileViewPro
2013-07-10 14:39 - 2013-07-10 14:40 - 14178136 ____C C:\Users\Rolf\Downloads\install_audiokonvertor.exe
2013-07-10 00:38 - 2013-07-10 00:38 - 00000000 ___DC C:\Program Files (x86)\DVDVideoSoft
2013-07-10 00:38 - 2013-05-04 21:27 - 00001362 ____C C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-07-10 00:38 - 2011-10-09 16:41 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\DVDVideoSoft
2013-07-10 00:27 - 2013-07-10 00:27 - 01211048 ____C (DVDVideoSoft Ltd.                                           ) C:\Users\Rolf\Downloads\FreeYouTubeToMP3Converter.exe
2013-07-08 21:44 - 2013-07-08 21:44 - 00000000 ___DC C:\Users\Rolf\Documents\CrypTool 2 Projects
2013-07-08 21:44 - 2013-07-08 21:44 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Distributed_Systems_Group
2013-07-08 21:43 - 2013-07-08 21:42 - 00000000 ___DC C:\Users\Rolf\Documents\.jcryptool
2013-07-08 21:42 - 2013-07-08 21:41 - 00000000 ___DC C:\Program Files (x86)\JCrypTool
2013-07-08 21:40 - 2013-07-08 21:40 - 00000000 ___DC C:\Users\Rolf\AppData\Local\CrypTool2
2013-07-08 21:39 - 2013-07-08 21:39 - 00000000 ___DC C:\Program Files (x86)\CrypTool 2
2013-07-06 15:37 - 2013-06-30 13:11 - 00000033 ____C C:\Users\Rolf\Desktop\BARsaufbienes Radio.m3u
2013-07-05 12:32 - 2013-07-05 12:32 - 00012641 ____C C:\Users\Rolf\Downloads\YoutubeAutoHD.oex
2013-07-05 12:27 - 2013-07-05 12:27 - 00001701 ____C C:\Users\Rolf\Desktop\preisliste schulbücher.txt
2013-07-03 18:33 - 2013-07-03 18:33 - 00000835 ____C C:\Users\Public\Desktop\VLC media player.lnk
2013-07-03 18:27 - 2013-07-03 18:25 - 00000000 ___DC C:\Users\Rolf\Downloads\Koenigin.der.Verdammten.German.2002.AC3.DVDRiP.XViD.iNTERNAL-CiA
2013-07-02 13:33 - 2011-01-23 15:23 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Google
2013-07-02 13:32 - 2013-07-02 13:32 - 00739856 ____C (Google Inc.) C:\Users\Rolf\Downloads\chrome_installer_27.0.1453.116.exe
2013-07-02 13:31 - 2013-07-02 13:31 - 00219614 ____C C:\Users\Rolf\Documents\bookmarks_02.07.13.html
2013-07-02 01:07 - 2013-06-26 02:02 - 00000000 _SHDC C:\Windows\SysWOW64\AI_RecycleBin
2013-07-02 01:06 - 2013-06-26 02:20 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2013-07-02 01:06 - 2011-10-13 01:25 - 00000000 ___DC C:\AeriaGames
2013-07-02 00:46 - 2009-07-14 05:20 - 00000000 _RHDC C:\Users\Public\Libraries
2013-06-30 12:15 - 2013-06-30 12:10 - 00000000 ___DC C:\ProgramData\BlueStacksSetup
2013-06-29 19:46 - 2013-03-25 18:31 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\dvdcss
2013-06-29 02:26 - 2012-07-01 17:06 - 00003704 _____ C:\Windows\System32\Tasks\Java Update Scheduler
2013-06-29 00:27 - 2013-06-29 00:27 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2013-06-29 00:27 - 2013-06-29 00:27 - 00000000 ___DC C:\Program Files (x86)\XviD
2013-06-29 00:27 - 2013-06-29 00:27 - 00000000 ___DC C:\Program Files (x86)\AviSynth 2.5
2013-06-29 00:25 - 2013-06-29 00:25 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VobSub
2013-06-29 00:25 - 2013-06-29 00:25 - 00000000 ___DC C:\Program Files (x86)\Gabest
2013-06-29 00:23 - 2013-06-29 00:23 - 12341641 ____C C:\Users\Rolf\Downloads\AutoGordianKnot.2.55.Setup.exe
2013-06-28 20:08 - 2012-12-27 02:42 - 00000000 ___DC C:\Users\Rolf\AppData\Local\PhoenixViewer
2013-06-28 19:17 - 2011-11-10 12:25 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Akamai
2013-06-28 15:14 - 2013-06-28 15:14 - 00263592 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-28 15:14 - 2013-06-28 15:14 - 00175016 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-28 15:14 - 2013-06-28 15:14 - 00175016 ____C (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-28 15:14 - 2013-06-28 15:14 - 00096168 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-28 15:14 - 2012-06-20 21:12 - 00867240 ____C (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-28 15:14 - 2010-07-07 18:34 - 00789416 ____C (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-28 11:00 - 2012-07-05 23:47 - 00000000 ___DC C:\Program Files\WinRAR
2013-06-28 08:43 - 2013-04-13 23:14 - 00001203 ____C C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2013-06-27 23:58 - 2013-06-27 23:19 - 00000000 ___DC C:\Program Files (x86)\GetFLV
2013-06-27 20:49 - 2013-06-27 20:49 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\CrypTool
2013-06-27 20:49 - 2013-06-27 20:49 - 00000000 ___DC C:\Program Files (x86)\CrypTool
2013-06-27 20:19 - 2013-06-27 20:19 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-06-27 20:19 - 2013-06-27 20:15 - 00001080 ____C C:\Users\Public\Desktop\WinRAR.lnk
2013-06-27 15:59 - 2013-06-27 15:59 - 00002964 ____C C:\Windows\System32\Tasks\{06B7682F-68DE-4311-AE8C-3E50085DAD4F}
2013-06-27 15:58 - 2013-06-27 15:58 - 00002964 ____C C:\Windows\System32\Tasks\{49961235-AB9F-459D-869D-053562B45939}
2013-06-27 13:37 - 2010-07-07 18:28 - 00000000 ___DC C:\Program Files (x86)\Adobe
2013-06-27 13:25 - 2005-10-10 19:06 - 00080655 ___HC C:\Users\Rolf\AppData\Roaming\Rolfv1.18.0 - Trial versionlog.dat

ZeroAccess:
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\@
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\L
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\L\00000004.@
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\00000004.@
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\00000008.@
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\000000cb.@
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\80000000.@
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\80000032.@
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2013-07-24 06:37

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 27.07.2013, 21:46   #4
saufbiene
 
backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar - Standard

backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar



und hier der addition log

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2013 04
Ran by Rolf at 2013-07-27 19:23:35
Running from C:\Users\Rolf\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Installed Programs =======================

   
64 Bit HP CIO Components Installer (Version: 4.2.1)
AC3 Player version 1.0 (x32 Version: 1.0)
AChat 1.17 high detail textures and additional music (x32)
Acrobat.com (x32 Version: 1.6.65)
Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.5.5)
Adobe Acrobat 9.5.5 - CPSID_83708 (x32)
Adobe AIR (x32 Version: 3.4.0.2710)
Adobe Anchor Service CS4 (x32 Version: 2.0)
Adobe Anchor Service x64 CS4 (Version: 2.0)
Adobe Asset Services CS4 (x32 Version: 4)
Adobe Bridge CS4 (x32 Version: 3)
Adobe CMaps CS4 (x32 Version: 2.0)
Adobe CMaps x64 CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0)
Adobe Color EU Recommended Settings CS4 (x32 Version: 2.0)
Adobe Color JA Extra Settings CS4 (x32 Version: 2.0)
Adobe Color NA Extra Settings CS4 (x32 Version: 2.0)
Adobe Color Video Profiles CS CS4 (x32 Version: 2.0)
Adobe Creative Suite 4 Design Premium (x32 Version: 4.0)
Adobe CSI CS4 (x32 Version: 1)
Adobe CSI CS4 x64 (Version: 1)
Adobe Default Language CS4 (x32 Version: 2.0)
Adobe Device Central CS4 (x32 Version: 2)
Adobe Dreamweaver CS4 (x32 Version: 10.0)
Adobe Dreamweaver CS6 (x32 Version: 12)
Adobe Drive CS4 (x32 Version: 1)
Adobe Drive CS4 x64 (Version: 1)
Adobe Dynamiclink Support (x32 Version: 1)
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0)
Adobe Extension Manager CS4 (x32 Version: 2.0)
Adobe Fireworks CS4 (x32 Version: 10.0)
Adobe Flash CS4 (x32 Version: 10.0)
Adobe Flash CS4 Extension - Flash Lite STI others (x32 Version: 3.0)
Adobe Flash CS4 STI-other (x32 Version: 10.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Fonts All (x32 Version: 2.0)
Adobe Fonts All x64 (Version: 2.0)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Illustrator CS4 (x32 Version: 14.0)
Adobe InDesign CS4 (x32 Version: 6.0)
Adobe InDesign CS4 Application Feature Set Files (Roman) (x32 Version: 6.0)
Adobe InDesign CS4 Common Base Files (x32 Version: 6.0)
Adobe InDesign CS4 Icon Handler (x32 Version: 6.0)
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0)
Adobe Linguistics CS4 (x32 Version: 4.0.0)
Adobe Linguistics CS4 x64 (Version: 4.0.0)
Adobe Media Encoder CS4 (x32 Version: 1.0)
Adobe Media Encoder CS4 Importer (x32 Version: 1.0)
Adobe Media Player (x32 Version: 0.0.0)
Adobe Media Player (x32 Version: 1.1)
Adobe Output Module (x32 Version: 2.0)
Adobe PDF Library Files CS4 (x32 Version: 9.0)
Adobe PDF Library Files x64 CS4 (Version: 9.0)
Adobe Photoshop CS4 (64 Bit) (Version: 11.0)
Adobe Photoshop CS4 (x32 Version: 11.0)
Adobe Photoshop CS4 Support (x32 Version: 11.0)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Adobe Search for Help (x32 Version: 1.0)
Adobe Service Manager Extension (x32 Version: 1.0)
Adobe Setup (x32 Version: 2.0)
Adobe SGM CS4 (x32 Version: 3.0)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133)
Adobe SING CS4 (x32 Version: 2.0)
Adobe Type Support CS4 (x32 Version: 9.0)
Adobe Type Support x64 CS4 (Version: 9.0)
Adobe Update Manager CS4 (x32 Version: 6.0.0)
Adobe Version Cue CS4 Server (x32 Version: 4.0)
Adobe Widget Browser (x32 Version: 2.0 Build 348)
Adobe Widget Browser (x32 Version: 2.0.348)
Adobe WinSoft Linguistics Plugin (x32 Version: 1.1)
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1)
Adobe XMP Panels CS4 (x32 Version: 2.0)
AdobeColorCommonSetCMYK (x32 Version: 2.0)
AdobeColorCommonSetRGB (x32 Version: 2.0)
Advanced Archive Password Recovery (x32 Version: 4.54.48.1338)
Advanced RAR Password Recovery (remove only) (x32)
AFS-Buchhalter 2009 (x32 Version: 5.00.0000)
AFS-Kaufmann V10 (x32 Version: 9.00.0000)
AION Free-to-Play Version 1.0 (x32 Version: 1.0)
AirXonix version 1.37G (x32)
Akamai NetSession Interface (HKCU)
Akamai NetSession Interface Service (x32)
Angry Birds (x32 Version: 3.0.0)
Angry Birds Rio (x32 Version: 1.4.2)
Angry Birds Seasons (x32 Version: 3.3.0)
Angry Birds Space (x32 Version: 1.3.1)
Angry Birds Star Wars (x32 Version: 1.1.2)
Anti-Twin (Installation 18.07.2013) (x32)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
applicationupdater (HKCU)
Ashampoo Burning Studio (x32 Version: 9.23.0)
Ashampoo Burning Studio Elements 10.0.9 (x32 Version: 3.1.1)
Ashampoo Photo Commander (x32 Version: 8.3.2)
Ashampoo Photo Optimizer (x32 Version: 3.12.0)
Ashampoo Registry Cleaner v.1.00 (x32 Version: 1.0.0)
Ashampoo Snap (x32 Version: 3.4.1)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.27)
AudibleManager (x32 Version: 2005810414.48.56.32181618)
Autodesk Backburner 2013.0.0 (x32 Version: 2013.0.0)
AviSynth 2.5 (x32)
BitTorrent (x32 Version: 7.8.0.29626)
Bonjour (Version: 3.0.0.10)
BufferChm (x32 Version: 100.0.170.000)
Cake Mania 2 (x32)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
CloneDVD 6.0.0.1 (x32)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
Connect (x32 Version: 1.0.0.1)
Core Temp 1.0 RC4 (Version: 1.0)
Corel KPT Collection (x32 Version: 1.0.0.46)
Corel KPT Collection (x32 Version: 1.00.0000)
Corel PaintShop Pro Brush Content (x32 Version: 1.0.0.39)
Corel PaintShop Pro Brush Content (x32 Version: 1.00.0000)
Corel PaintShop Pro Misc Content (x32 Version: 1.0.0.42)
Corel PaintShop Pro Misc Content (x32 Version: 1.0.0.44)
Corel PaintShop Pro Misc Content (x32 Version: 1.0.0.45)
Corel PaintShop Pro Misc Content (x32 Version: 1.0.0.63)
Corel PaintShop Pro Misc Content (x32 Version: 1.0.0.64)
Corel PaintShop Pro Misc Content (x32 Version: 1.0.0.65)
Corel PaintShop Pro Misc Content (x32 Version: 1.0.0.66)
Corel PaintShop Pro Misc Content (x32 Version: 1.00.0000)
Corel PaintShop Pro Picture Frame Content (x32 Version: 1.0.0.41)
Corel PaintShop Pro Picture Frame Content (x32 Version: 1.00.0000)
Corel PaintShop Pro Picture Tube Content (x32 Version: 1.0.0.40)
Corel PaintShop Pro Picture Tube Content (x32 Version: 1.00.0000)
Corel PaintShop Pro X4 (x32 Version: 14.2.0.1)
Corel PaintShop Pro X4 (x32 Version: 14.3.0.3)
Corel PaintShop Pro X5 (x32 Version: 15.1.0.10)
Corel PaintShop Pro X5 (x32 Version: 15.2.0.12)
Corel Shell Extension - 64Bit (Version: 14.0)
CorelDRAW Essentials 4 - Content (x32 Version: 4.0)
CorelDRAW Essentials 4 - Draw (x32 Version: 4.0)
CorelDRAW Essentials 4 - Filters (x32 Version: 4.0)
CorelDRAW Essentials 4 - ICA (x32 Version: 4.0)
CorelDRAW Essentials 4 - IPM - No VBA (x32 Version: 4.0)
CorelDRAW Essentials 4 - Lang BR (x32 Version: 4.0)
CorelDRAW Essentials 4 - Lang DE (x32 Version: 4.0)
CorelDRAW Essentials 4 - Lang EN (x32 Version: 4.0)
CorelDRAW Essentials 4 - Lang ES (x32 Version: 4.0)
CorelDRAW Essentials 4 - Lang FR (x32 Version: 4.0)
CorelDRAW Essentials 4 - Lang IT (x32 Version: 4.0)
CorelDRAW Essentials 4 - Lang NL (x32 Version: 4.0)
CorelDRAW Essentials 4 - PHOTO-PAINT (x32 Version: 4.0)
CorelDRAW Essentials 4 - Windows Shell Extension (x32 Version: 1.1)
CorelDRAW Essentials 4 - Windows Shell Extension (x32)
CorelDRAW Essentials 4 (x32 Version: 4.0)
CorelDRAW Essentials 4 (x32)
CrypTool 1.4.31 (x32 Version: 1.4.31)
CustomerResearchQFolder (x32 Version: 1.00.0000)
CyberGhost VPN
CyberLink LabelPrint (x32 Version: 2.5.3418)
CyberLink MediaShow (x32 Version: 5.0.1410a)
CyberLink MediaShow Espresso (x32 Version: 5.5.1412_24021a)
CyberLink PhotoNow (x32 Version: 1.1.0.6904)
CyberLink Power2Go (x32 Version: 6.1.3802)
CyberLink PowerDirector (x32 Version: 8.0.3224a)
CyberLink PowerDVD 10 (x32 Version: 10.0.2225)
CyberLink PowerDVD Copy (x32 Version: 1.5.1306)
CyberLink PowerProducer (x32 Version: 5.0.2.2429)
CyberLink YouCam (x32 Version: 3.1.3428)
D3DX10 (x32 Version: 15.4.2368.0902)
Deep Exploration (x32 Version: 5.0.4)
Deep Publish (x32 Version: 5.0.493)
Der Planer 4 Version 1.3 (x32)
DesignPro 5 (x32 Version: 5.0.1056)
DeviceDiscovery (x32 Version: 100.0.190.000)
DeviceManagementQFolder (x32 Version: 1.00.0000)
DivX-Setup (x32 Version: 2.6.1.44)
Dropbox (HKCU Version: 2.0.22)
Dupemaster 1.7.0.1 (x32 Version: 1.7.0.1)
ELBA BYTE 2.0 (x32)
Fahrtenbuch.de Version 10 (x32)
ffdshow v1.2.4422 [2012-04-09] (x32 Version: 1.2.4422.0)
FileViewPro (Version: 1.5)
Filzip 3.06 (x32 Version: 3.0.6)
Firebird 2.5.0.26074 (Win32) (x32 Version: 2.5.0.26074)
Fotogalerie (x32 Version: 16.4.3505.0912)
Fotogalerija (x32 Version: 16.4.3505.0912)
Fotogalleriet (x32 Version: 16.4.3505.0912)
Fotoğraf Galerisi (x32 Version: 16.4.3505.0912)
Fotótár (x32 Version: 16.4.3505.0912)
FoxTab PDF Creator (HKCU)
Free Audio Dub version 1.7.9.908 (x32 Version: 1.7.9.908)
Free Video Call Recorder for Skype version 1.1.0.319 (x32 Version: 1.1.0.319)
Free YouTube to MP3 Converter version 3.12.5.628 (x32 Version: 3.12.5.628)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería de fotos (x32 Version: 16.4.3505.0912)
Galeria fotografii (x32 Version: 16.4.3505.0912)
Galerie de photos (x32 Version: 16.4.3505.0912)
Gameforge Live 1.0 "Legend" (x32 Version: 1.0.1717)
gamelauncher-ps2-psg (HKCU)
gamelauncher-ps2-psg (x86)-Sony (HKCU)
G-Force (x32 Version: 4.3.1)
GIMP 2.8.4 (Version: 2.8.4)
GLC_Player (x32)
Google Chrome (x32 Version: 28.0.1500.72)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.153)
Haali Media Splitter (x32)
HP Color LaserJet 3600 (02/27/2007 61.063.461.41) (Version: 02/27/2007 61.063.461.41)
HP Color LaserJet CM1312 MFP Series 5.1 (Version: 5.1)
HP Customer Participation Program 10.0 (Version: 10.0)
HP Imaging Device Functions 10.0 (Version: 10.0)
hppCLJCM1312 (x32 Version: 005.001.00142)
hppFaxDrvCM1312 (x32 Version: 005.000.00001)
hppFaxUtilityCM1312 (x32 Version: 005.001.00137)
hppFonts (x32 Version: 001.001.00061)
hppManualsCM1312 (x32 Version: 005.001.00145)
hppQFolderCM1312 (x32 Version: 1.00.0000)
hppScanToCM1312 (x32 Version: 005.001.00140)
hppSendFaxCM1312 (x32 Version: 005.000.00001)
hppusgCM1312 (x32 Version: 1.1.0.1)
ICA (x32 Version: 14.2.0.1)
ICA (x32 Version: 15.1.0.10)
IMVU Avatar Chat Software (HKCU)
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2189)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.0.1014)
Internet Explorer (x32 Version: 9)
Internet-TV für Windows Media Center (x32 Version: 4.2.2.0)
IPM_PSP_COM (x32 Version: 14.2.0.1)
IPM_PSP_COM (x32 Version: 15.1.0.10)
IsoBuster 3.2 (x32 Version: 3.2)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
JCrypTool (x32 Version: 0.9.7)
Junk Mail filter update (x32 Version: 16.4.3505.0912)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190)
KODAK Create@Home Software (für dm) (x32 Version: 7.3.6392)
kuler (x32 Version: 2.0)
Landwirtschafts-Simulator 2009 Gold (x32)
LastChaosGER (x32 Version: 1.00.000)
Launch Manager (x32 Version: 1.5.1.2)
Lexware Info Service (x32 Version: 2.70.00.0081)
Lexware kassenbuch 2007 (x32 Version: 7.00)
Light Image Resizer 4.4.1.0 (x32 Version: 4.4.1.0)
MagicDisc 2.7.106 (x32)
MAGIX Content und Soundpools (x32 Version: 1.0.0.0)
MAGIX Speed burnR (MSI) (Version: 7.0.1.27)
MAGIX Speed burnR (MSI) (x32 Version: 7.0.1.27)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 100.0.170.000)
Mass Effect (x32 Version: 1.00)
Mass Effect 2 (x32 Version: 1.02)
Medion Home Cinema (x32 Version: 8.0.2213)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mobile Partner (x32 Version: 11.302.06.07.40)
Movie Maker (x32 Version: 16.4.3505.0912)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Firefox Packages (HKCU)
Mozilla Maintenance Service (x32 Version: 22.0)
MSI to redistribute MS VS2005 CRT libraries (x32 Version: 8.0.50727.42)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
MyKeyFinder (x32 Version: 2013)
Nero 6 Demo (x32)
Network Stumbler 0.4.0 (remove only) (x32)
No23 Recorder (x32 Version: 2.1.0.3)
NVIDIA PhysX (x32 Version: 9.09.0814)
ONAIR 4.0.0.855
Opera 12.15 (x32 Version: 12.15.1748)
Opera Next 15.0.1147.100 (x32 Version: 15.0.1147.100)
Origin (x32 Version: 9.1.12.73)
Overwolf (x32 Version: 0.41.236)
Pando Media Booster (x32 Version: 2.3.6.0)
PDF Settings CS4 (x32 Version: 9.0)
PDFCreator (x32 Version: 1.6.0)
Personal ID (x32 Version: 1.8.5.202)
Phoenix Viewer 1.6.0.1691 (x32)
Photo Common (x32 Version: 16.4.3505.0912)
Photo Gallery (x32 Version: 16.4.3505.0912)
Photoshop Camera Raw (x32 Version: 5.0)
Photoshop Camera Raw_x64 (Version: 5.0)
Pixel Bender Toolkit (x32 Version: 1.0)
PlanetSide 2 (HKCU Version: 1.0.3.181)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Poczta usługi Windows Live (x32 Version: 16.4.3505.0912)
Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912)
Pokki (HKCU Version: 0.260.6.332)
Pošta Windows Live (x32 Version: 16.4.3505.0912)
Power MP3 WMA Converter 2011, (ver 6.1) (x32 Version: 6.1)
PSPPContent (x32 Version: 14.3.0.2)
PSPPContent (x32 Version: 15.2.0.12)
PSPPHelp (x32 Version: 14.2.0.1)
PSPPHelp (x32 Version: 15.1.0.10)
PSPPro64 (Version: 14.2.0.1)
PSPPro64 (Version: 15.1.0.10)
pTool 2.0 (Beta 9 - Build 5151.1) (Version: 2.0.5151.1)
QuickTime (x32 Version: 7.73.80.64)
Raccolta foto (x32 Version: 16.4.3505.0912)
RAR Password Recovery v1.1 RC16 (remove only) (x32)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6237)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30121)
REALTEK Wireless LAN Driver (x32 Version: 1.00.0148)
Registry Repair 4.1.0.388 (x32 Version: 4.1.0.388)
Remote Mouse version 1.09 (x32 Version: 1.09)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0)
Revo Uninstaller 1.94 (x32 Version: 1.94)
RollerCoaster Tycoon 3 (x32 Version: 1.00.000)
Safari (x32 Version: 5.34.55.3)
SAM3 (remove only) (x32)
Samplitude Music Studio 2013 (Demo projects) (Version: 1.0.0.0)
Samplitude Music Studio 2013 (Demo projects) (x32 Version: 1.0.0.0)
Samplitude Music Studio 2013 (Independence) (Version: 1.1.0.0)
Samplitude Music Studio 2013 (Independence) (x32 Version: 1.1.0.0)
Samplitude Music Studio 2013 (Introductory videos) (Version: 1.0.0.0)
Samplitude Music Studio 2013 (Introductory videos) (x32 Version: 1.0.0.0)
Samplitude Music Studio 2013 (Object synthesizers) (Version: 1.0.0.0)
Samplitude Music Studio 2013 (Object synthesizers) (x32 Version: 1.0.0.0)
Samplitude Music Studio 2013 (Solo Jam-Session & Easy-Recording Content) (Version: 1.0.0.0)
Samplitude Music Studio 2013 (Solo Jam-Session & Easy-Recording Content) (x32 Version: 1.0.0.0)
Samplitude Music Studio 2013 (Version: 19.0.1.18)
Samplitude Music Studio 2013 (x32 Version: 19.0.1.18)
Samplitude Music Studio 2013 Soundpools (Version: 1.0.0.0)
SecondLifeViewer (remove only) (x32)
Secret City (x32 Version: 1.9.4152)
Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005)
Setup (x32 Version: 14.2.0.1)
Setup (x32 Version: 15.1.0.10)
SHOUTcast Source DSP Plug-in v2 (x32 Version: 2.3.2)
SimCity 4 Deluxe (x32)
Skype™ 6.6 (x32 Version: 6.6.106)
Spotify (HKCU Version: 0.8.5.1333.g822e0de8)
StarMoney (x32 Version: 2.0)
StarMoney Business 4.0 Deutsche Bank Edition (x32 Version: 4.0)
streamWriter (x32)
Suite Shared Configuration CS4 (x32 Version: 1.0)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 14.0.19.0)
System Requirements Lab for Intel (x32 Version: 4.5.11.0)
TeamSpeak 3 Client (x32 Version: 3.0.10.1)
TERA (x32 Version: 19.04.02.03.hf3)
The Void (x32)
TrayApp (x32 Version: 100.0.170.000)
Tunatic (x32)
TuneUp Utilities (x32 Version: 9.0.6030.1)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 9.0.6030.1)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Valokuvavalikoima (x32 Version: 16.4.3505.0912)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
Versandhelfer (x32 Version: 0.9.511)
Virtual DJ Pro Full - Atomix Productions (x32)
Vita 2 (Version: 1.0.0.0)
Vita 2 Zusatzcontent (Version: 1.0.0.0)
Vita Bass Machine (Version: 1.0.0.0)
Vita Rock Drums (Version: 1.0.0.0)
Vita String Ensemble (Version: 1.0.0.0)
Vita World Percussion (Version: 1.0.0.0)
VLC media player 2.0.7 (Version: 2.0.7)
VobSub v2.23 (Remove Only) (x32)
VR-NetWorld (x32)
WebReg (x32 Version: 100.0.170.000)
WhiteCap (x32 Version: 5.7)
Winamp (x32 Version: 5.63 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mail (x32 Version: 16.4.3505.0912)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live Temel Parçalar (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer (x32 Version: 16.4.3505.0912)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 16.4.3505.0912)
Windows Liven peruspaketti (x32 Version: 16.4.3505.0912)
Windows Liven sähköposti (x32 Version: 16.4.3505.0912)
Windows Media Center Add-in for Silverlight (x32 Version: 4.7.3.0)
Windows Media Encoder 9 Series (x32 Version: 9.00.2980)
Windows Media Encoder 9 Series (x32)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
Wizard101(DE) (HKCU)
X10 Hardware(TM) (x32)
XviD MPEG4 Video Codec (remove only) (x32)
Zylom Games Player Plugin (x32)
Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912)

