Interpol Virus - FRST.exe

VonDrecken · 22.03.2014, 23:43

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Raphael (administrator) on RAPHAEL-HP on 22-03-2014 23:37:28
Running from C:\Users\Raphael\Desktop\Trojaner Board
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
() C:\Program Files (x86)\tele.ring Internet Manager\AssistantServices.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(AMD) C:\Windows\system32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Users\Raphael\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Facebook) C:\Users\Raphael\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
() C:\Program Files (x86)\tele.ring Internet Manager\UIExec.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
() Q:\140066.deu\Office14\WINWORDC.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() Q:\140066.deu\Office14\OffSpon.EXE
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-11] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-02] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-01-25] (cyberlink)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Photo Downloader] - C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe [61440 2007-06-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [UIExec] - C:\Program Files (x86)\tele.ring Internet Manager\UIExec.exe [132608 2009-07-27] ()
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-12] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\Run: [Facebook Update] - C:\Users\Raphael\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19876968 2013-06-21] (Skype Technologies S.A.)
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\Run: [HP Deskjet 3520 series (NET)] - C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\Run: [SkyDrive] - C:\Users\Raphael\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-03-08] (Microsoft Corporation)
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\MountPoints2: G - G:\Autorun.exe
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\MountPoints2: {0248bf3f-8c35-11e3-94b7-101f7414549c} - G:\Install.exe
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\MountPoints2: {17a6765c-2cb7-11e1-9ace-806e6f6e6963} - F:\autorun.exe
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\MountPoints2: {17a677a0-2cb7-11e1-9ace-101f7414549c} - G:\AutoRun.exe
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\MountPoints2: {17a677b4-2cb7-11e1-9ace-101f7414549c} - H:\AutoRun.exe
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\MountPoints2: {4e42b912-7825-11e1-b431-101f7414549c} - G:\LGAutoRun.exe
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\MountPoints2: {72094537-400d-11e1-8797-101f7414549c} - H:\AutoRun.exe
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\MountPoints2: {7d802da4-33ca-11e1-8868-101f7414549c} - G:\AutoRun.exe
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\MountPoints2: {7d802dbb-33ca-11e1-8868-101f7414549c} - H:\AutoRun.exe
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\MountPoints2: {90f557fc-2fc8-11e1-8874-101f7414549c} - G:\AutoRun.exe
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\MountPoints2: {c6ce933b-3146-11e1-85a0-101f7414549c} - H:\Autorun.exe
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\MountPoints2: {edf66017-2cdb-11e1-8029-101f7414549c} - G:\AutoRun.exe
Startup: C:\Users\Raphael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Raphael\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
Startup: C:\Users\Raphael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://at.msn.com/?pc=UP97&ocid=UP97DHP&dt=071113
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/1
SearchScopes: HKLM - {03413C6F-3C72-4E27-86BA-80624A70C0A3} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48Ð¸patm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä* URL = 
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-08-21] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21
Tcpip\..\Interfaces\{0EDC64A2-48A2-4D4B-A227-D00558200321}: [NameServer]194.24.128.100 81.3.216.100
Tcpip\..\Interfaces\{92C85EB4-0A9B-4E96-B6B2-E53835FF59AA}: [NameServer]194.24.128.100 81.3.216.100

FireFox:
========
FF ProfilePath: C:\Users\Raphael\AppData\Roaming\Mozilla\Firefox\Profiles\8kvmy6nq.default
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_33 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Raphael\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Raphael\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2014-02-18]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2 [2014-03-22]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-04-01] (Advanced Micro Devices, Inc.)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-01-25] (CyberLink)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [218624 2012-01-01] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)
R2 UI Assistant Service; C:\Program Files (x86)\tele.ring Internet Manager\AssistantServices.exe [241664 2009-07-27] ()

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [1384608 2012-10-24] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2012-01-01] (Huawei Technologies Co., Ltd.)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20121221.001\IDSvia64.sys [513184 2012-11-03] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20121222.025\ENG64.SYS [126112 2012-11-06] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20121222.025\EX64.SYS [2084000 2012-11-06] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-12-25] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-03-29] (TuneUp Software)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-19] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-19] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-19] (LG Electronics Inc.)
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-22 23:22 - 2014-03-22 23:22 - 00000000 ____D () C:\Windows\ERUNT
2014-03-22 23:17 - 2014-03-22 23:37 - 00000000 ____D () C:\Users\Raphael\Desktop\Trojaner Board
2014-03-22 23:10 - 2014-03-22 23:12 - 00000000 ____D () C:\AdwCleaner
2014-03-22 23:09 - 2014-03-22 23:09 - 01950720 _____ () C:\Users\Raphael\Downloads\adwcleaner.exe
2014-03-22 00:11 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-22 00:11 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-22 00:11 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-22 00:11 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-22 00:11 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-22 00:11 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-22 00:11 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-22 00:11 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-22 00:10 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-22 00:10 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-22 00:10 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-22 00:10 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-22 00:10 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-22 00:10 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-22 00:10 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-22 00:10 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-22 00:10 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-22 00:10 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-22 00:10 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-22 00:10 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-22 00:10 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-22 00:10 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-22 00:10 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-22 00:10 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-22 00:10 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-22 00:10 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-22 00:10 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-22 00:10 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-22 00:10 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-22 00:10 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-22 00:10 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-22 00:10 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-22 00:10 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-22 00:10 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-22 00:10 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-22 00:10 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-22 00:10 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-22 00:10 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-22 00:10 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-22 00:10 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-22 00:10 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-22 00:10 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-22 00:10 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-22 00:10 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-22 00:09 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-22 00:09 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-19 15:34 - 2014-03-21 23:54 - 00000000 ____D () C:\Users\Raphael\Desktop\FRST
2014-03-18 21:02 - 2014-03-22 23:37 - 00000000 ____D () C:\FRST
2014-03-18 16:13 - 2014-03-21 23:54 - 00000000 ____D () C:\Windows\system32\%LocalAppData%
2014-03-16 15:05 - 2014-03-16 15:06 - 00000145 _____ () C:\Users\Raphael\Desktop\To-Do-Liste.txt
2014-03-16 14:09 - 2014-03-16 18:05 - 00000000 ____D () C:\Users\Raphael\Desktop\Personalentwicklung
2014-03-12 20:56 - 2014-03-12 20:56 - 00001745 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-12 20:54 - 2014-03-12 20:56 - 00000000 ____D () C:\Program Files\iTunes
2014-03-12 20:54 - 2014-03-12 20:54 - 00000000 ____D () C:\Program Files\iPod
2014-03-12 20:48 - 2014-03-12 20:48 - 00001807 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-12 20:47 - 2014-03-12 20:48 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-12 19:09 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-11 12:09 - 2014-03-11 12:11 - 00018190 ____H () C:\Users\Raphael\Desktop\~WRL0005.tmp
2014-03-09 12:49 - 2014-03-10 11:40 - 00000000 ____D () C:\Users\Raphael\Desktop\Abbildungen Persm
2014-03-08 19:45 - 2014-03-22 23:17 - 00000000 ___RD () C:\ONEDRIVE
2014-03-08 19:44 - 2014-03-08 19:44 - 00002206 _____ () C:\Users\Raphael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-03-08 19:44 - 2014-03-08 19:44 - 00002082 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-03-08 19:44 - 2014-03-08 19:44 - 00002082 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-03-08 19:44 - 2014-03-08 19:44 - 00000000 ___RD () C:\Users\Raphael\OneDrive
2014-03-08 19:44 - 2014-03-08 19:44 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-03-08 19:44 - 2014-03-08 19:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2014-03-08 19:44 - 2014-03-08 19:43 - 06072008 _____ (Microsoft Corporation) C:\Users\Raphael\Downloads\OneDriveSetup.exe
2014-03-04 22:14 - 2014-03-04 22:14 - 00000000 ____D () C:\Users\Raphael\Desktop\ipod
2014-03-02 21:45 - 2014-03-02 21:45 - 00001933 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-03-02 21:44 - 2014-03-02 21:44 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-28 21:06 - 2014-02-28 21:06 - 00000000 ____D () C:\Users\Raphael\Documents\Command & Conquer 3 Tiberium Wars
2014-02-28 20:44 - 2014-02-28 20:44 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-02-28 19:33 - 2014-02-28 21:04 - 00000000 ____D () C:\Users\Raphael\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2014-02-28 19:33 - 2014-02-28 19:33 - 00000000 __RHD () C:\Users\Raphael\AppData\Roaming\SecuROM
2014-02-28 18:08 - 2014-02-28 18:08 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-02-28 11:05 - 2014-03-06 20:28 - 00013743 _____ () C:\Users\Raphael\Desktop\März 2013.xlsx
2014-02-28 10:08 - 2014-02-28 10:08 - 02150984 _____ () C:\Users\Raphael\Downloads\VideoPerformerSetup.exe
2014-02-27 21:10 - 2014-02-27 21:10 - 00001982 _____ () C:\Users\Raphael\Desktop\Windows Phone-Desktopanwendung.lnk
2014-02-27 21:09 - 2014-02-27 21:10 - 00000000 ____D () C:\Program Files (x86)\Windows Phone
2014-02-27 21:09 - 2014-02-27 21:09 - 00000000 ____D () C:\ProgramData\Applications
2014-02-27 14:25 - 2014-02-27 14:25 - 00000221 _____ () C:\Users\Raphael\Desktop\R.U.S.E.url
2014-02-27 13:21 - 2014-03-22 23:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-27 13:21 - 2014-02-27 14:07 - 00000879 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-02-27 13:19 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-02-27 13:19 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2014-02-27 13:19 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-02-27 13:19 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-02-27 13:19 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-02-27 13:19 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-02-27 13:19 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-02-27 13:19 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-02-27 13:19 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-02-27 13:19 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-02-27 13:19 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-02-27 13:19 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-02-27 13:19 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-02-27 13:19 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2014-02-27 13:19 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-02-27 13:19 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-02-27 13:19 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-02-27 13:19 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-02-27 13:19 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-02-27 13:19 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-02-27 13:19 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-02-27 13:19 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-02-27 13:19 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-02-27 13:19 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-02-27 13:19 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-02-27 13:19 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-02-27 13:19 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-02-27 13:19 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-02-27 13:19 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-02-27 13:19 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-02-27 13:19 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-02-27 13:19 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-02-27 13:19 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-02-27 13:19 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-02-27 13:19 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-02-27 13:19 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-02-27 13:19 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-02-27 13:19 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-02-27 13:19 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-02-27 13:19 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-02-27 13:19 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-02-27 13:19 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-02-27 13:19 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-02-27 13:19 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-02-27 13:19 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-02-27 13:19 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-02-27 13:19 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-02-27 13:19 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-02-27 13:19 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-02-27 13:19 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-02-27 13:19 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-02-27 13:19 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-02-27 13:19 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-02-27 13:19 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2014-02-27 13:19 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2014-02-27 13:19 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-02-27 13:19 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-02-27 13:19 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2014-02-27 13:19 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2014-02-27 13:19 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-02-27 13:19 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-02-27 13:19 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2014-02-27 13:19 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-02-27 13:19 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2014-02-27 13:19 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-02-27 13:19 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2014-02-27 13:19 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-02-27 13:19 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2014-02-27 13:19 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2014-02-27 13:19 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-02-27 13:19 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-02-27 13:19 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2014-02-27 13:19 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-02-27 13:19 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2014-02-27 13:19 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-02-27 13:19 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2014-02-27 13:19 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-02-27 13:19 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2014-02-27 13:19 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-02-27 13:19 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2014-02-27 13:19 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-02-27 12:59 - 2014-02-27 12:59 - 00005120 _____ () C:\Users\Raphael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-27 12:07 - 2014-02-28 11:23 - 00012527 _____ () C:\Users\Raphael\Desktop\Schuldentilgungsplan.xlsx
2014-02-25 13:38 - 2014-02-25 13:38 - 02790572 _____ ( ) C:\Users\Raphael\Downloads\pdftkb36_setup.exe
2014-02-25 13:38 - 2014-02-25 13:38 - 00000000 ____D () C:\Program Files (x86)\PDFTK Builder
2014-02-23 13:32 - 2014-03-22 22:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-23 13:32 - 2014-03-21 23:55 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-02-23 13:32 - 2014-03-12 19:55 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-23 13:32 - 2014-02-23 13:32 - 00000000 ____D () C:\ProgramData\McAfee
2014-02-20 09:40 - 2014-02-20 09:40 - 00000000 ____D () C:\Users\Raphael\Desktop\Drucker
2014-02-20 09:38 - 2014-02-27 12:06 - 00000000 ____D () C:\Users\Raphael\AppData\Roaming\HpUpdate
2014-02-20 09:38 - 2014-02-20 09:38 - 00003626 _____ () C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 3520 series
2014-02-20 09:38 - 2014-02-20 09:38 - 00000000 ____D () C:\ProgramData\Visan
2014-02-20 09:38 - 2014-02-20 09:38 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-02-20 09:38 - 2014-02-20 09:38 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-02-20 09:37 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMB011.dll
2014-02-20 09:36 - 2014-02-20 09:36 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-02-20 09:36 - 2014-02-20 09:36 - 00000000 ____D () C:\ProgramData\HP
2014-02-20 09:36 - 2014-02-20 09:36 - 00000000 ____D () C:\Program Files\HP
2014-02-20 09:32 - 2014-02-20 09:34 - 70107920 _____ () C:\Users\Raphael\Downloads\DJ3520_1315.exe

