Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Tr/atraps.gen / tr/atraps.gen2

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 20.09.2013, 14:45   #1
Basti161188
 
Tr/atraps.gen / tr/atraps.gen2 - Standard

Tr/atraps.gen / tr/atraps.gen2







Hallo

Ich habe mir so wie es aussieht die beiden oben beschriebenen Trojaner eingefangen
Avira erkennt die Viren auch und ich habe sie auch schon in die Quarantäne verschoben,
jedoch kommt die Meldung das Viren gefunden wurden von Zeit zu Zeit und das andauernd.
So wie es aussieht hat sich der Trojaner schon verbreitet.
Mir ist außerdem aufgefallen das meine CPU Leistung permanent auf ca. 40-50 % liegt, was
denke ich definitiv an dem Trojaner liegt.

Meine Frage ist jetzt was man noch machen könnte. Habe mich schon etwas im Vorfeld informiert und die mehrheitliche Meinung tendiert zum neu Aufsetzen des Rechners, was
auf jeden Fall schlecht wäre, da ich sehr viele Daten auf dem Laptop habe.
Die letzte Frage wäre dann noch ob die Daten wie Musik, Videos ect. alle befallen sind.
Wenn das nicht der Fall wäre würde ich alle Daten auf eine externe Festplatte ziehen und den Rechner neu Aufsetzen. Aber das beste währe wenn ich ex Fixen könnte.

Im Anhang habe ich noch die OTL Auswertungs-LOG-Files.

Vielen Dank schonmal im Vorraus und ich würde mich freuen wenn mir jemand helfen könnte

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 9/20/2013 3:19:07 PM - Run 2
OTL by OldTimer - Version 3.2.61.4     Folder = C:\Users\\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.61 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 55.67% Memory free
7.21 Gb Paging File | 5.14 Gb Available in Paging File | 71.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 272.20 Gb Total Space | 100.10 Gb Free Space | 36.77% Space Free | Partition Type: NTFS
Drive D: | 181.46 Gb Total Space | 181.37 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
Drive F: | 6.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive W: | 12.00 Gb Total Space | 0.73 Gb Free Space | 6.09% Space Free | Partition Type: NTFS
 
Computer Name: *****-MSI | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe ()
PRC - C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
PRC - C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\S-Bar\MSIService.exe (Micro-Star International Co., Ltd.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\ALDITALKVerbindungsassistent\WTGXMLUtil.dll ()
MOD - C:\Program Files (x86)\ALDITALKVerbindungsassistent\WTGSMSPCClient.Dll ()
MOD - C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgWiFi.dll ()
MOD - C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgUtil.dll ()
MOD - C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgPorts.dll ()
MOD - C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgCore.dll ()
MOD - C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgDetection.dll ()
MOD - C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgBluetooth.dll ()
MOD - C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgDatabase.dll ()
MOD - C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgDialup.dll ()
MOD - C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgDriverInstall.dll ()
MOD - C:\Program Files (x86)\ALDITALKVerbindungsassistent\WTGDebugs.dll ()
MOD - C:\Program Files (x86)\ALDITALKVerbindungsassistent\LIBEAY32.dll ()
MOD - C:\Program Files (x86)\ALDITALKVerbindungsassistent\LiveBoxCM.dll ()
MOD - C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe ()
MOD - C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (mitsijm2011) -- C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (ALDITALKVerbindungsassistent_Service) -- C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Micro Star SCM) -- C:\Program Files (x86)\S-Bar\MSIService.exe (Micro-Star International Co., Ltd.)
SRV - (MSI Foundation Service) -- C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe (MSI)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MGHwCtrl) -- C:\Program Files\msi\msi Software Install\MGHwCtrl.sys File not found
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192Ce.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\RtsUVStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (Tpkd) -- C:\windows\SysNative\drivers\Tpkd.sys (PACE Anti-Piracy, Inc.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7751D7DE-24F0-4EEB-87C6-46C80AD75E1E}
IE:64bit: - HKLM\..\SearchScopes\{7751D7DE-24F0-4EEB-87C6-46C80AD75E1E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {AA8ADAFD-2142-4630-9D72-2F5F8B16380C}
IE - HKLM\..\SearchScopes\{AA8ADAFD-2142-4630-9D72-2F5F8B16380C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119816&tt=220413_d9114&babsrc=SP_ss&mntrId=F2B5E0B9A50C5B00
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: software%40loadtubes.com:1.01
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.8
FF - prefs.js..extensions.enabledAddons: anttoolbar%40ant.com:2.4.7.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2012/12/27 20:03:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/08/19 19:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2013/04/26 16:43:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\rybzya8b.default\extensions
[2013/04/22 21:35:35 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\rybzya8b.default\extensions\anttoolbar@ant.com
[2012/08/02 00:00:58 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\rybzya8b.default\extensions\software@loadtubes.com
[2011/09/14 13:58:10 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\rybzya8b.default\extensions\DivXWebPlayer@divx.com.xpi
[2012/09/14 17:03:20 | 000,527,915 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\rybzya8b.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/09/14 17:02:08 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\rybzya8b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/12/01 15:41:44 | 000,688,596 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\rybzya8b.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/04/22 21:25:01 | 000,001,294 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\rybzya8b.default\searchplugins\delta.xml
[2013/08/17 22:18:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013/08/17 22:18:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/04/22 21:24:23 | 000,006,512 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: Startfenster.de - Mein Startfenster im Internet
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [S-Bar] C:\Program Files (x86)\S-Bar\S-Bar.exe (MSI)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19415AEF-B00C-4334-B629-5235CF7B0FAF}: NameServer = 212.23.115.132 212.23.115.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94DC531D-1470-428A-A5AD-0BD15B689E2F}: DhcpNameServer = 192.168.0.1 192.168.0.2
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/05/14 22:00:18 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/06/02 18:16:48 | 000,000,045 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{069b4788-c98a-11e0-9522-e0b9a50c5b00}\Shell - "" = AutoRun
O33 - MountPoints2\{069b4788-c98a-11e0-9522-e0b9a50c5b00}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{069b478c-c98a-11e0-9522-e0b9a50c5b00}\Shell - "" = AutoRun
O33 - MountPoints2\{069b478c-c98a-11e0-9522-e0b9a50c5b00}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{069b479f-c98a-11e0-9522-e0b9a50c5b00}\Shell - "" = AutoRun
O33 - MountPoints2\{069b479f-c98a-11e0-9522-e0b9a50c5b00}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{10fca9db-f62c-11e2-911d-e0b9a50c5b00}\Shell - "" = AutoRun
O33 - MountPoints2\{10fca9db-f62c-11e2-911d-e0b9a50c5b00}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{32e9ade5-c155-11e2-a149-6c626d300742}\Shell - "" = AutoRun
O33 - MountPoints2\{32e9ade5-c155-11e2-a149-6c626d300742}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{32e9ae07-c155-11e2-a149-6c626d300742}\Shell - "" = AutoRun
O33 - MountPoints2\{32e9ae07-c155-11e2-a149-6c626d300742}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{3467f9ca-ddf8-11e0-ba2e-6c626d300742}\Shell - "" = AutoRun
O33 - MountPoints2\{3467f9ca-ddf8-11e0-ba2e-6c626d300742}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{3467f9cd-ddf8-11e0-ba2e-6c626d300742}\Shell - "" = AutoRun
O33 - MountPoints2\{3467f9cd-ddf8-11e0-ba2e-6c626d300742}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{49c292c4-c996-11e0-babe-e0b9a50c5b00}\Shell - "" = AutoRun
O33 - MountPoints2\{49c292c4-c996-11e0-babe-e0b9a50c5b00}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{49c292cd-c996-11e0-babe-e0b9a50c5b00}\Shell - "" = AutoRun
O33 - MountPoints2\{49c292cd-c996-11e0-babe-e0b9a50c5b00}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{55a69748-00ce-11e2-8f18-6c626d300742}\Shell - "" = AutoRun
O33 - MountPoints2\{55a69748-00ce-11e2-8f18-6c626d300742}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{55a6974d-00ce-11e2-8f18-6c626d300742}\Shell - "" = AutoRun
O33 - MountPoints2\{55a6974d-00ce-11e2-8f18-6c626d300742}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{7220ea68-f302-11e2-9684-e0b9a50c5b00}\Shell - "" = AutoRun
O33 - MountPoints2\{7220ea68-f302-11e2-9684-e0b9a50c5b00}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{86b6c8fb-dd76-11e0-9ac3-6c626d300742}\Shell - "" = AutoRun
O33 - MountPoints2\{86b6c8fb-dd76-11e0-9ac3-6c626d300742}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{90e88d75-ca79-11e0-843b-e0b9a50c5b00}\Shell - "" = AutoRun
O33 - MountPoints2\{90e88d75-ca79-11e0-843b-e0b9a50c5b00}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{98980ec3-9a07-11e1-88d9-e0b9a50c5b00}\Shell - "" = AutoRun
O33 - MountPoints2\{98980ec3-9a07-11e1-88d9-e0b9a50c5b00}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{98980ec6-9a07-11e1-88d9-e0b9a50c5b00}\Shell - "" = AutoRun
O33 - MountPoints2\{98980ec6-9a07-11e1-88d9-e0b9a50c5b00}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{98980f3e-9a07-11e1-88d9-6c626d300742}\Shell - "" = AutoRun
O33 - MountPoints2\{98980f3e-9a07-11e1-88d9-6c626d300742}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{98980f43-9a07-11e1-88d9-6c626d300742}\Shell - "" = AutoRun
O33 - MountPoints2\{98980f43-9a07-11e1-88d9-6c626d300742}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{a8b15e85-9a9e-11e1-8e0b-6c626d300742}\Shell - "" = AutoRun
O33 - MountPoints2\{a8b15e85-9a9e-11e1-8e0b-6c626d300742}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{a8b15e8f-9a9e-11e1-8e0b-6c626d300742}\Shell - "" = AutoRun
O33 - MountPoints2\{a8b15e8f-9a9e-11e1-8e0b-6c626d300742}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{a8b15e95-9a9e-11e1-8e0b-6c626d300742}\Shell - "" = AutoRun
O33 - MountPoints2\{a8b15e95-9a9e-11e1-8e0b-6c626d300742}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{a8b15e98-9a9e-11e1-8e0b-6c626d300742}\Shell - "" = AutoRun
O33 - MountPoints2\{a8b15e98-9a9e-11e1-8e0b-6c626d300742}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{aa8c1601-bd42-11e1-b2c7-e0b9a50c5b00}\Shell - "" = AutoRun
O33 - MountPoints2\{aa8c1601-bd42-11e1-b2c7-e0b9a50c5b00}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{aa8c1625-bd42-11e1-b2c7-e0b9a50c5b00}\Shell - "" = AutoRun
O33 - MountPoints2\{aa8c1625-bd42-11e1-b2c7-e0b9a50c5b00}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{aa8c162a-bd42-11e1-b2c7-e0b9a50c5b00}\Shell - "" = AutoRun
O33 - MountPoints2\{aa8c162a-bd42-11e1-b2c7-e0b9a50c5b00}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{aa8c1672-bd42-11e1-b2c7-e0b9a50c5b00}\Shell - "" = AutoRun
O33 - MountPoints2\{aa8c1672-bd42-11e1-b2c7-e0b9a50c5b00}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{aa8c1675-bd42-11e1-b2c7-e0b9a50c5b00}\Shell - "" = AutoRun
O33 - MountPoints2\{aa8c1675-bd42-11e1-b2c7-e0b9a50c5b00}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{cc2386b7-0adb-11e2-99b8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cc2386b7-0adb-11e2-99b8-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/09/19 20:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/09/19 20:33:40 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys
[2013/09/19 20:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/09/19 20:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/09/19 20:33:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/09/19 20:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/09/19 20:31:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/09/19 20:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/09/19 20:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/09/19 20:30:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/09/19 20:29:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/09/19 20:24:55 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Filme
[2013/09/15 00:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALDI TALK Verbindungsassistent
[2013/09/15 00:00:38 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\ALDITALKVerbindungsassistent
[2013/09/15 00:00:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ALDITALKVerbindungsassistent
[2013/09/14 22:47:07 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/09/14 22:47:02 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/09/14 22:47:00 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/09/14 22:47:00 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/09/14 22:47:00 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/09/14 22:47:00 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/09/14 22:47:00 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/09/14 22:47:00 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/09/14 22:47:00 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/09/14 22:47:00 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/09/14 22:47:00 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/09/14 22:46:57 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/09/14 22:46:56 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/09/14 22:46:56 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/09/14 22:46:55 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/09/14 22:22:20 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\ataport.sys
[2013/09/14 22:22:12 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/09/14 22:22:12 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013/09/14 22:22:12 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013/09/14 22:22:11 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2013/09/14 22:22:11 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2013/09/14 22:22:11 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2013/09/14 22:22:10 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2013/09/14 22:22:10 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2013/09/14 22:22:10 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2013/09/14 22:22:10 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2013/09/14 22:22:10 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\smss.exe
[2013/09/14 22:22:10 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll
[2013/09/14 22:22:10 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2013/09/14 22:22:10 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013/09/14 22:22:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2013/09/14 22:22:10 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/09/14 22:22:10 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/09/14 22:22:10 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/09/14 22:22:10 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013/09/14 22:22:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/14 22:22:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/14 22:22:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/14 22:22:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/14 22:22:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/14 22:22:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/09/14 22:22:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/09/14 22:22:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/09/14 22:22:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/14 22:22:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/14 22:22:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/14 22:22:09 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013/09/14 22:22:09 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013/09/14 22:22:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\apisetschema.dll
[2013/09/14 22:22:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\apisetschema.dll
[2013/09/14 22:22:09 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/09/14 22:22:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/14 22:22:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/09/14 22:22:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/09/14 22:22:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/14 22:22:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/09/14 22:22:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/14 22:22:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/09/14 22:22:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/09/14 22:22:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013/09/14 22:19:43 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013/09/20 15:29:04 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/20 15:24:03 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/09/20 15:14:49 | 000,000,247 | ---- | M] () -- C:\Users\*****\Desktop\Apple ID PW.rtf
[2013/09/20 15:13:15 | 000,017,376 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/20 15:13:15 | 000,017,376 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/20 15:07:23 | 001,500,254 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/09/20 15:07:23 | 000,654,844 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013/09/20 15:07:23 | 000,616,686 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/09/20 15:07:23 | 000,130,426 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013/09/20 15:07:23 | 000,106,808 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/09/20 15:02:35 | 000,001,104 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/20 15:02:22 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/09/20 15:01:06 | 2903,310,336 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/19 20:34:22 | 000,001,793 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/19 20:24:48 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/09/19 20:24:48 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/15 00:00:44 | 000,002,243 | ---- | M] () -- C:\Users\Public\Desktop\ALDI TALK Verbindungsassistent.lnk
[2013/09/15 00:00:43 | 000,002,286 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
[2013/09/14 22:52:37 | 000,376,560 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/09/14 22:14:27 | 000,132,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2013/09/14 22:14:27 | 000,105,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2013/09/14 22:14:27 | 000,081,112 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avnetflt.sys
[2013/09/14 17:56:42 | 000,000,039 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mbam.context.scan
[2013/09/14 11:21:43 | 000,046,658 | ---- | M] () -- C:\Users\*****\Desktop\Downhill.jpg
 