==================== Restore Points  =========================

24-07-2013 12:56:30 Ende der Bereinigung

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-07-23 23:46 - 00000027 ___AC C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {025C7BE0-828A-4F15-A414-9E3E9AB7B1EA} - System32\Tasks\{019D58B1-A578-400D-B426-CC13D7AACCC0} => C:\Users\Rolf\Desktop\kaspersky 2013 v1.5.exe No File
Task: {02DA0482-068E-4F85-B654-AE5299E5FFB3} - System32\Tasks\{3D724BC1-92BC-4C72-A3B3-C8963B6711B6} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File
Task: {07740EDC-4571-4CA2-ADD9-BFD68A8BDDDF} - System32\Tasks\{0ED69297-7F8D-420E-87DA-A8B55DB3F9E8} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File
Task: {0CA42A4E-E332-4172-ABD9-97FE281AE41E} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {0EF436C6-5FE3-4C04-BAD4-E1224521F8F7} - System32\Tasks\{103BC36F-E39D-436A-A96B-0ED237294517} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File
Task: {1A6E699F-C784-4DB9-AE5D-E3CA438946AB} - System32\Tasks\{90277C71-A51A-4359-B20F-DDEA4C452C07} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File
Task: {1B039CE7-EBEA-442E-8285-A317AAD4FCDE} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {1B2D3140-1393-4461-951E-8201C64F1005} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {1E1C9306-C92C-4B89-9C34-861D56113141} - System32\Tasks\{932D83EC-3CC9-4FC0-8405-62BF2F0A1406} => C:\Program Files (x86)\EA Games\OfficialCnCTiberianSun\EA Games\Command &amp; Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe No File
Task: {255CEB58-0B05-496D-A462-6517EC9E4CCA} - System32\Tasks\{9F6B39F3-C7D6-4EEE-8DED-54DC3839E685} => C:\Program Files (x86)\EA Games\OfficialCnCTiberianSun\EA Games\Command &amp; Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe No File
Task: {26956EAA-F22B-43D1-BC3E-2A8ECD7ED558} - System32\Tasks\{4EC1C7A4-8B4B-46B2-8665-3B4183D76979} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File
Task: {2B180D9B-72AF-423B-83B5-FE49CBB85FBE} - System32\Tasks\{BA825787-C777-43EC-B407-71A2791FD93B} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File
Task: {2C129A24-9CA2-46FD-A2C8-997FDFA9E29D} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe No File
Task: {30F68281-62DF-4C74-819F-9FEDA30C035F} - System32\Tasks\{A6D3B4C2-A677-4C43-8128-81343F07C384} => C:\Users\Rolf\Desktop\kaspersky 2013 v1.5.exe No File
Task: {32848A34-6DD6-44C2-879A-D743446D83B6} - System32\Tasks\{DCC500CA-27CB-4FE5-B6E3-260A771F78BB} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File
Task: {339BAD03-E809-4A6C-8119-C49C6F19B8C9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {36D9B279-EEAB-4FC9-835E-5223163EA37A} - System32\Tasks\{6971E8A6-8D79-40A8-8B40-D5F92BF8BA4B} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File
Task: {3A4C7FFA-4163-4307-84D4-506D819EAB1B} - System32\Tasks\{299703E3-2B94-4683-87E8-40E546E79CDD} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File
Task: {3D1935E0-99A5-4807-8542-F10D8B946670} - System32\Tasks\{2A4B57EB-DB05-4229-B619-B1DBEF683BDD} => C:\Program Files (x86)\EA Games\OfficialCnCTiberianSun\EA Games\Command &amp; Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe No File
Task: {3F2831B3-6BBC-4E3E-8865-7E1AEC03A10D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-23] (Google Inc.)
Task: {41F26DA5-B69D-442A-BFCB-F0755A2149A0} - System32\Tasks\{25A4898A-5819-4AA4-BC73-B4CB401DDC97} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File
Task: {43456866-37E6-430A-8920-E86D686D0CBE} - System32\Tasks\{3A8EBCFF-7198-49CF-986E-A789C64F20A8} => C:\Program Files (x86)\Zylom Games\Chocolatier Deluxe\chocolatier.exe No File
Task: {44745CA2-38B7-46E6-A157-8D60C5592D52} - System32\Tasks\{BA4B9075-C0E7-4315-A5F1-6E0DAA4437EB} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File
Task: {59D10E3F-614E-4716-A038-BA9F4D3ABC93} - System32\Tasks\{9040B1C9-7DBE-4A8D-BDA2-A8A13DD70868} => C:\Program Files (x86)\Der Planer 4\Planer4.exe [2010-04-10] ()
Task: {5A4BD5E8-36F2-4642-962C-4241225D2562} - System32\Tasks\{38F5C1D0-6B37-425A-A062-99EBDB339F7B} => C:\Users\Rolf\Desktop\kaspersky 2013 v1.5.exe No File
Task: {5AD05DC8-BA66-4C2D-BC7A-636CE7084BA7} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {5D51769E-3A08-48D3-9675-BB86A1D751FE} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe [2011-11-21] (TuneUp Software)
Task: {5E3C5AF2-D58A-4BBD-85E1-DE1992F99F2C} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {601115A6-190F-4DDB-A828-0080D2018DDB} - System32\Tasks\{77EE50E3-1C9A-439D-861F-43646AD66AC7} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File
Task: {61167AE7-1DC9-43D7-A346-032954DBD6C0} - System32\Tasks\{AEE76F17-A316-4153-95E1-75E307A477C2} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File
Task: {67650383-D826-484A-9F83-9F77B9AAE83D} - System32\Tasks\{50CC8298-29F1-4249-B98A-A8E79F619013} => C:\Users\Rolf\Desktop\StarCraft_2_EU_de-DE.exe No File
Task: {69BE02BE-920B-4B01-A4EE-16979EE094C8} - System32\Tasks\{06B7682F-68DE-4311-AE8C-3E50085DAD4F} => C:\Program Files\gPotato.eu\Rappelz\unins000.exe No File
Task: {6D43813D-CA2A-42F0-8349-9124D8336A2A} - System32\Tasks\{59E6FB02-9035-4592-B5C9-2550563E6B17} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File
Task: {6D9E20E4-BFC4-4B29-B83E-301F1334F334} - System32\Tasks\{AF91347D-9BA8-4319-B6C0-A61AABB5B00B} => C:\Program Files (x86)\Winamp\winamp.exe [2012-06-28] (Nullsoft, Inc.)
Task: {71AAD05B-BD86-41D6-A400-F67560EBEF39} - System32\Tasks\{5F051E24-69DD-4286-A3C1-971FD469C0D4} => C:\Program Files (x86)\FreeGamesArea\Monopoly Deluxe\monopoly-deluxe.exe No File
Task: {71F576C1-6E3B-4399-AC9D-1B2F00A972A9} - System32\Tasks\{CE698B20-CCF9-47A0-A14F-58E2C9E7B825} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File
Task: {7A6EA98F-53F4-4D42-BB48-44529D6362A1} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe No File
Task: {7C79C571-6885-41D7-A099-3BF0CBAFB05C} - System32\Tasks\{43374E23-E2E8-4BBB-86FA-EF804079086D} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File
Task: {7E831404-C053-49F1-9BAC-66C9AA96706B} - System32\Tasks\{7E669D40-C3DE-4255-B8A6-8B4ECD438CE6} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File
Task: {7FA019AF-CBFC-4795-A903-E8F940370F07} - System32\Tasks\{0B127B73-B75F-471D-8D38-8D86C4EF25C4} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File
Task: {84848483-5A0B-486C-AD28-E21381B7047E} - System32\Tasks\{0E0A534E-3490-4629-8DAF-B00C53D88B38} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File
Task: {8624027B-D9A7-40CF-8279-98BEF5B5038C} - System32\Tasks\{49961235-AB9F-459D-869D-053562B45939} => C:\Program Files\gPotato.eu\Rappelz\unins000.exe No File
Task: {94F78F13-D411-4F37-8C2A-4C0E0A8E230A} - System32\Tasks\User_Feed_Synchronization-{0AF23A97-653E-4B26-A3DD-52F6F8B9DA00} => C:\Windows\system32\msfeedssync.exe [2013-04-13] (Microsoft Corporation)
Task: {A1D6733A-78DF-457E-91A2-EBD166F4F47D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A24F704A-3AB2-44D3-8EFF-7BFD8A38AC51} - System32\Tasks\{CF7E47E4-318F-4815-A408-36F202B63984} => C:\Users\Rolf\Desktop\StarCraft_2_EU_de-DE.exe No File
Task: {A389AD47-9C81-4C10-BCB7-73E08EF98CD4} - System32\Tasks\{39129BCD-4F26-4841-BD54-46221B962376} => C:\Program Files (x86)\Winamp\winamp.exe [2012-06-28] (Nullsoft, Inc.)
Task: {A6761522-46FF-4C76-9C73-BC7BC68FA12A} - System32\Tasks\{91657AA8-DFAB-4CF5-99E6-FBDF66218F24} => c:\program files (x86)\google\chrome\application\chrome.exe [2013-07-12] (Google Inc.)
Task: {B13D2428-9F5E-40AA-A589-7F9C9E6E3DA9} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2010-09-15] (Haufe-Lexware GmbH & Co. KG)
Task: {B933665B-51E0-47AE-B3F7-850360328AB5} - System32\Tasks\{A1EBCEF7-D012-4B00-B942-BDC2887ECD9A} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File
Task: {C6FFE842-9F53-4362-9E29-C1C311E3A3AC} - System32\Tasks\{76324A2B-5FE0-4F93-818C-4EC41F92A1CD} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File
Task: {C84E7010-4650-478B-9EB3-B970A0171AE1} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {C9109639-B843-4A65-8CFA-7C3E609FC2D2} - System32\Tasks\AdobeAAMUpdater-1.0-RolfLaptop-Rolf => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {D79C1612-88B5-4945-AC3C-33AB6A6AE9B1} - System32\Tasks\{739BDCE6-AD95-498A-8B05-4EC9DFF2D499} => C:\Program Files (x86)\EA Games\OfficialCnCTiberianSun\EA Games\Command &amp; Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe No File
Task: {D98B09B0-611A-4665-801B-FE6C84AE6BBC} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {D9D78400-BA53-4266-BF93-16F8A5876251} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-23] (Google Inc.)
Task: {DA708E7F-3907-4E32-B168-7240A367A2F0} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe No File
Task: {E2B780FE-6221-47DD-B26D-31EA93A5E3D9} - System32\Tasks\{748CF9BB-4D5B-4C1F-BBB1-1A5F89EEF606} => C:\Program Files (x86)\EA Games\OfficialCnCTiberianSun\EA Games\Command &amp; Conquer The First Decade\Command &amp; Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe No File
Task: {EBC98594-8C85-4AAC-9F6E-E4FA305EA3AA} - System32\Tasks\{E71E05E6-0EB9-4A91-9FED-C677F4DEB6BE} => C:\Program Files\gPotato.eu\FlyFF\Flyff.exe No File
Task: {F0635186-F4FE-45A6-86DB-2C7CF400AF2B} - System32\Tasks\{4FB514FF-057E-4016-AD3A-398007EF41FA} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File
Task: {F2F12700-FB10-4156-A0F2-8A50D50EC1EA} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {F35B5A61-C74D-43AD-9F54-ED8D33A84FBC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-14] (Adobe Systems Incorporated)
Task: {F5658438-1A8F-4FC2-925F-5B01649CA852} - System32\Tasks\{54687B93-FDAF-486F-8905-D0282F757CB8} => C:\Program Files (x86)\EA Games\OfficialCnCTiberianSun\EA Games\Command &amp; Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe No File
Task: {F7A87CEC-F3B6-41C3-A707-814A9079A13E} - System32\Tasks\{F9916BE5-3E0A-4C49-A4D5-B497A59586C6} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File
Task: {FC0E827C-A43D-459E-A65D-6E565DD05419} - System32\Tasks\{DFE7FBAF-3514-40A2-A362-5968298FCAD3} => C:\Program Files (x86)\FreeGamesArea\Monopoly Deluxe\monopoly-deluxe.exe No File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: Anwenderinfrarotgeräte
Description: Anwenderinfrarotgeräte
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: circlass
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/27/2013 07:04:28 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/27/2013 06:16:27 PM) (Source: Application Error) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm tv_w32.exe wurde wegen dieses Fehlers geschlossen.

Programm: tv_w32.exe
Datei: 

Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
	- diese sich im Netzwerk befindet, 
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
	- diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. 
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.

