Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
TR/ATRAPS.Gen2 Virus/Trojaner

TR/ATRAPS.Gen2 Virus/Trojaner


Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen2 Virus/Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 3 1 2 3
Alt 21.09.2013, 23:10   #16
HaukeR
 
TR/ATRAPS.Gen2 Virus/Trojaner - Standard

TR/ATRAPS.Gen2 Virus/Trojaner


So okay
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-09-2013 03
Ran by marita1 at 2013-09-22 00:09:17 Run:1
Running from C:\Users\marita1\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\Marita\...\Policies\system: [DisableTaskMgr] 1
HKU\Marita\...\Policies\system: [DisableRegistryTools] 1
HKU\Marita\...\Policies\Explorer: [NoDesktop] 1
HKU\Marita\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION 
HKU\Marita.Marita-PC\...\Run: [Microsoft Windows Manager] - C:\Users\Marita.Marita-PC\M-50-8964-7854-4678\winmgr.exe
HKU\Marita.Marita-PC\...\Run: [Microsoft Windows Service] - C:\Users\Marita.Marita-PC\M-25-6788-7854-2457\winmgr.exe
C:\Users\Marita.Marita-PC\M-50-8964-7854-4678
C:\Users\Marita.Marita-PC\M-25-6788-7854-2457
HKU\Marita.Marita-PC\...\CurrentVersion\Windows: [Load] C:\Users\MARITA~1.MAR\LOCALS~1\Temp\msuoawy.com <===== ATTENTION
C:\Users\MARITA~1.MAR\LOCALS~1\Temp\msuoawy.com
S3 X6va008; \??\C:\windows\SysWOW64\Drivers\X6va008 [x]
S1 yitmugol; \??\C:\windows\system32\drivers\yitmugol.sys [x]
ZeroAccess:
C:\Users\Marita.Marita-PC\AppData\Local\{45be79c4-a4d7-75f6-a6dc-dfd5d6a042cb}
C:\Users\Marita.Marita-PC\AppData\Local\{45be79c4-a4d7-75f6-a6dc-dfd5d6a042cb}\@
C:\Users\Marita.Marita-PC\AppData\Local\{45be79c4-a4d7-75f6-a6dc-dfd5d6a042cb}\n
C:\Users\Marita.Marita-PC\AppData\Local\{45be79c4-a4d7-75f6-a6dc-dfd5d6a042cb}\U\00000004.@
         
*****************

HKU\Marita\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr => Value deleted successfully.
HKU\Marita\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools => Value deleted successfully.
HKU\Marita\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDesktop => Value deleted successfully.
HKU\Marita\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Marita.Marita-PC\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Windows Manager => Value deleted successfully.
HKU\Marita.Marita-PC\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Windows Service => Value deleted successfully.
C:\Users\Marita.Marita-PC\M-50-8964-7854-4678 => Moved successfully.
C:\Users\Marita.Marita-PC\M-25-6788-7854-2457 => Moved successfully.
"C:\Users\MARITA~1.MAR\LOCALS~1\Temp\msuoawy.com" => File/Directory not found.
X6va008 => Service deleted successfully.
yitmugol => Service deleted successfully.
C:\Users\Marita.Marita-PC\AppData\Local\{45be79c4-a4d7-75f6-a6dc-dfd5d6a042cb} => Moved successfully.
"C:\Users\Marita.Marita-PC\AppData\Local\{45be79c4-a4d7-75f6-a6dc-dfd5d6a042cb}\@" => File/Directory not found.
"C:\Users\Marita.Marita-PC\AppData\Local\{45be79c4-a4d7-75f6-a6dc-dfd5d6a042cb}\n" => File/Directory not found.
"C:\Users\Marita.Marita-PC\AppData\Local\{45be79c4-a4d7-75f6-a6dc-dfd5d6a042cb}\U\00000004.@" => File/Directory not found.