========== Files Created - No Company Name ==========
 
[2013/09/19 20:50:27 | 000,000,247 | ---- | C] () -- C:\Users\*****\Desktop\Apple ID PW.rtf
[2013/09/19 20:34:22 | 000,001,793 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/19 20:31:57 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/09/15 00:00:44 | 000,002,243 | ---- | C] () -- C:\Users\Public\Desktop\ALDI TALK Verbindungsassistent.lnk
[2013/09/15 00:00:43 | 000,002,286 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
[2013/09/14 17:56:42 | 000,000,039 | ---- | C] () -- C:\Users\*****\AppData\Roaming\mbam.context.scan
[2013/09/14 11:21:37 | 000,046,658 | ---- | C] () -- C:\Users\*****\Desktop\Downhill.jpg
[2012/05/21 18:09:29 | 000,338,432 | ---- | C] () -- C:\windows\SysWow64\sqlite36_engine.dll
[2011/11/10 04:36:06 | 000,204,960 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2011/11/10 04:36:06 | 000,157,152 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2011/11/09 23:39:44 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll
[2011/11/09 23:39:32 | 000,054,784 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
[2011/08/30 01:38:07 | 000,007,599 | ---- | C] () -- C:\Users\*****\AppData\Local\resmon.resmoncfg
[2011/08/20 17:58:42 | 000,001,054 | ---- | C] () -- C:\Users\*****\Bilder - Verknüpfung.lnk
[2011/01/25 19:21:35 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== LOP Check ==========
 
[2012/03/04 22:37:37 | 000,000,000 | -HSD | M] -- C:\Users\*****\AppData\Roaming\.#
[2011/08/18 14:53:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ableton
[2013/09/20 15:09:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ALDITALKVerbindungsassistent
[2013/06/02 22:21:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Autodesk
[2011/08/18 14:54:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Cache
[2011/12/05 01:30:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Canneverbe Limited
[2012/08/01 18:44:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\convert
[2011/08/30 15:32:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Cycling '74
[2012/08/01 19:10:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DesktopIconForAmazon
[2011/10/22 13:46:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Dev-Cpp
[2012/12/27 22:55:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoft
[2012/07/09 14:41:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers
[2013/07/23 19:11:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ
[2011/08/18 14:54:39 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Live 8.2.2
[2011/08/18 15:29:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Live Recordings
[2011/08/18 14:53:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Live Reports
[2011/09/03 13:18:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mp3DirectCut
[2011/08/18 23:57:29 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nuance
[2013/09/14 21:58:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenCandy
[2011/09/04 23:59:56 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PACE Anti-Piracy
[2012/08/01 19:14:18 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Propellerhead Software
[2011/11/21 23:46:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Rovio
[2013/09/20 15:14:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SoftGrid Client
[2013/07/31 19:13:46 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Sony
[2012/05/09 20:58:22 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Temp
[2011/12/18 19:31:32 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird
[2011/08/28 18:34:32 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TP
[2012/12/27 20:07:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TuneUp Software
[2013/07/15 23:45:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\XMedia Recode
[2011/08/18 13:16:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Zeon
[2013/07/21 23:29:30 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 9/20/2013 3:19:08 PM - Run 2
OTL by OldTimer - Version 3.2.61.4     Folder = C:\Users\*****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.61 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 55.67% Memory free
7.21 Gb Paging File | 5.14 Gb Available in Paging File | 71.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 272.20 Gb Total Space | 100.10 Gb Free Space | 36.77% Space Free | Partition Type: NTFS
Drive D: | 181.46 Gb Total Space | 181.37 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
Drive F: | 6.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive W: | 12.00 Gb Total Space | 0.73 Gb Free Space | 6.09% Space Free | Partition Type: NTFS
 