Zusätzliche Daten
Fehlerwert: C0000098
Datenträgertyp: 0

Error: (07/27/2013 06:16:27 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: tv_w32.exe, Version: 0.0.0.0, Zeitstempel: 0x51da9b6b
Name des fehlerhaften Moduls: tv_w32.dll, Version: 0.0.0.0, Zeitstempel: 0x51da9b67
Ausnahmecode: 0xc0000006
Fehleroffset: 0x00008e20
ID des fehlerhaften Prozesses: 0x10290
Startzeit der fehlerhaften Anwendung: 0xtv_w32.exe0
Pfad der fehlerhaften Anwendung: tv_w32.exe1
Pfad des fehlerhaften Moduls: tv_w32.exe2
Berichtskennung: tv_w32.exe3

Error: (07/27/2013 05:10:04 PM) (Source: MsiInstaller) (User: RolfLaptop)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageName", Wert: "") für Schlüssel "HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList".

Error: (07/27/2013 05:07:49 PM) (Source: MsiInstaller) (User: RolfLaptop)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageName", Wert: "") für Schlüssel "HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList".

Error: (07/27/2013 03:43:44 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15631

Error: (07/27/2013 03:43:44 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15631

Error: (07/27/2013 03:43:44 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/26/2013 08:09:46 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (07/26/2013 08:09:46 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.


System errors:
=============
Error: (07/27/2013 07:06:52 PM) (Source: DCOM) (User: )
Description: 1084SkypeUpdate/ComService{CC957078-B838-47C4-A7CF-626E7A82FC58}

Error: (07/27/2013 07:04:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (07/27/2013 07:04:40 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (07/27/2013 07:04:40 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (07/27/2013 07:04:28 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/27/2013 07:04:21 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (07/27/2013 07:03:52 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
discache
KLIF
kneps
spldr
Wanarpv6

Error: (07/27/2013 07:03:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

Error: (07/27/2013 07:03:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

Error: (07/27/2013 07:03:50 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (07/27/2013 07:04:28 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe

Error: (07/27/2013 06:16:27 PM) (Source: Application Error)(User: )
Description: tv_w32.exeC00000980

Error: (07/27/2013 06:16:27 PM) (Source: Application Error)(User: )
Description: tv_w32.exe0.0.0.051da9b6btv_w32.dll0.0.0.051da9b67c000000600008e201029001ce8ada1f8c121cH:\tv_w32.exeH:\tv_w32.dlle356a408-f6d7-11e2-bd43-00262dc36228

Error: (07/27/2013 05:10:04 PM) (Source: MsiInstaller)(User: RolfLaptop)
Description: PackageNameHKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList(NULL)(NULL)(NULL)

Error: (07/27/2013 05:07:49 PM) (Source: MsiInstaller)(User: RolfLaptop)
Description: PackageNameHKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList(NULL)(NULL)(NULL)

Error: (07/27/2013 03:43:44 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15631

Error: (07/27/2013 03:43:44 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15631

Error: (07/27/2013 03:43:44 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/26/2013 08:09:46 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (07/26/2013 08:09:46 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000


CodeIntegrity Errors:
===================================
  Date: 2013-07-23 23:38:37.760
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-23 23:38:37.604
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-22 06:50:59.573
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-22 06:50:59.573
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-22 06:50:59.557
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-22 05:41:55.800
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-22 05:41:55.800
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-22 05:41:55.800
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-20 17:39:28.067
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-20 17:39:28.065
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 32%
Total physical RAM: 3893.49 MB
Available physical RAM: 2631.32 MB
Total Pagefile: 7785.16 MB
Available Pagefile: 6539.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:546.25 GB) (Free:274.3 GB) NTFS (Disk=0 Partition=2)
Drive d: (Recover) (Fixed) (Total:48.83 GB) (Free:7.32 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=546 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1023 MB) - (Type=12)

==================== End Of Log ============================
         
nach ausschalten des rechners startet er die ganze zeit so eine art windows eigenes system start repair programm und schmiert dabei ab oder meint es sei alles in ordnung dabei geht gar nix ausser abgesicherter modus -.-*

Alt 28.07.2013, 07:18   #5
schrauber
/// the machine
/// TB-Ausbilder
 

backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar - Standard

backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
ZeroAccess:
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\@
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\L
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\L\00000004.@
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\00000004.@
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\00000008.@
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\000000cb.@
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\80000000.@
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\80000032.@
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Normal starten.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.07.2013, 07:41   #6
saufbiene
 
backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar - Standard

backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar



so ich habe jetzt ein problem das ist das er nicht mehr windows in abgesicherten modus startet -.-*

sondern immer wieder chdsk oder chkdk ausführt
-.-*

und das system versucht zu repparieren ohne das er abgesicherten modus starten kann was soll ich machen und wie verhindere ich die chdsk?

Alt 28.07.2013, 07:43   #7
schrauber
/// the machine
/// TB-Ausbilder
 

backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar - Standard

backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar



hi,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.07.2013, 12:07   #8
saufbiene
 
backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar - Standard

backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar



hier der frst log über usb stick


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-07-2013 04
Ran by SYSTEM on 28-07-2013 09:02:08
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11548264 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2181224 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [Seagull Drivers] - ssdal_nc.exe startup [x]
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [HP Color LaserJet CM1312 MFP Series Fax] - C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe [3700736 2009-09-22] (Hewlett-Packard Company)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-19] (Adobe Systems Incorporated)
HKLM-x32\...\Runonce: [ Malwarebytes Anti-Malware  (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x]
HKLM-x32\...\Run: [HotkeyApp] - C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] - C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM-x32\...\Run: [Wbutton] - C:\Program Files (x86)\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2010-10-28] (CyberLink)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642816 2012-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] - C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [378224 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPUsageTracking] - C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe [24576 2009-05-11] (Hewlett-Packard Company)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-02-28] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-24] (Adobe Systems Incorporated)
HKU\Default\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-22] ()
HKU\Default User\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-22] ()
HKU\Rolf\...\Run: [AdobeBridge] - C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe [13145448 2008-08-28] (Adobe Systems, Inc.)
HKU\Rolf\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-11-05] ()
HKU\Rolf\...\Run: [Akamai NetSession Interface] - C:\Users\Rolf\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-04] (Akamai Technologies, Inc.)
HKU\Rolf\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Rolf\...\Run: [Personal ID] - C:\PROGRA~2\COOLSP~1\PERSON~1\PID.EXE [1132984 2012-01-02] (coolspot AG, Düsseldorf)
HKU\Rolf\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
Startup: C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
BootExecute: autocheck autochk /r \??\C:autocheck autochk /p \??\G:autocheck autochk * 

==================== Services (Whitelisted) =================

S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-14] (Adobe Systems Incorporated)
S3 Akamai; c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll [3417376 2012-03-27] ()
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-02-28] (Kaspersky Lab ZAO)
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2430128 2011-12-06] (mobile concepts GmbH)
S2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project)
S3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MpsSvc; C:\Windows\SysWow64\. [0 2013-07-27] ()
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [5124464 2012-12-16] (INCA Internet Co., Ltd.)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-03-05] (Overwolf Ltd)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] ()
S2 StarMoney Business 4.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 4.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2013-03-02] (TuneUp Software)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-11-21] (TuneUp Software)
S3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2009-10-22] (Wistron Corp.)
S2 x10nets; C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe [20480 2009-11-07] (X10)

==================== Drivers (Whitelisted) ====================

S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-23] (GFI Software)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-26] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2013-02-28] (Kaspersky Lab)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2013-02-28] (Kaspersky Lab)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-26] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [913888 2009-09-24] (DiBcom SA)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.)
S3 NxpCap64; C:\Windows\System32\DRIVERS\NxpCap64.sys [1888864 2010-02-04] (NXP Semiconductors Germany GmbH)
S3 TrdCap64; C:\Windows\System32\DRIVERS\TrdCap64.sys [1887528 2010-06-09] (Trident Microsystems, Inc.)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-25] (TuneUp Software)
S3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S3 wolf; \??\C:\AeriaGames\WolfTeam-DE\avital\wolf64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-27 16:38 - 2013-07-27 16:39 - 07876512 ____C (Adobe Systems Inc.) C:\Users\Rolf\Downloads\Shockwave_Installer_Slim.exe
2013-07-27 15:55 - 2013-07-27 17:52 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-27 15:48 - 2013-07-27 15:48 - 00726464 ____C (Enigma Software Group USA, LLC.) C:\Users\Rolf\Downloads\SpyHunter-Installer (1).exe
2013-07-27 15:41 - 2013-07-27 15:54 - 00000000 ___DC C:\ProgramData\ParetoLogic
2013-07-27 15:41 - 2013-07-27 15:41 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\DriverCure
2013-07-27 15:39 - 2013-07-27 15:40 - 05799944 ____C (ParetoLogic, Inc.) C:\Users\Rolf\Downloads\RegCureProSetup_RW.exe
2013-07-27 15:39 - 2013-07-27 15:39 - 00001205 ____C C:\Users\Rolf\Downloads\FixNCR.reg
2013-07-27 15:29 - 2013-07-27 15:29 - 01440846 ____C C:\Users\Rolf\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-07-27 15:26 - 2013-07-27 15:26 - 13399154 ____C C:\Users\Rolf\Downloads\mbar-1.06.0.1004.zip
2013-07-27 15:24 - 2013-07-27 15:24 - 00204496 ____C (Malwarebytes) C:\Users\Rolf\Downloads\StartUpLite.exe
2013-07-27 10:49 - 2013-07-27 13:51 - 00000000 ___DC C:\ProgramData\HitmanPro
2013-07-27 10:49 - 2013-07-27 10:49 - 00000000 ___DC C:\Program Files\HitmanPro
2013-07-27 09:23 - 2013-07-27 09:23 - 00048384 ____C C:\Users\Rolf\Desktop\Addition.txt
2013-07-27 09:17 - 2013-07-27 09:17 - 00000000 ___DC C:\FRST
2013-07-27 07:43 - 2013-07-27 07:43 - 00002136 ____C C:\Users\Rolf\Downloads\Ashampoo_Burning_Studio_Elements_10.0.9__Setup_+_Keygen.torrent
2013-07-27 07:41 - 2013-07-27 07:41 - 00002182 ____C C:\Users\Rolf\Downloads\[torrent.cd].Ashampoo_Burning_Studio_Elements_10.0.9_Setup_+_Keygen.torrent
2013-07-27 07:00 - 2013-07-27 13:51 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Abelssoft
2013-07-27 07:00 - 2013-07-27 13:51 - 00000000 ___DC C:\Program Files (x86)\MyKeyFinder
2013-07-24 13:52 - 2013-07-24 13:53 - 01392906 ____C C:\Users\Rolf\Downloads\licensecrawler130.zip
2013-07-24 13:52 - 2013-07-24 13:52 - 00022220 ____C C:\Users\Rolf\Downloads\language_pack.zip
2013-07-24 08:40 - 2013-07-27 13:51 - 00000000 ___DC C:\Program Files (x86)\AC3 Player
2013-07-24 08:40 - 2013-07-24 08:40 - 00000000 ____C C:\END
2013-07-24 07:12 - 2013-07-24 07:12 - 00291890 ____C C:\Users\Rolf\Downloads\CraftGuide-1.6.7.3.zip
2013-07-24 07:11 - 2013-07-24 07:11 - 00287669 ____C C:\Users\Rolf\Downloads\CraftGuide-1.6.7.3-modloader.zip
2013-07-24 07:03 - 2013-07-24 07:03 - 00073973 ____C C:\Users\Rolf\Downloads\Railcraft_API_1.5.2-7.3.0.0.zip
2013-07-24 07:02 - 2013-07-24 07:03 - 02513074 ____C C:\Users\Rolf\Downloads\Railcraft_1.5.2-7.3.0.0.jar
2013-07-24 06:58 - 2013-07-24 06:58 - 00025282 ____C C:\Users\Rolf\Downloads\Elemental-Arrows-Mod-1.5.2.zip
2013-07-24 04:56 - 2013-07-24 04:56 - 00001157 ____C C:\DelFix.txt
2013-07-24 04:56 - 2013-07-24 04:56 - 00000000 ___DC C:\Windows\ERUNT
2013-07-24 04:49 - 2013-07-24 04:49 - 00706916 ____C C:\Users\Rolf\Desktop\delfix.exe
2013-07-24 04:41 - 2013-07-24 04:41 - 21703480 ____C (Mozilla) C:\Users\Rolf\Downloads\Firefox Setup 22.0.exe
2013-07-24 04:08 - 2013-07-24 04:08 - 12931078 ____C C:\Users\Rolf\Downloads\SCFanpackage.zip
2013-07-23 18:21 - 2013-07-23 18:21 - 00001379 ____C C:\Users\Rolf\Desktop\aestool - Verknüpfung.lnk
2013-07-23 13:13 - 2013-07-24 04:54 - 00000000 ___DC C:\Windows\erdnt
2013-07-23 12:52 - 2013-07-23 12:52 - 00246561 ____C C:\Users\Rolf\Downloads\superfish adware mit blockierung des antiviren programs - Trojaner-Board.htm
2013-07-23 12:52 - 2013-07-23 12:52 - 00000000 ___DC C:\Users\Rolf\Downloads\superfish adware mit blockierung des antiviren programs - Trojaner-Board_files
2013-07-23 09:30 - 2013-07-23 09:30 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\LavasoftStatistics
2013-07-23 09:18 - 2013-07-23 09:18 - 00000000 ___DC C:\ProgramData\Downloaded Installations
2013-07-23 09:17 - 2013-07-23 09:17 - 00000000 ___DC C:\Program Files (x86)\Toolbar Cleaner
2013-07-23 09:14 - 2013-07-23 09:14 - 05616264 ____C (Lavasoft Limited) C:\Users\Rolf\Downloads\Adaware53_Installer.exe
2013-07-23 09:14 - 2013-07-23 09:14 - 00014456 ____C (GFI Software) C:\Windows\System32\Drivers\gfibto.sys
2013-07-23 07:47 - 2013-07-23 07:47 - 07937056 ____C C:\Users\Rolf\Downloads\Nightcore - Dynamite.mp4
2013-07-23 07:46 - 2013-07-23 07:46 - 06018938 ____C C:\Users\Rolf\Downloads\Nightcore - Chipz In Black.mp4
2013-07-23 06:36 - 2013-07-23 06:36 - 00726464 ____C (Enigma Software Group USA, LLC.) C:\Users\Rolf\Downloads\SpyHunter-Installer.exe
2013-07-22 04:52 - 2013-07-22 04:52 - 00000000 ___DC C:\Users\Rolf\Documents\My Games
2013-07-21 02:21 - 2013-07-21 02:26 - 321314481 ____C C:\Users\Rolf\Downloads\Winx Club Staffel 5 Folge 1 Die Ölkatastrophe HD Ganze Folge Deutsch _ German.mp4
2013-07-20 10:13 - 2013-07-20 10:18 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy
2013-07-20 10:13 - 2013-07-20 10:13 - 00000000 ___DC C:\Windows\System32\Tasks\Safer-Networking
2013-07-20 08:16 - 2013-07-20 08:34 - 417923699 ____C C:\Users\Rolf\Downloads\OM M.rar
2013-07-20 07:49 - 2013-07-20 07:49 - 00659797 ____C C:\Users\Rolf\Downloads\VisualBoyAdvance-1.8.0-beta3.zip
2013-07-20 07:49 - 2013-07-20 07:49 - 00108176 ____C C:\Users\Rolf\Downloads\Metroid 2 - Return of Samus.zip
2013-07-20 07:43 - 2013-07-20 07:48 - 296225020 ____C C:\Users\Rolf\Downloads\Metroid Prime 3 - Trilogy Remaster.zip
2013-07-20 07:24 - 2013-07-20 07:25 - 36271144 ____C (Safer-Networking Ltd.                                       ) C:\Users\Rolf\Downloads\spybot-2.1.exe
2013-07-20 06:00 - 2013-07-20 06:00 - 00000000 ___DC C:\ProgramData\StarApp
2013-07-20 06:00 - 2013-07-20 06:00 - 00000000 ___DC C:\ProgramData\InstallMate
2013-07-20 05:33 - 2013-07-27 15:27 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-20 05:33 - 2013-04-04 04:50 - 00025928 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-20 05:23 - 2013-07-20 05:23 - 10285040 ____C (Malwarebytes Corporation                                    ) C:\Users\Rolf\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-19 16:51 - 2013-07-19 16:51 - 17355680 ____C C:\Users\Rolf\Downloads\Crazy Frog - Popcorn.mp4
2013-07-19 16:45 - 2013-07-19 16:45 - 09920468 ____C C:\Users\Rolf\Downloads\CRAZY FROG - Daddy DJ (Clip Officiel).mp4
2013-07-19 16:41 - 2013-07-19 16:41 - 11178752 ____C C:\Users\Rolf\Downloads\Crazy Frog - We Are The Champions.mp4
2013-07-19 13:19 - 2013-07-19 13:19 - 01492584 ____C (Skype Technologies S.A.) C:\Users\Rolf\Downloads\SkypeSetup.exe
2013-07-19 12:34 - 2013-07-19 12:34 - 04179944 ____C (TeamViewer) C:\Users\Rolf\Downloads\TeamViewerQS_de.exe
2013-07-19 09:04 - 2013-07-19 09:05 - 00000000 ___DC C:\Users\Rolf\Downloads\93655
2013-07-19 08:48 - 2013-07-19 08:48 - 00050433 ____C C:\Users\Rolf\Downloads\convert2mp3_video_converter_1.7.crx
2013-07-19 08:46 - 2013-07-19 08:47 - 16658002 ____C C:\Users\Rolf\Downloads\CH!PZ - 1001 Arabian Nights (HQ) OFFICIAL VIDEO FULL HD.mp4
2013-07-19 08:17 - 2013-07-19 08:57 - 123504950 ____C C:\Users\Rolf\Downloads\BSS0H5eVmj9SFYaw-avXtf0rlxafo5XO6bA85w3nUtU.rar
2013-07-19 02:44 - 2013-07-19 02:51 - 00000000 ___DC C:\Windows\System32\MRT
2013-07-18 12:40 - 2013-07-18 12:40 - 00000182 ____C C:\Users\Rolf\Downloads\stream.asx
2013-07-17 17:02 - 2013-07-17 17:01 - 00927399 ____C C:\Users\Rolf\Downloads\CryptMaster.exe
2013-07-17 16:48 - 2013-07-17 16:48 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Unity
2013-07-17 16:08 - 2013-07-17 16:08 - 00000000 ___DC C:\Program Files (x86)\AntiTwin
2013-07-17 16:07 - 2013-07-17 16:07 - 00643592 ____C (Unity Technologies ApS) C:\Users\Rolf\Downloads\UnityWebPlayer.exe
2013-07-17 16:07 - 2013-07-17 16:07 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Unity
2013-07-17 05:50 - 2013-07-17 05:50 - 00816474 ____C C:\Users\Rolf\Downloads\AntiTwin_19Beta_Setup.exe
2013-07-16 10:18 - 2013-07-16 10:19 - 01327680 ____C C:\Users\Rolf\Downloads\CryptMaster-Downloader.exe
2013-07-16 08:04 - 2013-07-16 08:04 - 00085204 ____C C:\Users\Rolf\Documents\AdwCleaner[S1] gelöschte adwares.txt
2013-07-16 07:48 - 2013-07-16 07:49 - 00000098 ____C C:\Windows\DeleteOnReboot.bat
2013-07-16 06:03 - 2013-07-16 06:03 - 00018702 ____C C:\Users\Rolf\Downloads\044.crx
2013-07-16 04:14 - 2013-07-16 04:15 - 00000000 ___DC C:\Users\Rolf\Desktop\Bilder
2013-07-15 02:56 - 2013-07-15 02:56 - 00035058 ____C C:\Users\Rolf\Downloads\[FileCopter]turbomodelthingy.zip
2013-07-14 12:35 - 2013-07-14 12:40 - 111769046 ____C C:\Users\Rolf\Downloads\AetherII_Alpha_v1.0.2_MC1.5.1.zip
2013-07-14 12:35 - 2013-07-14 12:35 - 00967536 ____C C:\Users\Rolf\Downloads\AetherII_Alpha_v1.0.2_MC1.5.1.exe
2013-07-14 10:10 - 2013-07-14 10:13 - 03375803 ____C C:\Users\Rolf\Downloads\Industrial-Craft-2-Mod-1.5.2.jar
2013-07-14 09:47 - 2013-07-14 09:47 - 01153651 ____C C:\Users\Rolf\Downloads\Buildcraft Mod 1.5.2.jar
2013-07-14 09:45 - 2013-07-14 09:45 - 00008007 ____C C:\Users\Rolf\Downloads\Atomic-Science-API-1.5.2.zip
2013-07-14 07:24 - 2013-07-14 07:24 - 00967536 ____C C:\Users\Rolf\Downloads\der letzte sommer.exe
2013-07-13 05:12 - 2013-07-27 13:51 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\.minecraft
2013-07-12 17:17 - 2013-07-12 17:17 - 00000000 ___DC C:\My Games
2013-07-12 17:14 - 2013-07-12 17:14 - 00003006 ____C C:\Windows\System32\Tasks\{3A8EBCFF-7198-49CF-986E-A789C64F20A8}
2013-07-12 14:04 - 2013-07-12 14:04 - 00000000 ___DC C:\ProgramData\Sandlot Games
2013-07-12 14:01 - 2013-07-12 14:01 - 00000000 ___DC C:\Program Files (x86)\Cake Mania 2
2013-07-12 13:58 - 2013-07-12 13:58 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Big Fish
2013-07-12 13:57 - 2013-07-12 13:57 - 00000000 ___DC C:\Boonty
2013-07-12 08:58 - 2013-07-12 08:58 - 00001004 ____C C:\Users\Rolf\Desktop\tatoos - Verknüpfung.lnk
2013-07-10 14:49 - 2013-07-10 14:50 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-10 14:49 - 2013-07-10 14:50 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-10 14:49 - 2013-07-10 14:50 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 14:49 - 2013-07-10 14:50 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 14:49 - 2013-07-10 14:50 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-10 14:49 - 2013-07-10 14:50 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 14:49 - 2013-07-10 14:50 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 14:49 - 2013-07-10 14:50 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-10 14:49 - 2013-07-10 14:50 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-10 14:49 - 2013-07-10 14:50 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-10 14:49 - 2013-07-10 14:50 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 14:49 - 2013-07-10 14:50 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 14:49 - 2013-07-10 14:50 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-10 14:49 - 2013-07-10 14:50 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 14:49 - 2013-07-10 14:50 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-10 14:49 - 2013-07-10 14:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 14:49 - 2013-07-10 14:50 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-10 14:49 - 2013-07-10 14:50 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-10 14:49 - 2013-07-10 14:50 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 14:49 - 2013-07-10 14:50 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 14:49 - 2013-07-10 14:50 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-10 14:49 - 2013-07-10 14:50 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 14:49 - 2013-07-10 14:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-10 14:49 - 2013-07-10 14:50 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 14:49 - 2013-07-10 14:50 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-10 14:49 - 2013-07-10 14:50 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 14:49 - 2013-07-10 14:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-10 14:49 - 2013-07-10 14:50 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-10 14:49 - 2013-07-10 14:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-10 14:49 - 2013-07-10 14:50 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 14:49 - 2013-07-10 14:50 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 14:23 - 2013-07-10 14:50 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-10 14:23 - 2013-07-10 14:50 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 14:23 - 2013-07-10 14:50 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-10 14:23 - 2013-07-10 14:50 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 14:23 - 2013-07-10 14:38 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-10 14:22 - 2013-07-10 14:31 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-10 14:22 - 2013-07-10 14:31 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 07:58 - 2013-07-10 07:59 - 00000078 ____C C:\Users\Rolf\Desktop\bankdaten für bud spencer film.txt
2013-07-10 05:54 - 2013-07-10 05:54 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\IsolatedStorage
2013-07-10 05:54 - 2013-07-10 05:54 - 00000000 ___DC C:\Users\Rolf\AppData\Local\_
2013-07-10 05:54 - 2013-07-10 05:54 - 00000000 ___DC C:\ProgramData\IsolatedStorage
2013-07-10 05:53 - 2013-07-10 05:53 - 00000000 ___DC C:\Program Files\FileViewPro
2013-07-10 04:41 - 2013-07-10 14:31 - 00000000 ___DC C:\Program Files (x86)\AudioKonvertor
2013-07-10 04:40 - 2013-07-10 04:39 - 14178136 ____C C:\Users\Rolf\Downloads\install_audiokonvertor.exe
2013-07-09 14:38 - 2013-07-09 14:38 - 00000000 ___DC C:\Program Files (x86)\DVDVideoSoft
2013-07-09 14:27 - 2013-07-09 14:27 - 01211048 ____C (DVDVideoSoft Ltd.                                           ) C:\Users\Rolf\Downloads\FreeYouTubeToMP3Converter.exe
2013-07-08 11:44 - 2013-07-08 11:44 - 00000000 ___DC C:\Users\Rolf\Documents\CrypTool 2 Projects
2013-07-08 11:44 - 2013-07-08 11:44 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Distributed_Systems_Group
2013-07-08 11:42 - 2013-07-08 11:43 - 00000000 ___DC C:\Users\Rolf\Documents\.jcryptool
2013-07-08 11:41 - 2013-07-08 11:42 - 00000000 ___DC C:\Program Files (x86)\JCrypTool
2013-07-08 11:40 - 2013-07-08 11:40 - 00000000 ___DC C:\Users\Rolf\AppData\Local\CrypTool2
2013-07-08 11:39 - 2013-07-08 11:39 - 00000000 ___DC C:\Program Files (x86)\CrypTool 2
2013-07-05 02:32 - 2013-07-05 02:32 - 00012641 ____C C:\Users\Rolf\Downloads\YoutubeAutoHD.oex
2013-07-05 02:27 - 2013-07-05 02:27 - 00001701 ____C C:\Users\Rolf\Desktop\preisliste schulbücher.txt
2013-07-04 10:44 - 2013-07-06 05:41 - 00000049 ____C C:\Windows\NeroDigital.ini
2013-07-03 08:25 - 2013-07-03 08:27 - 00000000 ___DC C:\Users\Rolf\Downloads\Koenigin.der.Verdammten.German.2002.AC3.DVDRiP.XViD.iNTERNAL-CiA
2013-07-02 03:32 - 2013-07-02 03:32 - 00739856 ____C (Google Inc.) C:\Users\Rolf\Downloads\chrome_installer_27.0.1453.116.exe
2013-07-02 03:31 - 2013-07-02 03:31 - 00219614 ____C C:\Users\Rolf\Documents\bookmarks_02.07.13.html
2013-06-30 03:11 - 2013-07-06 05:37 - 00000033 ____C C:\Users\Rolf\Desktop\BARsaufbienes Radio.m3u
2013-06-30 02:10 - 2013-06-30 02:15 - 00000000 ___DC C:\ProgramData\BlueStacksSetup
2013-06-28 14:31 - 2013-07-16 06:51 - 00000572 ____C C:\Users\Rolf\AppData\Roaming\AutoGK.ini
2013-06-28 14:27 - 2013-06-28 14:27 - 00000000 ___DC C:\Program Files (x86)\XviD
2013-06-28 14:27 - 2013-06-28 14:27 - 00000000 ___DC C:\Program Files (x86)\AviSynth 2.5
2013-06-28 14:25 - 2013-06-28 14:25 - 00000000 ___DC C:\Program Files (x86)\Gabest
2013-06-28 14:23 - 2013-06-28 14:23 - 12341641 ____C C:\Users\Rolf\Downloads\AutoGordianKnot.2.55.Setup.exe
2013-06-28 05:14 - 2013-06-28 05:14 - 00263592 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-28 05:14 - 2013-06-28 05:14 - 00175016 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-28 05:14 - 2013-06-28 05:14 - 00175016 ____C (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-28 05:14 - 2013-06-28 05:14 - 00096168 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