==================== One Month Modified Files and Folders =======

2014-03-22 23:37 - 2014-03-22 23:17 - 00000000 ____D () C:\Users\Raphael\Desktop\Trojaner Board
2014-03-22 23:37 - 2014-03-18 21:02 - 00000000 ____D () C:\FRST
2014-03-22 23:23 - 2011-09-02 23:00 - 01209165 _____ () C:\Windows\WindowsUpdate.log
2014-03-22 23:22 - 2014-03-22 23:22 - 00000000 ____D () C:\Windows\ERUNT
2014-03-22 23:22 - 2011-08-21 20:22 - 00700118 _____ () C:\Windows\system32\perfh007.dat
2014-03-22 23:22 - 2011-08-21 20:22 - 00149968 _____ () C:\Windows\system32\perfc007.dat
2014-03-22 23:22 - 2009-07-14 06:13 - 01622164 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-22 23:21 - 2011-12-22 19:22 - 00058016 _____ () C:\Users\Raphael\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-22 23:21 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-22 23:21 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-22 23:17 - 2014-03-08 19:45 - 00000000 ___RD () C:\ONEDRIVE
2014-03-22 23:16 - 2014-02-27 13:21 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-22 23:16 - 2013-06-13 07:54 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-03-22 23:16 - 2011-12-25 23:20 - 00000000 ____D () C:\Users\Raphael\AppData\Roaming\Skype
2014-03-22 23:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-22 23:15 - 2009-07-14 05:51 - 00095027 _____ () C:\Windows\setupact.log
2014-03-22 23:15 - 2009-07-14 05:45 - 00276904 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-22 23:14 - 2013-03-30 19:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-22 23:14 - 2013-03-30 19:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-22 23:12 - 2014-03-22 23:10 - 00000000 ____D () C:\AdwCleaner
2014-03-22 23:11 - 2014-02-18 10:35 - 00000000 ____D () C:\Users\Raphael\AppData\Roaming\SoftGrid Client
2014-03-22 23:09 - 2014-03-22 23:09 - 01950720 _____ () C:\Users\Raphael\Downloads\adwcleaner.exe
2014-03-22 22:57 - 2014-02-18 12:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-22 22:55 - 2014-02-23 13:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-22 22:51 - 2014-02-18 12:24 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-22 22:46 - 2012-03-02 22:44 - 00001146 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-215696962-2090878713-1119302306-1001UA.job
2014-03-22 10:41 - 2014-02-11 21:51 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForRaphael.job
2014-03-22 00:12 - 2014-02-11 21:51 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForRaphael
2014-03-22 00:11 - 2012-02-01 21:45 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-03-22 00:11 - 2011-12-25 22:20 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-03-22 00:05 - 2013-07-12 20:46 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9471D58D-5AC4-41EA-8E98-1A8C0C2D74D1}
2014-03-21 23:57 - 2011-12-22 19:16 - 00000000 ____D () C:\Users\Raphael
2014-03-21 23:55 - 2014-02-23 13:32 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-03-21 23:55 - 2014-02-02 19:16 - 00000000 ____D () C:\Program Files (x86)\tele.ring Internet Manager
2014-03-21 23:55 - 2011-12-22 19:23 - 00000000 ___RD () C:\Users\Raphael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-21 23:55 - 2011-09-03 08:54 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-21 23:55 - 2011-09-02 23:26 - 00000000 ____D () C:\ProgramData\Norton
2014-03-21 23:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-03-21 23:54 - 2014-03-19 15:34 - 00000000 ____D () C:\Users\Raphael\Desktop\FRST
2014-03-21 23:54 - 2014-03-18 16:13 - 00000000 ____D () C:\Windows\system32\%LocalAppData%
2014-03-21 23:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-03-21 23:53 - 2014-02-18 10:41 - 00000000 __RHD () C:\MSOCache
2014-03-21 23:53 - 2011-12-22 19:36 - 00000000 ____D () C:\Program Files (x86)\Mobile Partner
2014-03-18 13:29 - 2012-07-13 20:15 - 00517120 ___SH () C:\Users\Raphael\Desktop\Thumbs.db
2014-03-17 14:04 - 2011-12-30 12:53 - 00000000 ____D () C:\Users\Raphael\AppData\Local\CrashDumps
2014-03-16 18:05 - 2014-03-16 14:09 - 00000000 ____D () C:\Users\Raphael\Desktop\Personalentwicklung
2014-03-16 15:06 - 2014-03-16 15:05 - 00000145 _____ () C:\Users\Raphael\Desktop\To-Do-Liste.txt
2014-03-12 20:56 - 2014-03-12 20:56 - 00001745 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-12 20:56 - 2014-03-12 20:54 - 00000000 ____D () C:\Program Files\iTunes
2014-03-12 20:56 - 2012-09-16 19:03 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-12 20:56 - 2012-07-22 12:03 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-12 20:54 - 2014-03-12 20:54 - 00000000 ____D () C:\Program Files\iPod
2014-03-12 20:48 - 2014-03-12 20:48 - 00001807 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-12 20:48 - 2014-03-12 20:47 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-12 19:55 - 2014-02-23 13:32 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 19:55 - 2012-11-11 18:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 19:55 - 2011-12-29 22:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 12:11 - 2014-03-11 12:09 - 00018190 ____H () C:\Users\Raphael\Desktop\~WRL0005.tmp
2014-03-11 12:09 - 2012-03-02 22:44 - 00001124 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-215696962-2090878713-1119302306-1001Core.job
2014-03-10 11:40 - 2014-03-09 12:49 - 00000000 ____D () C:\Users\Raphael\Desktop\Abbildungen Persm
2014-03-08 19:45 - 2014-02-18 11:52 - 00000000 ____D () C:\Users\Raphael\Desktop\Manuel
2014-03-08 19:44 - 2014-03-08 19:44 - 00002206 _____ () C:\Users\Raphael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-03-08 19:44 - 2014-03-08 19:44 - 00002082 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-03-08 19:44 - 2014-03-08 19:44 - 00002082 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-03-08 19:44 - 2014-03-08 19:44 - 00000000 ___RD () C:\Users\Raphael\OneDrive
2014-03-08 19:44 - 2014-03-08 19:44 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-03-08 19:44 - 2014-03-08 19:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2014-03-08 19:43 - 2014-03-08 19:44 - 06072008 _____ (Microsoft Corporation) C:\Users\Raphael\Downloads\OneDriveSetup.exe
2014-03-06 20:28 - 2014-02-28 11:05 - 00013743 _____ () C:\Users\Raphael\Desktop\März 2013.xlsx
2014-03-04 22:14 - 2014-03-04 22:14 - 00000000 ____D () C:\Users\Raphael\Desktop\ipod
2014-03-02 21:45 - 2014-03-02 21:45 - 00001933 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-03-02 21:44 - 2014-03-02 21:44 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-03-01 07:05 - 2014-03-22 00:10 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-22 00:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-22 00:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-22 00:11 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-22 00:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-22 00:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-22 00:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-22 00:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-22 00:10 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-22 00:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-22 00:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-22 00:10 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-22 00:10 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-22 00:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-22 00:10 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-22 00:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-12 19:09 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-22 00:10 