Computer Name: -MSI | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{39F9735B-4597-434D-AB98-50F59E25124E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{3C4816D9-F122-4C24-903A-B2FF592763A6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{3D98C03A-6537-4D73-A790-B30C79E60667}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4E6B49F1-B4FD-4230-B187-AEEBCE95875D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5A1E28FA-57E9-4EDB-8CB3-0944E5E37CCE}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8773F11A-F272-42E9-9070-68330BE43002}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8FCA9ED5-BA4A-4432-B08B-BDE556537B87}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BBEB640A-0164-483E-BB10-473E72C7D8F4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{CD0CF66A-1BD6-41DE-80B9-EE8E8286FC6C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D08B23BC-A8B1-4003-83B7-373A7ACE14D4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E129914E-4C52-45BA-8840-891C93477EB0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E695593B-191F-4C9E-A97D-2242AE019F21}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EC85852D-A88A-423E-9857-2A054AF423F2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{FF2A7587-CBF3-4CE0-96C2-F2EB7039416C}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04911829-F477-44C2-AE5B-518D24B39E95}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{078F0F01-BACA-4DBF-972E-8878718C4DC3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{08B96F8D-332E-4730-A10A-D91A479AA99E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{0E115AC5-25EF-4A4F-BC09-F9C8692056D2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{429FB29A-702D-49F9-933A-057FC342A2F4}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{542456B6-170A-43EC-BE4B-A81018399F71}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{55919AB1-50D0-4949-B110-B57086560BF6}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{55DC1409-B0B9-44FD-AB55-50FC71BCEEBF}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{6251692B-9741-4CDB-9D14-1414B8E3F889}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{651EFD3A-5877-45A1-BDC6-63321384D83F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6EA1728A-1F98-46E6-91EA-38279D141149}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{81355AEE-0E22-4711-90FE-63668A25FCD8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{86C1A8D3-AA24-46B8-9655-250894B41CC0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8B0C2B29-23F0-403F-8CA8-5354DEB0E63F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{9B3134FD-C930-4492-B823-77BCB2E8B9B5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A0384418-D867-4AC9-AE6A-F0213E456D38}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BF9D0D69-D4BE-455C-BD92-F816B59E7A89}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{D3FB96B8-AA5B-41E0-90F7-0A76BAA04256}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E0D07435-5876-44B3-870D-21DF5E257CD7}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{E585B128-3A24-4D86-8283-26B003E8EC33}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{FFA0EFF7-72FF-4752-BF52-3F1B56B00755}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"TCP Query User{2AF2FCBC-B1F5-4087-B705-A2444E25ABBE}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{5D55D3C4-0E57-4650-9775-C0FC20D0543D}C:\program files\live 8.2.2\program\live 8.2.2.exe" = protocol=6 | dir=in | app=c:\program files\live 8.2.2\program\live 8.2.2.exe | 
"TCP Query User{88C5F94A-857B-470C-ACAF-57F7F833B7EA}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe | 
"TCP Query User{AF6D3191-FC70-4F2C-B050-04BD1526AE51}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{B8C5FBF7-8EB4-481C-BAB9-191C32581FB2}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{DC1E441C-0C67-4D78-A1F8-545EFDBFCE9F}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe | 
"UDP Query User{0D0208A2-721F-4680-A83C-E361B1E46623}C:\program files\live 8.2.2\program\live 8.2.2.exe" = protocol=17 | dir=in | app=c:\program files\live 8.2.2\program\live 8.2.2.exe | 
"UDP Query User{3933120E-B8B0-4FE0-AE42-FD3DFF523E0F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{A302D586-460F-47FE-80CF-DCAD6B395BFF}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe | 
"UDP Query User{A757B342-9CE0-4471-823A-16CE6EBCF69C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{E4FE28C4-78EE-42E9-A5BE-CE0679280F5C}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{F73E516B-F0A8-4004-873D-2F2C91C5D9D0}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
"{2998191E-A35E-47E2-BE38-7702C731D722}" = SRS Premium Sound Control Panel
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{463FB535-67FB-17C9-6FD6-164BC60462F6}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5783F2D7-9005-0407-1102-0060B0CE6BBA}" = AutoCAD Mechanical 2011 Language Pack - Deutsch
"{5783F2D7-9005-0409-0102-0060B0CE6BBA}" = AutoCAD Mechanical 2011
"{5783F2D7-9028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2011
"{69FDD045-DA24-CA41-8FD2-6B3A91F4EDEE}" = AMD Fuel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7244B345-B413-408B-9D04-F55BE1CC93FA}" = Autodesk Inventor Content Center Libraries 2011 (Desktop Content)
"{7F4DD591-1564-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2011
"{7F4DD591-1564-0409-0001-7107D70F3DB4}" = Autodesk Inventor Professional 2011 Language Pack - Deutsch
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A6FE29A0-622B-2763-88AA-D1E084F77CD9}" = AMD Media Foundation Decoders
"{ACF9459F-3585-487A-A84E-B1A3A0D12165}" = Autodesk Vault 2011 (Client)
"{ACF9459F-3585-487F-A84E-B1A3A0D12165}" = Autodesk Vault 2011 (Client) German Language Pack
"{B38BCB00-1C17-48F5-BB94-584BB89D34D0}" = Logitech Z-series Software 1.04
"{D1C90AD9-F272-4444-A156-A66198150B55}" = Max 5.1.8
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F73A118B-8271-47E2-8790-0C636B2539C5}" = iTunes
"AutoCAD Mechanical 2011" = AutoCAD Mechanical 2011
"Autodesk Inventor Professional 2011" = Autodesk Inventor Professional 2011 Deutsch
"DWG TrueView 2011" = DWG TrueView 2011
"Elantech" = ETDWare PS/2-x64 7.0.5.10_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"VLC media player" = VLC media player 2.0.4
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{1333D0D0-801E-4DD3-B379-FB68B9410999}" = S-Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{347151C4-7F16-B275-8865-CC6B64056D3F}" = Catalyst Control Center Graphics Previews Common
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5E152D08-572A-3375-8FDE-DAD1EFB379BA}" = Microsoft Report Viewer Redistributable 2008
"{619FA785-489B-4D22-911F-82D6EDF5BDB0}" = Battery Calibration
"{62AEBBB6-8314-7902-B3DA-1690F97DFA74}" = CCC Help English
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7604A79D-245D-45BB-AFBB-975DE69FFF80}" = Digidesign M-Audio Keyboard Personality 8.0
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A840FFFB-3A80-4C24-AB34-BE9F56BEB4CE}" = msi Software Install
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{C01AE05C-3C8C-75B3-C9F0-1B525DD3697C}" = Catalyst Control Center InstallProxy
"{C13926BE-159B-4494-BEEC-AB6E207F70AD}" = Cinema ProII Setup
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DA5597C9-9216-44FF-9670-D1E48817B998}" = MSI HOUSE
"{DBF1AE39-DA30-4B89-A7EB-3BDA675C5D9E}" = Media Go
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.6.9
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EECD7B96-1416-4D3A-B12D-0D2512120C36}" = EasyViewer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3448416-D3D7-4DBA-B982-4AEB064D9473}" = NWZ-E470 E570 WALKMAN Guide
"{F865B0B5-0D43-2704-0B22-35C5F721374B}" = AMD VISION Engine Control Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDITALKVerbindungsassistent" = ALDI TALK Verbindungsassistent
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"Autodesk Vault 2011 (Client)" = Autodesk Vault 2011 (Client)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon iP2700 series Benutzerregistrierung" = Canon iP2700 series Benutzerregistrierung
"Counter-Strike 1.6" = Counter-Strike 1.6
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"i-Charger_is1" = i-Charger
"InstallShield_{EECD7B96-1416-4D3A-B12D-0D2512120C36}" = EasyViewer
"Live 8.2.2" = Live 8.2.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft Report Viewer Redistributable 2008" = Microsoft Report Viewer Redistributable 2008
"Mozilla Firefox 23.0.1 (x86 de)" = Mozilla Firefox 23.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PokerStars.net" = PokerStars.net
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 9/19/2013 9:28:43 AM | Computer Name = *****-MSI | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mbamgui.exe, Version: 1.65.0.0, Zeitstempel:
 0x50678513  Name des fehlerhaften Moduls: mbamgui.exe, Version: 1.65.0.0, Zeitstempel:
 0x50678513  Ausnahmecode: 0x40000015  Fehleroffset: 0x00038b98  ID des fehlerhaften Prozesses:
 0xb64  Startzeit der fehlerhaften Anwendung: 0x01ceb53c18ebeda5  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe  Pfad des
 fehlerhaften Moduls: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
Berichtskennung:
 67038ad0-212f-11e3-9e2a-e0b9a50c5b00
 
Error - 9/19/2013 9:37:14 AM | Computer Name = *****-MSI | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 9/19/2013 1:48:34 PM | Computer Name = *****-MSI | Source = Application Virtualization Client | ID = 5009
Description = {tid=840} Application Virtualization Client konnte keine Verbindung
 mit der Datenstrom-URL 'hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6129.5001.sft'
 herstellen (Rückgabecode 24600E0A-10000001, ursprünglicher Rückgabecode 24600E0A-10000001).
 
Error - 9/19/2013 1:48:34 PM | Computer Name = *****-MSI | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Fehler bei der Registrierung des Click-2-Run-Pakets.
 
Error - 9/19/2013 2:22:04 PM | Computer Name = *****-MSI | Source = Application Virtualization Client | ID = 5009
Description = {tid=964} Application Virtualization Client konnte keine Verbindung
 mit der Datenstrom-URL 'hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6129.5001.sft'
 herstellen (Rückgabecode 24600E0A-10000001, ursprünglicher Rückgabecode 24600E0A-10000001).
 
Error - 9/19/2013 2:22:04 PM | Computer Name = *****-MSI | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Fehler bei der Registrierung des Click-2-Run-Pakets.
 
Error - 9/20/2013 9:03:21 AM | Computer Name = *****-MSI | Source = Application Virtualization Client | ID = 5009
Description = {tid=9E4} Application Virtualization Client konnte keine Verbindung
 mit der Datenstrom-URL 'hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6129.5001.sft'
 herstellen (Rückgabecode 24600E0A-10000001, ursprünglicher Rückgabecode 24600E0A-10000001).
 
Error - 9/20/2013 9:03:22 AM | Computer Name = *****-MSI | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Fehler bei der Registrierung des Click-2-Run-Pakets.
 
Error - 9/20/2013 9:13:57 AM | Computer Name = *****-MSI | Source = Application Virtualization Client | ID = 3159
Description = {hap=12:app=Microsoft Word Starter 2010 9014006604070000:tid=78C} Die
 Anwendung kann nicht heruntergefahren werden (der Startthread ist noch aktiv).
 
Error - 9/20/2013 9:14:13 AM | Computer Name = *****-MSI | Source = Application Virtualization Client | ID = 6001
Description = {tid=EBC:usr=*****} Fehler bei 'CreateProcess' (Rückgabecode 0C701533-000006BE).
 
