Trojaner-Board - Hinweis der Sparkasse wegen MITB-Trojaner

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Hinweis der Sparkasse wegen MITB-Trojaner (https://www.trojaner-board.de/155091-hinweis-sparkasse-wegen-mitb-trojaner.html)

Hinweis der Sparkasse wegen MITB-Trojaner

Guten Tag,
wir wurden vor einigen Tagen von der Frankfurter Sparkasse darüber informiert, das sich auf unserem System ein MITB-Trojaner eingenistet hat.
Wir bitten um Unterstützung bei der Beseitigung des Trojaners.
Leider ist es so, dass der Arbeitsplatz nicht immer besetzt ist. Wir würden vorschlagen das Problem am morgigen Donnerstag Nachmittag um ca 14:30 Uhr zu bearbeiten.

Mit freundlichen Grüßen
Heinz Peppler

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Hallo,
bin jetzt leider nicht mehr an dem System.
Erst morgen wieder.

Hallo,
bin jetzt wieder am System und starte den FRST64

H.P.

Hallo,

Hier das Logfile FRST.txt

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2014 01

Ran by TV (administrator) on TV-COMPUTER on 12-06-2014 14:52:02

Running from C:\Users\TV\Downloads\Trojaner\mitb

Platform: Windows 8.1 (Update 1) (X64) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

() C:\Program Files\CyberLink\Shared files\RichVideo64.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe

(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

() C:\Program Files (x86)\Lightscreen\lightscreen.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Geek Software GmbH) C:\prg\PDF24\pdf24.exe

(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe

(HP) C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17031_none_fa50b3979b1bcb4a\TiWorker.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)

HKLM\...\Run: [HP Color LaserJet CM1312 MFP Series Fax] => C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe [3700736 2009-09-22] (Hewlett-Packard Company)

HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110144 2013-03-05] (CyberLink)

HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [492248 2012-12-26] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-03] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [PDFPrint] => C:\prg\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)

HKLM-x32\...\Run: [HPUsageTracking] => C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe [24576 2009-05-11] (Hewlett-Packard Company)

HKLM-x32\...\Run: [HPPQVideo] => C:\Program Files (x86)\HP\ScheduledLaunch\HP Color LaserJet CM1312 MFP Series\bin\hppschlnch.exe [106496 2007-05-07] (Hewlett-Packard)

HKLM-x32\...\Run: [ToolBoxFX] => C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe [53248 2009-10-22] (HP)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1

HKU\S-1-5-21-287583680-2149288412-797248488-1001\...\Run: [Lightscreen] => C:\Program Files (x86)\Lightscreen\lightscreen.exe [563200 2010-03-17] ()

HKU\S-1-5-21-287583680-2149288412-797248488-1001\...\Run: [ztoytlnu] => regsvr32.exe "

AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [202560 2014-05-23] (Client Connect LTD)

AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [171840 2014-05-23] (Client Connect LTD)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3318155&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPB42C4280-630B-4149-BF19-FF41819F303F&SSPV=

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB

SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3318155&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPB42C4280-630B-4149-BF19-FF41819F303F&q={searchTerms}&SSPV=

SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3318155&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPB42C4280-630B-4149-BF19-FF41819F303F&q={searchTerms}&SSPV=

SearchScopes: HKCU - {2EDFFF1B-7952-41B2-ABDE-CCB0287C3224} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\TV\AppData\Roaming\Mozilla\Firefox\Profiles\v65z7t4l.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()

FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\prg\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\prg\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\prg\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\prg\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\prg\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF SearchPlugin: C:\Users\TV\AppData\Roaming\Mozilla\Firefox\Profiles\v65z7t4l.default\searchplugins\conduit-search.xml
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)

S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-06-03] (Avira Operations GmbH & Co. KG)

R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2497856 2014-05-23] (Client Connect LTD)

R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)

R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)

R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-06-01] (HP) [File not signed]

R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]

R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)

R2 MSSQL$ELVIS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)

S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]

R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]

R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-06-03] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)

R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)

S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)

S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()

S2 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()

S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)

S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)

S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)

R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)

S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)

R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)

S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)

S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)

R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )

S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)

S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)

R3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-06-12 14:42 - 2014-05-05 06:02 - 03360256 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-06-12 14:40 - 2014-05-19 08:31 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\drvcfg.exe

2014-06-12 14:40 - 2014-05-19 08:21 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\drvinst.exe

2014-06-12 14:40 - 2014-05-19 07:23 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe

2014-06-12 14:40 - 2014-05-01 15:31 - 03048904 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe

2014-06-12 14:40 - 2014-05-01 15:31 - 00055328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wpcfltr.sys

2014-06-12 14:40 - 2014-05-01 09:14 - 03118080 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll

2014-06-12 14:40 - 2014-05-01 09:05 - 02861056 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll

2014-06-12 14:40 - 2014-05-01 08:51 - 02344448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll

2014-06-12 14:40 - 2014-05-01 07:24 - 02834944 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll

2014-06-11 20:32 - 2014-06-12 14:52 - 00000000 ____D () C:\FRST

2014-06-11 20:25 - 2014-06-11 20:25 - 00000000 ____D () C:\Users\TV\Downloads\Trojaner

2014-06-04 19:54 - 2014-06-04 19:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf

2014-06-04 19:47 - 2014-06-04 19:47 - 00000000 _____ () C:\autoexec.bat

2014-06-04 19:46 - 2014-06-04 19:46 - 00002268 _____ () C:\Users\TV\Desktop\SpyHunter.lnk

2014-06-04 19:46 - 2014-06-04 19:46 - 00000000 ____D () C:\Users\TV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter

2014-06-04 19:46 - 2014-06-04 19:46 - 00000000 ____D () C:\sh4ldr

2014-06-04 19:46 - 2014-06-04 19:46 - 00000000 ____D () C:\Program Files\Enigma Software Group

2014-06-04 19:46 - 2012-06-22 11:01 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys

2014-06-04 19:45 - 2014-06-04 19:46 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP

2014-06-04 19:42 - 2014-06-04 19:42 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\TV\Downloads\SpyHunter-Installer.exe

2014-05-26 10:40 - 2014-06-02 14:31 - 00000000 ____D () C:\Program Files (x86)\SearchProtect

2014-05-26 10:40 - 2014-05-26 10:40 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-05-26 10:40 - 2014-05-26 10:40 - 00001163 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-05-26 10:40 - 2014-05-26 10:40 - 00000000 ____D () C:\Users\TV\AppData\Local\SearchProtect

2014-05-26 10:40 - 2014-05-26 10:40 - 00000000 ____D () C:\ProgramData\Mozilla

2014-05-26 10:40 - 2014-05-26 10:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle

2014-05-26 10:40 - 2014-05-26 10:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-05-26 10:40 - 2014-05-26 10:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-05-26 10:39 - 2014-05-26 10:39 - 00000000 ____D () C:\Program Files (x86)\sweetpacks bundle uninstaller_Firefox_1539824