==== End of Fixlog ====

Alt 22.09.2013, 13:13   #17
schrauber
/// the machine
/// TB-Ausbilder
 
TR/ATRAPS.Gen2 Virus/Trojaner - Standard

TR/ATRAPS.Gen2 Virus/Trojaner


fisches FRST log fehlt noch. Noch Probleme?
__________________

__________________
Alt 22.09.2013, 18:22   #18
HaukeR
 
TR/ATRAPS.Gen2 Virus/Trojaner - Standard

TR/ATRAPS.Gen2 Virus/Trojaner


FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 03 (ATTENTION: ====> FRST version is 6 days old and could be outdated)
Ran by marita1 (administrator) on MARITA-PC on 22-09-2013 19:20:37
Running from C:\Users\marita1\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(AMD) C:\windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Spotify Ltd) C:\Users\marita1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(LogMeIn Inc.) C:\LogMeIn Hamachi\hamachi-2.exe
() C:\windows\SysWOW64\PnkBstrA.exe
(LogMeIn Inc.) C:\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
() C:\Program Files (x86)\T-Mobile Internet Manager 03\AssistantServices.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
( ) C:\Program Files (x86)\LockKey\LockKey.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Nokia) C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
() C:\Program Files (x86)\T-Mobile Internet Manager 03\UIExec.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) D:\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Ubisoft) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe
(Spotify Ltd) C:\Users\marita1\AppData\Roaming\Spotify\spotify.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11448424 2010-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-08-20] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1894696 2010-01-07] (Synaptics Incorporated)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4462496 2010-04-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7056800 2010-03-18] (Lenovo (Beijing) Limited)
HKLM\...\Run: [MRT] - C:\windows\system32\MRT.exe [79143768 2013-09-01] (Microsoft Corporation)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\marita1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-15] (Spotify Ltd)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875944 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [EADM] - E:\GAMES\Origin\Origin.exe [3549528 2013-08-30] (Electronic Arts)
HKCU\...\Run: [ImpulseFastStart] - C:\Program Files (x86)\Stardock\Impulse\Impulse.exe [1717616 2008-10-14] (Stardock Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-07-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [331BigDog] - C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2009-09-15] (Vimicro)
HKLM-x32\...\Run: [LockKey] - C:\Program Files (x86)\LockKey\LockKey.exe [365936 2010-05-28] ( )
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [3122528 2010-11-25] (Lenovo)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [171104 2010-06-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [NokiaMServer] - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup [x]
HKLM-x32\...\Run: [UIExec] - C:\Program Files (x86)\T-Mobile Internet Manager 03\UIExec.exe [132608 2009-03-30] ()
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [IMBooster] - C:\Program Files (x86)\Iminent\IMBooster\imbooster.exe /warmup [x]
HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348624 2012-05-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - D:\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263512 2012-11-30] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
HKU\Marita\...\Run: [IncrediMail] - C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [366024 2011-06-29] (IncrediMail, Ltd.)
HKU\Marita\...\Run: [JumiController] - [x]
HKU\Marita\...\Run: [] - [x]
HKU\Marita\...\Run: [NokiaOviSuite2] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [703360 2011-01-31] (Nokia)
HKU\Marita\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1602984 2013-02-25] (Valve Corporation)
HKU\Marita\...\Run: [Akamai NetSession Interface] - C:\Users\Marita\AppData\Local\Akamai\netsession_win.exe [3329824 2012-02-02] (Akamai Technologies, Inc)
HKU\Marita\...\Run: [EPSON BX305 Series] - C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGJE.EXE /FU "C:\windows\TEMP\E_S5E94.tmp" /EF "HKCU"
HKU\Marita\...\Run: [Epson Stylus Office BX305(Netzwerk)] - C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGJE.EXE /FU "C:\windows\TEMP\E_S87C5.tmp" /EF "HKCU"
HKU\Marita.Marita-PC\...\Run: [Spotify] - C:\Users\Marita.Marita-PC\AppData\Roaming\Spotify\Spotify.exe [5576408 2012-08-25] (Spotify Ltd)
HKU\Marita.Marita-PC\...\Run: [Spotify Web Helper] - C:\Users\Marita.Marita-PC\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1193176 2012-08-25] ()
HKU\Marita.Marita-PC\...\CurrentVersion\Windows: [Load] C:\Users\MARITA~1.MAR\LOCALS~1\Temp\msuoawy.com <===== ATTENTION
Startup: C:\Users\Marita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Marita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk
ShortcutTarget: Product Registration.lnk -> C:\Users\marita1\AppData\Local\Temp\is-VR3KQ.tmp\ATR1.exe (No File)
Startup: C:\Users\marita1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Facebook Connect - {11DCAFD6-DDBA-4ADA-998B-996B7B691AE0} - C:\Users\Marita\AppData\Roaming\FBConnect\IE\FBConnect.dll (Facebook Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\marita1\AppData\Roaming\Mozilla\Firefox\Profiles\0rux5gt3.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Battlefield Play4Free - C:\Users\marita1\AppData\Roaming\Mozilla\Firefox\Profiles\0rux5gt3.default\Extensions\battlefieldplay4free@ea.com
FF Extension: No Name - C:\Users\marita1\AppData\Roaming\Mozilla\Firefox\Profiles\0rux5gt3.default\Extensions\WebSiteRecommendation@weliketheweb.com
FF Extension: torntv - C:\Users\marita1\AppData\Roaming\Mozilla\Firefox\Profiles\0rux5gt3.default\Extensions\torntv@torntv.com.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: () - C:\Users\marita1\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj\1.9_0
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-15] (Akamai Technologies, Inc.)
R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [619472 2012-05-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [375760 2012-05-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [465360 2012-05-22] (Avira Operations GmbH & Co. KG)
R2 Hamachi2Svc; C:\LogMeIn Hamachi\hamachi-2.exe [2470736 2013-06-28] (LogMeIn Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-11-19] ()
R2 UI Assistant Service; C:\Program Files (x86)\T-Mobile Internet Manager 03\AssistantServices.exe [241664 2009-03-30] ()