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-22 00:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-22 00:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-22 00:11 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-22 00:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:43 - 2014-03-22 00:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:42 - 2014-03-22 00:10 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-22 00:10 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-22 00:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-22 00:10 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-22 00:10 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-22 00:10 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-22 00:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-22 00:10 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-22 00:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-22 00:10 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-22 00:10 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-22 00:10 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-22 00:10 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-22 00:10 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-22 00:11 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-22 00:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-22 00:10 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 21:06 - 2014-02-28 21:06 - 00000000 ____D () C:\Users\Raphael\Documents\Command & Conquer 3 Tiberium Wars
2014-02-28 21:04 - 2014-02-28 19:33 - 00000000 ____D () C:\Users\Raphael\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2014-02-28 20:44 - 2014-02-28 20:44 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-02-28 19:33 - 2014-02-28 19:33 - 00000000 __RHD () C:\Users\Raphael\AppData\Roaming\SecuROM
2014-02-28 18:32 - 2011-08-21 11:01 - 00058392 _____ () C:\Windows\DirectX.log
2014-02-28 18:08 - 2014-02-28 18:08 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-02-28 11:23 - 2014-02-27 12:07 - 00012527 _____ () C:\Users\Raphael\Desktop\Schuldentilgungsplan.xlsx
2014-02-28 10:08 - 2014-02-28 10:08 - 02150984 _____ () C:\Users\Raphael\Downloads\VideoPerformerSetup.exe
2014-02-28 03:01 - 2011-09-02 23:12 - 01596444 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-27 21:10 - 2014-02-27 21:10 - 00001982 _____ () C:\Users\Raphael\Desktop\Windows Phone-Desktopanwendung.lnk
2014-02-27 21:10 - 2014-02-27 21:09 - 00000000 ____D () C:\Program Files (x86)\Windows Phone
2014-02-27 21:09 - 2014-02-27 21:09 - 00000000 ____D () C:\ProgramData\Applications
2014-02-27 21:03 - 2011-12-22 23:51 - 00000000 ____D () C:\Users\Raphael\AppData\Local\Windows Live
2014-02-27 14:34 - 2010-11-21 04:47 - 00228906 _____ () C:\Windows\PFRO.log
2014-02-27 14:25 - 2014-02-27 14:25 - 00000221 _____ () C:\Users\Raphael\Desktop\R.U.S.E.url
2014-02-27 14:07 - 2014-02-27 13:21 - 00000879 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-02-27 12:59 - 2014-02-27 12:59 - 00005120 _____ () C:\Users\Raphael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-27 12:06 - 2014-02-20 09:38 - 00000000 ____D () C:\Users\Raphael\AppData\Roaming\HpUpdate
2014-02-25 13:38 - 2014-02-25 13:38 - 02790572 _____ ( ) C:\Users\Raphael\Downloads\pdftkb36_setup.exe
2014-02-25 13:38 - 2014-02-25 13:38 - 00000000 ____D () C:\Program Files (x86)\PDFTK Builder
2014-02-23 13:32 - 2014-02-23 13:32 - 00000000 ____D () C:\ProgramData\McAfee
2014-02-23 13:32 - 2012-01-11 21:58 - 00000000 ____D () C:\Users\Raphael\AppData\Local\Adobe
2014-02-21 10:05 - 2014-02-18 10:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-02-20 09:40 - 2014-02-20 09:40 - 00000000 ____D () C:\Users\Raphael\Desktop\Drucker
2014-02-20 09:40 - 2011-12-22 19:25 - 00000000 ____D () C:\Users\Raphael\AppData\Local\HP
2014-02-20 09:38 - 2014-02-20 09:38 - 00003626 _____ () C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 3520 series
2014-02-20 09:38 - 2014-02-20 09:38 - 00000000 ____D () C:\ProgramData\Visan
2014-02-20 09:38 - 2014-02-20 09:38 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-02-20 09:38 - 2014-02-20 09:38 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-02-20 09:38 - 2011-09-02 23:16 - 00000000 ____D () C:\Program Files (x86)\HP
2014-02-20 09:38 - 2011-08-21 10:50 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-02-20 09:36 - 2014-02-20 09:36 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-02-20 09:36 - 2014-02-20 09:36 - 00000000 ____D () C:\ProgramData\HP
2014-02-20 09:36 - 2014-02-20 09:36 - 00000000 ____D () C:\Program Files\HP
2014-02-20 09:34 - 2014-02-20 09:32 - 70107920 _____ () C:\Users\Raphael\Downloads\DJ3520_1315.exe

Some content of TEMP:
====================
C:\Users\Raphael\AppData\Local\Temp\38388-38389-adobe-photoshop-lightroom.exe
C:\Users\Raphael\AppData\Local\Temp\ApnStub.exe
C:\Users\Raphael\AppData\Local\Temp\avguidx.dll
C:\Users\Raphael\AppData\Local\Temp\AVG_Security_Toolbar.exe
C:\Users\Raphael\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Raphael\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Raphael\AppData\Local\Temp\drm_dyndata_7290008.dll
C:\Users\Raphael\AppData\Local\Temp\drm_dyndata_7330017.dll
C:\Users\Raphael\AppData\Local\Temp\Extract.exe
C:\Users\Raphael\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Raphael\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Raphael\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Raphael\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Raphael\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Raphael\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Raphael\AppData\Local\Temp\oi_{6A2D16C6-566F-4235-95C8-B30C9463D9B9}.exe
C:\Users\Raphael\AppData\Local\Temp\patchw32.dll
C:\Users\Raphael\AppData\Local\Temp\px.dll
C:\Users\Raphael\AppData\Local\Temp\pxafs.dll
C:\Users\Raphael\AppData\Local\Temp\PxCpyA64.exe
C:\Users\Raphael\AppData\Local\Temp\PxCpyI64.exe
C:\Users\Raphael\AppData\Local\Temp\pxdrv.dll
C:\Users\Raphael\AppData\Local\Temp\pxhpinst.exe
C:\Users\Raphael\AppData\Local\Temp\PxInsA64.exe
C:\Users\Raphael\AppData\Local\Temp\PxInsI64.exe
C:\Users\Raphael\AppData\Local\Temp\pxmas.dll
C:\Users\Raphael\AppData\Local\Temp\pxsetup.exe
C:\Users\Raphael\AppData\Local\Temp\pxsfs.dll
C:\Users\Raphael\AppData\Local\Temp\pxwave.dll
C:\Users\Raphael\AppData\Local\Temp\Quarantine.exe
C:\Users\Raphael\AppData\Local\Temp\ResetDevice.exe
C:\Users\Raphael\AppData\Local\Temp\Resource.exe
C:\Users\Raphael\AppData\Local\Temp\setup.exe
C:\Users\Raphael\AppData\Local\Temp\setup_fsu_cid.exe
C:\Users\Raphael\AppData\Local\Temp\Shortcut_BundleSweetIMSetup.exe
C:\Users\Raphael\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\Raphael\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Raphael\AppData\Local\Temp\SP53462.exe
C:\Users\Raphael\AppData\Local\Temp\SP54127.exe
C:\Users\Raphael\AppData\Local\Temp\sp54373.exe
C:\Users\Raphael\AppData\Local\Temp\sp54620.exe
C:\Users\Raphael\AppData\Local\Temp\SP54714.exe
C:\Users\Raphael\AppData\Local\Temp\SP55151.exe
C:\Users\Raphael\AppData\Local\Temp\SP55152.exe
C:\Users\Raphael\AppData\Local\Temp\sp58915.exe
C:\Users\Raphael\AppData\Local\Temp\sp64126.exe
C:\Users\Raphael\AppData\Local\Temp\toolbar.exe
C:\Users\Raphael\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Raphael\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Raphael\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Raphael\AppData\Local\Temp\vxblock.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-10 16:02