2014-05-15 17:45 - 2014-05-31 07:13 - 00703992 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-05-15 17:45 - 2014-05-31 07:13 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-05-15 17:42 - 2014-06-11 19:42 - 00003076 _____ () C:\Windows\PFRO.log

2014-05-14 10:06 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys

2014-05-14 10:06 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys

2014-05-14 10:06 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys

2014-05-14 10:06 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe

2014-05-14 10:06 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe

2014-05-14 10:05 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll

2014-05-14 10:05 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2014-05-14 10:05 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll

2014-05-14 10:05 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2014-05-14 10:05 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe

2014-05-14 10:05 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2014-05-14 10:05 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll

2014-05-14 10:05 - 2014-04-11 05:36 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll

2014-05-14 10:05 - 2014-04-11 05:24 - 13288960 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll

2014-05-14 10:05 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2014-05-14 10:05 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-05-14 10:05 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2014-05-14 10:05 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-05-14 10:05 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2014-05-14 10:05 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2014-05-14 10:05 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2014-05-14 10:05 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2014-05-14 10:05 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll

2014-05-14 10:05 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll

2014-05-14 10:05 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2014-05-14 10:05 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2014-05-14 10:05 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2014-05-14 10:05 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2014-05-14 10:05 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll

2014-05-14 10:05 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll

2014-05-14 10:05 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll

2014-05-14 10:05 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll

2014-05-14 10:04 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-14 10:04 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-05-14 10:04 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-14 10:04 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-05-14 10:04 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\Windows\system32\mrt_map.dll

2014-05-14 10:04 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\Windows\system32\mrt100.dll

2014-05-14 10:04 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt_map.dll

2014-05-14 10:04 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt100.dll

2014-05-14 10:04 - 2014-03-27 11:12 - 21225584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-05-14 10:04 - 2014-03-27 09:48 - 18679728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
 

==================== One Month Modified Files and Folders =======
 

2014-06-12 14:52 - 2014-06-11 20:32 - 00000000 ____D () C:\FRST

2014-06-12 14:52 - 2013-11-28 16:56 - 00000000 ____D () C:\Users\TV\AppData\Local\Temp

2014-06-12 14:49 - 2014-02-27 12:02 - 01134379 _____ () C:\Windows\WindowsUpdate.log

2014-06-12 14:49 - 2014-01-19 12:36 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-06-12 14:49 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp

2014-06-12 14:48 - 2013-12-12 18:49 - 00000000 ____D () C:\Windows\system32\MRT

2014-06-12 14:47 - 2013-12-12 18:49 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-06-12 14:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData

2014-06-12 14:37 - 2013-11-28 16:05 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{DB9B522E-EEA7-47AA-BF62-DF2ED5951F9D}

2014-06-12 14:33 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru

2014-06-11 21:28 - 2013-11-28 16:56 - 00000000 ____D () C:\Users\TV

2014-06-11 21:12 - 2013-09-02 09:52 - 00822348 _____ () C:\Windows\system32\perfh007.dat

2014-06-11 21:12 - 2013-09-02 09:52 - 00183042 _____ () C:\Windows\system32\perfc007.dat

2014-06-11 21:12 - 2013-09-02 09:20 - 01927414 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-06-11 21:05 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-11 20:25 - 2014-06-11 20:25 - 00000000 ____D () C:\Users\TV\Downloads\Trojaner

2014-06-11 19:53 - 2013-11-28 16:02 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-287583680-2149288412-797248488-1001

2014-06-11 19:42 - 2014-05-15 17:42 - 00003076 _____ () C:\Windows\PFRO.log

2014-06-11 19:28 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness

2014-06-04 20:06 - 2014-03-12 18:56 - 00004746 _____ () C:\Windows\setupact.log

2014-06-04 19:54 - 2014-06-04 19:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf

2014-06-04 19:47 - 2014-06-04 19:47 - 00000000 _____ () C:\autoexec.bat

2014-06-04 19:46 - 2014-06-04 19:46 - 00002268 _____ () C:\Users\TV\Desktop\SpyHunter.lnk

2014-06-04 19:46 - 2014-06-04 19:46 - 00000000 ____D () C:\Users\TV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter

2014-06-04 19:46 - 2014-06-04 19:46 - 00000000 ____D () C:\sh4ldr

2014-06-04 19:46 - 2014-06-04 19:46 - 00000000 ____D () C:\Program Files\Enigma Software Group

2014-06-04 19:46 - 2014-06-04 19:45 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP

2014-06-04 19:42 - 2014-06-04 19:42 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\TV\Downloads\SpyHunter-Installer.exe

2014-06-03 14:27 - 2013-12-12 19:25 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2014-06-03 14:27 - 2013-12-12 19:25 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2014-06-02 14:31 - 2014-05-26 10:40 - 00000000 ____D () C:\Program Files (x86)\SearchProtect

2014-05-31 07:13 - 2014-05-15 17:45 - 00703992 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-05-31 07:13 - 2014-05-15 17:45 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-05-26 10:40 - 2014-05-26 10:40 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-05-26 10:40 - 2014-05-26 10:40 - 00001163 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-05-26 10:40 - 2014-05-26 10:40 - 00000000 ____D () C:\Users\TV\AppData\Local\SearchProtect

2014-05-26 10:40 - 2014-05-26 10:40 - 00000000 ____D () C:\ProgramData\Mozilla

2014-05-26 10:40 - 2014-05-26 10:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle

2014-05-26 10:40 - 2014-05-26 10:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-05-26 10:40 - 2014-05-26 10:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-05-26 10:39 - 2014-05-26 10:39 - 00000000 ____D () C:\Program Files (x86)\sweetpacks bundle uninstaller_Firefox_1539824

2014-05-20 13:04 - 2014-03-01 11:44 - 00000000 ___SD () C:\Users\TV\Documents\Meine Datenquellen

2014-05-20 11:12 - 2014-01-02 12:02 - 00000000 ____D () C:\download

2014-05-19 08:31 - 2014-06-12 14:40 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\drvcfg.exe

2014-05-19 08:21 - 2014-06-12 14:40 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\drvinst.exe

2014-05-19 07:23 - 2014-06-12 14:40 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe

2014-05-16 14:25 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache

2014-05-15 17:56 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM

2014-05-15 17:47 - 2013-11-28 16:57 - 00000000 ___RD () C:\Users\TV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-05-15 17:47 - 2013-11-28 16:57 - 00000000 ___RD () C:\Users\TV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-05-14 12:33 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI

2014-05-14 12:31 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-05-14 12:31 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-05-14 12:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore

2014-05-14 12:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates

2014-05-14 12:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender

2014-05-14 12:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2014-05-13 13:11 - 2013-12-12 19:38 - 00000000 ____D () C:\prg
 

Some content of TEMP:

====================

C:\Users\TV\AppData\Local\Temp\avgnt.exe

C:\Users\TV\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

C:\Users\TV\AppData\Local\Temp\nsg9128.exe

C:\Users\TV\AppData\Local\Temp\nshABC7.exe

C:\Users\TV\AppData\Local\Temp\SHSetup.exe

C:\Users\TV\AppData\Local\Temp\SPSetup.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-06-11 19:53
 

==================== End Of Log ============================

--- --- ---

--- --- ---

[/CODE]

Zusätzlich noch das Addition.txt

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-06-2014 01

Ran by TV at 2014-06-12 14:52:29

Running from C:\Users\TV\Downloads\Trojaner\mitb

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 

==================== Installed Programs ======================
 

64 Bit HP CIO Components Installer (Version: 4.2.1 - Hewlett-Packard) Hidden

Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)

Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)

BufferChm (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)

CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) Hidden

CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3807_46074 - CyberLink Corp.) Hidden

CyberLink PhotoDirector 3 (x32 Version: 3.0.4017 - CyberLink Corp.) Hidden

CyberLink Power2Go 8 (x32 Version: 8.0.0.2426b - CyberLink Corp.) Hidden

CyberLink PowerDirector (Version: 9.0.0.5129 - CyberLink Corp.) Hidden

CyberLink PowerDVD 10 (x32 Version: 10.0.5211.02 - CyberLink Corp.) Hidden

CyberLink PowerDVD Copy 1.5 (x32 Version: 1.5.0.3725 - CyberLink Corp.) Hidden

CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0913 - CyberLink Corp.)

CyberLink PowerRecover (Version: 5.7.0.0913 - CyberLink Corp.) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)

DeviceDiscovery (x32 Version: 100.0.190.000 - Hewlett-Packard) Hidden

DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

ELVIS Einzelplatz v12.1 (HKLM-x32\...\{9F1B16BF-85FF-428F-9A31-A623AAE3DF2D}) (Version: v12.1 - ORBIT GmbH)

ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )

Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Fotogalerija (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Fotogalleri (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Fotogalleriet (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Fotoğraf Galerisi (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Fotótár (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Galeria de Fotografias (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Galería de fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Galeria fotografii (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

HP Color LaserJet CM1312 MFP Series 5.1 (HKLM\...\{8EEDB90E-6ABC-42bb-AD4C-39DEE05E3EEA}) (Version: 5.1 - HP)

HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)

HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)

HP Update (HKLM-x32\...\{11B83AD3-7A46-4C2E-A568-9505981D4C6F}) (Version: 4.000.007.003 - Hewlett-Packard)

hppCLJCM1312 (x32 Version: 005.001.00142 - Hewlett-Packard) Hidden

hppFaxDrvCM1312 (x32 Version: 005.000.00001 - Hewlett-Packard) Hidden

hppFaxUtilityCM1312 (x32 Version: 005.001.00137 - Ihr Firmenname) Hidden

hppFonts (x32 Version: 001.001.00061 - Hewlett-Packard) Hidden

hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden

hppManualsCM1312 (x32 Version: 005.001.00145 - Ihr Firmenname) Hidden

hppPQVideoCM1312 (x32 Version: 005.001.00142 - Ihr Firmenname) Hidden

hppQFolderCM1312 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

hppScanToCM1312 (x32 Version: 005.001.00140 - Ihr Firmenname) Hidden

hppSendFaxCM1312 (x32 Version: 005.000.00001 - Ihr Firmenname) Hidden

hppTLBXFXCM1312 (x32 Version: 001.017.00050 - Hewlett-Packard) Hidden

hppusgCM1312 (x32 Version: 1.1.0.1 - Hewlett-Packard) Hidden

HPSSupply (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden

hpzTLBXFX (x32 Version: 005.003.00171 - Hewlett-Packard) Hidden

Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3282 - Intel Corporation)

Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)

Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden

IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)

Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Lightscreen (HKLM-x32\...\Lightscreen) (Version:  - )

MarketResearch (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden

Medion Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)

Medion Home Cinema 10 (x32 Version: 10.2419 - CyberLink Corp.) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server 2005 Express Edition (ELVIS) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden

Microsoft SQL Server Native Client (HKLM\...\{7C39E0D1-E138-42B1-B083-213EC2CF7692}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft SQL Server VSS Writer (HKLM\...\{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

Mozilla Thunderbird 24.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.2.0 (x86 de)) (Version: 24.2.0 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

PDF24 Creator 6.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)

PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)

PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.213.1 - Tracker Software Products Ltd)

Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

PhotoNow (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden

Podstawowe programy Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)

Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.13.3.38 - Client Connect LTD) <==== ATTENTION

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden

Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)

SoftwareWatcher bundle (HKLM-x32\...\SoftwareWatcher bundle) (Version: 2.0.0.5 - SoftwareWatcher)

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)

SpyHunter (HKLM\...\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)

TrayApp (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden

Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM-x32\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{4B93560B-F33D-4A67-A224-F5E1C329BD22}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)

Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)

Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)

Valokuvavalikoima (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

WebReg (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden

Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Temel Parçalar (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Liven peruspaketti (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Συλλογή φωτογραφιών (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
 

==================== Restore Points  =========================
 

15-05-2014 15:55:39 Windows Update

22-05-2014 17:28:18 Geplanter Prüfpunkt

30-05-2014 07:56:11 Geplanter Prüfpunkt

04-06-2014 17:45:54 Installed SpyHunter

12-06-2014 12:44:59 Windows Update
 

==================== Hosts content: ==========================
 

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask

Task: {09A9F230-CDE3-4A36-9F35-1275FD0AAB05} - System32\Tasks\CCleanerSkipUAC => C:\Prg\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)

Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {2953D882-CF91-44D8-8989-B052AC93098A} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload

Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate

Task: {31DF2A0C-05D7-4394-929C-00EC21B735CA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe

Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)

Task: {384284C8-C6C0-4CBA-B720-21D11483A7A8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe

Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)

Task: {42EE39DA-772B-4E6D-A377-4D5DEF976EA8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-06-12] (Microsoft Corporation)

Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance

Task: {5F340102-200B-46CB-B170-B4D7ADE98AC7} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)

Task: {62198E4A-7D55-4F57-A891-015BE662B078} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv

Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup

Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task

Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task

Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask

Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work

Task: {A0469FD1-4E7D-4FBC-BF84-1FD595D52E7C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe

Task: {C221BE5D-FCE1-4D09-AB2D-B8B641579434} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation

Task: {C2A4D7EC-CA37-4F91-B481-A348A43B558D} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management

Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask

Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization

Task: {DFE05C6E-3BB6-474E-8B92-619C2E07C67A} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics

Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
 

==================== Loaded Modules (whitelisted) =============
 

2013-09-03 07:50 - 2010-08-19 18:43 - 00386344 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe

2010-03-17 03:46 - 2010-03-17 03:46 - 00563200 _____ () C:\Program Files (x86)\Lightscreen\lightscreen.exe