==================== Drivers (Whitelisted) ====================

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310984 2012-08-01] ()
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114128 2012-05-22] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [139360 2012-05-22] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-22] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-22] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-10-11] (Avira GmbH)
R3 jumi; C:\Windows\System32\DRIVERS\jumi.sys [15160 2010-06-03] (Windows (R) Codename Longhorn DDK provider)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2011-01-05] ()
S0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [77688 2006-07-05] (Protection Technology (StarForce))
S0 sfsync02; C:\Windows\System32\drivers\sfsync02.sys [22936 2006-07-10] (Protection Technology)
R0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [106360 2007-01-12] (Protection Technology (StarForce))
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [207232 2009-11-09] (Vimicro Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
U3 BcmSqlStartupSvc; 
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [x]
U2 IAStorDataMgrSvc; 
U3 IGRS; 
U2 IviRegMgr; 
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
U3 SQLWriter; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-21 12:16 - 2013-09-22 19:17 - 00040450 _____ C:\Users\marita1\Desktop\Amerikanischer Bürgerkrieg Seeschlachten (Hauke).odt
2013-09-21 12:16 - 2013-09-21 12:16 - 00013849 _____ C:\Users\marita1\Downloads\Amerikanischer Bürgerkrieg Seeschlachten (Hauke).odt
2013-09-21 03:05 - 2013-09-22 12:29 - 00013169 _____ C:\windows\IE10_main.log
2013-09-20 18:07 - 2013-09-20 18:07 - 00000000 _____ C:\windows\SysWOW64\shoA75.tmp
2013-09-20 16:48 - 2013-09-20 16:48 - 00000000 ____D C:\windows\system32\MRT
2013-09-20 16:40 - 2013-07-31 16:17 - 17833472 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-09-20 16:40 - 2013-07-31 15:42 - 10926080 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-09-20 16:40 - 2013-07-31 15:29 - 02312704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-09-20 16:40 - 2013-07-31 15:20 - 01346560 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-09-20 16:40 - 2013-07-31 15:19 - 01392128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-09-20 16:40 - 2013-07-31 15:18 - 01494528 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-09-20 16:40 - 2013-07-31 15:17 - 00237056 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-09-20 16:40 - 2013-07-31 15:16 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-09-20 16:40 - 2013-07-31 15:14 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-09-20 16:40 - 2013-07-31 15:13 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-09-20 16:40 - 2013-07-31 15:13 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-09-20 16:40 - 2013-07-31 15:11 - 02147840 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-09-20 16:40 - 2013-07-31 15:11 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-09-20 16:40 - 2013-07-31 15:09 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-09-20 16:40 - 2013-07-31 15:08 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-09-20 16:40 - 2013-07-31 15:05 - 00248320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-09-20 16:40 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-09-20 16:40 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-09-20 16:40 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-09-20 16:40 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-09-20 16:40 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-09-20 16:40 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-09-20 16:40 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2013-09-20 16:40 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-09-20 16:40 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-09-20 16:40 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2013-09-20 16:40 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2013-09-20 16:40 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-09-20 16:40 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-09-20 16:40 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-09-20 16:40 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2013-09-20 16:40 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-09-20 16:28 - 2012-07-26 06:55 - 00785512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2013-09-20 16:28 - 2012-07-26 06:55 - 00054376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdfLdr.sys
2013-09-20 16:28 - 2012-07-26 04:36 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\Wdfres.dll
2013-09-20 16:28 - 2012-06-02 16:35 - 00000003 _____ C:\windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-09-20 15:37 - 2012-12-16 19:11 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2013-09-20 15:37 - 2012-12-16 16:45 - 00367616 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2013-09-20 15:37 - 2012-12-16 16:13 - 00295424 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2013-09-20 15:37 - 2012-12-16 16:13 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2013-09-20 15:35 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\windows\system32\WUDFx.dll
2013-09-20 15:35 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\WUDFHost.exe
2013-09-20 15:35 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\WUDFPlatform.dll
2013-09-20 15:35 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\WUDFSvc.dll
2013-09-20 15:35 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\WUDFCoinstaller.dll
2013-09-20 15:35 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFRd.sys
2013-09-20 15:35 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFPf.sys
2013-09-20 15:35 - 2012-06-02 16:57 - 00000003 _____ C:\windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-09-20 15:23 - 2013-09-20 15:19 - 00891144 _____ C:\Users\marita1\Desktop\SecurityCheck.exe
2013-09-20 15:17 - 2013-09-20 15:19 - 00891144 _____ C:\Users\marita1\Downloads\SecurityCheck.exe
2013-09-20 15:17 - 2013-09-20 15:16 - 02347384 _____ (ESET) C:\Users\marita1\Desktop\esetsmartinstaller_enu.exe
2013-09-20 15:15 - 2013-09-20 15:16 - 02347384 _____ (ESET) C:\Users\marita1\Downloads\esetsmartinstaller_enu.exe
2013-09-19 21:27 - 2013-04-10 08:01 - 00983400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2013-09-19 21:27 - 2013-04-10 08:01 - 00265064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2013-09-19 21:27 - 2011-02-03 13:25 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
2013-09-19 21:23 - 2012-10-09 20:17 - 00226816 _____ (Microsoft Corporation) C:\windows\system32\dhcpcore6.dll
2013-09-19 21:23 - 2012-10-09 20:17 - 00055296 _____ (Microsoft Corporation) C:\windows\system32\dhcpcsvc6.dll
2013-09-19 21:23 - 2012-10-09 19:40 - 00193536 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcore6.dll
2013-09-19 21:23 - 2012-10-09 19:40 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcsvc6.dll
2013-09-19 21:22 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2013-09-19 21:22 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-09-19 21:22 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2013-09-19 21:22 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2013-09-19 21:22 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2013-09-19 21:22 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-09-19 21:22 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2013-09-19 21:22 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2013-09-19 21:22 - 2013-02-15 08:08 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2013-09-19 21:22 - 2013-02-15 08:06 - 03717632 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2013-09-19 21:22 - 2013-02-15 08:02 - 00158720 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2013-09-19 21:22 - 2013-02-15 06:37 - 03217408 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2013-09-19 21:22 - 2013-02-15 06:34 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2013-09-19 21:22 - 2013-02-15 05:25 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2013-09-19 21:16 - 2013-02-27 08:02 - 00111448 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2013-09-19 21:16 - 2013-02-27 07:48 - 01930752 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-09-19 21:16 - 2013-02-27 07:47 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2013-09-19 21:16 - 2013-02-27 06:49 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2013-09-19 21:12 - 2013-03-19 07:53 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2013-09-19 21:12 - 2013-03-19 07:53 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\wwanprotdim.dll