==================== One Month Modified Files and Folders =======

2013-07-27 21:03 - 2013-06-10 03:43 - 00327680 ____C C:\Windows\System32\Ikeext.etl
2013-07-27 21:03 - 2011-11-04 10:56 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Skype
2013-07-27 18:26 - 2011-01-23 05:15 - 01497146 ____C C:\Windows\WindowsUpdate.log
2013-07-27 17:52 - 2013-07-27 15:55 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-27 16:39 - 2013-07-27 16:38 - 07876512 ____C (Adobe Systems Inc.) C:\Users\Rolf\Downloads\Shockwave_Installer_Slim.exe
2013-07-27 16:39 - 2011-09-10 04:06 - 00000000 ___DC C:\Windows\SysWOW64\Adobe
2013-07-27 15:54 - 2013-07-27 15:41 - 00000000 ___DC C:\ProgramData\ParetoLogic
2013-07-27 15:48 - 2013-07-27 15:48 - 00726464 ____C (Enigma Software Group USA, LLC.) C:\Users\Rolf\Downloads\SpyHunter-Installer (1).exe
2013-07-27 15:41 - 2013-07-27 15:41 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\DriverCure
2013-07-27 15:40 - 2013-07-27 15:39 - 05799944 ____C (ParetoLogic, Inc.) C:\Users\Rolf\Downloads\RegCureProSetup_RW.exe
2013-07-27 15:39 - 2013-07-27 15:39 - 00001205 ____C C:\Users\Rolf\Downloads\FixNCR.reg
2013-07-27 15:29 - 2013-07-27 15:29 - 01440846 ____C C:\Users\Rolf\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-07-27 15:27 - 2013-07-20 05:33 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-27 15:26 - 2013-07-27 15:26 - 13399154 ____C C:\Users\Rolf\Downloads\mbar-1.06.0.1004.zip
2013-07-27 15:24 - 2013-07-27 15:24 - 00204496 ____C (Malwarebytes) C:\Users\Rolf\Downloads\StartUpLite.exe
2013-07-27 14:36 - 2011-11-05 10:53 - 00000000 ___DC C:\Users\Rolf\AppData\Local\PMB Files
2013-07-27 14:02 - 2012-07-05 13:22 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Dropbox
2013-07-27 13:57 - 2012-07-22 06:21 - 00000000 ___DC C:\ProgramData\Kaspersky Lab
2013-07-27 13:55 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\tracing
2013-07-27 13:52 - 2012-04-13 06:39 - 00060926 ____C C:\Windows\setupact.log
2013-07-27 13:52 - 2011-01-23 05:21 - 00000000 ___DC C:\users\Rolf
2013-07-27 13:52 - 2009-07-13 21:32 - 00000000 ___DC C:\Program Files\Windows Defender
2013-07-27 13:52 - 2009-07-13 21:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
2013-07-27 13:51 - 2013-07-27 10:49 - 00000000 ___DC C:\ProgramData\HitmanPro
2013-07-27 13:51 - 2013-07-27 07:00 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Abelssoft
2013-07-27 13:51 - 2013-07-27 07:00 - 00000000 ___DC C:\Program Files (x86)\MyKeyFinder
2013-07-27 13:51 - 2013-07-24 08:40 - 00000000 ___DC C:\Program Files (x86)\AC3 Player
2013-07-27 13:51 - 2013-07-13 05:12 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\.minecraft
2013-07-27 13:51 - 2013-03-24 04:12 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\vlc
2013-07-27 13:51 - 2013-03-20 13:42 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\BitTorrent
2013-07-27 13:51 - 2013-03-18 12:28 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\PowerMp3WmaConverter
2013-07-27 13:51 - 2013-02-28 16:14 - 00000000 ___DC C:\Program Files\DivX
2013-07-27 13:51 - 2013-02-28 16:11 - 00000000 ___DC C:\Program Files (x86)\DivX
2013-07-27 13:51 - 2013-02-28 16:10 - 00000000 ___DC C:\ProgramData\DivX
2013-07-27 13:51 - 2012-12-12 10:13 - 00000000 __RDC C:\Program Files (x86)\Skype
2013-07-27 13:51 - 2012-11-09 07:09 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-27 13:51 - 2011-11-10 02:25 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Akamai
2013-07-27 13:51 - 2010-11-02 01:41 - 00000000 ___DC C:\Windows\SysWOW64\Macromed
2013-07-27 13:51 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\AppCompat
2013-07-27 13:50 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\registration
2013-07-27 13:44 - 2012-03-05 11:07 - 00000000 __RDC C:\Users\Rolf\Desktop\Dj Musik
2013-07-27 13:44 - 2011-11-04 10:55 - 00000000 ___DC C:\ProgramData\Skype
2013-07-27 13:44 - 2011-01-23 08:34 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Adobe
2013-07-27 10:49 - 2013-07-27 10:49 - 00000000 ___DC C:\Program Files\HitmanPro
2013-07-27 09:23 - 2013-07-27 09:23 - 00048384 ____C C:\Users\Rolf\Desktop\Addition.txt
2013-07-27 09:17 - 2013-07-27 09:17 - 00000000 ___DC C:\FRST
2013-07-27 08:16 - 2012-07-02 09:38 - 00000000 ___DC C:\Users\Rolf\AppData\Local\CrashDumps
2013-07-27 07:43 - 2013-07-27 07:43 - 00002136 ____C C:\Users\Rolf\Downloads\Ashampoo_Burning_Studio_Elements_10.0.9__Setup_+_Keygen.torrent
2013-07-27 07:41 - 2013-07-27 07:41 - 00002182 ____C C:\Users\Rolf\Downloads\[torrent.cd].Ashampoo_Burning_Studio_Elements_10.0.9_Setup_+_Keygen.torrent
2013-07-26 15:46 - 2013-03-16 09:34 - 00000000 ___DC C:\ProgramData\firebird
2013-07-25 06:07 - 2009-07-13 20:45 - 00009888 ___HC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-25 06:07 - 2009-07-13 20:45 - 00009888 ___HC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-24 13:53 - 2013-07-24 13:52 - 01392906 ____C C:\Users\Rolf\Downloads\licensecrawler130.zip
2013-07-24 13:52 - 2013-07-24 13:52 - 00022220 ____C C:\Users\Rolf\Downloads\language_pack.zip
2013-07-24 08:40 - 2013-07-24 08:40 - 00000000 ____C C:\END
2013-07-24 07:12 - 2013-07-24 07:12 - 00291890 ____C C:\Users\Rolf\Downloads\CraftGuide-1.6.7.3.zip
2013-07-24 07:11 - 2013-07-24 07:11 - 00287669 ____C C:\Users\Rolf\Downloads\CraftGuide-1.6.7.3-modloader.zip
2013-07-24 07:03 - 2013-07-24 07:03 - 00073973 ____C C:\Users\Rolf\Downloads\Railcraft_API_1.5.2-7.3.0.0.zip
2013-07-24 07:03 - 2013-07-24 07:02 - 02513074 ____C C:\Users\Rolf\Downloads\Railcraft_1.5.2-7.3.0.0.jar
2013-07-24 06:58 - 2013-07-24 06:58 - 00025282 ____C C:\Users\Rolf\Downloads\Elemental-Arrows-Mod-1.5.2.zip
2013-07-24 04:56 - 2013-07-24 04:56 - 00001157 ____C C:\DelFix.txt
2013-07-24 04:56 - 2013-07-24 04:56 - 00000000 ___DC C:\Windows\ERUNT
2013-07-24 04:54 - 2013-07-23 13:13 - 00000000 ___DC C:\Windows\erdnt
2013-07-24 04:49 - 2013-07-24 04:49 - 00706916 ____C C:\Users\Rolf\Desktop\delfix.exe
2013-07-24 04:43 - 2011-01-27 00:56 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2013-07-24 04:41 - 2013-07-24 04:41 - 21703480 ____C (Mozilla) C:\Users\Rolf\Downloads\Firefox Setup 22.0.exe
2013-07-24 04:30 - 2010-10-13 02:37 - 00000000 ___DC C:\Program Files\Java
2013-07-24 04:13 - 2012-04-08 02:37 - 00000884 ____C C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-24 04:08 - 2013-07-24 04:08 - 12931078 ____C C:\Users\Rolf\Downloads\SCFanpackage.zip
2013-07-23 18:21 - 2013-07-23 18:21 - 00001379 ____C C:\Users\Rolf\Desktop\aestool - Verknüpfung.lnk
2013-07-23 14:08 - 2012-07-06 05:53 - 00000000 __RDC C:\Users\Rolf\Dropbox
2013-07-23 14:02 - 2009-07-13 19:20 - 00000000 _RHDC C:\users\Default
2013-07-23 13:46 - 2009-07-13 18:34 - 00000215 ____C C:\Windows\system.ini
2013-07-23 12:52 - 2013-07-23 12:52 - 00246561 ____C C:\Users\Rolf\Downloads\superfish adware mit blockierung des antiviren programs - Trojaner-Board.htm
2013-07-23 12:52 - 2013-07-23 12:52 - 00000000 ___DC C:\Users\Rolf\Downloads\superfish adware mit blockierung des antiviren programs - Trojaner-Board_files
2013-07-23 12:44 - 2013-06-26 07:09 - 00000000 ___DC C:\Program Files (x86)\Plus-HD-1.6
2013-07-23 09:30 - 2013-07-23 09:30 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\LavasoftStatistics
2013-07-23 09:18 - 2013-07-23 09:18 - 00000000 ___DC C:\ProgramData\Downloaded Installations
2013-07-23 09:17 - 2013-07-23 09:17 - 00000000 ___DC C:\Program Files (x86)\Toolbar Cleaner
2013-07-23 09:14 - 2013-07-23 09:14 - 05616264 ____C (Lavasoft Limited) C:\Users\Rolf\Downloads\Adaware53_Installer.exe
2013-07-23 09:14 - 2013-07-23 09:14 - 00014456 ____C (GFI Software) C:\Windows\System32\Drivers\gfibto.sys
2013-07-23 09:14 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\NDF
2013-07-23 07:53 - 2013-04-28 04:43 - 00000000 ___DC C:\Users\Rolf\Desktop\sound fx daten
2013-07-23 07:53 - 2011-01-23 05:24 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0AF23A97-653E-4B26-A3DD-52F6F8B9DA00}
2013-07-23 07:51 - 2010-05-12 00:18 - 04650530 ____C C:\Windows\System32\perfh007.dat
2013-07-23 07:51 - 2010-05-12 00:18 - 01414070 ____C C:\Windows\System32\perfc007.dat
2013-07-23 07:51 - 2009-07-13 21:13 - 00006508 ____C C:\Windows\System32\PerfStringBackup.INI
2013-07-23 07:47 - 2013-07-23 07:47 - 07937056 ____C C:\Users\Rolf\Downloads\Nightcore - Dynamite.mp4
2013-07-23 07:46 - 2013-07-23 07:46 - 06018938 ____C C:\Users\Rolf\Downloads\Nightcore - Chipz In Black.mp4
2013-07-23 06:36 - 2013-07-23 06:36 - 00726464 ____C (Enigma Software Group USA, LLC.) C:\Users\Rolf\Downloads\SpyHunter-Installer.exe
2013-07-22 04:52 - 2013-07-22 04:52 - 00000000 ___DC C:\Users\Rolf\Documents\My Games
2013-07-21 02:26 - 2013-07-21 02:21 - 321314481 ____C C:\Users\Rolf\Downloads\Winx Club Staffel 5 Folge 1 Die Ölkatastrophe HD Ganze Folge Deutsch _ German.mp4
2013-07-20 10:18 - 2013-07-20 10:13 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy
2013-07-20 10:13 - 2013-07-20 10:13 - 00000000 ___DC C:\Windows\System32\Tasks\Safer-Networking
2013-07-20 09:51 - 2011-10-25 09:43 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\WinRAR
2013-07-20 08:34 - 2013-07-20 08:16 - 417923699 ____C C:\Users\Rolf\Downloads\OM M.rar
2013-07-20 07:49 - 2013-07-20 07:49 - 00659797 ____C C:\Users\Rolf\Downloads\VisualBoyAdvance-1.8.0-beta3.zip
2013-07-20 07:49 - 2013-07-20 07:49 - 00108176 ____C C:\Users\Rolf\Downloads\Metroid 2 - Return of Samus.zip
2013-07-20 07:48 - 2013-07-20 07:43 - 296225020 ____C C:\Users\Rolf\Downloads\Metroid Prime 3 - Trilogy Remaster.zip
2013-07-20 07:25 - 2013-07-20 07:24 - 36271144 ____C (Safer-Networking Ltd.                                       ) C:\Users\Rolf\Downloads\spybot-2.1.exe
2013-07-20 06:00 - 2013-07-20 06:00 - 00000000 ___DC C:\ProgramData\StarApp
2013-07-20 06:00 - 2013-07-20 06:00 - 00000000 ___DC C:\ProgramData\InstallMate
2013-07-20 05:23 - 2013-07-20 05:23 - 10285040 ____C (Malwarebytes Corporation                                    ) C:\Users\Rolf\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-19 16:51 - 2013-07-19 16:51 - 17355680 ____C C:\Users\Rolf\Downloads\Crazy Frog - Popcorn.mp4
2013-07-19 16:45 - 2013-07-19 16:45 - 09920468 ____C C:\Users\Rolf\Downloads\CRAZY FROG - Daddy DJ (Clip Officiel).mp4
2013-07-19 16:41 - 2013-07-19 16:41 - 11178752 ____C C:\Users\Rolf\Downloads\Crazy Frog - We Are The Champions.mp4
2013-07-19 13:19 - 2013-07-19 13:19 - 01492584 ____C (Skype Technologies S.A.) C:\Users\Rolf\Downloads\SkypeSetup.exe
2013-07-19 12:34 - 2013-07-19 12:34 - 04179944 ____C (TeamViewer) C:\Users\Rolf\Downloads\TeamViewerQS_de.exe
2013-07-19 09:05 - 2013-07-19 09:04 - 00000000 ___DC C:\Users\Rolf\Downloads\93655
2013-07-19 08:57 - 2013-07-19 08:17 - 123504950 ____C C:\Users\Rolf\Downloads\BSS0H5eVmj9SFYaw-avXtf0rlxafo5XO6bA85w3nUtU.rar
2013-07-19 08:48 - 2013-07-19 08:48 - 00050433 ____C C:\Users\Rolf\Downloads\convert2mp3_video_converter_1.7.crx
2013-07-19 08:47 - 2013-07-19 08:46 - 16658002 ____C C:\Users\Rolf\Downloads\CH!PZ - 1001 Arabian Nights (HQ) OFFICIAL VIDEO FULL HD.mp4
2013-07-19 02:51 - 2013-07-19 02:44 - 00000000 ___DC C:\Windows\System32\MRT
2013-07-18 12:40 - 2013-07-18 12:40 - 00000182 ____C C:\Users\Rolf\Downloads\stream.asx
2013-07-17 17:01 - 2013-07-17 17:02 - 00927399 ____C C:\Users\Rolf\Downloads\CryptMaster.exe
2013-07-17 16:59 - 2013-04-28 04:43 - 00000000 ___DC C:\Users\Rolf\Desktop\tevion usb stick daten
2013-07-17 16:48 - 2013-07-17 16:48 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Unity
2013-07-17 16:08 - 2013-07-17 16:08 - 00000000 ___DC C:\Program Files (x86)\AntiTwin
2013-07-17 16:07 - 2013-07-17 16:07 - 00643592 ____C (Unity Technologies ApS) C:\Users\Rolf\Downloads\UnityWebPlayer.exe
2013-07-17 16:07 - 2013-07-17 16:07 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Unity
2013-07-17 05:50 - 2013-07-17 05:50 - 00816474 ____C C:\Users\Rolf\Downloads\AntiTwin_19Beta_Setup.exe
2013-07-16 10:19 - 2013-07-16 10:18 - 01327680 ____C C:\Users\Rolf\Downloads\CryptMaster-Downloader.exe
2013-07-16 08:04 - 2013-07-16 08:04 - 00085204 ____C C:\Users\Rolf\Documents\AdwCleaner[S1] gelöschte adwares.txt
2013-07-16 07:49 - 2013-07-16 07:48 - 00000098 ____C C:\Windows\DeleteOnReboot.bat
2013-07-16 06:51 - 2013-06-28 14:31 - 00000572 ____C C:\Users\Rolf\AppData\Roaming\AutoGK.ini
2013-07-16 06:03 - 2013-07-16 06:03 - 00018702 ____C C:\Users\Rolf\Downloads\044.crx
2013-07-16 05:51 - 2011-01-23 05:21 - 00000000 ___DC C:\Users\Rolf\AppData\Local\VirtualStore
2013-07-16 04:15 - 2013-07-16 04:14 - 00000000 ___DC C:\Users\Rolf\Desktop\Bilder
2013-07-15 02:56 - 2013-07-15 02:56 - 00035058 ____C C:\Users\Rolf\Downloads\[FileCopter]turbomodelthingy.zip
2013-07-14 12:40 - 2013-07-14 12:35 - 111769046 ____C C:\Users\Rolf\Downloads\AetherII_Alpha_v1.0.2_MC1.5.1.zip
2013-07-14 12:35 - 2013-07-14 12:35 - 00967536 ____C C:\Users\Rolf\Downloads\AetherII_Alpha_v1.0.2_MC1.5.1.exe
2013-07-14 10:13 - 2013-07-14 10:10 - 03375803 ____C C:\Users\Rolf\Downloads\Industrial-Craft-2-Mod-1.5.2.jar
2013-07-14 09:47 - 2013-07-14 09:47 - 01153651 ____C C:\Users\Rolf\Downloads\Buildcraft Mod 1.5.2.jar
2013-07-14 09:45 - 2013-07-14 09:45 - 00008007 ____C C:\Users\Rolf\Downloads\Atomic-Science-API-1.5.2.zip
2013-07-14 09:01 - 2011-12-01 03:17 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\ObviousIdea
2013-07-14 07:24 - 2013-07-14 07:24 - 00967536 ____C C:\Users\Rolf\Downloads\der letzte sommer.exe
2013-07-14 05:31 - 2012-04-08 02:37 - 00692104 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-14 05:31 - 2012-04-08 02:37 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-14 05:31 - 2011-07-28 06:06 - 00071048 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-14 04:48 - 2011-01-23 05:18 - 00001110 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-14 04:48 - 2011-01-23 05:18 - 00001106 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-12 23:57 - 2011-01-23 05:18 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-12 23:57 - 2011-01-23 05:18 - 00003856 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 17:18 - 2011-10-29 13:19 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\PlayFirst
2013-07-12 17:18 - 2011-10-29 13:19 - 00000000 ___DC C:\ProgramData\PlayFirst
2013-07-12 17:17 - 2013-07-12 17:17 - 00000000 ___DC C:\My Games
2013-07-12 17:16 - 2011-09-15 02:22 - 00000000 ___DC C:\Program Files (x86)\Zylom Games
2013-07-12 17:14 - 2013-07-12 17:14 - 00003006 ____C C:\Windows\System32\Tasks\{3A8EBCFF-7198-49CF-986E-A789C64F20A8}
2013-07-12 14:04 - 2013-07-12 14:04 - 00000000 ___DC C:\ProgramData\Sandlot Games
2013-07-12 14:01 - 2013-07-12 14:01 - 00000000 ___DC C:\Program Files (x86)\Cake Mania 2
2013-07-12 13:58 - 2013-07-12 13:58 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Big Fish
2013-07-12 13:57 - 2013-07-12 13:57 - 00000000 ___DC C:\Boonty
2013-07-12 08:58 - 2013-07-12 08:58 - 00001004 ____C C:\Users\Rolf\Desktop\tatoos - Verknüpfung.lnk
2013-07-11 13:57 - 2012-01-02 11:17 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Utherverse
2013-07-10 17:20 - 2009-07-13 20:45 - 08769616 ____C C:\Windows\System32\FNTCACHE.DAT
2013-07-10 17:17 - 2013-03-13 10:55 - 00000000 ___DC C:\Program Files\Microsoft Silverlight
2013-07-10 17:17 - 2013-03-13 10:55 - 00000000 ___DC C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 17:16 - 2009-07-13 23:45 - 00000000 ___DC C:\Program Files\Windows Journal
2013-07-10 17:16 - 2009-07-13 21:32 - 00000000 ___DC C:\Program Files (x86)\Windows Defender
2013-07-10 14:57 - 2009-07-13 18:34 - 00000534 ____C C:\Windows\win.ini
2013-07-10 14:50 - 2013-07-10 14:49 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-10 14:50 - 2013-07-10 14:49 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-10 14:50 - 2013-07-10 14:49 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 14:50 - 2013-07-10 14:49 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 14:50 - 2013-07-10 14:49 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-10 14:50 - 2013-07-10 14:49 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 14:50 - 2013-07-10 14:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 14:50 - 2013-07-10 14:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-10 14:50 - 2013-07-10 14:49 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-10 14:50 - 2013-07-10 14:49 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-10 14:50 - 2013-07-10 14:49 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 14:50 - 2013-07-10 14:49 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 14:50 - 2013-07-10 14:49 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-10 14:50 - 2013-07-10 14:49 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 14:50 - 2013-07-10 14:49 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-10 14:50 - 2013-07-10 14:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 14:50 - 2013-07-10 14:49 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-10 14:50 - 2013-07-10 14:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-10 14:50 - 2013-07-10 14:49 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 14:50 - 2013-07-10 14:49 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 14:50 - 2013-07-10 14:49 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-10 14:50 - 2013-07-10 14:49 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 14:50 - 2013-07-10 14:49 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-10 14:50 - 2013-07-10 14:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 14:50 - 2013-07-10 14:49 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-10 14:50 - 2013-07-10 14:49 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 14:50 - 2013-07-10 14:49 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-10 14:50 - 2013-07-10 14:49 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-10 14:50 - 2013-07-10 14:49 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-10 14:50 - 2013-07-10 14:49 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 14:50 - 2013-07-10 14:49 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 14:50 - 2013-07-10 14:23 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-10 14:50 - 2013-07-10 14:23 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 14:50 - 2013-07-10 14:23 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-10 14:50 - 2013-07-10 14:23 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 14:38 - 2013-07-10 14:23 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-10 14:31 - 2013-07-10 14:22 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-10 14:31 - 2013-07-10 14:22 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 14:31 - 2013-07-10 04:41 - 00000000 ___DC C:\Program Files (x86)\AudioKonvertor
2013-07-10 07:59 - 2013-07-10 07:58 - 00000078 ____C C:\Users\Rolf\Desktop\bankdaten für bud spencer film.txt
2013-07-10 05:54 - 2013-07-10 05:54 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\IsolatedStorage
2013-07-10 05:54 - 2013-07-10 05:54 - 00000000 ___DC C:\Users\Rolf\AppData\Local\_
2013-07-10 05:54 - 2013-07-10 05:54 - 00000000 ___DC C:\ProgramData\IsolatedStorage
2013-07-10 05:53 - 2013-07-10 05:53 - 00000000 ___DC C:\Program Files\FileViewPro
2013-07-10 04:39 - 2013-07-10 04:40 - 14178136 ____C C:\Users\Rolf\Downloads\install_audiokonvertor.exe
2013-07-09 14:38 - 2013-07-09 14:38 - 00000000 ___DC C:\Program Files (x86)\DVDVideoSoft
2013-07-09 14:38 - 2011-10-09 06:41 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\DVDVideoSoft
2013-07-09 14:27 - 2013-07-09 14:27 - 01211048 ____C (DVDVideoSoft Ltd.                                           ) C:\Users\Rolf\Downloads\FreeYouTubeToMP3Converter.exe
2013-07-08 11:44 - 2013-07-08 11:44 - 00000000 ___DC C:\Users\Rolf\Documents\CrypTool 2 Projects
2013-07-08 11:44 - 2013-07-08 11:44 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Distributed_Systems_Group
2013-07-08 11:43 - 2013-07-08 11:42 - 00000000 ___DC C:\Users\Rolf\Documents\.jcryptool
2013-07-08 11:42 - 2013-07-08 11:41 - 00000000 ___DC C:\Program Files (x86)\JCrypTool
2013-07-08 11:40 - 2013-07-08 11:40 - 00000000 ___DC C:\Users\Rolf\AppData\Local\CrypTool2
2013-07-08 11:39 - 2013-07-08 11:39 - 00000000 ___DC C:\Program Files (x86)\CrypTool 2
2013-07-06 05:41 - 2013-07-04 10:44 - 00000049 ____C C:\Windows\NeroDigital.ini
2013-07-06 05:37 - 2013-06-30 03:11 - 00000033 ____C C:\Users\Rolf\Desktop\BARsaufbienes Radio.m3u
2013-07-05 02:32 - 2013-07-05 02:32 - 00012641 ____C C:\Users\Rolf\Downloads\YoutubeAutoHD.oex
2013-07-05 02:27 - 2013-07-05 02:27 - 00001701 ____C C:\Users\Rolf\Desktop\preisliste schulbücher.txt
2013-07-03 08:27 - 2013-07-03 08:25 - 00000000 ___DC C:\Users\Rolf\Downloads\Koenigin.der.Verdammten.German.2002.AC3.DVDRiP.XViD.iNTERNAL-CiA
2013-07-02 03:33 - 2011-01-23 05:23 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Google
2013-07-02 03:32 - 2013-07-02 03:32 - 00739856 ____C (Google Inc.) C:\Users\Rolf\Downloads\chrome_installer_27.0.1453.116.exe
2013-07-02 03:31 - 2013-07-02 03:31 - 00219614 ____C C:\Users\Rolf\Documents\bookmarks_02.07.13.html
2013-07-01 15:07 - 2013-06-25 16:02 - 00000000 _SHDC C:\Windows\SysWOW64\AI_RecycleBin
2013-07-01 15:06 - 2011-10-12 15:25 - 00000000 ___DC C:\AeriaGames
2013-07-01 14:46 - 2009-07-13 19:20 - 00000000 _RHDC C:\Users\Public\Libraries
2013-06-30 02:15 - 2013-06-30 02:10 - 00000000 ___DC C:\ProgramData\BlueStacksSetup
2013-06-29 09:46 - 2013-03-25 08:31 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\dvdcss
2013-06-29 01:36 - 2012-10-22 13:07 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\TS3Client
2013-06-28 16:26 - 2012-07-01 07:06 - 00003704 _____ C:\Windows\System32\Tasks\Java Update Scheduler
2013-06-28 14:27 - 2013-06-28 14:27 - 00000000 ___DC C:\Program Files (x86)\XviD
2013-06-28 14:27 - 2013-06-28 14:27 - 00000000 ___DC C:\Program Files (x86)\AviSynth 2.5
2013-06-28 14:25 - 2013-06-28 14:25 - 00000000 ___DC C:\Program Files (x86)\Gabest
2013-06-28 14:23 - 2013-06-28 14:23 - 12341641 ____C C:\Users\Rolf\Downloads\AutoGordianKnot.2.55.Setup.exe
2013-06-28 10:08 - 2012-12-26 16:42 - 00000000 ___DC C:\Users\Rolf\AppData\Local\PhoenixViewer
2013-06-28 05:14 - 2013-06-28 05:14 - 00263592 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-28 05:14 - 2013-06-28 05:14 - 00175016 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-28 05:14 - 2013-06-28 05:14 - 00175016 ____C (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-28 05:14 - 2013-06-28 05:14 - 00096168 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-28 05:14 - 2012-06-20 11:12 - 00867240 ____C (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-28 05:14 - 2010-07-07 08:34 - 00789416 ____C (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-28 01:00 - 2012-07-05 13:47 - 00000000 ___DC C:\Program Files\WinRAR

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-07-24 04:56:35

==================== Memory info =========================== 

Percentage of memory in use: 17%
Total physical RAM: 3893.49 MB
Available physical RAM: 3217.26 MB
Total Pagefile: 3891.64 MB
Available Pagefile: 3221.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:546.25 GB) (Free:273.72 GB) NTFS (Disk=0 Partition=2)
Drive e: (Recover) (Fixed) (Total:48.83 GB) (Free:7.32 GB) NTFS (Disk=0 Partition=3)
Drive i: (KILLER) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32 (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=546 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1023 MB) - (Type=12)

========================================================
Disk: 2 (Size: 4 GB) (Disk ID: 8810FE2B)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)


LastRegBack: 2013-07-23 20:37

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


fixlog

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-07-2013 04
Ran by Rolf at 2013-07-28 10:04:03 Run:1
Running from C:\Users\Rolf\Desktop
Boot Mode: Safe Mode (with Networking)
==============================================

"C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}" => File/Directory not found.
"C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\@" => File/Directory not found.
"C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\L" => File/Directory not found.
"C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U" => File/Directory not found.
"C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\L\00000004.@" => File/Directory not found.
"C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\00000004.@" => File/Directory not found.
"C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\00000008.@" => File/Directory not found.
"C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\000000cb.@" => File/Directory not found.
"C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\80000000.@" => File/Directory not found.
"C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\80000032.@" => File/Directory not found.
"C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\80000064.@" => File/Directory not found.
"C:\Windows\assembly\GAC_64\Desktop.ini" => File/Directory not found.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

==== End of Fixlog ====
         

die dateien hatte kaspersky gestern schon gelöscht nur system fällt immer noch aus
der abgesicherte modus startet jetzt wieder Oo
ohne das chdsk auftaucht
trotzdem startet der rechner nicht im normal modus

so alles bis jetzt getan ^^ log erstellt habe und gepostet ^^

Alt 28.07.2013, 16:34   #9
schrauber
/// the machine
/// TB-Ausbilder
 

backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar - Standard

backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
BootExecute: autocheck autochk /r \??\C:autocheck autochk /p \??\G:autocheck autochk * 
S3 MpsSvc; C:\Windows\SysWow64\. [0 2013-07-27] ()
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Nochmal versuchen, ausserdem bitte die Startreparatur durchführen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.07.2013, 07:09   #10
saufbiene
 
backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar - Standard

backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar



problem beim starten des frst in der reperaturoption von windows schreibt seit ner stunde ca.
er würde des usb stick konfigurieren um den frst auszuführen nach daten dort drauf hat sich festgefahren und macht nix mehr


selbst gefixt sich hat rofl
nach ner stunde hat er es selber weiter gemacht ^^

fixlog

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-07-2013 04
Ran by SYSTEM at 2013-07-28 18:39:45 Run:1
Running from I:\
Boot Mode: Recovery
==============================================

HKLM\System\ControlSet00\Control\Session Manager\\BootExecute => Error setting value.
MpsSvc => Service not found.