2013-12-12 20:02 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll

2013-12-12 20:02 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl

2013-12-12 20:02 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

2013-12-12 20:02 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl

2013-12-12 20:02 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

2009-01-10 12:32 - 2009-01-10 12:32 - 00011362 _____ () C:\Program Files (x86)\Lightscreen\mingwm10.dll

2009-06-22 20:42 - 2009-06-22 20:42 - 00043008 _____ () C:\Program Files (x86)\Lightscreen\libgcc_s_dw2-1.dll

2010-02-16 19:09 - 2010-02-16 19:09 - 00936448 _____ () C:\Program Files (x86)\Lightscreen\QtCore4.dll

2010-02-10 16:43 - 2010-02-10 16:43 - 03844096 _____ () C:\Program Files (x86)\Lightscreen\QtGui4.dll

2010-02-10 16:10 - 2010-02-10 16:10 - 00431104 _____ () C:\Program Files (x86)\Lightscreen\QtNetwork4.dll

2010-02-10 20:01 - 2010-02-10 20:01 - 00192000 _____ () C:\Program Files (x86)\Lightscreen\imageformats\qjpeg4.dll

2013-09-03 07:48 - 2013-03-05 05:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

2013-03-05 12:41 - 2013-03-05 12:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

2009-10-22 10:26 - 2009-10-22 10:26 - 00061440 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\HPTools.dll

2009-10-22 10:26 - 2009-10-22 10:26 - 00069632 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\HPToolkit.dll

2009-10-22 10:26 - 2009-10-22 10:26 - 00069632 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\AppConstants.dll

2009-10-22 10:26 - 2009-10-22 10:26 - 00516096 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\HPAppTools.dll

2009-10-22 10:26 - 2009-10-22 10:26 - 00130560 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\DMBaseObjects.dll

2009-10-22 10:26 - 2009-10-22 10:26 - 00840192 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\PLSDMXMLObjects.dll

2009-10-22 10:26 - 2009-10-22 10:26 - 00674816 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\LEDMXMLObjects.dll

2009-10-22 10:26 - 2009-10-22 10:26 - 00086016 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\HPFaxUtilities.dll

2009-10-22 10:26 - 2009-10-22 10:26 - 00835584 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\Alerts.dll

2009-10-15 09:25 - 2009-10-15 09:25 - 00364544 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\nativeutils.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== EXE Association (whitelisted) =============
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

HKLM\...\StartupApproved\Run32: => "HPPQVideo"
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (06/11/2014 07:54:57 PM) (Source: Perflib) (EventID: 1023) (User: )

Description: MSSQL$ELVIS8
 

Error: (06/05/2014 03:14:47 PM) (Source: Perflib) (EventID: 1023) (User: )

Description: MSSQL$ELVIS8
 

Error: (06/04/2014 10:39:46 AM) (Source: Perflib) (EventID: 1023) (User: )

Description: MSSQL$ELVIS8
 

Error: (06/02/2014 03:25:45 PM) (Source: Perflib) (EventID: 1023) (User: )

Description: MSSQL$ELVIS8
 

Error: (05/30/2014 10:00:36 AM) (Source: Perflib) (EventID: 1023) (User: )

Description: MSSQL$ELVIS8
 

Error: (05/28/2014 02:35:00 PM) (Source: Perflib) (EventID: 1023) (User: )

Description: MSSQL$ELVIS8
 

Error: (05/27/2014 10:51:22 AM) (Source: Perflib) (EventID: 1023) (User: )

Description: MSSQL$ELVIS8
 

Error: (05/26/2014 10:49:06 AM) (Source: Perflib) (EventID: 1023) (User: )

Description: MSSQL$ELVIS8
 

Error: (05/22/2014 07:28:08 PM) (Source: Perflib) (EventID: 1023) (User: )

Description: MSSQL$ELVIS8
 

Error: (05/19/2014 02:17:37 PM) (Source: Perflib) (EventID: 1023) (User: )

Description: MSSQL$ELVIS8
 
 

System errors:

=============

Error: (06/11/2014 09:06:30 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht richtig gestartet.
 

Error: (06/11/2014 09:05:05 PM) (Source: NETLOGON) (EventID: 3095) (User: )

Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als

Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser

Konfiguration nicht gestartet zu sein.
 

Error: (06/11/2014 09:04:49 PM) (Source: Service Control Manager) (EventID: 7018) (User: )

Description: Erkannte Ringabhängigkeiten starten Dienste automatisch. Überprüfen Sie die Abhängigkeitsstruktur des Diensts.
 

Error: (06/11/2014 09:04:49 PM) (Source: Service Control Manager) (EventID: 7019) (User: )

Description: Der Dienst "EsgScanner" ist von einem Dienst in einer Gruppe abhängig, der später gestartet wird. Ändern Sie die Reihenfolge in der Dienstabhängigkeitsstruktur, um sicherzustellen, dass alle für diesen Dienst erforderlichen Dienste gestartet sind, bevor dieser Dienst gestartet wird.
 

Error: (06/11/2014 09:04:52 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: Das System wurde zuvor am ‎11.‎06.‎2014 um 20:55:22 unerwartet heruntergefahren.
 

Error: (06/11/2014 08:16:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "HP CUE DeviceDiscovery Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (06/11/2014 08:15:32 PM) (Source: NETLOGON) (EventID: 3095) (User: )

Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als

Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser

Konfiguration nicht gestartet zu sein.
 

Error: (06/11/2014 08:15:20 PM) (Source: Service Control Manager) (EventID: 7018) (User: )

Description: Erkannte Ringabhängigkeiten starten Dienste automatisch. Überprüfen Sie die Abhängigkeitsstruktur des Diensts.
 

Error: (06/11/2014 08:15:20 PM) (Source: Service Control Manager) (EventID: 7019) (User: )

Description: Der Dienst "EsgScanner" ist von einem Dienst in einer Gruppe abhängig, der später gestartet wird. Ändern Sie die Reihenfolge in der Dienstabhängigkeitsstruktur, um sicherzustellen, dass alle für diesen Dienst erforderlichen Dienste gestartet sind, bevor dieser Dienst gestartet wird.
 