2013-09-19 21:07 - 2013-04-12 16:45 - 01656680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2013-09-19 21:03 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-09-19 21:03 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-09-19 21:02 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
2013-09-19 20:54 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-09-19 20:54 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-09-19 20:54 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2013-09-19 20:54 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-09-19 20:54 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2013-09-19 20:54 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2013-09-19 20:54 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2013-09-19 20:54 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2013-09-19 20:54 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2013-09-19 20:54 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2013-09-19 20:54 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2013-09-19 20:54 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-09-19 20:54 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-09-19 20:54 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-09-19 20:54 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2013-09-19 20:54 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2013-09-19 20:54 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-09-19 20:54 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2013-09-19 20:54 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2013-09-19 20:54 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2013-09-19 20:54 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-09-19 20:54 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-09-19 20:54 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-09-19 20:54 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-09-19 20:54 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-19 20:54 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-19 20:54 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-09-19 20:54 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-09-19 20:54 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usb8023.sys
2013-09-19 20:54 - 2012-08-22 20:12 - 00950128 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2013-09-19 20:54 - 2012-07-04 22:26 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\RNDISMP.sys
2013-09-19 20:53 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2013-09-19 20:53 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2013-09-19 20:53 - 2012-11-01 07:43 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2013-09-19 20:53 - 2012-11-01 07:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2013-09-19 20:53 - 2012-11-01 06:47 - 01389568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2013-09-19 20:53 - 2012-11-01 06:47 - 01236992 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2013-09-19 20:53 - 2012-10-03 19:44 - 00303104 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2013-09-19 20:53 - 2012-10-03 19:44 - 00246272 _____ (Microsoft Corporation) C:\windows\system32\netcorehc.dll
2013-09-19 20:53 - 2012-10-03 19:44 - 00216576 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2013-09-19 20:53 - 2012-10-03 19:44 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
2013-09-19 20:53 - 2012-10-03 19:44 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\netevent.dll
2013-09-19 20:53 - 2012-10-03 19:42 - 00569344 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll
2013-09-19 20:53 - 2012-10-03 18:42 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcorehc.dll
2013-09-19 20:53 - 2012-10-03 18:42 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2013-09-19 20:53 - 2012-10-03 18:42 - 00018944 _____ (Microsoft Corporation) C:\windows\SysWOW64\netevent.dll
2013-09-19 20:53 - 2012-10-03 18:07 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpipreg.sys
2013-09-19 20:53 - 2012-01-13 09:12 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2013-09-19 20:48 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-09-19 20:48 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-09-19 20:48 - 2012-11-20 07:48 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2013-09-19 20:48 - 2012-11-20 06:51 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2013-09-19 20:48 - 2012-11-02 07:59 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\dpnet.dll
2013-09-19 20:48 - 2012-11-02 07:11 - 00376832 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpnet.dll
2013-09-19 20:45 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2013-09-19 20:45 - 2012-11-22 07:44 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2013-09-19 20:45 - 2012-11-22 06:45 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2013-09-19 20:45 - 2012-08-21 23:01 - 00245760 _____ (Microsoft Corporation) C:\windows\system32\OxpsConverter.exe
2013-09-19 20:44 - 2012-12-07 15:20 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\Wpc.dll
2013-09-19 20:44 - 2012-12-07 15:15 - 02746368 _____ (Microsoft Corporation) C:\windows\system32\gameux.dll
2013-09-19 20:44 - 2012-12-07 14:26 - 00308736 _____ (Microsoft Corporation) C:\windows\SysWOW64\Wpc.dll
2013-09-19 20:44 - 2012-12-07 14:20 - 02576384 _____ (Microsoft Corporation) C:\windows\SysWOW64\gameux.dll
2013-09-19 20:44 - 2012-12-07 13:20 - 00045568 _____ (Microsoft) C:\windows\system32\oflc-nz.rs
2013-09-19 20:44 - 2012-12-07 13:20 - 00044544 _____ (Microsoft) C:\windows\system32\pegibbfc.rs
2013-09-19 20:44 - 2012-12-07 13:20 - 00043520 _____ (Microsoft) C:\windows\system32\csrr.rs
2013-09-19 20:44 - 2012-12-07 13:20 - 00030720 _____ (Microsoft) C:\windows\system32\usk.rs
2013-09-19 20:44 - 2012-12-07 13:20 - 00023552 _____ (Microsoft) C:\windows\system32\oflc.rs
2013-09-19 20:44 - 2012-12-07 13:20 - 00020480 _____ (Microsoft) C:\windows\system32\pegi-pt.rs
2013-09-19 20:44 - 2012-12-07 13:20 - 00020480 _____ (Microsoft) C:\windows\system32\pegi-fi.rs
2013-09-19 20:44 - 2012-12-07 13:19 - 00055296 _____ (Microsoft) C:\windows\system32\cero.rs
2013-09-19 20:44 - 2012-12-07 13:19 - 00051712 _____ (Microsoft) C:\windows\system32\esrb.rs
2013-09-19 20:44 - 2012-12-07 13:19 - 00046592 _____ (Microsoft) C:\windows\system32\fpb.rs
2013-09-19 20:44 - 2012-12-07 13:19 - 00040960 _____ (Microsoft) C:\windows\system32\cob-au.rs
2013-09-19 20:44 - 2012-12-07 13:19 - 00021504 _____ (Microsoft) C:\windows\system32\grb.rs
2013-09-19 20:44 - 2012-12-07 13:19 - 00020480 _____ (Microsoft) C:\windows\system32\pegi.rs
2013-09-19 20:44 - 2012-12-07 13:19 - 00015360 _____ (Microsoft) C:\windows\system32\djctq.rs
2013-09-19 20:44 - 2012-12-07 12:46 - 00055296 _____ (Microsoft) C:\windows\SysWOW64\cero.rs
2013-09-19 20:44 - 2012-12-07 12:46 - 00051712 _____ (Microsoft) C:\windows\SysWOW64\esrb.rs
2013-09-19 20:44 - 2012-12-07 12:46 - 00046592 _____ (Microsoft) C:\windows\SysWOW64\fpb.rs
2013-09-19 20:44 - 2012-12-07 12:46 - 00045568 _____ (Microsoft) C:\windows\SysWOW64\oflc-nz.rs