==== End of Fixlog ====
         
system crashd selbst nach startreperatur wieder es erscheint bluescreen mit crashdump
die nirgends abgespeichert wird -.-*

warte jetzt auf nächste anweisung grins

system immer noch geblockt crasht nach 6 maligen systemstart reperatur

immer noch

Geändert von saufbiene (28.07.2013 um 17:36 Uhr)

Alt 29.07.2013, 08:46   #11
schrauber
/// the machine
/// TB-Ausbilder
 

backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar - Standard

backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar



Strange, poste bitte ein frisches Log aus der Recovery.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.07.2013, 09:47   #12
saufbiene
 
backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar - Standard

backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar



das hier hat er gefunden als crash dumb datei

weis nicht ob du damit was anfangen kanst
hab sie gezippt weil anders nicht sichtbar machbar -.-

Alt 29.07.2013, 11:03   #13
schrauber
/// the machine
/// TB-Ausbilder
 

backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar - Standard

backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar



und ein frisches Log von FRST bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.07.2013, 12:11   #14
saufbiene
 
backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar - Standard

backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar



log kommt von frst


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-07-2013
Ran by Rolf (administrator) on 29-07-2013 12:03:45
Running from C:\Users\Rolf\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-11] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11548264 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2181224 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [Seagull Drivers] - ssdal_nc.exe startup [x]
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [HP Color LaserJet CM1312 MFP Series Fax] - C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe [3700736 2009-09-22] (Hewlett-Packard Company)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Runonce: [ Malwarebytes Anti-Malware  (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x]
HKCU\...\Run: [AdobeBridge] - C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe [13145448 2008-08-28] (Adobe Systems, Inc.)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-11-05] ()
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Rolf\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKCU\...\Run: [Personal ID] - C:\PROGRA~2\COOLSP~1\PERSON~1\PID.EXE [1132984 2012-01-02] (coolspot AG, Düsseldorf)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKLM-x32\...\Run: [HotkeyApp] - C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] - C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2009-12-12] (Wistron Corp.)
HKLM-x32\...\Run: [Wbutton] - C:\Program Files (x86)\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2010-10-29] (CyberLink)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642816 2012-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] - C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPUsageTracking] - C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe [24576 2009-05-11] (Hewlett-Packard Company)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-02-28] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Rolf\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk /p \??\G:autocheck autochk * 

==================== Internet (Whitelisted) ====================

ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {CCD070F4-F55B-4DAD-AB73-CB473677714E} URL = 
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
Handler: msdaipp - No CLSID Value - 
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value - 
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3CD1F7EC-0802-45A4-AFC1-73A4D005F5B9}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{75BC5AA5-7F30-41CC-B2FA-80D600FCEF44}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{83AAB742-4324-4A41-B1E3-9AC77F1D09A4}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{B571EA15-83F6-456F-A557-A15763023944}: [NameServer]193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\unwm0rcp.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Rolf\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: No Name - C:\Users\Rolf\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: torntv - C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\unwm0rcp.default\Extensions\torntv@torntv.com.xpi
FF Extension: No Name - C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\unwm0rcp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\unwm0rcp.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions:  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Zylom Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll (Zylom)
CHR Plugin: (AdobeExManDetect) - C:\Program Files (x86)\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Turn Off the Lights) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.2.0.12_0
CHR Extension: (convert2mp3.net Online Video Converter) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhklmhadmpdfcgimodhdapodbllnjjll\1.7_0
CHR Extension: (YouTube) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Cake Mania Main Street) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohogdkongdgejlnndnnhamjgfnbfoon\0.1_0
CHR Extension: (Fruit Ninja HD) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceieijcdaiaaflfpnfbeclgnfbhglkde\1.0.0_0
CHR Extension: (Comics and Manga online) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\chmidfbpiiicmkfimcbcoagpmchgmkpl\1.4.3_0
CHR Extension: (Monster Dash) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknghehebaconkajgiobncfleofebcog\2.2_0
CHR Extension: (Search by Image (by Google)) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.4.3_0
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.2_0
CHR Extension: (Content Blocker) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_1
CHR Extension: (Cake Mania) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckjnbilaljpiclmpmnomoapakjmoapj\0.1_0
CHR Extension: (SparkChess 6) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem\6.1.0.1_0
CHR Extension: (Sand 2) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\klicmgamjpclmbhppmdeamffedflmkcn\1.1_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR Extension: (YouTube Unblocker) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl\0.4.4_0
CHR Extension: (Anti-Banner) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0
CHR Extension: (LoL Guides) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcpejbpddihleognngdlmbnpgoaolgl\2.2.6.3_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hempmfkijmahkaddljkmchcmjbojoedl] - C:\Users\Rolf\AppData\Local\CRE\hempmfkijmahkaddljkmchcmjbojoedl.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\adawaretb\chrome-newtab-search.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx

==================== Services (Whitelisted) =================

S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
S3 Akamai; c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll [3417376 2012-03-28] ()
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-02-28] (Kaspersky Lab ZAO)
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2430128 2011-12-06] (mobile concepts GmbH)
S2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project)
S3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project)
S2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1752488 2013-07-29] (SurfRight B.V.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MpsSvc; C:\Windows\SysWow64\. [0 2013-07-29] ()
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [5124464 2012-12-16] (INCA Internet Co., Ltd.)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-03-05] (Overwolf Ltd)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] ()
S2 StarMoney Business 4.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 4.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2013-03-02] (TuneUp Software)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-11-21] (TuneUp Software)
S3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
S2 x10nets; C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe [20480 2009-11-07] (X10)

==================== Drivers (Whitelisted) ====================

S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-23] (GFI Software)
S2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [17416 2013-07-29] ()
S2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [17416 2013-07-29] ()
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-26] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2013-02-28] (Kaspersky Lab)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2013-02-28] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-26] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [913888 2009-09-24] (DiBcom SA)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.)
S3 NxpCap64; C:\Windows\System32\DRIVERS\NxpCap64.sys [1888864 2010-02-04] (NXP Semiconductors Germany GmbH)
S3 TrdCap64; C:\Windows\System32\DRIVERS\TrdCap64.sys [1887528 2010-06-09] (Trident Microsystems, Inc.)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-25] (TuneUp Software)
S3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S3 wolf; \??\C:\AeriaGames\WolfTeam-DE\avital\wolf64.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\adfs.sys 2F0683FD2DF1D92E891CACA14B45A8C1
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\clwvd.sys 50F92C943F18B070F166D019DFAB3D9A
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys AAFCB52FE0037207FB6FBEA070D25EFE
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ewusbnet.sys 477BC304201197F4057090BD60AF1739
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\drivers\gfibto.sys 14908F4F9005C29DE8F5587E271390EE
C:\Windows\System32\DRIVERS\ggflt.sys A4198F2BD8AA592CB90476277A81B5E1
C:\Windows\System32\DRIVERS\ggsemc.sys D266350BDAAB9EB6C1AEC370EEAAFF3A
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\hmpalert.sys 4BF5C88D88D7BD5954C7532F658EC618
C:\Windows\system32\drivers\hmpalert.sys 4BF5C88D88D7BD5954C7532F658EC618
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ewusbmdm.sys 8F9B0FC4EC3A8194BD4CBC5ED3E7ABEB
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ewusbdev.sys B45B3647BA32749B94FA689175EC8C26
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys ABBF174CB394F5C437410A788B7E404A
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys F4F91789C7C7A159CE8215C1F69F2A85
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\Impcd.sys DD587A55390ED2295BCE6D36AD567DA9
C:\Windows\System32\drivers\RTKVHD64.sys 4E2745DB3ADEF0FFA5E14857666AAE13
C:\Windows\System32\DRIVERS\IntcDAud.sys 03C74719D48056A1078F3A51CEB76BAA
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kl1.sys 8B5219318DF5895ABD230C373F2DF18A
C:\Windows\System32\DRIVERS\klif.sys 2CBD248370721DCAD632DB70D09C5A6D
C:\Windows\System32\DRIVERS\klim6.sys 9BD99E1AB3F664120AB95C35F9EC1EB0
C:\Windows\System32\DRIVERS\klkbdflt.sys 2C43FD500522EF3B8C283A5846B7FC41
C:\Windows\System32\DRIVERS\klmouflt.sys 70A6D2E292017EC47949696F51ABE18D
C:\Windows\System32\DRIVERS\kltdi.sys 45ECF097BC6330C2054D7D43B7AD822B
C:\Windows\System32\DRIVERS\kneps.sys 1FCB657B581CC4DF17FD6571F93602DE
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 7EFB9333E4ECCE6AE4AE9D777D9E553E
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys 48686C29856F46443952A831424F8D6F
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910
C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910
C:\Windows\System32\DRIVERS\mcdbus.sys 79D51E7F5926E8CE1B3EBECEBAE28CFF
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mod77-64.sys B6187C5F104DA7F2519BB996F9653F01
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netaapl64.sys 6F4607E2333FE21E9E3FF8133A88B35B
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\nmwcdnsux64.sys 9573223E205907247AE6D948E3453770
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\SysWow64\npptNT2.sys 9131FE60ADFAB595C8DA53AD6A06AA31
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nusb3hub.sys 786DB821BFD57C0551DBBE4F75384A7D
C:\Windows\system32\DRIVERS\nusb3xhc.sys DAA8005CAF745042BB427A1ED7433354
C:\Windows\System32\DRIVERS\nvlddmkm.sys DD81FBC57AB9134CDDC5CE90880BFD80
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NxpCap64.sys C64097401081D5D641924E8B96332F75
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\Drivers\pcouffin.sys AF7CE12C4F3DC8CB2B07685C916BBCFE
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\point64.sys 4F0878FD62D5F7444C5F1C4C66D9D293
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 44ED82612403021E36998E1ECB1198F1
C:\Windows\System32\DRIVERS\Rt64win7.sys BAEFEE35D27A5440D35092CE10267BEC
C:\Windows\System32\DRIVERS\rtl8192se.sys 8E843C0340C30994161C10FBA87EEA18
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serscan.sys DECACB6921DED1A38642642685D77DAC
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SynTP.sys 064A2530A4A7C7CEC1BE6A1945645BE4
C:\Windows\System32\DRIVERS\tap0901.sys 4EF44915E522F3ECD1A3FF540AA64126
C:\Windows\System32\drivers\tcpip.sys 9849EA3843A2ADBDD1497E97A85D8CAE
C:\Windows\System32\DRIVERS\tcpip.sys 9849EA3843A2ADBDD1497E97A85D8CAE
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TrdCap64.sys 023317B4CB35E1E87FC12D43B7BA4864
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys DCC94C51D27C7EC0DADECA8F64C94FCF
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\DRIVERS\usb8023x.sys 7B28E2FBE75115660FAB31079C0A9F29
C:\Windows\System32\DRIVERS\vcsvad.sys 3A4B01C2BDB07DFEF29B0B369487503A
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\Drivers\x10hid.sys BAA813A76F5DB6CC3C2CEAB7D82B6972
C:\Windows\System32\Drivers\x10ufx2.sys A4B2A8751A8F96134BE6063B8A759116
C:\Windows\System32\DRIVERS\xusb21.sys 2EE48CFCE7CA8E0DB4C44C7476C0943B

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-29 12:02 - 2013-07-29 12:02 - 01780547 ____C (Farbar) C:\Users\Rolf\Desktop\FRST64.exe
2013-07-29 09:31 - 2013-07-29 09:31 - 01752488 ____C (SurfRight B.V.) C:\Users\Rolf\Downloads\hmpalert.exe
2013-07-29 09:31 - 2013-07-29 09:31 - 01752488 ____C (SurfRight B.V.) C:\Users\Rolf\Downloads\hmpalert (1).exe
2013-07-29 09:31 - 2013-07-29 09:31 - 00533424 ____C (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2013-07-29 09:31 - 2013-07-29 09:31 - 00488104 ____C (SurfRight) C:\Windows\system32\hmpalert.dll