Error: (06/11/2014 08:14:57 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)

Description: 32212256841135952
 
 

Microsoft Office Sessions:

=========================

Error: (06/11/2014 07:54:57 PM) (Source: Perflib) (EventID: 1023) (User: )

Description: MSSQL$ELVIS8
 

Error: (06/05/2014 03:14:47 PM) (Source: Perflib) (EventID: 1023) (User: )

Description: MSSQL$ELVIS8
 

Error: (06/04/2014 10:39:46 AM) (Source: Perflib) (EventID: 1023) (User: )

Description: MSSQL$ELVIS8
 

Error: (06/02/2014 03:25:45 PM) (Source: Perflib) (EventID: 1023) (User: )

Description: MSSQL$ELVIS8
 

Error: (05/30/2014 10:00:36 AM) (Source: Perflib) (EventID: 1023) (User: )

Description: MSSQL$ELVIS8
 

Error: (05/28/2014 02:35:00 PM) (Source: Perflib) (EventID: 1023) (User: )

Description: MSSQL$ELVIS8
 

Error: (05/27/2014 10:51:22 AM) (Source: Perflib) (EventID: 1023) (User: )

Description: MSSQL$ELVIS8
 

Error: (05/26/2014 10:49:06 AM) (Source: Perflib) (EventID: 1023) (User: )

Description: MSSQL$ELVIS8
 

Error: (05/22/2014 07:28:08 PM) (Source: Perflib) (EventID: 1023) (User: )

Description: MSSQL$ELVIS8
 

Error: (05/19/2014 02:17:37 PM) (Source: Perflib) (EventID: 1023) (User: )

Description: MSSQL$ELVIS8
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 39%

Total physical RAM: 4018.27 MB

Available physical RAM: 2425.3 MB

Total Pagefile: 5426.27 MB

Available Pagefile: 3704.09 MB

Total Virtual: 131072 MB

Available Virtual: 131071.85 MB
 

==================== Drives ================================
 

Drive c: (Boot) (Fixed) (Total:869.8 GB) (Free:827.63 GB) NTFS

Drive d: (Recover) (Fixed) (Total:60 GB) (Free:44.62 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 932 GB) (Disk ID: 00000000)
 

Partition: GPT Partition Type.
 

==================== End Of Log ============================

Viel Spaß damit

H. P.

Da isser ja :)

Adware & Co. deinstallieren

Lade Dir bitte von hier http://deeprybka.trojaner-board.de/b...ninstaller.pngRevo Uninstaller herunter.
Installiere und starte das Programm.
Suche im Uninstallerfeld nach den Programmen, die unter:
http://deeprybka.trojaner-board.de/b.../revo/add1.png
diesen Zusatz haben:
http://deeprybka.trojaner-board.de/b...e/revo/att.PNG
Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
http://deeprybka.trojaner-board.de/b.../uninstall.PNG http://deeprybka.trojaner-board.de/b...o/moderat2.PNG
Reste löschen:
Klicke auf http://deeprybka.trojaner-board.de/b.../selectall.PNG dann auf http://deeprybka.trojaner-board.de/b...evo/delete.PNG und dann auf http://deeprybka.trojaner-board.de/b...evo/weiter.PNG.

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Guten Tag ,

vielen Dank für die ausführlichen Anweisungen. Leider ist mein ganze Wochenende schon mit anderen Aktivitäten ausgebucht.
Ich werde die Arbeiten aber am Montag angehen und Ihnen die Logfiles posten.

Herzliche Grüße

H.P.

Hallo und guten Abend,
ich habe es tatsächlich noch heute geschafft alles laufen zu lassen.
Hier nun das Mbam.txt

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Scan Date: 16.06.2014

Scan Time: 17:49:01

Logfile: mbam.txt

Administrator: Yes
 

Version: 2.00.2.1012

Malware Database: v2014.06.16.06

Rootkit Database: v2014.06.02.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled
 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: TV
 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 272727

Time Elapsed: 9 min, 35 sec
 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled
 

Processes: 0

(No malicious items detected)
 

Modules: 0

(No malicious items detected)
 

Registry Keys: 2

PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, Quarantined, [63c3bebb2a51fe380a99eeeb3cc728d8], 

PUP.Optional.SweetIM.A, HKU\S-1-5-21-287583680-2149288412-797248488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, Delete-on-Reboot, [e83e2950fc7faf875949ffda7f8443bd], 
 

Registry Values: 2

PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, 1523565864822722821, Quarantined, [63c3bebb2a51fe380a99eeeb3cc728d8]

PUP.Optional.SweetIM.A, HKU\S-1-5-21-287583680-2149288412-797248488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, 1523565864822722821, Delete-on-Reboot, [e83e2950fc7faf875949ffda7f8443bd]
 

Registry Data: 1

PUP.Optional.Conduit.A, HKU\S-1-5-21-287583680-2149288412-797248488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://search.conduit.com/?ctid=CT3318155&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPB42C4280-630B-4149-BF19-FF41819F303F&SSPV=, Good: (hxxp://www.google.com), Bad: (hxxp://search.conduit.com/?ctid=CT3318155&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPB42C4280-630B-4149-BF19-FF41819F303F&SSPV=),Delete-on-Reboot,[e6405524cdae0f27caddc6a9ab596898]
 

Folders: 2

PUP.Optional.Conduit.A, C:\Users\TV\AppData\Local\Temp\CT3325809, Quarantined, [05210d6c8cef7abcc0c1008a5aa8a35d], 

PUP.Optional.SpeedTest.A, C:\Users\TV\AppData\Roaming\speedtest4354, Quarantined, [c85ee495bdbe64d2df00bccf13ef4eb2], 
 

Files: 17

Trojan.BProtector, C:\Users\TV\AppData\Roaming\speedtest4354\install_helper.exe, Quarantined, [d056a0d9512a5ed8c8d158ef41c330d0], 

Spyware.Zbot.ED, C:\Users\TV\AppData\Local\Temp\mvVBu6lh.exe.part, Quarantined, [4dd9403989f211254592caa62ed33cc4], 

PUP.Optional.Conduit.A, C:\Users\TV\AppData\Local\Temp\SPSetup.exe, Quarantined, [a18503763e3d44f25cf2acd92ed3f30d], 

PUP.Optional.Conduit.A, C:\Users\TV\AppData\Local\Temp\nsg9128.exe, Quarantined, [84a2e6938af18babe66891f419e8df21], 

PUP.Optional.Conduit.A, C:\Users\TV\AppData\Local\Temp\nshABC7.exe, Quarantined, [5ccad0a995e6b97db599077e3fc203fd], 

PUP.Optional.Conduit.A, C:\Users\TV\AppData\Local\Temp\nswA4AA.exe, Quarantined, [1214a3d6c6b565d10f3f5431f1106e92], 

Spyware.Zbot.VXGen, C:\Users\TV\AppData\Local\Temp\M+CjP5uX.zip.part, Quarantined, [81a54e2b5e1d290d04f394d8c73afd03], 

PUP.Optional.Conduit.A, C:\Users\TV\AppData\Local\Temp\nsy6F19\SpSetup.exe, Quarantined, [71b5e693215aad8966e8c9bcf60b837d], 

PUP.Optional.Conduit.A, C:\Users\TV\AppData\Local\Temp\~nsu.tmp\Au_.exe, Quarantined, [a581b2c768138fa7242aef968d7457a9], 

PUP.Optional.Conduit.A, C:\Windows\Temp\nsfF546.exe, Quarantined, [949269102a51b482fe50d0b5df22d32d], 

PUP.Optional.Conduit.A, C:\Windows\Temp\nstE325.exe, Quarantined, [c165b9c00f6ce254aea07f06e81955ab], 