[ Media Center Events ]
Error - 1/21/2012 12:05:02 PM | Computer Name = *****-MSI | Source = MCUpdate | ID = 0
Description = 17:05:01 - Fehler beim Herstellen der Internetverbindung.  17:05:01 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 1/21/2012 3:24:26 PM | Computer Name = *****-MSI | Source = MCUpdate | ID = 0
Description = 20:24:24 - Fehler beim Herstellen der Internetverbindung.  20:24:24 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 1/21/2012 4:24:30 PM | Computer Name = *****-MSI | Source = MCUpdate | ID = 0
Description = 21:24:30 - Fehler beim Herstellen der Internetverbindung.  21:24:30 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 1/28/2012 12:27:18 PM | Computer Name = *****-MSI | Source = MCUpdate | ID = 0
Description = 17:27:15 - Fehler beim Herstellen der Internetverbindung.  17:27:16 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 7/16/2012 7:20:54 AM | Computer Name = *****-MSI | Source = MCUpdate | ID = 0
Description = 13:20:53 - Fehler beim Herstellen der Internetverbindung.  13:20:53 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 7/31/2012 8:05:13 AM | Computer Name = *****-MSI | Source = MCUpdate | ID = 0
Description = 14:05:12 - Fehler beim Herstellen der Internetverbindung.  14:05:12 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 9/9/2012 4:12:06 AM | Computer Name = *****-MSI | Source = MCUpdate | ID = 0
Description = 10:12:06 - Fehler beim Herstellen der Internetverbindung.  10:12:06 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 9/9/2012 10:49:03 AM | Computer Name = *****-MSI | Source = MCUpdate | ID = 0
Description = 16:49:03 - Fehler beim Herstellen der Internetverbindung.  16:49:03 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 9/14/2012 4:32:46 AM | Computer Name = *****-MSI | Source = MCUpdate | ID = 0
Description = 10:32:45 - Fehler beim Herstellen der Internetverbindung.  10:32:45 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 9/15/2012 6:37:33 AM | Computer Name = *****-MSI | Source = MCUpdate | ID = 0
Description = 12:37:32 - Fehler beim Herstellen der Internetverbindung.  12:37:32 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 9/14/2013 4:12:43 PM | Computer Name = *****-MSI | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%303.
 
Error - 9/14/2013 4:13:16 PM | Computer Name = *****-MSI | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%303.
 
Error - 9/15/2013 5:05:04 AM | Computer Name = *****-MSI | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Adobe Acrobat Update Service erreicht.
 
Error - 9/15/2013 4:30:11 PM | Computer Name = *****-MSI | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 9/15/2013 4:30:12 PM | Computer Name = *****-MSI | Source = DCOM | ID = 10005
Description = 
 
Error - 9/15/2013 4:30:12 PM | Computer Name = *****-MSI | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 9/18/2013 1:12:29 PM | Computer Name = *****-MSI | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 9/18/2013 1:12:29 PM | Computer Name = *****-MSI | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 9/18/2013 1:12:30 PM | Computer Name = *****-MSI | Source = DCOM | ID = 10005
Description = 
 
Error - 9/19/2013 3:03:40 PM | Computer Name = *****-MSI | Source = BROWSER | ID = 8032
Description = 
 
 
< End of report >
         
--- --- ---

Alt 20.09.2013, 15:03   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Tr/atraps.gen / tr/atraps.gen2 - Standard

Tr/atraps.gen / tr/atraps.gen2



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.




Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 20.09.2013, 15:23   #3
Basti161188
 
Tr/atraps.gen / tr/atraps.gen2 - Standard

Tr/atraps.gen / tr/atraps.gen2



Gut ich werde alles versuchen zu beachten.
Was ich noch vergessen hatte zu sagen ist das der Trojaner im Verzeichnis:
OS_Install(C /Programme (x86) /Google / Install / {e2d90fa5-1a11-387c-5a22-16f3a509ba40} gefunden wurde !
Kann da aber absolut nicht drauf zugreifen oder etwas löschen.
Hier noch die Logs.


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-09-2013 01
Ran by  (administrator) on -MSI on 20-09-2013 16:09:01
Running from C:\Users\\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\S-Bar\MSIService.exe
() C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe
(MSI) C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Logitech Inc.) C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
(MSI) C:\Program Files (x86)\S-Bar\S-Bar.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11697768 2010-12-14] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [635784 2010-01-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Launch LCDMon] - C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe [790552 2007-04-26] (Logitech Inc.)
MountPoints2: F - F:\AutoRun.exe
MountPoints2: G - G:\AutoRun.exe
MountPoints2: {069b4788-c98a-11e0-9522-e0b9a50c5b00} - F:\AutoRun.exe
MountPoints2: {069b478c-c98a-11e0-9522-e0b9a50c5b00} - F:\AutoRun.exe
MountPoints2: {069b479f-c98a-11e0-9522-e0b9a50c5b00} - F:\AutoRun.exe
MountPoints2: {10fca9db-f62c-11e2-911d-e0b9a50c5b00} - F:\AutoRun.exe
MountPoints2: {32e9ade5-c155-11e2-a149-6c626d300742} - F:\AutoRun.exe
MountPoints2: {32e9ae07-c155-11e2-a149-6c626d300742} - F:\AutoRun.exe
MountPoints2: {3467f9ca-ddf8-11e0-ba2e-6c626d300742} - F:\AutoRun.exe
MountPoints2: {3467f9cd-ddf8-11e0-ba2e-6c626d300742} - F:\AutoRun.exe
MountPoints2: {49c292c4-c996-11e0-babe-e0b9a50c5b00} - F:\AutoRun.exe
MountPoints2: {49c292cd-c996-11e0-babe-e0b9a50c5b00} - F:\AutoRun.exe
MountPoints2: {55a69748-00ce-11e2-8f18-6c626d300742} - F:\AutoRun.exe
MountPoints2: {55a6974d-00ce-11e2-8f18-6c626d300742} - F:\AutoRun.exe
MountPoints2: {7220ea68-f302-11e2-9684-e0b9a50c5b00} - F:\AutoRun.exe
MountPoints2: {86b6c8fb-dd76-11e0-9ac3-6c626d300742} - F:\AutoRun.exe
MountPoints2: {90e88d75-ca79-11e0-843b-e0b9a50c5b00} - F:\AutoRun.exe
MountPoints2: {98980ec3-9a07-11e1-88d9-e0b9a50c5b00} - F:\AutoRun.exe
MountPoints2: {98980ec6-9a07-11e1-88d9-e0b9a50c5b00} - F:\AutoRun.exe
MountPoints2: {98980f3e-9a07-11e1-88d9-6c626d300742} - F:\AutoRun.exe
MountPoints2: {98980f43-9a07-11e1-88d9-6c626d300742} - F:\AutoRun.exe
MountPoints2: {a8b15e85-9a9e-11e1-8e0b-6c626d300742} - F:\AutoRun.exe
MountPoints2: {a8b15e8f-9a9e-11e1-8e0b-6c626d300742} - G:\AutoRun.exe
MountPoints2: {a8b15e95-9a9e-11e1-8e0b-6c626d300742} - F:\AutoRun.exe
MountPoints2: {a8b15e98-9a9e-11e1-8e0b-6c626d300742} - F:\AutoRun.exe
MountPoints2: {aa8c1601-bd42-11e1-b2c7-e0b9a50c5b00} - F:\AutoRun.exe
MountPoints2: {aa8c1625-bd42-11e1-b2c7-e0b9a50c5b00} - F:\AutoRun.exe
MountPoints2: {aa8c162a-bd42-11e1-b2c7-e0b9a50c5b00} - G:\AutoRun.exe
MountPoints2: {aa8c1672-bd42-11e1-b2c7-e0b9a50c5b00} - F:\AutoRun.exe
MountPoints2: {aa8c1675-bd42-11e1-b2c7-e0b9a50c5b00} - F:\AutoRun.exe
MountPoints2: {cc2386b7-0adb-11e2-99b8-806e6f6e6963} - F:\AutoRun.exe
HKLM-x32\...\Run: [S-Bar] - C:\Program Files (x86)\S-Bar\S-Bar.exe [5209600 2011-01-22] (MSI)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-11-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKLM - DefaultScope {7751D7DE-24F0-4EEB-87C6-46C80AD75E1E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope {AA8ADAFD-2142-4630-9D72-2F5F8B16380C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119816&tt=220413_d9114&babsrc=SP_ss&mntrId=F2B5E0B9A50C5B00
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119816&tt=220413_d9114&babsrc=SP_ss&mntrId=F2B5E0B9A50C5B00
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {AA8ADAFD-2142-4630-9D72-2F5F8B16380C} URL = 
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
Toolbar: HKLM-x32 -  No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
Toolbar: HKCU -  No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU -  No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\..\Interfaces\{19415AEF-B00C-4334-B629-5235CF7B0FAF}: [NameServer]212.23.115.132 212.23.115.148

FireFox:
========
FF ProfilePath: C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\rybzya8b.default
FF user.js: detected! => C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\rybzya8b.default\user.js
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF SearchPlugin: C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\rybzya8b.default\searchplugins\delta.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ant Video Downloader - C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\rybzya8b.default\Extensions\anttoolbar@ant.com
FF Extension: loadtbs - C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\rybzya8b.default\Extensions\software@loadtubes.com
FF Extension: DivXWebPlayer - C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\rybzya8b.default\Extensions\DivXWebPlayer@divx.com.xpi
FF Extension: No Name - C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\rybzya8b.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\rybzya8b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\rybzya8b.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: No Name - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\