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Raphael at 2014-03-22 23:38:18
Running from C:\Users\Raphael\Desktop\Trojaner Board
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

A1 Dashboard (HKLM-x32\...\A1 Dashboard) (Version: 1.15.1.0 - A1 Telekom Austria AG)
A1 Dashboard (x32 Version: 1.15.1.0 - A1 Telekom Austria AG) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.0.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom (HKLM-x32\...\{EED085D5-A3FA-4FB2-BC93-48C1194E6E26}) (Version: 1.10.0000 - Adobe)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD APP SDK Runtime (Version: 2.4.595.9 - Advanced Micro Devices Inc.) Hidden
AMD Fuel (Version: 2011.0401.2259.39449 - Ihr Firmenname) Hidden
AMD System Monitor (HKLM-x32\...\{C1C82DC9-1547-4038-8F0A-C069F0B7F2ED}) (Version: 1.0.5 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (x32 Version: 2011.0401.2259.39449 - Ihr Firmenname) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{942836D4-5395-652B-F1E8-A7C5B039910C}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
AuthenTec TrueAPI (Version: 1.2.1.33 - AuthenTec, Inc.) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Big Rig Europe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0401.2259.39449 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0401.2259.39449 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0401.2259.39449 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
CCC Help English (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
CCC Help French (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
CCC Help German (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
ccc-utility64 (Version: 2011.0401.2259.39449 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Command & Conquer 3 (HKLM-x32\...\{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}) (Version: 1.00.0000 - Ihr Firmenname)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3.2714 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.3.2714 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3922 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.1.3922 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom (x32 Version: 2.2.0.95 - WildTangent) Hidden
Free YouTube to MP3 Converter version 3.11.35.1031 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.35.1031 - DVDVideoSoft Ltd.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{3623E33A-6E9A-442F-9628-570C28E01EDF}) (Version: 4.1.9.1 - Hewlett-Packard Company)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Deskjet 3520 series - Grundlegende Software für das Gerät (HKLM\...\{15B2F0E3-3FAC-4495-B0FD-398EECFA4100}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Hilfe (HKLM-x32\...\{6B953497-169C-4929-9AA9-A9F510347468}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP Documentation (HKLM-x32\...\{B6946BAC-2169-42CC-8E6D-F6FE2EEDB20F}) (Version: 1.2.0.0 - Hewlett-Packard)
HP DVB-T TV Tuner 8.0.64.43 (HKLM-x32\...\HP DVB-T TV Tuner) (Version: 8.0.64.43 - )
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP SimplePass 2011 (HKLM-x32\...\{BCFAA37D-A6DB-43BF-A351-43F183E52D07}) (Version: 5.1.0.495 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{AF6EB833-D48A-49AC-9394-4C57489FDFF2}) (Version: 4.1.13.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6329.0 - IDT)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java(TM) 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
L.A. Noire (HKLM-x32\...\{915726DF-7891-444A-AA03-0DF1D64F561A}) (Version: 1.00.0000 - Rockstar Games)
LG Internet Kit (HKLM-x32\...\LG Internet Kit) (Version: 4.1.13 - LG Electronics)
LG USB Modem Drivers (HKLM-x32\...\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}) (Version: 4.9.4 - LG Electronics)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5128.5002 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4029.0217 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.003.28.00.152 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 18.7.2.3 - Symantec Corporation)
PDFTK Builder 3.5.3 (HKLM-x32\...\PDFTK Builder_is1) (Version:  - )
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlanetSide 2 (HKCU\...\soe-PlanetSide 2 PSG) (Version: 1.0.3.183 - Sony Online Entertainment)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
R.U.S.E (HKLM-x32\...\Steam App 21970) (Version:  - Eugen Systems)
Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.02.02.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.80 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.0.0.0 - Rockstar Games)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.6 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.6.106 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Studie zur Verbesserung von HP Deskjet 3520 series Produkten (HKLM\...\{A5BB6A58-BC1A-48A7-BB19-1768A80CF9C9}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Sweet Home 3D version 3.5 (HKLM-x32\...\Sweet Home 3D_is1) (Version:  - eTeks)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.4.4 - Synaptics Incorporated)
tele.ring Internet Manager (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - ZTE)
TuneUp Utilities 2012 (HKLM-x32\...\TuneUp Utilities 2012) (Version: 12.0.3600.73 - TuneUp Software)
TuneUp Utilities 2012 (x32 Version: 12.0.3600.73 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.73 - TuneUp Software) Hidden
UltraMixer 3.0.2.1 (HKLM-x32\...\{32E2F180-247C-4077-B06A-20F9868568E1}_is1) (Version: 3.0.2.1 - UltraMixer Digital Audio Solutions)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{7C54D017-21BB-43AE-9746-33E78AF4A425}) (Version: 4.3.118.0 - Validity Sensors, Inc.)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
WavePad Audiobearbeitungs-Software (HKLM-x32\...\WavePad) (Version:  - NCH Software)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Phone app for desktop (HKLM-x32\...\{9C4D79B6-238E-49D8-AEBC-26384EBDE6B3}) (Version: 1.0.1720.1 - Microsoft Corporation)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points  =========================

28-02-2014 17:07:40 Installed Command & Conquer 3.
08-03-2014 18:17:49 Geplanter Prüfpunkt
13-03-2014 08:06:34 Windows Update
22-03-2014 09:47:14 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0F800448-108F-41AB-A1B1-FF0074179055} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {107380E9-4AD9-4308-8942-4873DDA369C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {246966FD-E3EB-41E0-9DA8-78A6863420B9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard)
Task: {315B18F1-653C-42FC-8797-BEDAF7DF9B74} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{F57DA878-70A2-4886-BF8B-9AEC48250234}.exe
Task: {32EEE8CA-C4E4-4415-8244-BC4377B949D3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-215696962-2090878713-1119302306-1001Core => C:\Users\Raphael\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {43B07101-59AA-4E39-B4E8-BE660CF7D0FF} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-31] ()
Task: {51228F50-8202-4B75-9107-036EB4D8F0B3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {5676A6D7-08F1-4C8A-878A-D047ED3F987E} - \DriverScanner No Task File
Task: {5E4FBF08-E4C1-43DC-8189-6C1969FB073B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-215696962-2090878713-1119302306-1001UA => C:\Users\Raphael\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {5F441719-A60B-43FE-BA66-9D764D084D5D} - System32\Tasks\HPCustParticipation HP Deskjet 3520 series => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {6125B521-3B12-4140-8628-B2D51C895523} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {614B3309-EEBE-446A-B449-D8FAC8D8C17B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {6A73CD22-9559-4E83-ACF2-EB8844D2C5B7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {85659AB7-30B9-4FEC-9497-B691BF3B8DCC} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {94E4AF1E-707C-49C1-86DF-526FBA5B8921} - \AdobeFlashPlayerUpdate 2 No Task File
Task: {9EF3AC88-A31A-47F2-B034-B270D928312D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard)
Task: {AD2CCC0C-AFBB-428A-BAAD-9737C0925552} - \AdobeFlashPlayerUpdate No Task File
Task: {B02B7658-8462-4C20-B539-217E7DF4770E} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2012-05-29] (TuneUp Software)
Task: {B88CB5FA-2472-430F-98B2-D6C7EEE05723} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {C7842C28-6680-4E9E-A9AD-45FB01AE61B8} - System32\Tasks\HPCeeScheduleForRaphael => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {C7E42B1B-D6F1-4294-88D6-7576A505CE79} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-03-12] (Microsoft)
Task: {E6449C0D-EB8D-4002-A791-8723E179432D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {FC409EAA-2339-441D-A5C7-22546C592A1D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {FCB75080-9315-43DD-BC42-A5F7D7CB7CBA} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-22] (CyberLink)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{F57DA878-70A2-4886-BF8B-9AEC48250234}.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-215696962-2090878713-1119302306-1001Core.job => C:\Users\Raphael\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-215696962-2090878713-1119302306-1001UA.job => C:\Users\Raphael\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForRaphael.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2011-04-01 22:06 - 2011-04-01 22:06 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2010-11-16 14:38 - 2010-11-16 14:38 - 00339456 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2012-01-01 17:21 - 2012-01-01 17:19 - 00218624 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2014-02-02 19:16 - 2009-07-27 09:39 - 00241664 _____ () C:\Program Files (x86)\tele.ring Internet Manager\AssistantServices.exe
2014-02-02 19:17 - 2009-07-27 09:39 - 00132608 _____ () C:\Program Files (x86)\tele.ring Internet Manager\UIExec.exe
2011-04-01 22:06 - 2011-04-01 22:06 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-03-04 11:25 - 2011-03-04 11:25 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-04-01 21:57 - 2011-04-01 21:57 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-06-24 01:21 - 2010-06-24 01:21 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2010-02-28 02:33 - 2010-02-28 02:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-01 17:21 - 2012-01-01 17:19 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2012-01-01 17:21 - 2012-01-01 17:19 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2012-01-01 17:21 - 2012-01-01 17:19 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2012-01-01 17:21 - 2012-01-01 17:19 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-12-12 14:19 - 2013-12-12 23:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2013-11-04 17:12 - 2013-11-05 02:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll
2014-02-10 18:34 - 2014-02-11 03:34 - 00751616 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-02-25 13:57 - 2014-02-25 22:57 - 01135296 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-01-10 15:33 - 2014-01-11 00:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-06-14 15:49 - 2013-06-15 00:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-06-14 15:49 - 2013-06-15 00:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-06-14 15:49 - 2013-06-15 00:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2013-03-07 21:32 - 2013-03-07 21:32 - 00292272 _____ () C:\Users\Raphael\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll
2013-03-07 21:32 - 2013-03-07 21:32 - 21014960 _____ () C:\Users\Raphael\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll
2013-03-07 21:32 - 2013-03-07 21:32 - 00179632 _____ () C:\Users\Raphael\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
2010-06-24 01:19 - 2010-06-24 01:19 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2014-02-14 13:31 - 2014-02-13 01:36 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-12 19:55 - 2014-03-12 19:55 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 29%
Total physical RAM: 7658.9 MB
Available physical RAM: 5421.55 MB
Total Pagefile: 15315.98 MB
Available Pagefile: 12774.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:449.7 GB) (Free:318.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: () (Fixed) (Total:465.76 GB) (Free:465.66 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:15.77 GB) (Free:1.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (CNC3) (CDROM) (Total:6.2 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C843E555)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 11D8B398)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