PUP.Optional.Conduit.A, C:\Users\TV\AppData\Roaming\Mozilla\Firefox\Profiles\v65z7t4l.default\searchplugins\conduit-search.xml, Quarantined, [190dbcbdc5b6ee487d51516642c023dd], 

PUP.Optional.Conduit.A, C:\Users\TV\AppData\Local\Temp\CT3325809\ddt.csf, Quarantined, [05210d6c8cef7abcc0c1008a5aa8a35d], 

PUP.Optional.SpeedTest.A, C:\Users\TV\AppData\Roaming\speedtest4354\install_helper.exe, Quarantined, [c85ee495bdbe64d2df00bccf13ef4eb2], 

PUP.Optional.SpeedTest.A, C:\Users\TV\AppData\Roaming\speedtest4354\speedtest4354.crx, Quarantined, [c85ee495bdbe64d2df00bccf13ef4eb2], 

PUP.Optional.SpeedTest.A, C:\Users\TV\AppData\Roaming\speedtest4354\speedtest4354.xpi, Quarantined, [c85ee495bdbe64d2df00bccf13ef4eb2], 

PUP.Optional.SpeedTest.A, C:\Users\TV\AppData\Roaming\speedtest4354\speedtest4354DeskTopIcon.ico, Quarantined, [c85ee495bdbe64d2df00bccf13ef4eb2], 
 

Physical Sectors: 0

(No malicious items detected)
 
 

(end)

Folgend das Adwcleaner.txt

AdwCleaner Logfile:

Code:

# AdwCleaner v3.212 - Bericht erstellt am 16/06/2014 um 18:11:06

# Aktualisiert 05/06/2014 von Xplode

# Betriebssystem : Windows 8.1  (64 bits)

# Benutzername : TV - TV-COMPUTER

# Gestartet von : C:\Users\TV\Downloads\Trojaner\mitb\adwcleaner_3.212.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup

Ordner Gelöscht : C:\Users\TV\AppData\Roaming\pdfforge

Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
 

***** [ Verknüpfungen ] *****
 

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle\SoftwareWatcher bundle.lnk
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Schlüssel Gelöscht : HKCU\Software\Conduit

Schlüssel Gelöscht : HKCU\Software\IM

Schlüssel Gelöscht : HKLM\Software\Orbit
 

***** [ Browser ] *****
 

-\\ Internet Explorer v11.0.9600.17126
 
 

-\\ Mozilla Firefox v29.0.1 (en-US)
 

[ Datei : C:\Users\TV\AppData\Roaming\Mozilla\Firefox\Profiles\v65z7t4l.default\prefs.js ]
 
 

*************************
 

AdwCleaner[R0].txt - [1801 octets] - [16/06/2014 18:07:13]

AdwCleaner[S0].txt - [1255 octets] - [16/06/2014 18:11:06]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1315 octets] ##########

--- --- ---

[/CODE]

Nun den Inhalt aus der JRT.txt

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 8.1 x64

Ran by TV on 16.06.2014 at 18:22:15,98

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\TV\AppData\Roaming\mozilla\firefox\profiles\v65z7t4l.default\minidumps [3 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 16.06.2014 at 18:24:31,10

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Und zu guter Letzt den Inhalt aus dem neuen FRST.txt

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-06-2014

Ran by TV (administrator) on TV-COMPUTER on 16-06-2014 18:31:09

Running from C:\Users\TV\Downloads\Trojaner\mitb

Platform: Windows 8.1 (X64) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe

(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

() C:\Program Files\CyberLink\Shared files\RichVideo64.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

() C:\Program Files (x86)\Lightscreen\lightscreen.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Geek Software GmbH) C:\prg\PDF24\pdf24.exe

(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe

(HP) C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)

HKLM\...\Run: [HP Color LaserJet CM1312 MFP Series Fax] => C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe [3700736 2009-09-22] (Hewlett-Packard Company)

HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110144 2013-03-05] (CyberLink)

HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [492248 2012-12-26] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-03] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [PDFPrint] => C:\prg\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)

HKLM-x32\...\Run: [HPUsageTracking] => C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe [24576 2009-05-11] (Hewlett-Packard Company)

HKLM-x32\...\Run: [HPPQVideo] => C:\Program Files (x86)\HP\ScheduledLaunch\HP Color LaserJet CM1312 MFP Series\bin\hppschlnch.exe [106496 2007-05-07] (Hewlett-Packard)

HKLM-x32\...\Run: [ToolBoxFX] => C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe [53248 2009-10-22] (HP)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1

HKU\S-1-5-21-287583680-2149288412-797248488-1001\...\Run: [Lightscreen] => C:\Program Files (x86)\Lightscreen\lightscreen.exe [563200 2010-03-17] ()

HKU\S-1-5-21-287583680-2149288412-797248488-1001\...\Run: [ztoytlnu] => regsvr32.exe "

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

BootExecute: autocheck autochk * sdnclean64.exe
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKCU - {2EDFFF1B-7952-41B2-ABDE-CCB0287C3224} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\TV\AppData\Roaming\Mozilla\Firefox\Profiles\v65z7t4l.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()

FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\prg\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\prg\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\prg\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\prg\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\prg\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)

S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-06-03] (Avira Operations GmbH & Co. KG)

R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)

R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)

R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-06-01] (HP) [File not signed]

R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]

R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)

R2 MSSQL$ELVIS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)

R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]

R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]

R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-06-03] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)

R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)

S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)

S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()

S2 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()

S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)

S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)

S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)

R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)

S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)

R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)

S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)

S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)

R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )

S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)

S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)

R3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-06-16 18:24 - 2014-06-16 18:24 - 00000739 _____ () C:\Users\TV\Desktop\JRT.txt

2014-06-16 18:22 - 2014-06-16 18:22 - 00000000 ____D () C:\Windows\ERUNT

2014-06-16 18:06 - 2014-06-16 18:11 - 00000000 ____D () C:\AdwCleaner

2014-06-16 17:48 - 2014-06-16 17:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-16 17:47 - 2014-06-16 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-16 17:47 - 2014-06-16 17:47 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-16 17:47 - 2014-06-16 17:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-16 17:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-06-16 17:47 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-06-16 17:47 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-06-16 17:40 - 2014-06-16 17:40 - 00000000 ____D () C:\Users\TV\AppData\Local\VS Revo Group

2014-06-16 17:40 - 2014-06-16 17:40 - 00000000 ____D () C:\ProgramData\VS Revo Group

2014-06-16 17:40 - 2014-06-16 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

2014-06-16 17:40 - 2014-06-16 17:40 - 00000000 ____D () C:\Program Files\VS Revo Group

2014-06-16 17:40 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys

2014-06-16 17:35 - 2014-06-16 17:35 - 00001284 _____ () C:\Users\TV\Desktop\Revo Uninstaller.lnk