2013-09-19 20:44 - 2012-12-07 12:46 - 00044544 _____ (Microsoft) C:\windows\SysWOW64\pegibbfc.rs
2013-09-19 20:44 - 2012-12-07 12:46 - 00043520 _____ (Microsoft) C:\windows\SysWOW64\csrr.rs
2013-09-19 20:44 - 2012-12-07 12:46 - 00040960 _____ (Microsoft) C:\windows\SysWOW64\cob-au.rs
2013-09-19 20:44 - 2012-12-07 12:46 - 00030720 _____ (Microsoft) C:\windows\SysWOW64\usk.rs
2013-09-19 20:44 - 2012-12-07 12:46 - 00023552 _____ (Microsoft) C:\windows\SysWOW64\oflc.rs
2013-09-19 20:44 - 2012-12-07 12:46 - 00021504 _____ (Microsoft) C:\windows\SysWOW64\grb.rs
2013-09-19 20:44 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\windows\SysWOW64\pegi-pt.rs
2013-09-19 20:44 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\windows\SysWOW64\pegi-fi.rs
2013-09-19 20:44 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\windows\SysWOW64\pegi.rs
2013-09-19 20:44 - 2012-12-07 12:46 - 00015360 _____ (Microsoft) C:\windows\SysWOW64\djctq.rs
2013-09-19 20:40 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-09-19 20:39 - 2012-11-30 01:17 - 00420064 _____ C:\windows\SysWOW64\locale.nls
2013-09-19 20:39 - 2012-11-30 01:15 - 00420064 _____ C:\windows\system32\locale.nls
2013-09-19 20:39 - 2012-08-11 02:56 - 00715776 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2013-09-19 20:39 - 2012-08-11 01:56 - 00542208 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2013-09-19 20:32 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2013-09-19 20:32 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2013-09-19 20:32 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2013-09-19 20:32 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2013-09-19 20:32 - 2012-09-26 00:47 - 00078336 _____ (Microsoft Corporation) C:\windows\SysWOW64\synceng.dll
2013-09-19 20:32 - 2012-09-26 00:46 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\synceng.dll
2013-09-19 20:31 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2013-09-19 20:31 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32spl.dll
2013-09-19 20:31 - 2012-11-23 05:13 - 00068608 _____ (Microsoft Corporation) C:\windows\system32\taskhost.exe
2013-09-19 18:53 - 2013-01-24 08:01 - 00223752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2013-09-19 18:45 - 2013-09-19 18:45 - 00000000 ____D C:\windows\ERUNT
2013-09-19 18:34 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll
2013-09-19 18:34 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptdlg.dll
2013-09-19 18:32 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-09-19 18:32 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\certenc.dll
2013-09-19 18:32 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\windows\system32\certutil.exe
2013-09-19 18:32 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\windows\SysWOW64\certutil.exe
2013-09-19 18:32 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\certenc.dll
2013-09-19 18:32 - 2013-01-03 08:00 - 00288088 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2013-09-19 18:32 - 2012-08-22 20:12 - 00376688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2013-09-19 18:28 - 2013-09-19 18:34 - 00000000 ____D C:\AdwCleaner
2013-09-19 18:21 - 2013-04-10 07:45 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-09-19 18:21 - 2013-04-10 07:02 - 01077760 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-09-19 17:42 - 2013-09-19 17:42 - 00000000 ____D C:\Users\marita1\AppData\Roaming\Malwarebytes
2013-09-19 17:40 - 2013-09-19 17:40 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-19 17:40 - 2013-09-19 17:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-19 17:39 - 2013-09-19 17:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-19 17:39 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-09-19 17:38 - 2013-09-19 17:38 - 01029675 _____ (Thisisu) C:\Users\marita1\Desktop\JRT.exe
2013-09-19 17:37 - 2013-09-19 17:38 - 01029675 _____ (Thisisu) C:\Users\marita1\Downloads\JRT.exe
2013-09-19 17:34 - 2013-09-19 17:34 - 01039554 _____ C:\Users\marita1\Desktop\adwcleaner.exe
2013-09-19 17:33 - 2013-09-19 17:34 - 01039554 _____ C:\Users\marita1\Downloads\adwcleaner.exe
2013-09-19 17:30 - 2013-09-19 17:35 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\marita1\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-18 22:21 - 2013-09-18 22:21 - 00000994 _____ C:\Users\marita1\Desktop\Anno 2070.lnk
2013-09-18 22:21 - 2012-10-25 18:46 - 00381952 _____ C:\Users\marita1\Desktop\AnnoCookie0.3.exe
2013-09-18 22:20 - 2013-09-18 22:20 - 00000000 ____D C:\Users\marita1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anno 2170 - A.R.R.C
2013-09-18 21:05 - 2013-09-22 15:03 - 01825558 _____ C:\windows\WindowsUpdate.log
2013-09-18 21:05 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-09-18 21:05 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-09-18 21:05 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-09-18 21:05 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-09-18 21:05 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-09-18 21:05 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-09-18 21:05 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-09-18 21:05 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-09-18 20:55 - 2013-09-18 21:52 - 00000000 ____D C:\Qoobox
2013-09-18 20:55 - 2013-09-18 21:48 - 00000000 ____D C:\windows\erdnt
2013-09-18 19:55 - 2013-09-18 19:53 - 05128653 ____R (Swearware) C:\Users\marita1\Desktop\ComboFix.exe
2013-09-18 19:46 - 2013-09-18 19:53 - 05128653 _____ (Swearware) C:\Users\marita1\Downloads\ComboFix.exe
2013-09-17 22:18 - 2013-09-17 22:18 - 00000000 ____D C:\FRST
2013-09-17 22:15 - 2013-09-17 22:15 - 01950524 _____ (Farbar) C:\Users\marita1\Downloads\FRST64.exe
2013-09-17 22:15 - 2013-09-17 22:15 - 01950524 _____ (Farbar) C:\Users\marita1\Desktop\FRST64.exe
2013-09-16 20:31 - 2013-09-20 21:05 - 00022410 _____ C:\windows\PFRO.log
2013-09-16 19:27 - 2013-09-20 21:05 - 00003155 _____ C:\windows\setupact.log
2013-09-16 19:27 - 2013-09-16 19:27 - 00000000 _____ C:\windows\setuperr.log
2013-09-16 14:22 - 2013-09-16 16:23 - 278232829 _____ C:\Users\marita1\Downloads\Setup_Anno2170_A.R.R.C._v2.06.exe
2013-09-16 14:09 - 2013-09-16 14:11 - 00083540 _____ C:\Users\marita1\Downloads\AnnoCookie_v0.30.zip
2013-09-15 22:00 - 2013-09-15 22:00 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-09-14 21:23 - 2013-09-14 21:23 - 00003080 _____ C:\windows\System32\Tasks\{6C2172F1-0D6C-4949-8275-53E56E78E923}
2013-09-14 17:14 - 2013-09-14 17:14 - 00000655 _____ C:\Users\Public\Desktop\MDK2.lnk
2013-09-13 16:22 - 2013-09-13 16:22 - 00002046 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-09-12 14:41 - 2013-09-12 17:17 - 00000000 ____D C:\Users\marita1\Desktop\GL
2013-09-11 21:28 - 2013-09-11 21:28 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2013-09-11 20:53 - 2013-09-12 21:44 - 00000000 ____D C:\Users\marita1\AppData\Roaming\Audacity
2013-09-11 20:53 - 2013-09-11 20:53 - 00000553 _____ C:\Users\Public\Desktop\Audacity.lnk
2013-09-11 16:20 - 2013-09-13 16:22 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-09-11 16:20 - 2013-09-11 16:20 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-09-10 19:40 - 2013-09-10 19:40 - 00000000 ____D C:\Users\marita1\AppData\Roaming\Blender Foundation
2013-09-09 21:39 - 2013-09-09 21:39 - 00000000 ____D C:\Users\marita1\.thumbnails
2013-09-09 21:37 - 2013-09-09 21:37 - 00000587 _____ C:\Users\Public\Desktop\Blender.lnk
2013-09-04 22:12 - 2013-09-07 18:24 - 00000000 ____D C:\Users\marita1\AppData\Roaming\Craften Terminal
2013-09-04 22:06 - 2013-09-07 13:55 - 00000706 _____ C:\Users\Public\Desktop\Craften Terminal.lnk
2013-09-03 19:36 - 2013-09-10 14:09 - 00014816 _____ C:\Users\marita1\Desktop\BEWERBUNG.odt
2013-09-01 16:56 - 2013-09-01 16:56 - 00000000 ____D C:\Users\marita1\AppData\Roaming\.mono