deeprybka · 23.03.2014, 17:59

Hi, Danke für die Geduld...

Weiter gehts...

Schritt 1
Lade dir

TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.

Öffne die TFC.exe.
Vista und Win 7 User mit Rechtsklick "als Administrator starten".
Schließe alle anderen Programme.
Drücke auf den Button Start.
Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Poste mir bitte den Inhalt der Logs von Malwarebytes, ESET und Securitycheck...

VonDrecken · 24.03.2014, 22:06

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.23.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Raphael :: RAPHAEL-HP [Administrator]

Schutz: Aktiviert

23.03.2014 21:36:51
mbam-log-2014-03-23 (21-36-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 219336
Laufzeit: 5 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Raphael\Downloads\SoftonicDownloader_fuer_ultramixer.exe (PUP.Optional.Softonic.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Raphael\Downloads\VideoPerformerSetup.exe (PUP.Optional.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0ee0533fe89c4842a8d3fb2444afe2dc
# engine=17570
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-23 11:44:22
# local_time=2014-03-24 12:44:22 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 21809753 147248112 0 0
# scanned=201891
# found=2
# cleaned=0
# scan_time=9635
sh=4602C6C92ADAB72A8CF4FC14901DFFC984557170 ft=1 fh=be7ecbba513d6336 vn="a variant of Win64/Kryptik.FT trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\8zwlvwlmqa.zvv.xBAD"
sh=8D9D3B0305FE2940CE04006A71F15AD573B7FD6C ft=1 fh=bca0135d78ba369b vn="a variant of Win32/Kryptik.BXKD trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\aqmlwvlwz8.cpp.xBAD"

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.80  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Adobe Flash Player 12.0.0.77  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (27.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Mobile Partner OnlineUpdate ouc.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

deeprybka · 24.03.2014, 22:47

Fast fertig!

Schritt 1

Bitte deinstalliere über die Systemsteuerung die alten Java Versionen...

Java(TM) 6 Update 24 (64-bit)
Java(TM) 6 Update 33

Installiere Dir hier das neueste Update.
In ein paar Tagen gibts auch die Version 8.

Den aktuellen Adobe Reader gibt es hier...

Wichtig: Die optionale Software bei der Installation von Java und Adobe nicht auswählen...

Schritt 2

Bitte überprüfe Deine Antivirussoftware auf Aktualität und dass sie immer eingeschaltet ist.

Schritt 3

Bitte starte

FRST erneut und drücke auf Scan und poste mir das Log.

VonDrecken · 25.03.2014, 00:01

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Raphael (administrator) on RAPHAEL-HP on 24-03-2014 23:58:14
Running from C:\Users\Raphael\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\tele.ring Internet Manager\AssistantServices.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Users\Raphael\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Facebook) C:\Users\Raphael\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
() C:\Program Files (x86)\tele.ring Internet Manager\UIExec.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-11] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-02] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-01-25] (cyberlink)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Photo Downloader] - C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe [61440 2007-06-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [UIExec] - C:\Program Files (x86)\tele.ring Internet Manager\UIExec.exe [132608 2009-07-27] ()
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-12] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\Run: [Facebook Update] - C:\Users\Raphael\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\Run: [HP Deskjet 3520 series (NET)] - C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\Run: [SkyDrive] - C:\Users\Raphael\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-03-08] (Microsoft Corporation)
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20918432 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\MountPoints2: G - G:\Autorun.exe
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\MountPoints2: {0248bf3f-8c35-11e3-94b7-101f7414549c} - G:\Install.exe
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\MountPoints2: {17a6765c-2cb7-11e1-9ace-806e6f6e6963} - F:\autorun.exe
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\MountPoints2: {17a677a0-2cb7-11e1-9ace-101f7414549c} - G:\AutoRun.exe
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\MountPoints2: {17a677b4-2cb7-11e1-9ace-101f7414549c} - H:\AutoRun.exe
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\MountPoints2: {4e42b912-7825-11e1-b431-101f7414549c} - G:\LGAutoRun.exe
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\MountPoints2: {72094537-400d-11e1-8797-101f7414549c} - H:\AutoRun.exe
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\MountPoints2: {7d802da4-33ca-11e1-8868-101f7414549c} - G:\AutoRun.exe
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\MountPoints2: {7d802dbb-33ca-11e1-8868-101f7414549c} - H:\AutoRun.exe
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\MountPoints2: {90f557fc-2fc8-11e1-8874-101f7414549c} - G:\AutoRun.exe
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\MountPoints2: {c6ce933b-3146-11e1-85a0-101f7414549c} - H:\Autorun.exe
HKU\S-1-5-21-215696962-2090878713-1119302306-1001\...\MountPoints2: {edf66017-2cdb-11e1-8029-101f7414549c} - G:\AutoRun.exe
Startup: C:\Users\Raphael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Raphael\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
Startup: C:\Users\Raphael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://at.msn.com/?pc=UP97&ocid=UP97DHP&dt=071113
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/1
SearchScopes: HKLM - {03413C6F-3C72-4E27-86BA-80624A70C0A3} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48Ð¸patm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä* URL = 
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-08-21] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21
Tcpip\..\Interfaces\{0EDC64A2-48A2-4D4B-A227-D00558200321}: [NameServer]194.24.128.100 81.3.216.100
Tcpip\..\Interfaces\{92C85EB4-0A9B-4E96-B6B2-E53835FF59AA}: [NameServer]194.24.128.100 81.3.216.100