Chrome: 
=======

==================== Services (Whitelisted) =================

R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [358968 2013-09-15] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-11-09] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-14] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [399432 2012-09-29] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [676936 2012-09-29] (Malwarebytes Corporation)
R2 Micro Star SCM; C:\Program Files (x86)\S-Bar\MSIService.exe [160768 2011-01-22] (Micro-Star International Co., Ltd.)
R2 mitsijm2011; C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe [673792 2010-01-23] ()
R2 MSI Foundation Service; C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [12800 2010-07-17] (MSI)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-05-05] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)
S3 MGHwCtrl; \??\C:\Program Files\msi\msi Software Install\MGHwCtrl.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdiox64.sys 6A2EEB0C4133B20773BB3DD0B7B377B4
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 375AC85E1130EAA1EAEB62DDD22B0EFB
C:\Windows\System32\DRIVERS\atikmpag.sys DAEB3F2BB2095B95B98BE6CEC99D02E7
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\amd_sata.sys CAEE7C1AFC9F1C9EE8DD11ACD18D22E7
C:\Windows\System32\DRIVERS\amd_xata.sys 23726116B4FBCC84FC45B95157C08F5F
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys 4BF5BCA6E2608CD8A00BC4A6673A9F47
C:\Windows\System32\DRIVERS\avgntflt.sys 0D5C96FD25D6455D97A5C4D7706DFAB1
C:\Windows\System32\DRIVERS\avipbb.sys E26B3C8E9C3DDE047B32C5719955D715
C:\Windows\System32\DRIVERS\avkmgr.sys 490FA25161BF3E51993EB724ECF0ACEB
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys AAFCB52FE0037207FB6FBEA070D25EFE
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ETD.sys 06C94BE9D9E1E6411429433A64A76936
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ewusbmdm.sys CDAA8E257BB625B2387219E605DDE37D
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys A9853214CC97796579D75B1F59C51DCD
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 7EFB9333E4ECCE6AE4AE9D777D9E553E
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\windows\system32\drivers\mbam.sys A8FE8F2783B2929B56F5370A89356CE9
C:\windows\system32\drivers\mbam.sys A8FE8F2783B2929B56F5370A89356CE9
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUVStor.sys E54A5586A28D0630A79A68BBAB84BFCF
C:\Windows\System32\drivers\RtHDMIVX.sys 116D03E901246AC7AF006121E1E22842
C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0
C:\Windows\System32\DRIVERS\rtl8192Ce.sys 09A8BA290DB61D2D5C419A06A2E54D20
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfslh.sys D5183ED285D2795491DC15BDDCBEE5AD
C:\Windows\System32\DRIVERS\Sftplaylh.sys 00F118B68C50D2206DD51634F9142B83
C:\Windows\System32\DRIVERS\Sftredirlh.sys 76A827DF5640BFE16A0CDBB4108ADECA
C:\Windows\System32\DRIVERS\Sftvollh.sys 1B4C9701645086BAB8CAFFFCE30ED284
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys DB74544B75566C974815E79A62433F29
C:\Windows\System32\DRIVERS\tcpip.sys DB74544B75566C974815E79A62433F29
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Tpkd.sys C676B0F52F2B6483AFB88F79CABB011E
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbfilter.sys 76E2FFAD301490BA27B947C6507752FB
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\System32\DRIVERS\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-20 16:08 - 2013-09-20 16:08 - 00000000 ____D C:\FRST
2013-09-20 16:07 - 2013-09-20 16:08 - 01950622 _____ (Farbar) C:\Users\\Downloads\FRST64.exe
2013-09-20 16:06 - 2013-09-20 16:06 - 00000000 ____D C:\Users\\Downloads\ra-koniec-gry
2013-09-20 15:57 - 2013-09-20 16:05 - 120642162 _____ C:\Users\\Downloads\ra-koniec-gry.rar
2013-09-19 20:34 - 2013-09-19 20:34 - 00001793 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-19 20:33 - 2013-09-19 20:33 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-19 20:33 - 2013-09-19 20:33 - 00000000 ____D C:\Program Files\iTunes
2013-09-19 20:33 - 2013-09-19 20:33 - 00000000 ____D C:\Program Files\iPod
2013-09-19 20:33 - 2013-09-19 20:33 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-19 20:33 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\windows\system32\Drivers\GEARAspiWDM.sys
2013-09-19 20:31 - 2013-09-19 20:31 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-19 20:31 - 2013-09-19 20:31 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-19 20:30 - 2013-09-19 20:30 - 00000000 ____D C:\Program Files\Bonjour
2013-09-19 20:30 - 2013-09-19 20:30 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-09-19 20:26 - 2013-09-19 20:27 - 97176400 _____ (Apple Inc.) C:\Users\\Downloads\iTunes64Setup(1).exe
2013-09-19 20:24 - 2013-09-19 20:24 - 00000000 ____D C:\Users\\Desktop\Filme
2013-09-15 00:00 - 2013-09-20 15:09 - 00000000 ____D C:\Users\\AppData\Roaming\ALDITALKVerbindungsassistent
2013-09-15 00:00 - 2013-09-15 00:00 - 00002243 _____ C:\Users\Public\Desktop\ALDI TALK Verbindungsassistent.lnk
2013-09-15 00:00 - 2013-09-15 00:00 - 00000000 ____D C:\Program Files (x86)\ALDITALKVerbindungsassistent
2013-09-14 22:47 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-09-14 22:47 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-09-14 22:47 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-09-14 22:47 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-09-14 22:47 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-09-14 22:47 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-09-14 22:47 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-09-14 22:47 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-09-14 22:47 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-09-14 22:47 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-09-14 22:47 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-09-14 22:47 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-09-14 22:47 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-09-14 22:47 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-14 22:46 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-09-14 22:46 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-09-14 22:46 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-09-14 22:46 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-09-14 22:46 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-09-14 22:46 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-09-14 22:46 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-09-14 22:46 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-09-14 22:46 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-09-14 22:46 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-09-14 22:46 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-09-14 22:46 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-09-14 22:46 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-09-14 22:46 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-09-14 22:46 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-09-14 22:46 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-09-14 22:46 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-09-14 22:22 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
2013-09-14 22:22 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-09-14 22:22 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-09-14 22:22 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2013-09-14 22:22 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-09-14 22:22 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2013-09-14 22:22 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2013-09-14 22:22 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2013-09-14 22:22 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2013-09-14 22:22 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2013-09-14 22:22 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2013-09-14 22:22 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2013-09-14 22:22 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-09-14 22:22 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-09-14 22:22 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-09-14 22:22 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2013-09-14 22:22 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2013-09-14 22:22 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-09-14 22:22 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2013-09-14 22:22 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2013-09-14 22:22 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2013-09-14 22:22 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-09-14 22:22 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-09-14 22:22 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-09-14 22:22 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-09-14 22:22 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-14 22:22 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-14 22:21 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-09-14 22:19 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2013-09-14 22:19 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2013-09-14 22:19 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2013-09-14 22:19 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2013-09-14 17:56 - 2013-09-14 17:56 - 00000039 _____ C:\Users\\AppData\Roaming\mbam.context.scan
2013-09-14 15:53 - 2013-09-14 15:53 - 00000000 ____D C:\Users\\Downloads\VA - Klassik Lounge Nightflight Vol 05 (2013)
2013-09-13 17:28 - 2013-09-15 19:54 - 00000000 ____D C:\Users\\Downloads\best_smsm
2013-09-13 17:00 - 2013-09-13 17:00 - 00000000 ____D C:\Users\\Downloads\KLNF4
2013-09-13 16:52 - 2013-09-15 19:54 - 00000000 ____D C:\Users\\Downloads\Beat
2013-09-13 14:51 - 2013-09-15 19:53 - 00000000 ____D C:\Users\\Downloads\B-B-2013
2013-09-01 13:04 - 2013-09-01 13:04 - 00000000 ____D C:\Users\\Downloads\Specter at the Feast [320]
2013-09-01 11:34 - 2013-09-01 11:34 - 00000000 ____D C:\Users\\Downloads\Black Rebel Motorcycle Club - Beat The Devils Tattoo
2013-08-25 18:09 - 2013-08-25 18:09 - 00000000 ____D C:\Users\\Downloads\Hilltop Hoods 2003 - The Calling (Deluxe Edition)
2013-08-25 18:03 - 2013-08-25 18:03 - 00000000 ____D C:\Users\\Downloads\Drinking_From_the_Sun
2013-08-25 11:49 - 2013-08-25 11:49 - 00000000 ____D C:\Users\\Downloads\The Strokes - Comedown Machine (2013)
2013-08-24 23:42 - 2013-08-24 23:42 - 00000000 ____D C:\Users\\Downloads\2006FIOE
2013-08-24 21:11 - 2013-08-24 21:11 - 00000000 ____D C:\Users\\Downloads\TS-A_forum
2013-08-24 20:45 - 2013-08-24 20:45 - 00000000 ____D C:\Users\\Downloads\pb_Battle for the Sun