==================== One Month Modified Files and Folders =======

2013-09-22 19:17 - 2013-09-21 12:16 - 00040450 _____ C:\Users\marita1\Desktop\Amerikanischer Bürgerkrieg Seeschlachten (Hauke).odt
2013-09-22 19:15 - 2012-09-10 19:55 - 00000000 ____D C:\Users\marita1\AppData\Roaming\Spotify
2013-09-22 19:08 - 2012-08-20 18:38 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-09-22 19:05 - 2011-01-05 17:45 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-22 19:01 - 2013-09-18 21:05 - 01825558 _____ C:\windows\WindowsUpdate.log
2013-09-22 19:01 - 2010-12-25 00:13 - 09209597 _____ C:\FaceProv.log
2013-09-22 19:01 - 2010-11-25 11:29 - 00000000 ____D C:\ProgramData\VeriFace
2013-09-22 18:55 - 2012-09-09 20:01 - 00000000 ____D C:\Users\marita1\AppData\Roaming\Skype
2013-09-22 12:29 - 2013-09-21 03:05 - 00013169 _____ C:\windows\IE10_main.log
2013-09-22 00:10 - 2011-01-05 17:45 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-22 00:09 - 2012-03-13 20:03 - 00000000 ____D C:\Users\Marita.Marita-PC
2013-09-21 12:16 - 2013-09-21 12:16 - 00013849 _____ C:\Users\marita1\Downloads\Amerikanischer Bürgerkrieg Seeschlachten (Hauke).odt
2013-09-21 11:08 - 2012-09-10 20:06 - 00000000 ____D C:\Users\marita1\AppData\Local\Spotify
2013-09-20 21:16 - 2009-07-14 06:45 - 00013424 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-20 21:16 - 2009-07-14 06:45 - 00013424 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-20 21:09 - 2012-09-09 17:55 - 00000000 ____D C:\Users\marita1\AppData\Local\LogMeIn Hamachi
2013-09-20 21:05 - 2013-09-16 20:31 - 00022410 _____ C:\windows\PFRO.log
2013-09-20 21:05 - 2013-09-16 19:27 - 00003155 _____ C:\windows\setupact.log
2013-09-20 21:05 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-09-20 18:18 - 2010-11-25 02:09 - 00723232 _____ C:\windows\system32\perfh007.dat
2013-09-20 18:18 - 2010-11-25 02:09 - 00158372 _____ C:\windows\system32\perfc007.dat
2013-09-20 18:18 - 2009-07-14 07:13 - 01674052 _____ C:\windows\system32\PerfStringBackup.INI
2013-09-20 18:16 - 2012-09-09 17:55 - 00110480 _____ C:\Users\marita1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-20 18:12 - 2012-09-09 17:53 - 00000000 ___RD C:\Users\marita1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-20 18:12 - 2012-09-09 17:53 - 00000000 ___RD C:\Users\marita1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-20 18:10 - 2009-07-14 06:45 - 00398032 _____ C:\windows\system32\FNTCACHE.DAT
2013-09-20 18:09 - 2012-05-22 13:18 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-20 18:09 - 2012-05-22 13:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-09-20 18:08 - 2012-09-09 17:34 - 00000000 ____D C:\Users\Marita.Marita-PC\AppData\Local\89776623
2013-09-20 18:07 - 2013-09-20 18:07 - 00000000 _____ C:\windows\SysWOW64\shoA75.tmp
2013-09-20 18:03 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-20 18:03 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-09-20 18:02 - 2009-07-29 09:23 - 00000000 ____D C:\Program Files\Windows Journal
2013-09-20 17:37 - 2011-01-09 15:38 - 01701670 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2013-09-20 17:37 - 2011-01-09 15:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-09-20 16:48 - 2013-09-20 16:48 - 00000000 ____D C:\windows\system32\MRT
2013-09-20 15:19 - 2013-09-20 15:23 - 00891144 _____ C:\Users\marita1\Desktop\SecurityCheck.exe
2013-09-20 15:19 - 2013-09-20 15:17 - 00891144 _____ C:\Users\marita1\Downloads\SecurityCheck.exe
2013-09-20 15:16 - 2013-09-20 15:17 - 02347384 _____ (ESET) C:\Users\marita1\Desktop\esetsmartinstaller_enu.exe
2013-09-20 15:16 - 2013-09-20 15:15 - 02347384 _____ (ESET) C:\Users\marita1\Downloads\esetsmartinstaller_enu.exe
2013-09-19 20:13 - 2012-08-20 18:38 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-09-19 20:12 - 2012-08-20 18:38 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 20:12 - 2011-07-07 10:32 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-19 18:45 - 2013-09-19 18:45 - 00000000 ____D C:\windows\ERUNT
2013-09-19 18:34 - 2013-09-19 18:28 - 00000000 ____D C:\AdwCleaner
2013-09-19 18:32 - 2010-12-30 19:10 - 00000000 ____D C:\ProgramData\ICQ
2013-09-19 18:09 - 2012-08-25 12:22 - 00000000 _RSHD C:\Users\Marita.Marita-PC\M-10-5845-8588-3464
2013-09-19 18:09 - 2012-08-23 20:49 - 00000000 _RSHD C:\Users\Marita.Marita-PC\M-10-7960-8588-3464
2013-09-19 18:09 - 2012-08-21 20:57 - 00000000 _RSHD C:\Users\Marita.Marita-PC\M-0-5778-6436-2457
2013-09-19 18:09 - 2012-08-20 12:01 - 00000000 _RSHD C:\Users\Marita.Marita-PC\M-10-6897-8685-3464
2013-09-19 17:42 - 2013-09-19 17:42 - 00000000 ____D C:\Users\marita1\AppData\Roaming\Malwarebytes
2013-09-19 17:40 - 2013-09-19 17:40 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-19 17:40 - 2013-09-19 17:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-19 17:40 - 2013-09-19 17:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-19 17:38 - 2013-09-19 17:38 - 01029675 _____ (Thisisu) C:\Users\marita1\Desktop\JRT.exe
2013-09-19 17:38 - 2013-09-19 17:37 - 01029675 _____ (Thisisu) C:\Users\marita1\Downloads\JRT.exe
2013-09-19 17:35 - 2013-09-19 17:30 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\marita1\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-19 17:34 - 2013-09-19 17:34 - 01039554 _____ C:\Users\marita1\Desktop\adwcleaner.exe
2013-09-19 17:34 - 2013-09-19 17:33 - 01039554 _____ C:\Users\marita1\Downloads\adwcleaner.exe
2013-09-18 22:21 - 2013-09-18 22:21 - 00000994 _____ C:\Users\marita1\Desktop\Anno 2070.lnk
2013-09-18 22:20 - 2013-09-18 22:20 - 00000000 ____D C:\Users\marita1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anno 2170 - A.R.R.C
2013-09-18 21:52 - 2013-09-18 20:55 - 00000000 ____D C:\Qoobox
2013-09-18 21:51 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-18 21:48 - 2013-09-18 20:55 - 00000000 ____D C:\windows\erdnt
2013-09-18 21:42 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini
2013-09-18 20:55 - 2009-07-14 07:08 - 00032640 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-09-18 19:53 - 2013-09-18 19:55 - 05128653 ____R (Swearware) C:\Users\marita1\Desktop\ComboFix.exe
2013-09-18 19:53 - 2013-09-18 19:46 - 05128653 _____ (Swearware) C:\Users\marita1\Downloads\ComboFix.exe
2013-09-17 22:18 - 2013-09-17 22:18 - 00000000 ____D C:\FRST
2013-09-17 22:15 - 2013-09-17 22:15 - 01950524 _____ (Farbar) C:\Users\marita1\Downloads\FRST64.exe
2013-09-17 22:15 - 2013-09-17 22:15 - 01950524 _____ (Farbar) C:\Users\marita1\Desktop\FRST64.exe
2013-09-16 19:27 - 2013-09-16 19:27 - 00000000 _____ C:\windows\setuperr.log
2013-09-16 17:08 - 2011-05-21 20:09 - 00000000 ____D C:\Program Files (x86)\Steam
2013-09-16 16:23 - 2013-09-16 14:22 - 278232829 _____ C:\Users\marita1\Downloads\Setup_Anno2170_A.R.R.C._v2.06.exe
2013-09-16 14:11 - 2013-09-16 14:09 - 00083540 _____ C:\Users\marita1\Downloads\AnnoCookie_v0.30.zip
2013-09-15 22:00 - 2013-09-15 22:00 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-09-14 21:23 - 2013-09-14 21:23 - 00003080 _____ C:\windows\System32\Tasks\{6C2172F1-0D6C-4949-8275-53E56E78E923}
2013-09-14 17:14 - 2013-09-14 17:14 - 00000655 _____ C:\Users\Public\Desktop\MDK2.lnk
2013-09-14 17:09 - 2010-11-25 10:50 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-14 17:07 - 2010-11-25 11:34 - 00000000 ____D C:\windows\SysWOW64\Macromed
2013-09-13 16:22 - 2013-09-13 16:22 - 00002046 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-09-13 16:22 - 2013-09-11 16:20 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-09-12 21:44 - 2013-09-11 20:53 - 00000000 ____D C:\Users\marita1\AppData\Roaming\Audacity
2013-09-12 17:17 - 2013-09-12 14:41 - 00000000 ____D C:\Users\marita1\Desktop\GL
2013-09-11 21:28 - 2013-09-11 21:28 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2013-09-11 20:53 - 2013-09-11 20:53 - 00000553 _____ C:\Users\Public\Desktop\Audacity.lnk
2013-09-11 19:42 - 2012-09-19 22:28 - 00000000 ____D C:\Users\marita1\AppData\Roaming\.minecraft
2013-09-11 16:22 - 2012-10-05 20:58 - 00000000 ____D C:\Users\marita1\AppData\Local\Adobe
2013-09-11 16:20 - 2013-09-11 16:20 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-09-11 16:20 - 2010-11-25 11:25 - 00000000 ____D C:\ProgramData\McAfee
2013-09-10 19:40 - 2013-09-10 19:40 - 00000000 ____D C:\Users\marita1\AppData\Roaming\Blender Foundation
2013-09-10 14:09 - 2013-09-03 19:36 - 00014816 _____ C:\Users\marita1\Desktop\BEWERBUNG.odt
2013-09-09 21:39 - 2013-09-09 21:39 - 00000000 ____D C:\Users\marita1\.thumbnails
2013-09-09 21:39 - 2012-09-09 17:52 - 00000000 ____D C:\Users\marita1
2013-09-09 21:37 - 2013-09-09 21:37 - 00000587 _____ C:\Users\Public\Desktop\Blender.lnk
2013-09-07 18:24 - 2013-09-04 22:12 - 00000000 ____D C:\Users\marita1\AppData\Roaming\Craften Terminal
2013-09-07 13:55 - 2013-09-04 22:06 - 00000706 _____ C:\Users\Public\Desktop\Craften Terminal.lnk
2013-09-04 22:07 - 2012-12-21 22:10 - 00000000 ____D C:\Users\marita1\AppData\Local\craften.de
2013-09-03 17:24 - 2012-09-09 21:01 - 00000000 ___RD C:\Users\marita1\Desktop\Hauke
2013-09-01 17:08 - 2010-12-26 18:27 - 79143768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-09-01 16:56 - 2013-09-01 16:56 - 00000000 ____D C:\Users\marita1\AppData\Roaming\.mono