2013-07-29 09:31 - 2013-07-29 09:31 - 00017416 ____C C:\Windows\system32\Drivers\hmpalert.sys
2013-07-29 09:31 - 2013-07-29 09:31 - 00000000 ___DC C:\Program Files (x86)\HitmanPro.Alert
2013-07-29 09:15 - 2013-07-29 09:19 - 318189568 ____C C:\Users\Rolf\Downloads\kav_rescue_10.iso
2013-07-29 09:09 - 2013-07-29 09:14 - 411041792 ____C C:\Users\Rolf\Downloads\DE-Cleaner-RettungsCDv3.iso
2013-07-28 09:58 - 2013-07-28 19:15 - 00002934 ____C C:\Windows\PFRO.log
2013-07-28 02:38 - 2013-07-28 02:39 - 07876512 ____C (Adobe Systems Inc.) C:\Users\Rolf\Downloads\Shockwave_Installer_Slim.exe
2013-07-28 01:55 - 2013-07-28 03:52 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-28 01:48 - 2013-07-28 01:48 - 00726464 ____C (Enigma Software Group USA, LLC.) C:\Users\Rolf\Downloads\SpyHunter-Installer (1).exe
2013-07-28 01:41 - 2013-07-28 01:54 - 00000000 ___DC C:\ProgramData\ParetoLogic
2013-07-28 01:41 - 2013-07-28 01:41 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\DriverCure
2013-07-28 01:39 - 2013-07-28 01:40 - 05799944 ____C (ParetoLogic, Inc.) C:\Users\Rolf\Downloads\RegCureProSetup_RW.exe
2013-07-28 01:39 - 2013-07-28 01:39 - 00001205 ____C C:\Users\Rolf\Downloads\FixNCR.reg
2013-07-28 01:29 - 2013-07-28 01:29 - 01440846 ____C C:\Users\Rolf\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-07-28 01:26 - 2013-07-28 01:26 - 13399154 ____C C:\Users\Rolf\Downloads\mbar-1.06.0.1004.zip
2013-07-28 01:24 - 2013-07-28 01:24 - 00204496 ____C (Malwarebytes) C:\Users\Rolf\Downloads\StartUpLite.exe
2013-07-27 20:49 - 2013-07-27 23:51 - 00000000 ___DC C:\ProgramData\HitmanPro
2013-07-27 20:49 - 2013-07-27 20:49 - 00000000 ___DC C:\Program Files\HitmanPro
2013-07-27 19:23 - 2013-07-27 19:23 - 00048384 ____C C:\Users\Rolf\Desktop\Addition.txt
2013-07-27 19:17 - 2013-07-28 10:04 - 00000000 ___DC C:\FRST
2013-07-27 17:43 - 2013-07-27 17:43 - 00002136 ____C C:\Users\Rolf\Downloads\Ashampoo_Burning_Studio_Elements_10.0.9__Setup_+_Keygen.torrent
2013-07-27 17:41 - 2013-07-27 17:41 - 00002182 ____C C:\Users\Rolf\Downloads\[torrent.cd].Ashampoo_Burning_Studio_Elements_10.0.9_Setup_+_Keygen.torrent
2013-07-27 17:00 - 2013-07-27 23:51 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Abelssoft
2013-07-27 17:00 - 2013-07-27 23:51 - 00000000 ___DC C:\Program Files (x86)\MyKeyFinder
2013-07-24 23:52 - 2013-07-24 23:53 - 01392906 ____C C:\Users\Rolf\Downloads\licensecrawler130.zip
2013-07-24 23:52 - 2013-07-24 23:52 - 00022220 ____C C:\Users\Rolf\Downloads\language_pack.zip
2013-07-24 18:40 - 2013-07-27 23:51 - 00000000 ___DC C:\Program Files (x86)\AC3 Player
2013-07-24 18:40 - 2013-07-24 18:40 - 00000000 ____C C:\END
2013-07-24 17:12 - 2013-07-24 17:12 - 00291890 ____C C:\Users\Rolf\Downloads\CraftGuide-1.6.7.3.zip
2013-07-24 17:11 - 2013-07-24 17:11 - 00287669 ____C C:\Users\Rolf\Downloads\CraftGuide-1.6.7.3-modloader.zip
2013-07-24 17:03 - 2013-07-24 17:03 - 00073973 ____C C:\Users\Rolf\Downloads\Railcraft_API_1.5.2-7.3.0.0.zip
2013-07-24 17:02 - 2013-07-24 17:03 - 02513074 ____C C:\Users\Rolf\Downloads\Railcraft_1.5.2-7.3.0.0.jar
2013-07-24 16:58 - 2013-07-24 16:58 - 00025282 ____C C:\Users\Rolf\Downloads\Elemental-Arrows-Mod-1.5.2.zip
2013-07-24 14:56 - 2013-07-24 14:56 - 00001157 ____C C:\DelFix.txt
2013-07-24 14:56 - 2013-07-24 14:56 - 00000000 ___DC C:\Windows\ERUNT
2013-07-24 14:41 - 2013-07-24 14:41 - 21703480 ____C (Mozilla) C:\Users\Rolf\Downloads\Firefox Setup 22.0.exe
2013-07-24 14:08 - 2013-07-24 14:08 - 12931078 ____C C:\Users\Rolf\Downloads\SCFanpackage.zip
2013-07-24 04:21 - 2013-07-24 04:21 - 00001379 ____C C:\Users\Rolf\Desktop\aestool - Verknüpfung.lnk
2013-07-23 23:13 - 2013-07-24 14:54 - 00000000 ___DC C:\Windows\erdnt
2013-07-23 22:52 - 2013-07-23 22:52 - 00246561 ____C C:\Users\Rolf\Downloads\superfish adware mit blockierung des antiviren programs - Trojaner-Board.htm
2013-07-23 22:52 - 2013-07-23 22:52 - 00000000 ___DC C:\Users\Rolf\Downloads\superfish adware mit blockierung des antiviren programs - Trojaner-Board_files
2013-07-23 19:30 - 2013-07-23 19:30 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\LavasoftStatistics
2013-07-23 19:18 - 2013-07-23 19:18 - 00000000 ___DC C:\ProgramData\Downloaded Installations
2013-07-23 19:17 - 2013-07-23 19:17 - 00000000 ___DC C:\Program Files (x86)\Toolbar Cleaner
2013-07-23 19:14 - 2013-07-23 19:14 - 05616264 ____C (Lavasoft Limited) C:\Users\Rolf\Downloads\Adaware53_Installer.exe
2013-07-23 19:14 - 2013-07-23 19:14 - 00014456 ____C (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-07-23 17:47 - 2013-07-23 17:47 - 07937056 ____C C:\Users\Rolf\Downloads\Nightcore - Dynamite.mp4
2013-07-23 17:46 - 2013-07-23 17:46 - 06018938 ____C C:\Users\Rolf\Downloads\Nightcore - Chipz In Black.mp4
2013-07-23 16:36 - 2013-07-23 16:36 - 00726464 ____C (Enigma Software Group USA, LLC.) C:\Users\Rolf\Downloads\SpyHunter-Installer.exe
2013-07-22 14:52 - 2013-07-22 14:52 - 00000000 ___DC C:\Users\Rolf\Documents\My Games
2013-07-21 12:21 - 2013-07-21 12:26 - 321314481 ____C C:\Users\Rolf\Downloads\Winx Club Staffel 5 Folge 1 Die Ölkatastrophe HD Ganze Folge Deutsch _ German.mp4
2013-07-20 20:13 - 2013-07-20 20:18 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy
2013-07-20 20:13 - 2013-07-20 20:13 - 00000000 ___DC C:\Windows\System32\Tasks\Safer-Networking
2013-07-20 18:16 - 2013-07-20 18:34 - 417923699 ____C C:\Users\Rolf\Downloads\OM M.rar
2013-07-20 17:49 - 2013-07-20 17:49 - 00659797 ____C C:\Users\Rolf\Downloads\VisualBoyAdvance-1.8.0-beta3.zip
2013-07-20 17:49 - 2013-07-20 17:49 - 00108176 ____C C:\Users\Rolf\Downloads\Metroid 2 - Return of Samus.zip
2013-07-20 17:43 - 2013-07-20 17:48 - 296225020 ____C C:\Users\Rolf\Downloads\Metroid Prime 3 - Trilogy Remaster.zip
2013-07-20 17:24 - 2013-07-20 17:25 - 36271144 ____C (Safer-Networking Ltd.                                       ) C:\Users\Rolf\Downloads\spybot-2.1.exe
2013-07-20 16:00 - 2013-07-20 16:00 - 00000000 ___DC C:\ProgramData\StarApp
2013-07-20 16:00 - 2013-07-20 16:00 - 00000000 ___DC C:\ProgramData\InstallMate
2013-07-20 15:33 - 2013-07-28 01:27 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-20 15:33 - 2013-07-20 15:33 - 00001073 ____C C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-20 15:33 - 2013-04-04 14:50 - 00025928 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-20 15:23 - 2013-07-20 15:23 - 10285040 ____C (Malwarebytes Corporation                                    ) C:\Users\Rolf\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-20 02:51 - 2013-07-20 02:51 - 17355680 ____C C:\Users\Rolf\Downloads\Crazy Frog - Popcorn.mp4
2013-07-20 02:45 - 2013-07-20 02:45 - 09920468 ____C C:\Users\Rolf\Downloads\CRAZY FROG - Daddy DJ (Clip Officiel).mp4
2013-07-20 02:41 - 2013-07-20 02:41 - 11178752 ____C C:\Users\Rolf\Downloads\Crazy Frog - We Are The Champions.mp4
2013-07-19 23:19 - 2013-07-19 23:19 - 01492584 ____C (Skype Technologies S.A.) C:\Users\Rolf\Downloads\SkypeSetup.exe
2013-07-19 22:34 - 2013-07-19 22:34 - 04179944 ____C (TeamViewer) C:\Users\Rolf\Downloads\TeamViewerQS_de.exe
2013-07-19 19:04 - 2013-07-19 19:05 - 00000000 ___DC C:\Users\Rolf\Downloads\93655
2013-07-19 18:48 - 2013-07-19 18:48 - 00050433 ____C C:\Users\Rolf\Downloads\convert2mp3_video_converter_1.7.crx
2013-07-19 18:46 - 2013-07-19 18:47 - 16658002 ____C C:\Users\Rolf\Downloads\CH!PZ - 1001 Arabian Nights (HQ) OFFICIAL VIDEO FULL HD.mp4
2013-07-19 18:17 - 2013-07-19 18:57 - 123504950 ____C C:\Users\Rolf\Downloads\BSS0H5eVmj9SFYaw-avXtf0rlxafo5XO6bA85w3nUtU.rar
2013-07-19 12:44 - 2013-07-19 12:51 - 00000000 ___DC C:\Windows\system32\MRT
2013-07-18 22:40 - 2013-07-18 22:40 - 00000182 ____C C:\Users\Rolf\Downloads\stream.asx
2013-07-18 03:02 - 2013-07-18 03:01 - 00927399 ____C C:\Users\Rolf\Downloads\CryptMaster.exe
2013-07-18 02:48 - 2013-07-18 02:48 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Unity
2013-07-18 02:08 - 2013-07-18 02:08 - 00000973 ____C C:\Users\Public\Desktop\Anti-Twin.lnk
2013-07-18 02:08 - 2013-07-18 02:08 - 00000000 ___DC C:\Program Files (x86)\AntiTwin
2013-07-18 02:07 - 2013-07-18 02:07 - 00643592 ____C (Unity Technologies ApS) C:\Users\Rolf\Downloads\UnityWebPlayer.exe
2013-07-18 02:07 - 2013-07-18 02:07 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Unity
2013-07-17 15:50 - 2013-07-17 15:50 - 00816474 ____C C:\Users\Rolf\Downloads\AntiTwin_19Beta_Setup.exe
2013-07-16 20:18 - 2013-07-16 20:19 - 01327680 ____C C:\Users\Rolf\Downloads\CryptMaster-Downloader.exe
2013-07-16 18:04 - 2013-07-16 18:04 - 00085204 ____C C:\Users\Rolf\Documents\AdwCleaner[S1] gelöschte adwares.txt
2013-07-16 17:48 - 2013-07-16 17:49 - 00000098 ____C C:\Windows\DeleteOnReboot.bat
2013-07-16 16:03 - 2013-07-16 16:03 - 00018702 ____C C:\Users\Rolf\Downloads\044.crx
2013-07-16 14:14 - 2013-07-16 14:15 - 00000000 ___DC C:\Users\Rolf\Desktop\Bilder
2013-07-15 12:56 - 2013-07-15 12:56 - 00035058 ____C C:\Users\Rolf\Downloads\[FileCopter]turbomodelthingy.zip
2013-07-14 22:35 - 2013-07-14 22:40 - 111769046 ____C C:\Users\Rolf\Downloads\AetherII_Alpha_v1.0.2_MC1.5.1.zip
2013-07-14 22:35 - 2013-07-14 22:35 - 00967536 ____C C:\Users\Rolf\Downloads\AetherII_Alpha_v1.0.2_MC1.5.1.exe
2013-07-14 20:10 - 2013-07-14 20:13 - 03375803 ____C C:\Users\Rolf\Downloads\Industrial-Craft-2-Mod-1.5.2.jar
2013-07-14 19:47 - 2013-07-14 19:47 - 01153651 ____C C:\Users\Rolf\Downloads\Buildcraft Mod 1.5.2.jar
2013-07-14 19:45 - 2013-07-14 19:45 - 00008007 ____C C:\Users\Rolf\Downloads\Atomic-Science-API-1.5.2.zip
2013-07-14 17:24 - 2013-07-14 17:24 - 00967536 ____C C:\Users\Rolf\Downloads\der letzte sommer.exe
2013-07-13 15:12 - 2013-07-27 23:51 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\.minecraft
2013-07-13 03:17 - 2013-07-13 03:17 - 00000000 ___DC C:\My Games
2013-07-13 03:14 - 2013-07-13 03:14 - 00003006 ____C C:\Windows\System32\Tasks\{3A8EBCFF-7198-49CF-986E-A789C64F20A8}
2013-07-13 00:04 - 2013-07-13 00:04 - 00000000 ___DC C:\ProgramData\Sandlot Games
2013-07-13 00:01 - 2013-07-13 00:01 - 00000000 ___DC C:\Program Files (x86)\Cake Mania 2
2013-07-12 23:58 - 2013-07-12 23:58 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Big Fish
2013-07-12 23:57 - 2013-07-12 23:57 - 00000000 ___DC C:\Boonty
2013-07-12 18:58 - 2013-07-12 18:58 - 00001004 ____C C:\Users\Rolf\Desktop\tatoos - Verknüpfung.lnk
2013-07-11 00:49 - 2013-07-11 00:50 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 00:49 - 2013-07-11 00:50 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 00:49 - 2013-07-11 00:50 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 00:49 - 2013-07-11 00:50 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 00:49 - 2013-07-11 00:50 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 00:49 - 2013-07-11 00:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 00:23 - 2013-07-11 00:50 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 00:23 - 2013-07-11 00:50 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 00:23 - 2013-07-11 00:50 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 00:23 - 2013-07-11 00:50 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 00:23 - 2013-07-11 00:38 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 00:22 - 2013-07-11 00:31 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 00:22 - 2013-07-11 00:31 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 17:58 - 2013-07-10 17:59 - 00000078 ____C C:\Users\Rolf\Desktop\bankdaten für bud spencer film.txt
2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\IsolatedStorage
2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ___DC C:\Users\Rolf\AppData\Local\_
2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ___DC C:\ProgramData\IsolatedStorage
2013-07-10 15:53 - 2013-07-10 15:53 - 00000000 ___DC C:\Program Files\FileViewPro
2013-07-10 14:41 - 2013-07-11 00:31 - 00000000 ___DC C:\Program Files (x86)\AudioKonvertor
2013-07-10 14:40 - 2013-07-10 14:39 - 14178136 ____C C:\Users\Rolf\Downloads\install_audiokonvertor.exe
2013-07-10 00:38 - 2013-07-10 00:38 - 00000000 ___DC C:\Program Files (x86)\DVDVideoSoft
2013-07-10 00:27 - 2013-07-10 00:27 - 01211048 ____C (DVDVideoSoft Ltd.                                           ) C:\Users\Rolf\Downloads\FreeYouTubeToMP3Converter.exe
2013-07-08 21:44 - 2013-07-08 21:44 - 00000000 ___DC C:\Users\Rolf\Documents\CrypTool 2 Projects
2013-07-08 21:44 - 2013-07-08 21:44 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Distributed_Systems_Group
2013-07-08 21:42 - 2013-07-08 21:43 - 00000000 ___DC C:\Users\Rolf\Documents\.jcryptool
2013-07-08 21:41 - 2013-07-08 21:42 - 00000000 ___DC C:\Program Files (x86)\JCrypTool
2013-07-08 21:40 - 2013-07-08 21:40 - 00000000 ___DC C:\Users\Rolf\AppData\Local\CrypTool2
2013-07-08 21:39 - 2013-07-08 21:39 - 00000000 ___DC C:\Program Files (x86)\CrypTool 2
2013-07-05 12:32 - 2013-07-05 12:32 - 00012641 ____C C:\Users\Rolf\Downloads\YoutubeAutoHD.oex
2013-07-05 12:27 - 2013-07-05 12:27 - 00001701 ____C C:\Users\Rolf\Desktop\preisliste schulbücher.txt
2013-07-04 20:44 - 2013-07-06 15:41 - 00000049 ____C C:\Windows\NeroDigital.ini
2013-07-03 18:33 - 2013-07-03 18:33 - 00000835 ____C C:\Users\Public\Desktop\VLC media player.lnk
2013-07-03 18:25 - 2013-07-03 18:27 - 00000000 ___DC C:\Users\Rolf\Downloads\Koenigin.der.Verdammten.German.2002.AC3.DVDRiP.XViD.iNTERNAL-CiA
2013-07-02 13:32 - 2013-07-02 13:32 - 00739856 ____C (Google Inc.) C:\Users\Rolf\Downloads\chrome_installer_27.0.1453.116.exe
2013-07-02 13:31 - 2013-07-02 13:31 - 00219614 ____C C:\Users\Rolf\Documents\bookmarks_02.07.13.html
2013-06-30 13:11 - 2013-07-06 15:37 - 00000033 ____C C:\Users\Rolf\Desktop\BARsaufbienes Radio.m3u
2013-06-30 12:10 - 2013-06-30 12:15 - 00000000 ___DC C:\ProgramData\BlueStacksSetup
2013-06-29 00:31 - 2013-07-16 16:51 - 00000572 ____C C:\Users\Rolf\AppData\Roaming\AutoGK.ini
2013-06-29 00:27 - 2013-06-29 00:27 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2013-06-29 00:27 - 2013-06-29 00:27 - 00000000 ___DC C:\Program Files (x86)\XviD
2013-06-29 00:27 - 2013-06-29 00:27 - 00000000 ___DC C:\Program Files (x86)\AviSynth 2.5
2013-06-29 00:25 - 2013-06-29 00:25 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VobSub
2013-06-29 00:25 - 2013-06-29 00:25 - 00000000 ___DC C:\Program Files (x86)\Gabest
2013-06-29 00:23 - 2013-06-29 00:23 - 12341641 ____C C:\Users\Rolf\Downloads\AutoGordianKnot.2.55.Setup.exe