FireFox:
========
FF ProfilePath: C:\Users\Raphael\AppData\Roaming\Mozilla\Firefox\Profiles\8kvmy6nq.default
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Raphael\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Raphael\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2014-02-18]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-04-01] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-01-25] (CyberLink)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [218624 2012-01-01] ()
R2 UI Assistant Service; C:\Program Files (x86)\tele.ring Internet Manager\AssistantServices.exe [241664 2009-07-27] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2012-01-01] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-19] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-19] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-19] (LG Electronics Inc.)
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-24 23:58 - 2014-03-24 23:58 - 00020981 _____ () C:\Users\Raphael\Desktop\FRST.txt
2014-03-24 23:57 - 2014-03-24 23:58 - 02157056 _____ (Farbar) C:\Users\Raphael\Desktop\FRST64.exe
2014-03-24 23:38 - 2014-03-24 23:38 - 00000000 ____D () C:\Users\Raphael\AppData\Roaming\Avira
2014-03-24 23:36 - 2014-03-24 23:36 - 00002028 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-03-24 23:36 - 2014-03-24 23:36 - 00000000 ____D () C:\ProgramData\Avira
2014-03-24 23:36 - 2014-03-24 23:36 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-03-24 23:36 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-03-24 23:36 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-03-24 23:36 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-03-24 23:32 - 2014-03-02 21:44 - 00000426 _____ () C:\AVScanner.ini
2014-03-24 23:04 - 2014-03-24 23:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-24 23:03 - 2014-03-24 23:02 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-24 23:03 - 2014-03-24 23:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-24 23:03 - 2014-03-24 23:02 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-24 23:03 - 2014-03-24 23:02 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-24 21:28 - 2014-03-24 21:28 - 00987442 _____ () C:\Users\Raphael\Desktop\SecurityCheck.exe
2014-03-23 21:45 - 2014-03-23 21:45 - 00001157 _____ () C:\Users\Raphael\Desktop\THREADPOSTINGS.lnk
2014-03-23 21:33 - 2014-03-23 21:33 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Raphael\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-23 21:33 - 2014-03-23 21:33 - 00001071 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-23 21:33 - 2014-03-23 21:33 - 00000000 ____D () C:\Users\Raphael\AppData\Roaming\Malwarebytes
2014-03-23 21:33 - 2014-03-23 21:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-23 21:33 - 2014-03-23 21:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-23 21:33 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-23 21:24 - 2014-03-23 21:24 - 00448512 _____ (OldTimer Tools) C:\Users\Raphael\Desktop\TFC.exe
2014-03-23 21:23 - 2014-03-23 21:23 - 00015324 _____ () C:\Users\Raphael\Desktop\ItYhLj6f.htm
2014-03-23 15:19 - 2014-03-23 15:19 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-23 15:19 - 2014-03-23 15:19 - 00000000 ____D () C:\Users\Raphael\AppData\Local\Skype
2014-03-22 23:22 - 2014-03-22 23:22 - 00000000 ____D () C:\Windows\ERUNT
2014-03-22 23:17 - 2014-03-22 23:38 - 00000000 ____D () C:\Users\Raphael\Desktop\Trojaner Board
2014-03-22 23:10 - 2014-03-22 23:12 - 00000000 ____D () C:\AdwCleaner
2014-03-22 23:09 - 2014-03-22 23:09 - 01950720 _____ () C:\Users\Raphael\Downloads\adwcleaner.exe
2014-03-22 00:11 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-22 00:11 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-22 00:11 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-22 00:11 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-22 00:11 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-22 00:11 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-22 00:11 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-22 00:11 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-22 00:11 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-22 00:10 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-22 00:10 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-22 00:10 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-22 00:10 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-22 00:10 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-22 00:10 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-22 00:10 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-22 00:10 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-22 00:10 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-22 00:10 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-22 00:10 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-22 00:10 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-22 00:10 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-22 00:10 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-22 00:10 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-22 00:10 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-22 00:10 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-22 00:10 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-22 00:10 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-22 00:10 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-22 00:10 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-22 00:10 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-22 00:10 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-22 00:10 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-22 00:10 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-22 00:10 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-22 00:10 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-22 00:10 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-22 00:10 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-22 00:10 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-22 00:10 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-22 00:10 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-22 00:10 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-22 00:10 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-22 00:10 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-22 00:10 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-22 00:09 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-22 00:09 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-19 15:34 - 2014-03-24 23:56 - 00000000 ____D () C:\Users\Raphael\Desktop\FRST
2014-03-18 21:02 - 2014-03-24 23:58 - 00000000 ____D () C:\FRST
2014-03-18 16:13 - 2014-03-21 23:54 - 00000000 ____D () C:\Windows\system32\%LocalAppData%
2014-03-16 15:05 - 2014-03-16 15:06 - 00000145 _____ () C:\Users\Raphael\Desktop\To-Do-Liste.txt
2014-03-16 14:09 - 2014-03-16 18:05 - 00000000 ____D () C:\Users\Raphael\Desktop\Personalentwicklung
2014-03-12 20:56 - 2014-03-12 20:56 - 00001745 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-12 20:54 - 2014-03-12 20:56 - 00000000 ____D () C:\Program Files\iTunes
2014-03-12 20:54 - 2014-03-12 20:54 - 00000000 ____D () C:\Program Files\iPod
2014-03-12 20:48 - 2014-03-12 20:48 - 00001807 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-12 20:47 - 2014-03-12 20:48 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-12 19:09 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-11 12:09 - 2014-03-11 12:11 - 00018190 ____H () C:\Users\Raphael\Desktop\~WRL0005.tmp
2014-03-09 12:49 - 2014-03-10 11:40 - 00000000 ____D () C:\Users\Raphael\Desktop\Abbildungen Persm
2014-03-08 19:45 - 2014-03-24 23:54 - 00000000 ___RD () C:\ONEDRIVE
2014-03-08 19:44 - 2014-03-08 19:44 - 00002206 _____ () C:\Users\Raphael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-03-08 19:44 - 2014-03-08 19:44 - 00002082 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-03-08 19:44 - 2014-03-08 19:44 - 00002082 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-03-08 19:44 - 2014-03-08 19:44 - 00000000 ___RD () C:\Users\Raphael\OneDrive
2014-03-08 19:44 - 2014-03-08 19:44 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-03-08 19:44 - 2014-03-08 19:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2014-03-08 19:44 - 2014-03-08 19:43 - 06072008 _____ (Microsoft Corporation) C:\Users\Raphael\Downloads\OneDriveSetup.exe
2014-03-04 22:14 - 2014-03-23 16:01 - 00000000 ____D () C:\Users\Raphael\Desktop\ipod
2014-02-28 21:06 - 2014-02-28 21:06 - 00000000 ____D () C:\Users\Raphael\Documents\Command & Conquer 3 Tiberium Wars
2014-02-28 20:44 - 2014-02-28 20:44 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-02-28 19:33 - 2014-02-28 21:04 - 00000000 ____D () C:\Users\Raphael\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2014-02-28 19:33 - 2014-02-28 19:33 - 00000000 __RHD () C:\Users\Raphael\AppData\Roaming\SecuROM
2014-02-28 18:08 - 2014-02-28 18:08 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-02-28 11:05 - 2014-03-06 20:28 - 00013743 _____ () C:\Users\Raphael\Desktop\März 2013.xlsx
2014-02-27 21:10 - 2014-02-27 21:10 - 00001982 _____ () C:\Users\Raphael\Desktop\Windows Phone-Desktopanwendung.lnk
2014-02-27 21:09 - 2014-02-27 21:10 - 00000000 ____D () C:\Program Files (x86)\Windows Phone
2014-02-27 21:09 - 2014-02-27 21:09 - 00000000 ____D () C:\ProgramData\Applications
2014-02-27 13:21 - 2014-03-24 23:53 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-27 13:21 - 2014-02-27 14:07 - 00000879 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-02-27 13:19 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-02-27 13:19 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2014-02-27 13:19 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-02-27 13:19 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-02-27 13:19 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-02-27 13:19 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-02-27 13:19 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-02-27 13:19 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-02-27 13:19 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-02-27 13:19 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-02-27 13:19 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-02-27 13:19 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-02-27 13:19 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-02-27 13:19 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2014-02-27 13:19 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-02-27 13:19 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-02-27 13:19 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-02-27 13:19 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-02-27 13:19 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-02-27 13:19 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-02-27 13:19 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-02-27 13:19 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-02-27 13:19 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-02-27 13:19 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-02-27 13:19 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-02-27 13:19 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-02-27 13:19 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-02-27 13:19 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-02-27 13:19 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-02-27 13:19 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-02-27 13:19 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-02-27 13:19 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-02-27 13:19 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-02-27 13:19 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-02-27 13:19 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-02-27 13:19 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-02-27 13:19 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-02-27 13:19 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-02-27 13:19 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-02-27 13:19 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-02-27 13:19 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-02-27 13:19 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-02-27 13:19 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-02-27 13:19 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-02-27 13:19 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-02-27 13:19 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-02-27 13:19 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-02-27 13:19 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-02-27 13:19 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-02-27 13:19 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-02-27 13:19 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-02-27 13:19 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-02-27 13:19 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-02-27 13:19 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2014-02-27 13:19 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2014-02-27 13:19 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-02-27 13:19 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-02-27 13:19 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2014-02-27 13:19 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2014-02-27 13:19 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-02-27 13:19 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-02-27 13:19 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2014-02-27 13:19 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-02-27 13:19 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2014-02-27 13:19 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-02-27 13:19 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2014-02-27 13:19 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-02-27 13:19 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2014-02-27 13:19 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2014-02-27 13:19 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-02-27 13:19 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-02-27 13:19 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2014-02-27 13:19 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-02-27 13:19 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2014-02-27 13:19 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-02-27 13:19 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2014-02-27 13:19 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-02-27 13:19 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2014-02-27 13:19 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-02-27 13:19 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2014-02-27 13:19 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-02-27 12:59 - 2014-02-27 12:59 - 00005120 _____ () C:\Users\Raphael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-27 12:07 - 2014-02-28 11:23 - 00012527 _____ () C:\Users\Raphael\Desktop\Schuldentilgungsplan.xlsx
2014-02-25 13:38 - 2014-02-25 13:38 - 02790572 _____ ( ) C:\Users\Raphael\Downloads\pdftkb36_setup.exe
2014-02-25 13:38 - 2014-02-25 13:38 - 00000000 ____D () C:\Program Files (x86)\PDFTK Builder
2014-02-23 13:32 - 2014-03-24 23:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-23 13:32 - 2014-03-12 19:55 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-23 13:32 - 2014-02-23 13:32 - 00000000 ____D () C:\ProgramData\McAfee