Files to move or delete:
====================
C:\Users\Marita\jagex_cl_runescape_LIVE.dat
C:\Users\Marita\jagex_runescape_preferences.dat
C:\Users\Marita\jagex_runescape_preferences2.dat


Some content of TEMP:
====================
C:\Users\marita1\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 10:51

==================== End Of Log ============================
--- --- ---
__________________
Alt 22.09.2013, 19:35   #19
schrauber
/// the machine
/// TB-Ausbilder
 
TR/ATRAPS.Gen2 Virus/Trojaner - Standard

TR/ATRAPS.Gen2 Virus/Trojaner


Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.09.2013, 17:00   #20
HaukeR
 
TR/ATRAPS.Gen2 Virus/Trojaner - Standard

TR/ATRAPS.Gen2 Virus/Trojaner


ja danke ich empfehl das Forum aufjeden Fall weiter!

Aber wie geht das mit Combofix??


Alt 24.09.2013, 19:21   #21
schrauber
/// the machine
/// TB-Ausbilder
 
TR/ATRAPS.Gen2 Virus/Trojaner - Standard

TR/ATRAPS.Gen2 Virus/Trojaner


So wie es oben steht?
__________________
--> TR/ATRAPS.Gen2 Virus/Trojaner

Alt 28.09.2013, 11:34   #22
HaukeR
 
TR/ATRAPS.Gen2 Virus/Trojaner - Standard

TR/ATRAPS.Gen2 Virus/Trojaner


Bei mir geht das mit Combofix nicht. Ich hab das in uninstall, umbenannt öffne es dann fragt es ob es aktualisiert werden soll. Da Klick ich ja ... aber später ist es immer noch auf meinem Desktop

HÄÄ jetzt ist es weg...... :/

Alt 28.09.2013, 15:28   #23
schrauber
/// the machine
/// TB-Ausbilder
 
TR/ATRAPS.Gen2 Virus/Trojaner - Standard

TR/ATRAPS.Gen2 Virus/Trojaner


Lass einfach Delfix laufen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.10.2013, 17:29   #24
HaukeR
 
TR/ATRAPS.Gen2 Virus/Trojaner - Standard

TR/ATRAPS.Gen2 Virus/Trojaner


Ja jetzt sind alle Programme weg aber jetzt hat Avira wieder was neues gefunden -.-
TR/Crypt.XPACK.Gen.3

naya... oder soll ich nen neuen Threat dafür öffnen?