==================== One Month Modified Files and Folders =======

2013-09-20 16:08 - 2013-09-20 16:08 - 00000000 ____D C:\FRST
2013-09-20 16:08 - 2013-09-20 16:07 - 01950622 _____ (Farbar) C:\Users\\Downloads\FRST64.exe
2013-09-20 16:06 - 2013-09-20 16:06 - 00000000 ____D C:\Users\\Downloads\ra-koniec-gry
2013-09-20 16:05 - 2013-09-20 15:57 - 120642162 _____ C:\Users\\Downloads\ra-koniec-gry.rar
2013-09-20 15:29 - 2013-05-04 11:37 - 00001108 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-20 15:24 - 2013-07-06 10:21 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-09-20 15:14 - 2011-08-28 18:34 - 00000000 ____D C:\Users\\AppData\Roaming\SoftGrid Client
2013-09-20 15:13 - 2009-07-14 06:45 - 00017376 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-20 15:13 - 2009-07-14 06:45 - 00017376 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-20 15:11 - 2011-08-18 13:05 - 01800300 _____ C:\windows\WindowsUpdate.log
2013-09-20 15:09 - 2013-09-15 00:00 - 00000000 ____D C:\Users\\AppData\Roaming\ALDITALKVerbindungsassistent
2013-09-20 15:07 - 2011-01-25 04:02 - 00654844 _____ C:\windows\system32\perfh007.dat
2013-09-20 15:07 - 2011-01-25 04:02 - 00130426 _____ C:\windows\system32\perfc007.dat
2013-09-20 15:07 - 2009-07-14 07:13 - 01500254 _____ C:\windows\system32\PerfStringBackup.INI
2013-09-20 15:05 - 2009-07-14 06:51 - 00148914 _____ C:\windows\setupact.log
2013-09-20 15:02 - 2013-05-04 11:37 - 00001104 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-20 15:02 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-09-19 21:37 - 2013-04-07 19:57 - 00000000 ____D C:\Users\\AppData\Roaming\Apple Computer
2013-09-19 20:34 - 2013-09-19 20:34 - 00001793 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-19 20:33 - 2013-09-19 20:33 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-19 20:33 - 2013-09-19 20:33 - 00000000 ____D C:\Program Files\iTunes
2013-09-19 20:33 - 2013-09-19 20:33 - 00000000 ____D C:\Program Files\iPod
2013-09-19 20:33 - 2013-09-19 20:33 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-19 20:31 - 2013-09-19 20:31 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-19 20:31 - 2013-09-19 20:31 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-19 20:30 - 2013-09-19 20:30 - 00000000 ____D C:\Program Files\Bonjour
2013-09-19 20:30 - 2013-09-19 20:30 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-09-19 20:27 - 2013-09-19 20:26 - 97176400 _____ (Apple Inc.) C:\Users\\Downloads\iTunes64Setup(1).exe
2013-09-19 20:24 - 2013-09-19 20:24 - 00000000 ____D C:\Users\\Desktop\Filme
2013-09-19 20:24 - 2013-07-06 10:21 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-09-19 20:24 - 2012-04-15 17:48 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 20:24 - 2011-08-21 18:31 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-19 19:49 - 2012-06-21 18:50 - 00000000 ____D C:\Users\\Desktop\Artist Samples
2013-09-19 16:05 - 2011-08-18 13:06 - 00000000 ____D C:\Users\
2013-09-19 15:29 - 2011-08-18 13:30 - 00000000 ____D C:\Users\\AppData\Local\CrashDumps
2013-09-18 19:34 - 2012-11-09 15:09 - 00000000 ____D C:\Users\\AppData\Roaming\vlc
2013-09-15 19:54 - 2013-09-13 17:28 - 00000000 ____D C:\Users\\Downloads\best_smsm
2013-09-15 19:54 - 2013-09-13 16:52 - 00000000 ____D C:\Users\\Downloads\Beat
2013-09-15 19:53 - 2013-09-13 14:51 - 00000000 ____D C:\Users\\Downloads\B-B-2013
2013-09-15 00:00 - 2013-09-15 00:00 - 00002243 _____ C:\Users\Public\Desktop\ALDI TALK Verbindungsassistent.lnk
2013-09-15 00:00 - 2013-09-15 00:00 - 00000000 ____D C:\Program Files (x86)\ALDITALKVerbindungsassistent
2013-09-14 22:55 - 2012-08-01 19:44 - 00000000 ____D C:\Users\\Tracing
2013-09-14 22:54 - 2011-08-18 13:17 - 00000000 ___RD C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-14 22:54 - 2011-08-18 13:17 - 00000000 ___RD C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-14 22:52 - 2009-07-14 06:45 - 00376560 _____ C:\windows\system32\FNTCACHE.DAT
2013-09-14 22:46 - 2013-07-27 02:53 - 00000000 ____D C:\windows\system32\MRT
2013-09-14 22:43 - 2011-08-20 18:02 - 79143768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-09-14 22:14 - 2013-05-12 22:06 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-09-14 22:14 - 2013-05-05 10:57 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-09-14 22:14 - 2013-05-05 10:57 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-09-14 22:01 - 2012-09-14 12:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-14 21:58 - 2013-07-31 19:06 - 00000000 ____D C:\Program Files (x86)\Sony
2013-09-14 21:58 - 2012-12-27 20:03 - 00000000 ____D C:\Users\\AppData\Roaming\OpenCandy
2013-09-14 21:58 - 2012-02-18 13:35 - 00000000 ____D C:\windows\system32\Macromed
2013-09-14 21:58 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-14 21:58 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache
2013-09-14 21:58 - 2009-07-14 05:20 - 00000000 ____D C:\windows\AppCompat
2013-09-14 21:58 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-09-14 21:57 - 2009-07-14 05:20 - 00000000 ____D C:\windows\registration
2013-09-14 21:55 - 2013-05-04 11:37 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-14 17:56 - 2013-09-14 17:56 - 00000039 _____ C:\Users\\AppData\Roaming\mbam.context.scan
2013-09-14 17:18 - 2011-12-01 14:40 - 00000000 ____D C:\Users\\AppData\Local\Google
2013-09-14 15:53 - 2013-09-14 15:53 - 00000000 ____D C:\Users\\Downloads\VA - Klassik Lounge Nightflight Vol 05 (2013)
2013-09-14 09:54 - 2013-07-31 19:06 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-09-13 17:00 - 2013-09-13 17:00 - 00000000 ____D C:\Users\\Downloads\KLNF4
2013-09-11 21:33 - 2011-08-19 21:01 - 00000000 ___RD C:\Users\\Desktop\Set Projekte
2013-09-03 15:26 - 2013-05-15 15:25 - 00000000 ____D C:\Users\\Inventor Bauteile
2013-09-02 16:44 - 2013-05-14 22:45 - 00000000 ____D C:\Users\\Documents\Inventor
2013-09-01 13:04 - 2013-09-01 13:04 - 00000000 ____D C:\Users\\Downloads\Specter at the Feast [320]
2013-09-01 11:34 - 2013-09-01 11:34 - 00000000 ____D C:\Users\\Downloads\Black Rebel Motorcycle Club - Beat The Devils Tattoo
2013-08-25 18:09 - 2013-08-25 18:09 - 00000000 ____D C:\Users\\Downloads\Hilltop Hoods 2003 - The Calling (Deluxe Edition)
2013-08-25 18:03 - 2013-08-25 18:03 - 00000000 ____D C:\Users\\Downloads\Drinking_From_the_Sun
2013-08-25 11:49 - 2013-08-25 11:49 - 00000000 ____D C:\Users\\Downloads\The Strokes - Comedown Machine (2013)
2013-08-24 23:42 - 2013-08-24 23:42 - 00000000 ____D C:\Users\\Downloads\2006FIOE
2013-08-24 21:11 - 2013-08-24 21:11 - 00000000 ____D C:\Users\h\Downloads\TS-A_forum
2013-08-24 20:45 - 2013-08-24 20:45 - 00000000 ____D C:\Users\\Downloads\pb_Battle for the Sun

Files to move or delete:
====================
ZeroAccess:
C:\Users\\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install


Some content of TEMP:
====================
C:\Users\\AppData\Local\Temp\AcDeltree.exe
C:\Users\\AppData\Local\Temp\AskSLib.dll
C:\Users\\AppData\Local\Temp\AutoRun.exe
C:\Users\\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\\AppData\Local\Temp\DealPlyUpdateVer.exe
C:\Users\\AppData\Local\Temp\DeltaTB.exe
C:\Users\\AppData\Local\Temp\dp.exe
C:\Users\\AppData\Local\Temp\eauninstall.exe
C:\Users\\AppData\Local\Temp\FreeYouJizzDownloader_1.5.1.exe
C:\Users\\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih.exe
C:\Users\\AppData\Local\Temp\mfc80.dll
C:\Users\\AppData\Local\Temp\mfc80u.dll
C:\Users\\AppData\Local\Temp\mfcm80.dll
C:\Users\\AppData\Local\Temp\mfcm80u.dll
C:\Users\\AppData\Local\Temp\msvcm80.dll
C:\Users\\AppData\Local\Temp\msvcp80.dll
C:\Users\\AppData\Local\Temp\msvcr80.dll
C:\Users\\AppData\Local\Temp\Need for Speed Most Wanted_uninst.exe
C:\Users\\AppData\Local\Temp\OSU.exe
C:\Users\\AppData\Local\Temp\pricepeep_130001_1001.exe
C:\Users\\AppData\Local\Temp\ResetDevice.exe
C:\Users\\AppData\Local\Temp\uninst1.exe
C:\Users\\AppData\Local\Temp\Uninstaller.exe
C:\Users\\AppData\Local\Temp\VersionUpdater.exe
C:\Users\\AppData\Local\Temp\WtgDriverInstallX.dll
C:\Users\\AppData\Local\Temp\WTGXMLUtil.dll
C:\Users\\AppData\Local\Temp\WtgZip.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\de-DE => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=\Device\HarddiskVolume2
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {current}
resumeobject            {dc7368ff-2904-11e0-b2ab-9a0d16783ea1}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  partition=C:
path                    \windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {dc736901-2904-11e0-b2ab-9a0d16783ea1}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \windows
resumeobject            {dc7368ff-2904-11e0-b2ab-9a0d16783ea1}
nx                      OptIn

Windows-Startladeprogramm
-------------------------
Bezeichner              {dc736901-2904-11e0-b2ab-9a0d16783ea1}
device                  ramdisk=[C:]\Recovery\dc736901-2904-11e0-b2ab-9a0d16783ea1\Winre.wim,{dc736902-2904-11e0-b2ab-9a0d16783ea1}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\dc736901-2904-11e0-b2ab-9a0d16783ea1\Winre.wim,{dc736902-2904-11e0-b2ab-9a0d16783ea1}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {dc7368ff-2904-11e0-b2ab-9a0d16783ea1}
device                  partition=C:
path                    \windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {dc736902-2904-11e0-b2ab-9a0d16783ea1}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\dc736901-2904-11e0-b2ab-9a0d16783ea1\boot.sdi