==================== One Month Modified Files and Folders =======

2013-07-29 12:02 - 2013-07-29 12:02 - 01780547 ____C (Farbar) C:\Users\Rolf\Desktop\FRST64.exe
2013-07-29 12:02 - 2012-07-22 16:21 - 00000000 ___DC C:\ProgramData\Kaspersky Lab
2013-07-29 11:28 - 2012-07-06 15:53 - 00000000 __RDC C:\Users\Rolf\Dropbox
2013-07-29 10:41 - 2012-07-02 19:38 - 00000000 ___DC C:\Users\Rolf\AppData\Local\CrashDumps
2013-07-29 09:31 - 2013-07-29 09:31 - 01752488 ____C (SurfRight B.V.) C:\Users\Rolf\Downloads\hmpalert.exe
2013-07-29 09:31 - 2013-07-29 09:31 - 01752488 ____C (SurfRight B.V.) C:\Users\Rolf\Downloads\hmpalert (1).exe
2013-07-29 09:31 - 2013-07-29 09:31 - 00533424 ____C (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2013-07-29 09:31 - 2013-07-29 09:31 - 00488104 ____C (SurfRight) C:\Windows\system32\hmpalert.dll
2013-07-29 09:31 - 2013-07-29 09:31 - 00017416 ____C C:\Windows\system32\Drivers\hmpalert.sys
2013-07-29 09:31 - 2013-07-29 09:31 - 00000000 ___DC C:\Program Files (x86)\HitmanPro.Alert
2013-07-29 09:19 - 2013-07-29 09:15 - 318189568 ____C C:\Users\Rolf\Downloads\kav_rescue_10.iso
2013-07-29 09:14 - 2013-07-29 09:09 - 411041792 ____C C:\Users\Rolf\Downloads\DE-Cleaner-RettungsCDv3.iso
2013-07-29 08:04 - 2013-06-10 13:43 - 00000000 ____C C:\Windows\system32\Ikeext.etl
2013-07-28 19:15 - 2013-07-28 09:58 - 00002934 ____C C:\Windows\PFRO.log
2013-07-28 17:35 - 2012-03-05 21:07 - 00000000 __RDC C:\Users\Rolf\Desktop\Dj Musik
2013-07-28 10:04 - 2013-07-27 19:17 - 00000000 ___DC C:\FRST
2013-07-28 10:04 - 2010-05-12 10:18 - 04665072 ____C C:\Windows\system32\perfh007.dat
2013-07-28 10:04 - 2010-05-12 10:18 - 01418588 ____C C:\Windows\system32\perfc007.dat
2013-07-28 10:04 - 2009-07-14 07:13 - 00006508 ____C C:\Windows\system32\PerfStringBackup.INI
2013-07-28 04:26 - 2011-01-23 15:15 - 01497146 ____C C:\Windows\WindowsUpdate.log
2013-07-28 03:52 - 2013-07-28 01:55 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-28 02:39 - 2013-07-28 02:38 - 07876512 ____C (Adobe Systems Inc.) C:\Users\Rolf\Downloads\Shockwave_Installer_Slim.exe
2013-07-28 02:39 - 2011-09-10 14:06 - 00000000 ___DC C:\Windows\SysWOW64\Adobe
2013-07-28 01:54 - 2013-07-28 01:41 - 00000000 ___DC C:\ProgramData\ParetoLogic
2013-07-28 01:48 - 2013-07-28 01:48 - 00726464 ____C (Enigma Software Group USA, LLC.) C:\Users\Rolf\Downloads\SpyHunter-Installer (1).exe
2013-07-28 01:41 - 2013-07-28 01:41 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\DriverCure
2013-07-28 01:40 - 2013-07-28 01:39 - 05799944 ____C (ParetoLogic, Inc.) C:\Users\Rolf\Downloads\RegCureProSetup_RW.exe
2013-07-28 01:39 - 2013-07-28 01:39 - 00001205 ____C C:\Users\Rolf\Downloads\FixNCR.reg
2013-07-28 01:29 - 2013-07-28 01:29 - 01440846 ____C C:\Users\Rolf\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-07-28 01:27 - 2013-07-20 15:33 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-28 01:26 - 2013-07-28 01:26 - 13399154 ____C C:\Users\Rolf\Downloads\mbar-1.06.0.1004.zip
2013-07-28 01:24 - 2013-07-28 01:24 - 00204496 ____C (Malwarebytes) C:\Users\Rolf\Downloads\StartUpLite.exe
2013-07-28 00:36 - 2011-11-05 20:53 - 00000000 ___DC C:\Users\Rolf\AppData\Local\PMB Files
2013-07-28 00:02 - 2012-07-05 23:22 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Dropbox
2013-07-27 23:55 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\tracing
2013-07-27 23:52 - 2012-04-13 16:39 - 00060926 ____C C:\Windows\setupact.log
2013-07-27 23:52 - 2011-01-23 15:21 - 00000000 ___DC C:\Users\Rolf
2013-07-27 23:52 - 2009-07-14 07:32 - 00000000 ___DC C:\Program Files\Windows Defender
2013-07-27 23:52 - 2009-07-14 07:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
2013-07-27 23:51 - 2013-07-27 20:49 - 00000000 ___DC C:\ProgramData\HitmanPro
2013-07-27 23:51 - 2013-07-27 17:00 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Abelssoft
2013-07-27 23:51 - 2013-07-27 17:00 - 00000000 ___DC C:\Program Files (x86)\MyKeyFinder
2013-07-27 23:51 - 2013-07-24 18:40 - 00000000 ___DC C:\Program Files (x86)\AC3 Player
2013-07-27 23:51 - 2013-07-13 15:12 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\.minecraft
2013-07-27 23:51 - 2013-03-24 14:12 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\vlc
2013-07-27 23:51 - 2013-03-18 22:28 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\PowerMp3WmaConverter
2013-07-27 23:51 - 2013-03-01 02:14 - 00000000 ___DC C:\Program Files\DivX
2013-07-27 23:51 - 2013-03-01 02:11 - 00000000 ___DC C:\Program Files (x86)\DivX
2013-07-27 23:51 - 2013-03-01 02:10 - 00000000 ___DC C:\ProgramData\DivX
2013-07-27 23:51 - 2012-12-12 20:13 - 00000000 __RDC C:\Program Files (x86)\Skype
2013-07-27 23:51 - 2012-11-09 17:09 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-27 23:51 - 2011-11-10 12:25 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Akamai
2013-07-27 23:51 - 2011-01-23 15:22 - 00000000 __RDC C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-27 23:51 - 2010-11-02 11:41 - 00000000 ___DC C:\Windows\SysWOW64\Macromed
2013-07-27 23:51 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\AppCompat
2013-07-27 23:50 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\registration
2013-07-27 23:44 - 2011-11-04 20:55 - 00000000 ___DC C:\ProgramData\Skype
2013-07-27 23:44 - 2011-01-23 18:34 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Adobe
2013-07-27 20:49 - 2013-07-27 20:49 - 00000000 ___DC C:\Program Files\HitmanPro
2013-07-27 19:23 - 2013-07-27 19:23 - 00048384 ____C C:\Users\Rolf\Desktop\Addition.txt
2013-07-27 17:43 - 2013-07-27 17:43 - 00002136 ____C C:\Users\Rolf\Downloads\Ashampoo_Burning_Studio_Elements_10.0.9__Setup_+_Keygen.torrent
2013-07-27 17:41 - 2013-07-27 17:41 - 00002182 ____C C:\Users\Rolf\Downloads\[torrent.cd].Ashampoo_Burning_Studio_Elements_10.0.9_Setup_+_Keygen.torrent
2013-07-27 01:46 - 2013-03-16 19:34 - 00000000 ___DC C:\ProgramData\firebird
2013-07-25 16:07 - 2009-07-14 06:45 - 00009888 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-25 16:07 - 2009-07-14 06:45 - 00009888 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-24 23:53 - 2013-07-24 23:52 - 01392906 ____C C:\Users\Rolf\Downloads\licensecrawler130.zip
2013-07-24 23:52 - 2013-07-24 23:52 - 00022220 ____C C:\Users\Rolf\Downloads\language_pack.zip
2013-07-24 18:40 - 2013-07-24 18:40 - 00000000 ____C C:\END
2013-07-24 17:12 - 2013-07-24 17:12 - 00291890 ____C C:\Users\Rolf\Downloads\CraftGuide-1.6.7.3.zip
2013-07-24 17:11 - 2013-07-24 17:11 - 00287669 ____C C:\Users\Rolf\Downloads\CraftGuide-1.6.7.3-modloader.zip
2013-07-24 17:03 - 2013-07-24 17:03 - 00073973 ____C C:\Users\Rolf\Downloads\Railcraft_API_1.5.2-7.3.0.0.zip
2013-07-24 17:03 - 2013-07-24 17:02 - 02513074 ____C C:\Users\Rolf\Downloads\Railcraft_1.5.2-7.3.0.0.jar
2013-07-24 16:58 - 2013-07-24 16:58 - 00025282 ____C C:\Users\Rolf\Downloads\Elemental-Arrows-Mod-1.5.2.zip
2013-07-24 14:56 - 2013-07-24 14:56 - 00001157 ____C C:\DelFix.txt
2013-07-24 14:56 - 2013-07-24 14:56 - 00000000 ___DC C:\Windows\ERUNT
2013-07-24 14:54 - 2013-07-23 23:13 - 00000000 ___DC C:\Windows\erdnt
2013-07-24 14:43 - 2012-11-09 17:10 - 00001111 ____C C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-24 14:43 - 2011-01-27 10:56 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2013-07-24 14:41 - 2013-07-24 14:41 - 21703480 ____C (Mozilla) C:\Users\Rolf\Downloads\Firefox Setup 22.0.exe
2013-07-24 14:30 - 2010-10-13 12:37 - 00000000 ___DC C:\Program Files\Java
2013-07-24 14:13 - 2012-04-08 12:37 - 00000884 ____C C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-24 14:08 - 2013-07-24 14:08 - 12931078 ____C C:\Users\Rolf\Downloads\SCFanpackage.zip
2013-07-24 04:21 - 2013-07-24 04:21 - 00001379 ____C C:\Users\Rolf\Desktop\aestool - Verknüpfung.lnk
2013-07-24 00:02 - 2009-07-14 05:20 - 00000000 _RHDC C:\Users\Default
2013-07-23 23:46 - 2009-07-14 04:34 - 00000215 ____C C:\Windows\system.ini
2013-07-23 22:52 - 2013-07-23 22:52 - 00246561 ____C C:\Users\Rolf\Downloads\superfish adware mit blockierung des antiviren programs - Trojaner-Board.htm
2013-07-23 22:52 - 2013-07-23 22:52 - 00000000 ___DC C:\Users\Rolf\Downloads\superfish adware mit blockierung des antiviren programs - Trojaner-Board_files
2013-07-23 22:44 - 2013-06-26 17:09 - 00000000 ___DC C:\Program Files (x86)\Plus-HD-1.6
2013-07-23 19:30 - 2013-07-23 19:30 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\LavasoftStatistics
2013-07-23 19:18 - 2013-07-23 19:18 - 00000000 ___DC C:\ProgramData\Downloaded Installations
2013-07-23 19:17 - 2013-07-23 19:17 - 00000000 ___DC C:\Program Files (x86)\Toolbar Cleaner
2013-07-23 19:14 - 2013-07-23 19:14 - 05616264 ____C (Lavasoft Limited) C:\Users\Rolf\Downloads\Adaware53_Installer.exe
2013-07-23 19:14 - 2013-07-23 19:14 - 00014456 ____C (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-07-23 19:14 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\system32\NDF
2013-07-23 17:53 - 2013-04-28 14:43 - 00000000 ___DC C:\Users\Rolf\Desktop\sound fx daten
2013-07-23 17:53 - 2011-01-23 15:24 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0AF23A97-653E-4B26-A3DD-52F6F8B9DA00}
2013-07-23 17:47 - 2013-07-23 17:47 - 07937056 ____C C:\Users\Rolf\Downloads\Nightcore - Dynamite.mp4
2013-07-23 17:46 - 2013-07-23 17:46 - 06018938 ____C C:\Users\Rolf\Downloads\Nightcore - Chipz In Black.mp4
2013-07-23 16:36 - 2013-07-23 16:36 - 00726464 ____C (Enigma Software Group USA, LLC.) C:\Users\Rolf\Downloads\SpyHunter-Installer.exe
2013-07-22 14:52 - 2013-07-22 14:52 - 00000000 ___DC C:\Users\Rolf\Documents\My Games
2013-07-21 12:26 - 2013-07-21 12:21 - 321314481 ____C C:\Users\Rolf\Downloads\Winx Club Staffel 5 Folge 1 Die Ölkatastrophe HD Ganze Folge Deutsch _ German.mp4
2013-07-20 20:18 - 2013-07-20 20:13 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy
2013-07-20 20:13 - 2013-07-20 20:13 - 00000000 ___DC C:\Windows\System32\Tasks\Safer-Networking
2013-07-20 19:51 - 2011-10-25 19:43 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\WinRAR
2013-07-20 18:34 - 2013-07-20 18:16 - 417923699 ____C C:\Users\Rolf\Downloads\OM M.rar
2013-07-20 17:49 - 2013-07-20 17:49 - 00659797 ____C C:\Users\Rolf\Downloads\VisualBoyAdvance-1.8.0-beta3.zip
2013-07-20 17:49 - 2013-07-20 17:49 - 00108176 ____C C:\Users\Rolf\Downloads\Metroid 2 - Return of Samus.zip
2013-07-20 17:48 - 2013-07-20 17:43 - 296225020 ____C C:\Users\Rolf\Downloads\Metroid Prime 3 - Trilogy Remaster.zip
2013-07-20 17:25 - 2013-07-20 17:24 - 36271144 ____C (Safer-Networking Ltd.                                       ) C:\Users\Rolf\Downloads\spybot-2.1.exe
2013-07-20 16:00 - 2013-07-20 16:00 - 00000000 ___DC C:\ProgramData\StarApp
2013-07-20 16:00 - 2013-07-20 16:00 - 00000000 ___DC C:\ProgramData\InstallMate
2013-07-20 15:33 - 2013-07-20 15:33 - 00001073 ____C C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-20 15:23 - 2013-07-20 15:23 - 10285040 ____C (Malwarebytes Corporation                                    ) C:\Users\Rolf\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-20 02:51 - 2013-07-20 02:51 - 17355680 ____C C:\Users\Rolf\Downloads\Crazy Frog - Popcorn.mp4
2013-07-20 02:45 - 2013-07-20 02:45 - 09920468 ____C C:\Users\Rolf\Downloads\CRAZY FROG - Daddy DJ (Clip Officiel).mp4
2013-07-20 02:41 - 2013-07-20 02:41 - 11178752 ____C C:\Users\Rolf\Downloads\Crazy Frog - We Are The Champions.mp4
2013-07-19 23:19 - 2013-07-19 23:19 - 01492584 ____C (Skype Technologies S.A.) C:\Users\Rolf\Downloads\SkypeSetup.exe
2013-07-19 22:34 - 2013-07-19 22:34 - 04179944 ____C (TeamViewer) C:\Users\Rolf\Downloads\TeamViewerQS_de.exe
2013-07-19 19:05 - 2013-07-19 19:04 - 00000000 ___DC C:\Users\Rolf\Downloads\93655
2013-07-19 18:57 - 2013-07-19 18:17 - 123504950 ____C C:\Users\Rolf\Downloads\BSS0H5eVmj9SFYaw-avXtf0rlxafo5XO6bA85w3nUtU.rar
2013-07-19 18:48 - 2013-07-19 18:48 - 00050433 ____C C:\Users\Rolf\Downloads\convert2mp3_video_converter_1.7.crx
2013-07-19 18:47 - 2013-07-19 18:46 - 16658002 ____C C:\Users\Rolf\Downloads\CH!PZ - 1001 Arabian Nights (HQ) OFFICIAL VIDEO FULL HD.mp4
2013-07-19 12:51 - 2013-07-19 12:44 - 00000000 ___DC C:\Windows\system32\MRT
2013-07-18 22:40 - 2013-07-18 22:40 - 00000182 ____C C:\Users\Rolf\Downloads\stream.asx
2013-07-18 03:01 - 2013-07-18 03:02 - 00927399 ____C C:\Users\Rolf\Downloads\CryptMaster.exe
2013-07-18 02:59 - 2013-04-28 14:43 - 00000000 ___DC C:\Users\Rolf\Desktop\tevion usb stick daten
2013-07-18 02:48 - 2013-07-18 02:48 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Unity
2013-07-18 02:08 - 2013-07-18 02:08 - 00000973 ____C C:\Users\Public\Desktop\Anti-Twin.lnk
2013-07-18 02:08 - 2013-07-18 02:08 - 00000000 ___DC C:\Program Files (x86)\AntiTwin
2013-07-18 02:07 - 2013-07-18 02:07 - 00643592 ____C (Unity Technologies ApS) C:\Users\Rolf\Downloads\UnityWebPlayer.exe
2013-07-18 02:07 - 2013-07-18 02:07 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Unity
2013-07-17 15:50 - 2013-07-17 15:50 - 00816474 ____C C:\Users\Rolf\Downloads\AntiTwin_19Beta_Setup.exe