Alt 02.10.2013, 06:40   #25
schrauber
/// the machine
/// TB-Ausbilder
 
TR/ATRAPS.Gen2 Virus/Trojaner - Standard

TR/ATRAPS.Gen2 Virus/Trojaner


Wo? Logfile von Avira?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.10.2013, 07:55   #26
HaukeR
 
TR/ATRAPS.Gen2 Virus/Trojaner - Standard

TR/ATRAPS.Gen2 Virus/Trojaner


Ja hat Avira mir angezeigt

Alt 03.10.2013, 08:12   #27
schrauber
/// the machine
/// TB-Ausbilder
 
TR/ATRAPS.Gen2 Virus/Trojaner - Standard

TR/ATRAPS.Gen2 Virus/Trojaner


Dann zeig mir wo avira das gefunden hat
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.10.2013, 08:38   #28
HaukeR
 
TR/ATRAPS.Gen2 Virus/Trojaner - Standard

TR/ATRAPS.Gen2 Virus/Trojaner


Jaq momentan hab ich das Problem dass ich nicht mit dem pc ins Internet komme

Ich schreibe jetzt gerade mit den Handy

Alt 04.10.2013, 01:29   #29
schrauber
/// the machine
/// TB-Ausbilder
 
TR/ATRAPS.Gen2 Virus/Trojaner - Standard

TR/ATRAPS.Gen2 Virus/Trojaner


Kene verbindung oder nur der Browser der nicht funktioniert?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.10.2013, 14:30   #30
HaukeR
 
TR/ATRAPS.Gen2 Virus/Trojaner - Standard

TR/ATRAPS.Gen2 Virus/Trojaner


Also... wir haben 2 W-LAN Netzwerke wenn ich micht mit dem einen anmelde steht da Eingeschrängter Zugriff und bei dem anderen steht wohl Verbunden aber ich komm damit nicht auf irgenwelche Internetseiten und auch mit Spotify oder hab ich keinen Empfang...

Antwort
Seite 2 von 3 1 2 3

Themen zu TR/ATRAPS.Gen2 Virus/Trojaner
backdoor.bot, pup.bprotector, pup.optional.1clickdownload.a, pup.optional.babsolution.a, pup.optional.babylon.a, pup.optional.bprotector.a, pup.optional.datamngr.a, pup.optional.gophoto.a, pup.optional.hdvidcodec.a, pup.optional.iminent.a, pup.optional.opencandy, pup.optional.snapdo, pup.optional.somoto, pup.optional.sweetim, pup.optional.sweetim.a, pup.optional.tarma.a, pup.optional.webcake.a, pup.riskwaretool.ck, pup.webcake, pup.webcake.a, pup.zwangi, rootkit.0access, rootkit.0access.64, tr/atraps.gen2, trojan.agent


« TR/ATRAPS.Gen2 wie entfernen? | dft.pathmapping-Popup sowie Optimizer Pro »


Ähnliche Themen: TR/ATRAPS.Gen2 Virus/Trojaner


  1. Trojaner ATRAPS.Gen2, ATRAPS.Gen und Sirefef.A.12
    Plagegeister aller Art und deren Bekämpfung - 15.08.2013 (10)
  2. Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (29)
  3. WIEDERKEHRENDE TROJANER NAMENS TR/Necurs.A.49; TR/ATRAPS.Gen; TR/ATRAPS.Gen2, TR/Rootkit.Gen; TR/Crypt.ZPACK.Gen.+ DANKE! +
    Log-Analyse und Auswertung - 02.12.2012 (49)
  4. Trojaner Befall TR/ATRAPS.GEN ,TR/ATRAPS.GEN2 , TR/Cutwail.jhg , TR/ZAccess.H , TR/Sirefef.A.37
    Plagegeister aller Art und deren Bekämpfung - 08.10.2012 (17)
  5. Trojaner TR/ATRAPS.GEN und TR/ATRAPS.GEN2 eingefangen
    Plagegeister aller Art und deren Bekämpfung - 12.09.2012 (21)
  6. Avira meldet(e) regelmäßig TR/ATRAPS.Gen2 Virus/Trojaner
    Log-Analyse und Auswertung - 07.09.2012 (38)
  7. TR/ATRAPS.GEN2; TR/ATRAPS.GEN und diverse andere Trojaner
    Plagegeister aller Art und deren Bekämpfung - 17.08.2012 (1)
  8. Von Avira gefundene Trojaner - TR/Crypt.ZPACK.Gen, TR/ATRAPS.Gen, TR/ATRAPS.Gen2 und BDS/ZAccess.T
    Log-Analyse und Auswertung - 27.07.2012 (25)
  9. Trojaner Meldung Von FreeAntiVir TR/ATraps/Gen2 / TR/ATraps/Gen
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (3)
  10. Trojaner TR/ATRAPS.gen und TR/ATRAPS.Gen2 lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (30)
  11. Trojaner Atraps.Gen, Atraps.Gen2 und Sirefef.AB.20 - gelöscht, aber auch sicher?
    Log-Analyse und Auswertung - 14.07.2012 (23)
  12. Virus gefunden: TR/ATRAPS.Gen, TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 12.07.2012 (1)
  13. Antivir findet 4 Trojaner: TR/ATRAPS.Gen, TR/ATRAPS.Gen2, Sirefef.P.342, Dldr.Phdet.E.41
    Log-Analyse und Auswertung - 11.07.2012 (1)
  14. Trojaner tr/atraps.gen & tr atraps.gen2 von AntiVir gemeldet
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (5)
  15. Trojaner/Virus-Problem! erst Win64/sirefef nun TR/ATRAPS.Gen /Gen2
    Log-Analyse und Auswertung - 09.07.2012 (4)
  16. Virus (Rootkit.0Access, TR/ATRAPS.Gen, TR/ATRAPS.Gen2) entfernt; tatsächlich clean?
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (7)
  17. Und noch einer: Trojaner TR/ATRAPS.Gen2 und TR/ATRAPS.Gen und W32/Patched.UA HILFE!!!
    Log-Analyse und Auswertung - 28.06.2012 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/ATRAPS.Gen2 Virus/Trojaner - So okay Code: Alles auswählen Aufklappen ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-09-2013 03 Ran by marita1 at 2013-09-22 00:09:17 Run:1 Running from - TR/ATRAPS.Gen2 Virus/Trojaner...
Archiv
Du betrachtest: TR/ATRAPS.Gen2 Virus/Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129