LastRegBack: 2013-09-11 21:50

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-09-2013 01
Ran by  at 2013-09-20 16:10:36
Running from C:\Users\\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
ALDI TALK Verbindungsassistent (x32 Version: )
AMD APP SDK Runtime (Version: 10.0.831.4)
AMD Catalyst Install Manager (Version: 3.0.855.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2011.1109.2212.39826)
AMD Media Foundation Decoders (Version: 1.0.61109.2218)
AMD VISION Engine Control Center (x32 Version: 2011.1109.2212.39826)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Atheros Client Installation Program (x32 Version: 7.0)
AutoCAD Mechanical 2011 (Version: 15.0.46.0)
AutoCAD Mechanical 2011 Language Pack - Deutsch (Version: 15.0.46.0)
Autodesk Design Review 2011 (x32 Version: 11.0.0.86)
Autodesk Inventor Content Center Libraries 2011 (Desktop Content) (Version: 15.0.0000.23900)
Autodesk Inventor Professional 2011 (Version: 15.0.0000.23900)
Autodesk Inventor Professional 2011 Deutsch (Version: 15.0.0000.23900)
Autodesk Inventor Professional 2011 Language Pack - Deutsch (Version: 15.0.0000.23900)
Autodesk Material Library 2011 (x32 Version: 2.0.0.49)
Autodesk Material Library 2011 Base Image library (x32 Version: 2.0.0.49)
Autodesk Vault 2011 (Client) (Version: 15.0.58.0)
Autodesk Vault 2011 (Client) (x32 Version: 15.0.58.0)
Autodesk Vault 2011 (Client) German Language Pack (Version: 15.0.58.0)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Battery Calibration (x32 Version: 1.0.1012.0301)
Bonjour (Version: 3.0.0.10)
BurnRecovery (x32 Version: 3.0.1007.2701)
Canon iP2700 series Benutzerregistrierung (x32)
Canon iP2700 series Printer Driver
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.1109.2212.39826)
Catalyst Control Center InstallProxy (x32 Version: 2011.1109.2212.39826)
CCC Help English (x32 Version: 2011.1109.2211.39826)
ccc-utility64 (Version: 2011.1109.2212.39826)
CDBurnerXP (x32 Version: 4.4.0.2838)
Cinema ProII Setup (x32 Version: 1.0.0.9z)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Counter-Strike 1.6 (x32)
Dev-C++ 5 beta 9 release (4.9.9.2) (x32)
Digidesign M-Audio Keyboard Personality 8.0 (x32 Version: 8.0)
DWG TrueView 2011 (Version: 18.1.49.0)
EasyViewer (x32 Version: 1.3.0.9)
ETDWare PS/2-x64 7.0.5.10_WHQL (Version: 7.0.5.10)
FARO LS 1.1.406.58 (x32 Version: 4.6.58.2)
Free YouTube to MP3 Converter version 3.11.37.1212 (x32 Version: 3.11.37.1212)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.153)
i-Charger (x32)
ICQ7.6 (x32 Version: 7.6)
iTunes (Version: 11.1.0.126)
Junk Mail filter update (x32 Version: 14.0.8117.416)
Live 8.2.2 (x32)
Logitech Z-series Software 1.04 (Version: 1.04.153)
Malwarebytes Anti-Malware Version 1.65.1.1000 (x32 Version: 1.65.1.1000)
Max 5.1.8 (Version: 135.1.8)
Media Go (x32 Version: 2.1.392)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (x32 Version: 3.5.30730.0)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft Report Viewer Redistributable 2008 (x32 Version: 9.0.21022)
Microsoft Report Viewer Redistributable 2008 (x32)
Microsoft Silverlight (x32 Version: 4.0.50401.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (x32 Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSI HOUSE (x32 Version: 10.07.1601)
msi Software Install (x32 Version: 3.1000.1005.1101)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nuance PDF Reader (x32 Version: 6.00.0041)
NWZ-E470 E570 WALKMAN Guide (x32 Version: 1.0.00)
PlayStation(R)Network Downloader (x32 Version: 2.07.00849)
PlayStation(R)Store (x32 Version: 4.7.14.14146)
PokerStars.net (x32)
Realtek Ethernet Controller Driver (x32 Version: 7.32.1111.2010)
Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.6121)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6267)
Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7600.10008)
REALTEK Wireless LAN Driver (x32 Version: 1.00.0168)
S-Bar (x32 Version: 20.011.01216)
SRS Premium Sound Control Panel (Version: 1.10.13.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
VBA (2627.01) (x32 Version: 6.03.00.9402)
VBA (2701.01) (x32 Version: 6.03.00.9402)
VLC media player 2.0.4 (Version: 2.0.4)
Windows Live Call (x32 Version: 14.0.8117.0416)
Windows Live Communications Platform (x32 Version: 14.0.8117.416)
Windows Live Essentials (x32 Version: 14.0.8117.0416)
Windows Live Essentials (x32 Version: 14.0.8117.416)
Windows Live Fotogalerie (x32 Version: 14.0.8117.416)
Windows Live Mail (x32 Version: 14.0.8117.0416)
Windows Live Messenger (x32 Version: 14.0.8117.0416)
Windows Live Movie Maker (x32 Version: 14.0.8117.0416)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live Writer (x32 Version: 14.0.8117.0416)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
WinRAR archiver (x32)
XMedia Recode Version 3.1.6.9 (x32 Version: 3.1.6.9)

==================== Restore Points  =========================

01-09-2013 08:49:29 Windows Update
08-09-2013 15:06:44 Geplanter Prüfpunkt
13-09-2013 12:35:57 Windows Update
13-09-2013 22:56:34 Windows Update
14-09-2013 07:54:45 Removed PlayStation(R)Store.
14-09-2013 19:49:20 Wiederherstellungsvorgang
14-09-2013 20:19:58 Windows Update
14-09-2013 20:30:12 Windows Update
19-09-2013 18:28:35 Windows Update
19-09-2013 18:32:01 Installed iTunes

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {12D8BF9D-7FD1-4C59-9EC6-76B7CF3418DD} - System32\Tasks\DealPly => C:\Users\\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE
Task: {464383FB-69EF-4CFE-9540-EEF44F2951DA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-04] (Google Inc.)
Task: {4794C49A-4E75-4702-A21D-0441661B84B4} - System32\Tasks\{CD6E37BF-8383-4577-A68E-2BF6B5691147} => C:\Users\\Desktop\live822micro\live822micro.exe
Task: {54D2EB62-5772-40EF-8FB5-A518A554BAF0} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-19] (Adobe Systems Incorporated)
Task: {7A594240-3196-422D-8E88-439E46A03DE7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-04] (Google Inc.)
Task: {7D3A6EC9-55F4-4B59-8698-941BD4C20E1F} - System32\Tasks\{91F23A59-53A8-4946-9FC7-81B36C208B40} => C:\Users\\Downloads\Firefox Setup 6.0.exe
Task: {949DC57A-82C6-4FC9-A2E3-D60E7DFEC195} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {BA52C985-EB9C-43C5-8C5A-DA23DF206DB7} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {BFCA20E7-D684-4F76-9B15-36BEFFF4E7A0} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {EF53BC01-88CD-4C6A-9F53-52E953D326D7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-07-14 02:22 - 2009-07-14 03:38 - 00081408 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2010-02-10 11:46 - 2010-02-10 11:46 - 00045280 _____ (Autodesk, Inc.) C:\windows\system32\AcSignIcon.dll
2010-02-10 11:46 - 2010-02-10 11:46 - 00592608 _____ (Autodesk, Inc.) C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll
2005-06-07 21:26 - 2005-06-07 21:26 - 00043008 _____ () C:\Program Files (x86)\WinRAR 3.61 Multi\rarext64.dll
2010-02-10 11:46 - 2010-02-10 11:46 - 00180960 _____ (Autodesk) C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
2011-01-22 01:19 - 2011-01-22 01:19 - 00006144 _____ (MSI) C:\Program Files (x86)\S-Bar\de\S-Bar.resources.dll
2011-01-22 01:19 - 2011-01-22 01:19 - 00008192 _____ (msi) C:\Program Files (x86)\S-Bar\MSIECO.dll
2009-01-20 14:51 - 2009-01-20 14:51 - 00007168 _____ ( ) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atixclib.dll
2011-11-09 23:08 - 2011-11-09 23:08 - 00037376 _____ (AMD) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\FUEL.Implementation.dll
2011-11-09 23:08 - 2011-11-09 23:08 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-11-09 23:10 - 2011-11-09 23:10 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00053648 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-30 23:05 - 2011-08-30 23:05 - 00085864 _____ (Apple Inc.) C:\windows\system32\dnssd.dll
2013-09-15 00:00 - 2013-09-15 00:00 - 00102400 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgDatabase.dll
2013-09-15 00:00 - 2013-09-15 00:00 - 00106496 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgUtil.dll
2013-09-15 00:00 - 2013-09-15 00:00 - 00090112 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgPorts.dll
2013-09-15 00:00 - 2013-09-15 00:00 - 00200704 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgDetection.dll
2013-09-15 00:00 - 2013-09-15 00:00 - 00086016 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgDialup.dll
2013-09-15 00:00 - 2013-09-15 00:00 - 00012288 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WTGDebugs.dll
2013-09-15 00:00 - 2013-09-15 00:00 - 00073728 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgDriverInstall.dll
2013-09-15 00:00 - 2013-09-15 00:00 - 00569344 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgCore.dll
2013-09-15 00:00 - 2013-09-15 00:00 - 00139264 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgBluetooth.dll
2013-09-15 00:00 - 2013-09-15 00:00 - 00204800 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\LiveBoxCM.dll
2013-09-15 00:00 - 2013-09-15 00:00 - 00823296 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\LIBEAY32.dll
2013-09-15 00:00 - 2013-09-15 00:00 - 00925696 _____ (WebToGo) C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgWiFiCore.dll
2013-09-15 00:00 - 2013-09-15 00:00 - 00126976 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgWiFi.dll
2013-09-15 00:00 - 2013-09-15 00:00 - 00569344 _____ (WebToGo Mobiles Internet GmbH) C:\Program Files (x86)\ALDITALKVerbindungsassistent\WTGAlertsEx.dll
2013-09-15 00:00 - 2013-09-15 00:00 - 00614400 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WTGXMLUtil.dll
2013-09-15 00:00 - 2013-09-15 00:00 - 00303104 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WTGSMSPCClient.Dll
2009-07-14 02:07 - 2009-07-14 03:14 - 00064000 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SysWOW64\l3codeca.acm
2013-08-17 22:18 - 2013-08-17 22:18 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-15 00:25 - 2013-09-15 00:25 - 16177544 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Users\\Lokale Einstellungen:KBXupwKRR4N2DHFWz3jwSTLTZ
AlternateDataStreams: C:\Users\\AppData\Local:KBXupwKRR4N2DHFWz3jwSTLTZ
AlternateDataStreams: C:\Users\\AppData\Local\Anwendungsdaten:KBXupwKRR4N2DHFWz3jwSTLTZ


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/20/2013 03:14:13 PM) (Source: Application Virtualization Client) (User: )
Description: {tid=EBC:usr=}
Fehler bei 'CreateProcess' (Rückgabecode 0C701533-000006BE).

Error: (09/20/2013 03:13:57 PM) (Source: Application Virtualization Client) (User: )
Description: {hap=12:app=Microsoft Word Starter 2010 9014006604070000:tid=78C}
Die Anwendung kann nicht heruntergefahren werden (der Startthread ist noch aktiv).

Error: (09/20/2013 03:03:22 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Fehler bei der Registrierung des Click-2-Run-Pakets.

Error: (09/20/2013 03:03:21 PM) (Source: Application Virtualization Client) (User: )
Description: {tid=9E4}
Application Virtualization Client konnte keine Verbindung mit der Datenstrom-URL 'hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6129.5001.sft' herstellen (Rückgabecode 24600E0A-10000001, ursprünglicher Rückgabecode 24600E0A-10000001).

Error: (09/19/2013 08:22:04 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Fehler bei der Registrierung des Click-2-Run-Pakets.

Error: (09/19/2013 08:22:04 PM) (Source: Application Virtualization Client) (User: )
Description: {tid=964}
Application Virtualization Client konnte keine Verbindung mit der Datenstrom-URL 'hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6129.5001.sft' herstellen (Rückgabecode 24600E0A-10000001, ursprünglicher Rückgabecode 24600E0A-10000001).

Error: (09/19/2013 07:48:34 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Fehler bei der Registrierung des Click-2-Run-Pakets.