2013-07-16 20:19 - 2013-07-16 20:18 - 01327680 ____C C:\Users\Rolf\Downloads\CryptMaster-Downloader.exe
2013-07-16 18:04 - 2013-07-16 18:04 - 00085204 ____C C:\Users\Rolf\Documents\AdwCleaner[S1] gelöschte adwares.txt
2013-07-16 17:49 - 2013-07-16 17:48 - 00000098 ____C C:\Windows\DeleteOnReboot.bat
2013-07-16 16:51 - 2013-06-29 00:31 - 00000572 ____C C:\Users\Rolf\AppData\Roaming\AutoGK.ini
2013-07-16 16:03 - 2013-07-16 16:03 - 00018702 ____C C:\Users\Rolf\Downloads\044.crx
2013-07-16 15:51 - 2011-01-23 15:21 - 00000000 ___DC C:\Users\Rolf\AppData\Local\VirtualStore
2013-07-16 14:15 - 2013-07-16 14:14 - 00000000 ___DC C:\Users\Rolf\Desktop\Bilder
2013-07-15 12:56 - 2013-07-15 12:56 - 00035058 ____C C:\Users\Rolf\Downloads\[FileCopter]turbomodelthingy.zip
2013-07-14 22:40 - 2013-07-14 22:35 - 111769046 ____C C:\Users\Rolf\Downloads\AetherII_Alpha_v1.0.2_MC1.5.1.zip
2013-07-14 22:35 - 2013-07-14 22:35 - 00967536 ____C C:\Users\Rolf\Downloads\AetherII_Alpha_v1.0.2_MC1.5.1.exe
2013-07-14 20:13 - 2013-07-14 20:10 - 03375803 ____C C:\Users\Rolf\Downloads\Industrial-Craft-2-Mod-1.5.2.jar
2013-07-14 19:47 - 2013-07-14 19:47 - 01153651 ____C C:\Users\Rolf\Downloads\Buildcraft Mod 1.5.2.jar
2013-07-14 19:45 - 2013-07-14 19:45 - 00008007 ____C C:\Users\Rolf\Downloads\Atomic-Science-API-1.5.2.zip
2013-07-14 19:01 - 2011-12-01 13:17 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\ObviousIdea
2013-07-14 17:24 - 2013-07-14 17:24 - 00967536 ____C C:\Users\Rolf\Downloads\der letzte sommer.exe
2013-07-14 15:31 - 2012-04-08 12:37 - 00692104 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-14 15:31 - 2012-04-08 12:37 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-14 15:31 - 2011-07-28 16:06 - 00071048 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-14 14:48 - 2011-01-23 15:18 - 00001110 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-14 14:48 - 2011-01-23 15:18 - 00001106 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-13 09:57 - 2011-01-23 15:18 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 09:57 - 2011-01-23 15:18 - 00003856 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 03:18 - 2011-10-29 23:19 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\PlayFirst
2013-07-13 03:18 - 2011-10-29 23:19 - 00000000 ___DC C:\ProgramData\PlayFirst
2013-07-13 03:17 - 2013-07-13 03:17 - 00000000 ___DC C:\My Games
2013-07-13 03:16 - 2011-09-15 12:22 - 00000000 ___DC C:\Program Files (x86)\Zylom Games
2013-07-13 03:14 - 2013-07-13 03:14 - 00003006 ____C C:\Windows\System32\Tasks\{3A8EBCFF-7198-49CF-986E-A789C64F20A8}
2013-07-13 00:04 - 2013-07-13 00:04 - 00000000 ___DC C:\ProgramData\Sandlot Games
2013-07-13 00:01 - 2013-07-13 00:01 - 00000000 ___DC C:\Program Files (x86)\Cake Mania 2
2013-07-12 23:58 - 2013-07-12 23:58 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Big Fish
2013-07-12 23:57 - 2013-07-12 23:57 - 00000000 ___DC C:\Boonty
2013-07-12 18:58 - 2013-07-12 18:58 - 00001004 ____C C:\Users\Rolf\Desktop\tatoos - Verknüpfung.lnk
2013-07-11 23:57 - 2012-01-02 21:17 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Utherverse
2013-07-11 03:20 - 2009-07-14 06:45 - 08769616 ____C C:\Windows\system32\FNTCACHE.DAT
2013-07-11 03:17 - 2013-03-13 20:55 - 00000000 ___DC C:\Program Files\Microsoft Silverlight
2013-07-11 03:17 - 2013-03-13 20:55 - 00000000 ___DC C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 03:16 - 2009-07-14 09:45 - 00000000 ___DC C:\Program Files\Windows Journal
2013-07-11 03:16 - 2009-07-14 07:32 - 00000000 ___DC C:\Program Files (x86)\Windows Defender
2013-07-11 00:57 - 2009-07-14 04:34 - 00000534 ____C C:\Windows\win.ini
2013-07-11 00:50 - 2013-07-11 00:49 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 00:50 - 2013-07-11 00:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 00:50 - 2013-07-11 00:49 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 00:50 - 2013-07-11 00:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 00:50 - 2013-07-11 00:49 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 00:50 - 2013-07-11 00:49 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 00:50 - 2013-07-11 00:23 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 00:50 - 2013-07-11 00:23 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 00:50 - 2013-07-11 00:23 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 00:50 - 2013-07-11 00:23 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 00:38 - 2013-07-11 00:23 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 00:31 - 2013-07-11 00:22 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 00:31 - 2013-07-11 00:22 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 00:31 - 2013-07-10 14:41 - 00000000 ___DC C:\Program Files (x86)\AudioKonvertor
2013-07-10 17:59 - 2013-07-10 17:58 - 00000078 ____C C:\Users\Rolf\Desktop\bankdaten für bud spencer film.txt
2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\IsolatedStorage
2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ___DC C:\Users\Rolf\AppData\Local\_
2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ___DC C:\ProgramData\IsolatedStorage
2013-07-10 15:53 - 2013-07-10 15:53 - 00000000 ___DC C:\Program Files\FileViewPro
2013-07-10 14:39 - 2013-07-10 14:40 - 14178136 ____C C:\Users\Rolf\Downloads\install_audiokonvertor.exe
2013-07-10 00:38 - 2013-07-10 00:38 - 00000000 ___DC C:\Program Files (x86)\DVDVideoSoft
2013-07-10 00:38 - 2013-05-04 21:27 - 00001362 ____C C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-07-10 00:38 - 2011-10-09 16:41 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\DVDVideoSoft
2013-07-10 00:27 - 2013-07-10 00:27 - 01211048 ____C (DVDVideoSoft Ltd.                                           ) C:\Users\Rolf\Downloads\FreeYouTubeToMP3Converter.exe
2013-07-08 21:44 - 2013-07-08 21:44 - 00000000 ___DC C:\Users\Rolf\Documents\CrypTool 2 Projects
2013-07-08 21:44 - 2013-07-08 21:44 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Distributed_Systems_Group
2013-07-08 21:43 - 2013-07-08 21:42 - 00000000 ___DC C:\Users\Rolf\Documents\.jcryptool
2013-07-08 21:42 - 2013-07-08 21:41 - 00000000 ___DC C:\Program Files (x86)\JCrypTool
2013-07-08 21:40 - 2013-07-08 21:40 - 00000000 ___DC C:\Users\Rolf\AppData\Local\CrypTool2
2013-07-08 21:39 - 2013-07-08 21:39 - 00000000 ___DC C:\Program Files (x86)\CrypTool 2
2013-07-06 15:41 - 2013-07-04 20:44 - 00000049 ____C C:\Windows\NeroDigital.ini
2013-07-06 15:37 - 2013-06-30 13:11 - 00000033 ____C C:\Users\Rolf\Desktop\BARsaufbienes Radio.m3u
2013-07-05 12:32 - 2013-07-05 12:32 - 00012641 ____C C:\Users\Rolf\Downloads\YoutubeAutoHD.oex
2013-07-05 12:27 - 2013-07-05 12:27 - 00001701 ____C C:\Users\Rolf\Desktop\preisliste schulbücher.txt
2013-07-03 18:33 - 2013-07-03 18:33 - 00000835 ____C C:\Users\Public\Desktop\VLC media player.lnk
2013-07-03 18:27 - 2013-07-03 18:25 - 00000000 ___DC C:\Users\Rolf\Downloads\Koenigin.der.Verdammten.German.2002.AC3.DVDRiP.XViD.iNTERNAL-CiA
2013-07-02 13:33 - 2011-01-23 15:23 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Google
2013-07-02 13:32 - 2013-07-02 13:32 - 00739856 ____C (Google Inc.) C:\Users\Rolf\Downloads\chrome_installer_27.0.1453.116.exe
2013-07-02 13:31 - 2013-07-02 13:31 - 00219614 ____C C:\Users\Rolf\Documents\bookmarks_02.07.13.html
2013-07-02 01:07 - 2013-06-26 02:02 - 00000000 _SHDC C:\Windows\SysWOW64\AI_RecycleBin
2013-07-02 01:06 - 2013-06-26 02:20 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2013-07-02 01:06 - 2011-10-13 01:25 - 00000000 ___DC C:\AeriaGames
2013-07-02 00:46 - 2009-07-14 05:20 - 00000000 _RHDC C:\Users\Public\Libraries
2013-06-30 12:15 - 2013-06-30 12:10 - 00000000 ___DC C:\ProgramData\BlueStacksSetup
2013-06-29 19:46 - 2013-03-25 18:31 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\dvdcss
2013-06-29 11:36 - 2012-10-22 23:07 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\TS3Client
2013-06-29 02:26 - 2012-07-01 17:06 - 00003704 _____ C:\Windows\System32\Tasks\Java Update Scheduler
2013-06-29 00:27 - 2013-06-29 00:27 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2013-06-29 00:27 - 2013-06-29 00:27 - 00000000 ___DC C:\Program Files (x86)\XviD
2013-06-29 00:27 - 2013-06-29 00:27 - 00000000 ___DC C:\Program Files (x86)\AviSynth 2.5
2013-06-29 00:25 - 2013-06-29 00:25 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VobSub
2013-06-29 00:25 - 2013-06-29 00:25 - 00000000 ___DC C:\Program Files (x86)\Gabest
2013-06-29 00:23 - 2013-06-29 00:23 - 12341641 ____C C:\Users\Rolf\Downloads\AutoGordianKnot.2.55.Setup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {current}
resumeobject            {0013713f-26e7-11e0-8113-c852da81b508}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {00137141-26e7-11e0-8113-c852da81b508}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {0013713f-26e7-11e0-8113-c852da81b508}
nx                      OptIn

Windows-Startladeprogramm
-------------------------
Bezeichner              {00137141-26e7-11e0-8113-c852da81b508}
device                  ramdisk=[C:]\Recovery\00137141-26e7-11e0-8113-c852da81b508\Winre.wim,{00137142-26e7-11e0-8113-c852da81b508}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\00137141-26e7-11e0-8113-c852da81b508\Winre.wim,{00137142-26e7-11e0-8113-c852da81b508}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {0013713f-26e7-11e0-8113-c852da81b508}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {00137142-26e7-11e0-8113-c852da81b508}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\00137141-26e7-11e0-8113-c852da81b508\boot.sdi



LastRegBack: 2013-07-24 06:37

==================== End Of Log ============================
         
--- --- ---

--- --- ---


er hat nen erweiterten scan durchgeführt und die hacken selbst gesetzt also nicht wundern

Alt 29.07.2013, 15:18   #15
schrauber
/// the machine
/// TB-Ausbilder
 

backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar - Standard

backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar



Und er bootet immer noch nicht normal?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar
abgesicherte, abgesicherten, abgesicherten modus, ahnung, ausfall, backdoor.win32.zaccess.mbs, desinfiziert, erstelle, erstellen, folge, gefunde, ide, modus, möglichkeit, nicht möglich, problem, starte, system, versuche, virus, windows, windwos



Ähnliche Themen: backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar


  1. Windows funktioniert nur noch im Abgesicherten Modus mit Netzwerkeingabe. Im normalen Modus hängt er sich nach ein par Minuten auf.
    Log-Analyse und Auswertung - 25.10.2014 (9)
  2. Windwos 7: Backdoor.Agent.DCEGen, Trojan.Delf und noch ordentlich Malware
    Log-Analyse und Auswertung - 04.05.2014 (5)
  3. Kaspersky findet Backdoor.Win32.Zaccess, Trojan-Ransom.Win32.Gimeno, Trojan.Win32.Inject
    Log-Analyse und Auswertung - 01.02.2014 (17)
  4. System Care Antivirus im abgesicherten Modus entfernt- Backdoor noch da?
    Log-Analyse und Auswertung - 22.05.2013 (19)
  5. Windows 8 – abgesicherten Modus über F8 Taste aktivieren
    Anleitungen, FAQs & Links - 25.01.2013 (1)
  6. Win7 nur noch im abgesicherten Modus startbar
    Plagegeister aller Art und deren Bekämpfung - 15.11.2012 (36)
  7. Exploit.Script.Generic, Exploit.JS.Pdfka.gfa, Backdoor.Win32.ZAccess.ypw, Backdoor.Win32.ZAccess.yqi, Trojan.Win32.Miner.dw und weitere
    Log-Analyse und Auswertung - 02.10.2012 (7)
  8. Backdoor.Win32.ZAccess.uru und weitere
    Log-Analyse und Auswertung - 19.07.2012 (2)
  9. Polizei-virus - im abgesicherten Modus nicht startbar
    Log-Analyse und Auswertung - 18.07.2012 (16)
  10. Backdoor.Win32.ZAccess.mbg und Trojan.Win32.Small.bmph
    Log-Analyse und Auswertung - 10.07.2012 (28)
  11. Antivir hat TR/ATRAPS.Gen2, BDS/ZAccess.Q', BDS/ZAccess.L gefunden --> SYSTEM NEU AUFSETZEN?
    Plagegeister aller Art und deren Bekämpfung - 12.03.2012 (7)
  12. Kürzlich angezeigter Backdoor:/win32/cybot.B und Rootkit noch im System?
    Log-Analyse und Auswertung - 12.01.2012 (34)
  13. Trojaner Backdoor.Win32.ZAccess.ob
    Log-Analyse und Auswertung - 25.08.2011 (1)
  14. nach entfernen des windows recovery virus läuft der pc nur noch über abgesicherten modus
    Log-Analyse und Auswertung - 06.07.2011 (1)
  15. system fährt normal nichtmehr hoch, lediglich kann ich über abgesicherten modus pc noch nutzen
    Alles rund um Windows - 23.01.2011 (0)
  16. Abgesicherten Modus über DOS deaktivieren?
    Alles rund um Windows - 25.10.2009 (1)
  17. Abgesicherten Modus über DOS deaktivieren?
    Plagegeister aller Art und deren Bekämpfung - 21.10.2008 (1)

Zum Thema backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar - hi habe ein problem dieser virus wurde identifiziert backdoor.WIN32.ZAccess.mbs kann windows seit er desinfiziert wurde nur noch über abgesicherten modus starten andere möglichkeit nicht möglich -.- log usw. keine ahnung - backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar...
Archiv
Du betrachtest: backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.