==================== One Month Modified Files and Folders =======

2014-03-24 23:59 - 2014-03-24 23:58 - 00020981 _____ () C:\Users\Raphael\Desktop\FRST.txt
2014-03-24 23:58 - 2014-03-24 23:57 - 02157056 _____ (Farbar) C:\Users\Raphael\Desktop\FRST64.exe
2014-03-24 23:58 - 2014-03-18 21:02 - 00000000 ____D () C:\FRST
2014-03-24 23:57 - 2011-08-21 20:22 - 00700118 _____ () C:\Windows\system32\perfh007.dat
2014-03-24 23:57 - 2011-08-21 20:22 - 00149968 _____ () C:\Windows\system32\perfc007.dat
2014-03-24 23:57 - 2009-07-14 06:13 - 01622164 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-24 23:56 - 2014-03-19 15:34 - 00000000 ____D () C:\Users\Raphael\Desktop\FRST
2014-03-24 23:56 - 2011-12-25 23:20 - 00000000 ____D () C:\Users\Raphael\AppData\Roaming\Skype
2014-03-24 23:55 - 2014-02-23 13:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-24 23:54 - 2014-03-08 19:45 - 00000000 ___RD () C:\ONEDRIVE
2014-03-24 23:53 - 2014-02-27 13:21 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-24 23:51 - 2014-02-11 21:51 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForRaphael.job
2014-03-24 23:51 - 2013-06-13 07:54 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-03-24 23:51 - 2011-09-02 23:26 - 00000000 ____D () C:\ProgramData\Norton
2014-03-24 23:51 - 2010-11-21 04:47 - 00588332 _____ () C:\Windows\PFRO.log
2014-03-24 23:51 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-24 23:51 - 2009-07-14 05:51 - 00095195 _____ () C:\Windows\setupact.log
2014-03-24 23:50 - 2014-02-18 10:35 - 00000000 ____D () C:\Users\Raphael\AppData\Roaming\SoftGrid Client
2014-03-24 23:50 - 2011-09-02 23:00 - 01268151 _____ () C:\Windows\WindowsUpdate.log
2014-03-24 23:38 - 2014-03-24 23:38 - 00000000 ____D () C:\Users\Raphael\AppData\Roaming\Avira
2014-03-24 23:36 - 2014-03-24 23:36 - 00002028 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-03-24 23:36 - 2014-03-24 23:36 - 00000000 ____D () C:\ProgramData\Avira
2014-03-24 23:36 - 2014-03-24 23:36 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-03-24 23:04 - 2014-03-24 23:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-24 23:02 - 2014-03-24 23:03 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-24 23:02 - 2014-03-24 23:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-24 23:02 - 2014-03-24 23:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-24 23:02 - 2014-03-24 23:03 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-24 23:02 - 2012-07-15 12:28 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-24 21:28 - 2014-03-24 21:28 - 00987442 _____ () C:\Users\Raphael\Desktop\SecurityCheck.exe
2014-03-24 21:24 - 2012-03-02 22:44 - 00001146 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-215696962-2090878713-1119302306-1001UA.job
2014-03-24 20:04 - 2012-03-02 22:44 - 00001124 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-215696962-2090878713-1119302306-1001Core.job
2014-03-24 19:53 - 2013-07-12 20:46 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9471D58D-5AC4-41EA-8E98-1A8C0C2D74D1}
2014-03-23 21:55 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-23 21:55 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-23 21:52 - 2014-02-11 21:51 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForRaphael
2014-03-23 21:45 - 2014-03-23 21:45 - 00001157 _____ () C:\Users\Raphael\Desktop\THREADPOSTINGS.lnk
2014-03-23 21:33 - 2014-03-23 21:33 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Raphael\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-23 21:33 - 2014-03-23 21:33 - 00001071 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-23 21:33 - 2014-03-23 21:33 - 00000000 ____D () C:\Users\Raphael\AppData\Roaming\Malwarebytes
2014-03-23 21:33 - 2014-03-23 21:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-23 21:33 - 2014-03-23 21:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-23 21:24 - 2014-03-23 21:24 - 00448512 _____ (OldTimer Tools) C:\Users\Raphael\Desktop\TFC.exe
2014-03-23 21:23 - 2014-03-23 21:23 - 00015324 _____ () C:\Users\Raphael\Desktop\ItYhLj6f.htm
2014-03-23 16:01 - 2014-03-04 22:14 - 00000000 ____D () C:\Users\Raphael\Desktop\ipod
2014-03-23 15:57 - 2011-12-22 19:22 - 00058016 _____ () C:\Users\Raphael\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-23 15:19 - 2014-03-23 15:19 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-23 15:19 - 2014-03-23 15:19 - 00000000 ____D () C:\Users\Raphael\AppData\Local\Skype
2014-03-23 15:19 - 2011-12-25 23:20 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-23 15:19 - 2011-12-25 23:20 - 00000000 ____D () C:\ProgramData\Skype
2014-03-23 12:34 - 2012-03-06 10:50 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2014-03-23 12:34 - 2011-08-21 11:09 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-23 12:22 - 2012-06-04 20:07 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2012
2014-03-23 11:23 - 2012-02-01 21:45 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-03-23 11:23 - 2011-12-25 22:20 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-03-22 23:38 - 2014-03-22 23:17 - 00000000 ____D () C:\Users\Raphael\Desktop\Trojaner Board
2014-03-22 23:22 - 2014-03-22 23:22 - 00000000 ____D () C:\Windows\ERUNT
2014-03-22 23:15 - 2009-07-14 05:45 - 00276904 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-22 23:14 - 2013-03-30 19:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-22 23:14 - 2013-03-30 19:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-22 23:12 - 2014-03-22 23:10 - 00000000 ____D () C:\AdwCleaner
2014-03-22 23:09 - 2014-03-22 23:09 - 01950720 _____ () C:\Users\Raphael\Downloads\adwcleaner.exe
2014-03-22 22:57 - 2014-02-18 12:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-22 22:51 - 2014-02-18 12:24 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-21 23:57 - 2011-12-22 19:16 - 00000000 ____D () C:\Users\Raphael
2014-03-21 23:55 - 2014-02-02 19:16 - 00000000 ____D () C:\Program Files (x86)\tele.ring Internet Manager
2014-03-21 23:55 - 2011-12-22 19:23 - 00000000 ___RD () C:\Users\Raphael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-21 23:55 - 2011-09-03 08:54 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-21 23:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-03-21 23:54 - 2014-03-18 16:13 - 00000000 ____D () C:\Windows\system32\%LocalAppData%
2014-03-21 23:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-03-21 23:53 - 2014-02-18 10:41 - 00000000 __RHD () C:\MSOCache
2014-03-21 23:53 - 2011-12-22 19:36 - 00000000 ____D () C:\Program Files (x86)\Mobile Partner
2014-03-18 13:29 - 2012-07-13 20:15 - 00517120 ___SH () C:\Users\Raphael\Desktop\Thumbs.db
2014-03-17 14:04 - 2011-12-30 12:53 - 00000000 ____D () C:\Users\Raphael\AppData\Local\CrashDumps
2014-03-16 18:05 - 2014-03-16 14:09 - 00000000 ____D () C:\Users\Raphael\Desktop\Personalentwicklung
2014-03-16 15:06 - 2014-03-16 15:05 - 00000145 _____ () C:\Users\Raphael\Desktop\To-Do-Liste.txt
2014-03-12 20:56 - 2014-03-12 20:56 - 00001745 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-12 20:56 - 2014-03-12 20:54 - 00000000 ____D () C:\Program Files\iTunes
2014-03-12 20:56 - 2012-09-16 19:03 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-12 20:56 - 2012-07-22 12:03 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-12 20:54 - 2014-03-12 20:54 - 00000000 ____D () C:\Program Files\iPod
2014-03-12 20:48 - 2014-03-12 20:48 - 00001807 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-12 20:48 - 2014-03-12 20:47 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-12 19:55 - 2014-02-23 13:32 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 19:55 - 2012-11-11 18:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 19:55 - 2011-12-29 22:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 12:11 - 2014-03-11 12:09 - 00018190 ____H () C:\Users\Raphael\Desktop\~WRL0005.tmp
2014-03-10 11:40 - 2014-03-09 12:49 - 00000000 ____D () C:\Users\Raphael\Desktop\Abbildungen Persm
2014-03-08 19:45 - 2014-02-18 11:52 - 00000000 ____D () C:\Users\Raphael\Desktop\Manuel
2014-03-08 19:44 - 2014-03-08 19:44 - 00002206 _____ () C:\Users\Raphael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-03-08 19:44 - 2014-03-08 19:44 - 00002082 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-03-08 19:44 - 2014-03-08 19:44 - 00002082 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-03-08 19:44 - 2014-03-08 19:44 - 00000000 ___RD () C:\Users\Raphael\OneDrive
2014-03-08 19:44 - 2014-03-08 19:44 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-03-08 19:44 - 2014-03-08 19:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2014-03-08 19:43 - 2014-03-08 19:44 - 06072008 _____ (Microsoft Corporation) C:\Users\Raphael\Downloads\OneDriveSetup.exe
2014-03-06 20:28 - 2014-02-28 11:05 - 00013743 _____ () C:\Users\Raphael\Desktop\März 2013.xlsx
2014-03-02 21:44 - 2014-03-24 23:32 - 00000426 _____ () C:\AVScanner.ini
2014-03-01 07:05 - 2014-03-22 00:10 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-22 00:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-22 00:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-22 00:11 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-22 00:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-22 00:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-22 00:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-22 00:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-22 00:10 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-22 00:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-22 00:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-22 00:10 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-22 00:10 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-22 00:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-22 00:10 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-22 00:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-12 19:09 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-22 00:10 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-22 00:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-22 00:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-22 00:11 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-22 00:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:43 - 2014-03-22 00:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:42 - 2014-03-22 00:10 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-22 00:10 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-22 00:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-22 00:10 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-22 00:10 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-22 00:10 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-22 00:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-22 00:10 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-22 00:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-22 00:10 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-22 00:10 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-22 00:10 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-22 00:10 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-22 00:10 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-22 00:11 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-22 00:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-22 00:10 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 21:06 - 2014-02-28 21:06 - 00000000 ____D () C:\Users\Raphael\Documents\Command & Conquer 3 Tiberium Wars
2014-02-28 21:04 - 2014-02-28 19:33 - 00000000 ____D () C:\Users\Raphael\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2014-02-28 20:44 - 2014-02-28 20:44 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-02-28 19:33 - 2014-02-28 19:33 - 00000000 __RHD () C:\Users\Raphael\AppData\Roaming\SecuROM
2014-02-28 18:32 - 2011-08-21 11:01 - 00058392 _____ () C:\Windows\DirectX.log
2014-02-28 18:08 - 2014-02-28 18:08 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-02-28 11:23 - 2014-02-27 12:07 - 00012527 _____ () C:\Users\Raphael\Desktop\Schuldentilgungsplan.xlsx
2014-02-28 03:01 - 2011-09-02 23:12 - 01596444 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-27 21:10 - 2014-02-27 21:10 - 00001982 _____ () C:\Users\Raphael\Desktop\Windows Phone-Desktopanwendung.lnk
2014-02-27 21:10 - 2014-02-27 21:09 - 00000000 ____D () C:\Program Files (x86)\Windows Phone
2014-02-27 21:09 - 2014-02-27 21:09 - 00000000 ____D () C:\ProgramData\Applications
2014-02-27 21:03 - 2011-12-22 23:51 - 00000000 ____D () C:\Users\Raphael\AppData\Local\Windows Live
2014-02-27 14:07 - 2014-02-27 13:21 - 00000879 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-02-27 12:59 - 2014-02-27 12:59 - 00005120 _____ () C:\Users\Raphael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-27 12:06 - 2014-02-20 09:38 - 00000000 ____D () C:\Users\Raphael\AppData\Roaming\HpUpdate
2014-02-25 13:38 - 2014-02-25 13:38 - 02790572 _____ ( ) C:\Users\Raphael\Downloads\pdftkb36_setup.exe
2014-02-25 13:38 - 2014-02-25 13:38 - 00000000 ____D () C:\Program Files (x86)\PDFTK Builder
2014-02-25 11:41 - 2014-03-24 23:36 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-02-25 11:41 - 2014-03-24 23:36 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-02-25 11:41 - 2014-03-24 23:36 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-02-23 13:32 - 2014-02-23 13:32 - 00000000 ____D () C:\ProgramData\McAfee
2014-02-23 13:32 - 2012-01-11 21:58 - 00000000 ____D () C:\Users\Raphael\AppData\Local\Adobe