Error: (09/19/2013 07:48:34 PM) (Source: Application Virtualization Client) (User: )
Description: {tid=840}
Application Virtualization Client konnte keine Verbindung mit der Datenstrom-URL 'hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6129.5001.sft' herstellen (Rückgabecode 24600E0A-10000001, ursprünglicher Rückgabecode 24600E0A-10000001).

Error: (09/19/2013 03:37:14 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (09/19/2013 03:28:43 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: mbamgui.exe, Version: 1.65.0.0, Zeitstempel: 0x50678513
Name des fehlerhaften Moduls: mbamgui.exe, Version: 1.65.0.0, Zeitstempel: 0x50678513
Ausnahmecode: 0x40000015
Fehleroffset: 0x00038b98
ID des fehlerhaften Prozesses: 0xb64
Startzeit der fehlerhaften Anwendung: 0xmbamgui.exe0
Pfad der fehlerhaften Anwendung: mbamgui.exe1
Pfad des fehlerhaften Moduls: mbamgui.exe2
Berichtskennung: mbamgui.exe3


System errors:
=============
Error: (09/19/2013 09:03:40 PM) (Source: BROWSER) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{94DC531D-1470-428A-A5AD-0BD15B689E2F}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.

Error: (09/18/2013 07:12:30 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/18/2013 07:12:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (09/18/2013 07:12:29 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (09/15/2013 10:30:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (09/15/2013 10:30:12 PM) (Source: DCOM) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (09/15/2013 10:30:11 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (09/15/2013 11:05:04 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Adobe Acrobat Update Service erreicht.

Error: (09/14/2013 10:13:16 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%303.

Error: (09/14/2013 10:12:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%303.


Microsoft Office Sessions:
=========================
Error: (09/20/2013 03:14:13 PM) (Source: Application Virtualization Client)(User: )
Description: {tid=EBC:usr=}
0C701533-000006BE

Error: (09/20/2013 03:13:57 PM) (Source: Application Virtualization Client)(User: )
Description: {hap=12:app=Microsoft Word Starter 2010 9014006604070000:tid=78C}

Error: (09/20/2013 03:03:22 PM) (Source: CVHSVC)(User: )
Description: Fehler bei der Registrierung des Click-2-Run-Pakets.

Error: (09/20/2013 03:03:21 PM) (Source: Application Virtualization Client)(User: )
Description: {tid=9E4}
hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6129.5001.sft24600E0A-1000000124600E0A-10000001

Error: (09/19/2013 08:22:04 PM) (Source: CVHSVC)(User: )
Description: Fehler bei der Registrierung des Click-2-Run-Pakets.

Error: (09/19/2013 08:22:04 PM) (Source: Application Virtualization Client)(User: )
Description: {tid=964}
hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6129.5001.sft24600E0A-1000000124600E0A-10000001

Error: (09/19/2013 07:48:34 PM) (Source: CVHSVC)(User: )
Description: Fehler bei der Registrierung des Click-2-Run-Pakets.

Error: (09/19/2013 07:48:34 PM) (Source: Application Virtualization Client)(User: )
Description: {tid=840}
hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6129.5001.sft24600E0A-1000000124600E0A-10000001

Error: (09/19/2013 03:37:14 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (09/19/2013 03:28:43 PM) (Source: Application Error)(User: )
Description: mbamgui.exe1.65.0.050678513mbamgui.exe1.65.0.0506785134000001500038b98b6401ceb53c18ebeda5C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe67038ad0-212f-11e3-9e2a-e0b9a50c5b00


==================== Memory info =========================== 

Percentage of memory in use: 54%
Total physical RAM: 3691.75 MB
Available physical RAM: 1669.46 MB
Total Pagefile: 7381.69 MB
Available Pagefile: 4974.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS_Install) (Fixed) (Total:272.2 GB) (Free:99.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:181.46 GB) (Free:181.37 GB) NTFS
Drive f: (MEDION) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive w: (BIOS_RVY) (Fixed) (Total:12 GB) (Free:0.73 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E345AD43)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=27)
Partition 3: (Not Active) - (Size=272 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=181 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 20.09.2013, 15:31   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Tr/atraps.gen / tr/atraps.gen2 - Standard

Tr/atraps.gen / tr/atraps.gen2



Zitat:
ZeroAccess:
C:\Users\\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

Lesestoff:
Rootkit-Warnung
Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
  • Entscheide bitte ganz bewußt, ob du mit der Bereinigung fortfahren möchtest. Ein einmal derartig kompromittiertes System kann man niemals mit 100%iger Sicherheit wieder absichern. Auch wenn wir gute Chancen haben, deinen Computer zu bereinigen, kann es dennoch möglich sein, dass uns am Ende nur die Neuinstallation bleibt.

  • Wenn du mit diesem Computer beispielsweise Onlinebanking machst, dann solltest du zumindest dein Passwort von deiner Bank ändern lassen, wenn du ein ansonsten sicheres Verfahren wie beispielsweise "chip-TAN-comfort" nutzt. Hast du noch alte TAN-Bögen auf Papierbasis? Dann ist es höchste Zeit dich bei deiner Bank zu melden und notfalls das Konto temporär sperren zu lassen. Der Sperrnotruf 116 116 von www.sperr-notruf.de kann Tag und Nacht dafür benutzt werden.

  • Hast du ansonsten sensible Daten auf deinem Computer, dann solltest du auch darüber nachdenken, wie du damit umgehst, da sie sich praktisch "jeder" ansehen konnte.
Teile mir also mit, wie du dich entschieden hast.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.09.2013, 15:43   #5
Basti161188
 
Tr/atraps.gen / tr/atraps.gen2 - Standard

Tr/atraps.gen / tr/atraps.gen2



Okay das hört sich verdammt gefährlich an. Also Online Banking habe ich glücklicherweise nicht. Ich würde den PC dann am liebsten neu Aufsetzen. Das Problem ist das ich keine Windows CD habe da es vorinstalliert war.
Würde also übergangsweise schon versuchen den Schaden jetzt einzugrenzen und versuchen den Trojaner zu eliminieren.

Besten Dank


Alt 20.09.2013, 22:17   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Tr/atraps.gen / tr/atraps.gen2 - Standard

Tr/atraps.gen / tr/atraps.gen2



Keine Win-DVD? Ist absolut kein Problem! Lesen => http://www.trojaner-board.de/100776-...tml#post676887
__________________
--> Tr/atraps.gen / tr/atraps.gen2

Antwort

Themen zu Tr/atraps.gen / tr/atraps.gen2
acrobat update, anhang, apple id, aufsetzen, befallen, beste, black, cpu, daten, eingefangen, erkennt, externe festplatte, festplatte, frage, gen, install.exe, laptop, meldung, microsoft office starter 2010, msn deutschland, musik, neu, platte, quarantäne, rechners, schonmal, tr/atraps.gen, trojaner, verschoben, viren, word starter, ziehen



Ähnliche Themen: Tr/atraps.gen / tr/atraps.gen2


  1. Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (29)
  2. TR/ATRAPS.Gen und TR/ATRAPS.Gen2 von Avira gemeldet und dort nicht zu entfernen
    Log-Analyse und Auswertung - 10.10.2012 (13)
  3. Trojaner Befall TR/ATRAPS.GEN ,TR/ATRAPS.GEN2 , TR/Cutwail.jhg , TR/ZAccess.H , TR/Sirefef.A.37
    Plagegeister aller Art und deren Bekämpfung - 08.10.2012 (17)
  4. TR/ATRAPS.Gen2 und TR/ATRAPS.Gen wird alle paar Minuten von Antivir gemeldet
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (22)
  5. Antivir meldet TR/ATRAPS.Gen2 und TR/ATRAPS.Gen angebl. Shockwave Installation
    Log-Analyse und Auswertung - 17.08.2012 (5)
  6. Avira: 800000cb.@ TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in C:\Windows\Installer\.. und weitere Pfaden
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (25)
  7. antivir meldet alle paar minuten den fund TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 01.08.2012 (4)
  8. Von Avira gefundene Trojaner - TR/Crypt.ZPACK.Gen, TR/ATRAPS.Gen, TR/ATRAPS.Gen2 und BDS/ZAccess.T
    Log-Analyse und Auswertung - 27.07.2012 (25)
  9. Viren,BDS/ZAccess.T,TR/ATRAPS.gen,TR/ATRAPS.gen2 in C:/Dokumente/Einstellungen/Administrator..
    Alles rund um Windows - 22.07.2012 (1)
  10. Trojaner Atraps.Gen, Atraps.Gen2 und Sirefef.AB.20 - gelöscht, aber auch sicher?
    Log-Analyse und Auswertung - 14.07.2012 (23)
  11. TR/ATRAPS.GEN, TR/ATRAPS.Gen2 6 seit ein paar Minuten auch noch ein Sirefef.P.528
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (1)
  12. Antivir findet 4 Trojaner: TR/ATRAPS.Gen, TR/ATRAPS.Gen2, Sirefef.P.342, Dldr.Phdet.E.41
    Log-Analyse und Auswertung - 11.07.2012 (1)
  13. TR/ATRAPS.GEN, TR/ATRAPS.GEN2 in C:\Windows\Installer\{...} und JAVA/Dldr.Lamar.CI
    Mülltonne - 09.07.2012 (2)
  14. Nach Befall tr/atraps.gen tr/atraps.gen2 formatiert - Computer startet selbständig neu
    Log-Analyse und Auswertung - 09.07.2012 (1)
  15. Virus (Rootkit.0Access, TR/ATRAPS.Gen, TR/ATRAPS.Gen2) entfernt; tatsächlich clean?
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (7)
  16. TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 gefunden, aber nach Systemwiederherstellung weg?
    Plagegeister aller Art und deren Bekämpfung - 25.06.2012 (4)
  17. Antivir meldet ständig wiederholten Fund von TR/ATRAPS.Gen, TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 03.06.2012 (1)

Zum Thema Tr/atraps.gen / tr/atraps.gen2 - Hallo Ich habe mir so wie es aussieht die beiden oben beschriebenen Trojaner eingefangen Avira erkennt die Viren auch und ich habe sie auch schon in die Quarantäne verschoben, jedoch - Tr/atraps.gen / tr/atraps.gen2...
Archiv
Du betrachtest: Tr/atraps.gen / tr/atraps.gen2 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.