Some content of TEMP:
====================
C:\Users\Raphael\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-24 01:03

==================== End Of Log ============================

--- --- ---

deeprybka · 25.03.2014, 08:34

Na wie "schnurrt das Kätzchen jetzt"?

Gibts noch Probleme mit dem PC oder hast Du noch Fragen?

Ansonsten...lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu.

Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst Du sie bedenkenlos löschen.

>>clean<<
Wir haben es geschafft!

Die Logs sehen für mich im Moment sauber aus.

Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen und hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst....

Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.

Epilog: Tipps, Dos & Don'ts

Aktualität von System und Software

Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:

Windows Vista/7/8: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren

Auch die installierte Software sollte immer in der aktuellsten Version vorliegen.
Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.

Mit diesem kleinen Plugin-Check kannst du regelmässig diese Komponenten auf deren Aktualität überprüfen.
Achte auch darauf, dass alte, nicht mehr verwendete Versionen deinstalliert sind.
Optional: Das Programm Secunia Personal Software Inspector kann dich dabei unterstützen, stets die aktuellen Versionen sämtlicher installierter Software zu nutzen.

Sicherheits-Software

Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine infizierte Datei nicht erkennt).
Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.

Nutze einen Virenscanner mit Hintergrundwächter mit stets aktueller Datenbank. Welches Produkt gewählt wird, spielt keine so entscheidende Rolle. Wenn du ein kommerzielles Programm kaufen möchtest, kann ich Dir Kaspersky Antivirus oder Emsisoft Anti-Malware empfehlen (die Freeware-Version davon reicht aber nicht, denn die hat keinen Hintergrundwächter).

Bevorzugst du ein kostenloses Produkt, dann ist Avast! Free Antivirus eine gute Alternative.
Betreibe aber keinesfalls zwei Wächter parallel, die würden sich gegenseitig behindern.
Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
Zusätzlich zum Virenscanner kannst du dein System regelmässig mit einem On-Demand Antimalwareprogramm scannen. Empfehlenswert ist die Free-Version von Malwarebytes Anti-Malware . Vor jedem Scan die Datenbank updaten.
Optional: Das Programm Sandboxie führt Anwendungen in einer isolierten Umgebung ("Sandkasten") aus, so dass keine Änderungen am System vorgenommen werden können. Wenn du deinen Browser darin startest, vermindert sich die Chance, dass beim Surfen eingefangene Malware sich dauerhaft im System festsetzen kann.
Optional: Das Addon WOT (web of trust) warnt dich vor einer als schädlich gemeldeten Website, bevor sie geladen wird. Für verschiedene Browser erhältlich.
Optional: Browser-in-the-box kombiniert die virtuelle, isolierte Umgebung und die Sicherheit eines Linux Betriebssystems.

Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt.
Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:

NoScript verhindert standardmässig das Ausführen von aktiven Inhalten (Java, JavaScript, Flash, ..) für sämtliche Websites. Du kannst selber nach dem Prinzip einer Whitelist festlegen, welchen Seiten du vertrauen und Scripts erlauben willst, auch temporär.
Adblock Plus blockt die meisten Werbebanner weg. Solche Banner können nebst ihrer störenden Erscheinung auch als Infektionsherde fungieren.

(Un-)Sicheres Verhalten im Internet

Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.

Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.

Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher (und ein beliebter) Weg, um Malware zu verbreiten.
Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kannst du dir nie sicher sein, ob auch wirklich drin ist, was drauf steht.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).

Surfe mit Vorsicht und lass dich nicht von irgendwie interessant erscheinenden Elementen zu einem vorschnellen Klick verleiten. Lass dich nicht von Popups täuschen, die aussehen wie System- oder Virenmeldungen.
Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo deine Daten eingeben.
Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst du von einem deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant oder skandalös tönt, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und du solltest nicht denselben Fehler machen.
Lass die Dateiendungen anzeigen, so dass du dich nicht täuschen lässt, wenn eine ausführbare Datei über ein doppelte Dateiendung kaschiert wird, z.B. Nacktfoto.jpg.exe.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.

Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen fürs Programm irrelevanten Ergänzungen.

Allgemeine Hinweise

Abschliessend noch ein paar grundsätzliche Bemerkungen:

Dein Benutzerkonto für den alltäglichen Gebrauch sollte nicht über Administratorenrechte verfügen. Nutze ein Konto mit eingeschränkten Rechten bzw. aktiviere die Benutzerkontensteuerung (UAC) auf der höchsten Stufe (Windows Vista/7/8 ).
Erstelle regelmässig Backups deiner Daten und Dokumente auf externen Datenträgern, bei wichtigen Dateien mindestens zweifach. Nicht nur ein Malwarebefall kann schmerzhaften Datenverlust nach sich ziehen sondern auch ein gewöhnlicher Festplattendefekt.
Die Autorun/Autoplay-Funktion stellt ein Risiko dar, denn sie ermöglicht es, dass beispielsweise beim Einstecken eines entsprechend infizierten USB-Sticks der Befall auf den Rechner überspringt. Überlege dir, ob du diese Funktion nicht besser deaktivieren möchtest.
Wähle deine Passwörter gemäss den gängigen Regeln, um besser gegen Brute-Force- und Wörterbuchattacken gewappnet zu sein. Benutze jedes deiner Passwörter nur einmal und ändere sie regelmässig.
Der Nutzen von Registry-Cleanern zur Performancesteigerung ist umstritten. Auf jeden Fall lässt sich damit grosser Schaden anrichten, wenn man nicht weiss, was man tut. Wir empfehlen deshalb, die Finger von der Registry zu lassen. Um von Zeit zu Zeit die temporären Dateien zu löschen, genügt TFC.

VonDrecken · 25.03.2014, 10:17

Vielen Dank, dass du meinen PC wieder hinbekommen hast.
Hat alles wunderbar funktioniert. Du bist der Beste :-)
Danke auch für die Tipps, die ich mir sicher zu Herzen nehmen werden!

LG

Interpol Virus - FRST.exe

Plagegeister aller Art und deren Bekämpfung: Interpol Virus - FRST.exe