2014-06-16 17:35 - 2014-06-16 17:35 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-06-12 14:42 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-06-12 14:42 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-06-12 14:42 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-06-12 14:42 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-06-12 14:42 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-06-12 14:42 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-06-12 14:42 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-06-12 14:42 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-06-12 14:42 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-06-12 14:42 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-06-12 14:42 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-06-12 14:42 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-06-12 14:42 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-06-12 14:42 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-06-12 14:42 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-06-12 14:42 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-06-12 14:42 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-06-12 14:42 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-06-12 14:42 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-06-12 14:42 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-06-12 14:42 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-06-12 14:42 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-06-12 14:42 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-06-12 14:42 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-06-12 14:42 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-06-12 14:42 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-06-12 14:42 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-06-12 14:42 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-06-12 14:42 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-06-12 14:42 - 2014-05-10 05:46 - 02151424 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-06-12 14:42 - 2014-05-10 05:22 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2014-06-12 14:42 - 2014-05-09 01:06 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys

2014-06-12 14:42 - 2014-05-05 06:02 - 03360256 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-06-12 14:42 - 2014-05-03 09:14 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe

2014-06-12 14:42 - 2014-05-03 06:21 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-06-12 14:42 - 2014-05-03 06:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-06-12 14:42 - 2014-05-03 05:41 - 00921088 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll

2014-06-12 14:42 - 2014-05-03 05:38 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll

2014-06-12 14:42 - 2014-04-30 13:16 - 01336648 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-06-12 14:42 - 2014-04-30 05:51 - 01064448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-06-12 14:42 - 2014-04-03 09:59 - 02518872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2014-06-12 14:42 - 2014-04-03 09:59 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS

2014-06-12 14:42 - 2014-02-06 13:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-06-12 14:42 - 2014-02-06 13:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-06-12 14:42 - 2014-02-06 13:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-06-12 14:42 - 2014-02-06 12:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-06-12 14:42 - 2014-02-06 12:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-06-12 14:42 - 2014-02-06 12:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-06-12 14:42 - 2014-02-06 12:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-06-12 14:42 - 2014-02-06 12:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-06-12 14:42 - 2014-02-06 11:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-06-12 14:42 - 2014-02-06 11:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-06-12 14:42 - 2014-02-06 11:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-06-12 14:42 - 2014-02-06 11:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-06-12 14:41 - 2014-04-18 16:57 - 00032600 _____ (Microsoft Corporation) C:\Windows\system32\ploptin.dll

2014-06-12 14:41 - 2014-04-18 16:44 - 01466856 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll

2014-06-12 14:41 - 2014-04-18 15:29 - 01200288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll

2014-06-12 14:41 - 2014-04-18 11:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\energyprov.dll

2014-06-12 14:41 - 2014-04-18 11:32 - 13287936 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll

2014-06-12 14:41 - 2014-04-18 10:58 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll

2014-06-12 14:41 - 2014-04-18 10:32 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll

2014-06-12 14:41 - 2014-04-18 10:21 - 01126912 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll

2014-06-12 14:41 - 2014-04-18 10:09 - 08652800 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll

2014-06-12 14:41 - 2014-04-18 09:51 - 00836608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll

2014-06-12 14:41 - 2014-04-18 09:49 - 05833216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll

2014-06-12 14:41 - 2014-04-14 11:20 - 00324888 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll

2014-06-12 14:41 - 2014-04-14 10:01 - 00285144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll

2014-06-12 14:41 - 2014-04-11 06:51 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll

2014-06-12 14:41 - 2014-04-11 06:23 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll

2014-06-12 14:41 - 2014-04-11 05:30 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll

2014-06-12 14:41 - 2014-04-09 13:53 - 00337240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys

2014-06-12 14:41 - 2014-04-09 08:39 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll

2014-06-12 14:41 - 2014-04-09 07:44 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll

2014-06-12 14:41 - 2014-04-09 06:35 - 01411584 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-06-12 14:41 - 2014-04-09 05:33 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll

2014-06-12 14:41 - 2014-04-08 04:01 - 00589656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys

2014-06-12 14:41 - 2014-04-06 18:34 - 00372568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys

2014-06-12 14:41 - 2014-04-06 18:34 - 00275800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys

2014-06-12 14:41 - 2014-04-06 18:32 - 00125496 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll

2014-06-12 14:41 - 2014-04-06 18:31 - 21268952 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-06-12 14:41 - 2014-04-06 18:30 - 00201920 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll

2014-06-12 14:41 - 2014-04-06 18:24 - 00360792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys

2014-06-12 14:41 - 2014-04-06 18:20 - 02140888 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll

2014-06-12 14:41 - 2014-04-06 18:20 - 01403856 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll

2014-06-12 14:41 - 2014-04-06 18:20 - 01379064 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll

2014-06-12 14:41 - 2014-04-06 18:20 - 00881616 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll

2014-06-12 14:41 - 2014-04-06 18:20 - 00765408 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll

2014-06-12 14:41 - 2014-04-06 18:20 - 00609448 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-06-12 14:41 - 2014-04-06 18:20 - 00491744 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll

2014-06-12 14:41 - 2014-04-06 18:20 - 00467496 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2014-06-12 14:41 - 2014-04-06 18:20 - 00463256 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2014-06-12 14:41 - 2014-04-06 18:20 - 00364640 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2014-06-12 14:41 - 2014-04-06 18:20 - 00244880 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2014-06-12 14:41 - 2014-04-06 18:20 - 00233912 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2014-06-12 14:41 - 2014-04-06 18:20 - 00028408 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2014-06-12 14:41 - 2014-04-06 17:23 - 00098584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll

2014-06-12 14:41 - 2014-04-06 17:22 - 18755672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-06-12 14:41 - 2014-04-06 17:22 - 00178184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVideoDSP.dll

2014-06-12 14:41 - 2014-04-06 17:16 - 02144984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll

2014-06-12 14:41 - 2014-04-06 17:16 - 01209616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll

2014-06-12 14:41 - 2014-04-06 17:16 - 00707048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll

2014-06-12 14:41 - 2014-04-06 17:16 - 00669856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll

2014-06-12 14:41 - 2014-04-06 17:16 - 00518544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-06-12 14:41 - 2014-04-06 17:16 - 00406504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2014-06-12 14:41 - 2014-04-06 17:16 - 00387896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll

2014-06-12 14:41 - 2014-04-06 17:16 - 00326024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2014-06-12 14:41 - 2014-04-06 17:16 - 00305768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2014-06-12 14:41 - 2014-04-06 16:10 - 04190720 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-06-12 14:41 - 2014-04-06 14:58 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2014-06-12 14:41 - 2014-04-06 14:51 - 00467968 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2014-06-12 14:41 - 2014-04-06 14:33 - 00335872 _____ (Microsoft Corporation) C:\Windows\system32\MDEServer.exe

2014-06-12 14:41 - 2014-04-06 14:24 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2014-06-12 14:41 - 2014-04-06 14:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2014-06-12 14:41 - 2014-04-06 13:55 - 16872448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll

2014-06-12 14:41 - 2014-04-06 13:54 - 12711424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll

2014-06-12 14:41 - 2014-04-06 13:26 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\BootMenuUX.dll

2014-06-12 14:41 - 2014-04-06 13:20 - 00201216 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll

2014-06-12 14:41 - 2014-04-06 13:01 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2014-06-12 14:41 - 2014-04-06 12:52 - 00955904 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll

2014-06-12 14:41 - 2014-04-06 12:51 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll

2014-06-12 14:41 - 2014-04-06 12:37 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll

2014-06-12 14:41 - 2014-04-06 12:36 - 00888320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll

2014-06-12 14:41 - 2014-04-06 12:05 - 01222656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll

2014-06-12 14:41 - 2014-04-06 11:59 - 00982016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll

2014-06-12 14:41 - 2014-04-03 10:12 - 02124840 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll

2014-06-12 14:41 - 2014-04-03 10:12 - 00307304 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2014-06-12 14:41 - 2014-04-03 10:12 - 00130144 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll

2014-06-12 14:41 - 2014-04-03 06:03 - 00230808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2014-06-12 14:41 - 2014-04-03 06:03 - 00111528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll

2014-06-12 14:41 - 2014-04-03 05:53 - 01797896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll

2014-06-12 14:41 - 2014-04-03 04:53 - 04269056 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll

2014-06-12 14:41 - 2014-04-03 04:53 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys

2014-06-12 14:41 - 2014-04-03 04:51 - 01584128 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll

2014-06-12 14:41 - 2014-04-03 04:23 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2014-06-12 14:41 - 2014-04-03 04:23 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2014-06-12 14:41 - 2014-04-03 04:23 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tlscsp.dll

2014-06-12 14:41 - 2014-04-03 04:22 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\tlscsp.dll

2014-06-12 14:41 - 2014-04-01 08:23 - 00384856 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys

2014-06-12 14:41 - 2014-03-31 07:42 - 07425368 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2014-06-12 14:41 - 2014-03-31 02:41 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d8thk.dll

2014-06-12 14:41 - 2014-03-31 02:01 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersShell.dll

2014-06-12 14:41 - 2014-03-31 01:43 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll

2014-06-12 14:41 - 2014-03-31 00:54 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll

2014-06-12 14:41 - 2014-03-31 00:49 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll

2014-06-12 14:41 - 2014-03-31 00:35 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll

2014-06-12 14:41 - 2014-03-31 00:11 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll

2014-06-12 14:41 - 2014-03-30 23:47 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe

2014-06-12 14:41 - 2014-03-28 17:58 - 00407016 _____ (Microsoft Corporation) C:\Windows\system32\services.exe

2014-06-12 14:41 - 2014-03-27 08:16 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys

2014-06-12 14:41 - 2014-03-27 07:36 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll

2014-06-12 14:41 - 2014-03-27 06:59 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll

2014-06-12 14:41 - 2014-03-27 06:48 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll

2014-06-12 14:41 - 2014-03-27 06:19 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll

2014-06-12 14:41 - 2014-03-27 05:46 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll

2014-06-12 14:41 - 2014-03-27 05:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll

2014-06-12 14:41 - 2014-03-27 05:10 - 01436160 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe

2014-06-12 14:41 - 2014-03-25 00:58 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2014-06-12 14:41 - 2014-03-20 05:48 - 00263424 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe

2014-06-12 14:41 - 2014-03-20 02:44 - 06645248 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-06-12 14:41 - 2014-03-20 01:33 - 05774848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-06-12 14:41 - 2014-03-19 10:15 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll

2014-06-12 14:41 - 2014-03-19 10:07 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys

2014-06-12 14:41 - 2014-03-19 09:24 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll

2014-06-12 14:41 - 2014-03-19 09:17 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll

2014-06-12 14:41 - 2014-03-19 08:36 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll

2014-06-12 14:41 - 2014-03-19 07:56 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll

2014-06-12 14:41 - 2014-03-19 07:45 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll

2014-06-12 14:41 - 2014-03-19 07:19 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll

2014-06-12 14:41 - 2014-03-19 07:07 - 00370176 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll

2014-06-12 14:41 - 2014-03-19 07:02 - 01527296 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll

2014-06-12 14:41 - 2014-03-19 07:00 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll

2014-06-12 14:41 - 2014-03-19 06:51 - 00300544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll

2014-06-12 14:41 - 2014-03-19 06:31 - 02100736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll

2014-06-12 14:41 - 2014-03-19 06:18 - 02688000 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll

2014-06-12 14:41 - 2014-03-18 10:19 - 00077312 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys

2014-06-12 14:41 - 2014-03-18 07:00 - 07173120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll

2014-06-12 14:41 - 2014-03-18 06:52 - 05104640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll

2014-06-12 14:41 - 2014-03-17 07:09 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll

2014-06-12 14:41 - 2014-03-17 06:11 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2014-06-12 14:41 - 2014-03-17 05:01 - 00486912 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv

2014-06-12 14:41 - 2014-03-17 04:47 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll

2014-06-12 14:41 - 2014-03-17 04:45 - 00370176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv

2014-06-12 14:41 - 2014-03-14 08:26 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll

2014-06-12 14:41 - 2014-03-14 08:10 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll

2014-06-12 14:41 - 2014-03-06 14:42 - 00310616 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys

2014-06-12 14:40 - 2014-05-19 08:31 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\drvcfg.exe

2014-06-12 14:40 - 2014-05-19 08:21 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\drvinst.exe

2014-06-12 14:40 - 2014-05-19 07:23 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe

2014-06-12 14:40 - 2014-05-01 15:31 - 03048904 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe

2014-06-12 14:40 - 2014-05-01 15:31 - 00055328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wpcfltr.sys

2014-06-12 14:40 - 2014-05-01 09:14 - 03118080 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll

2014-06-12 14:40 - 2014-05-01 09:05 - 02861056 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll

2014-06-12 14:40 - 2014-05-01 08:51 - 02344448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll

2014-06-12 14:40 - 2014-05-01 07:24 - 02834944 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll

2014-06-12 14:40 - 2014-04-30 06:43 - 01975296 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2014-06-12 14:40 - 2014-04-30 06:26 - 01345536 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2014-06-12 14:40 - 2014-04-30 05:47 - 01509888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2014-06-12 14:39 - 2014-06-12 14:39 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2014-06-11 20:32 - 2014-06-16 18:31 - 00000000 ____D () C:\FRST

2014-06-11 20:25 - 2014-06-11 20:25 - 00000000 ____D () C:\Users\TV\Downloads\Trojaner

2014-06-04 19:54 - 2014-06-04 19:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf

2014-06-04 19:47 - 2014-06-04 19:47 - 00000000 _____ () C:\autoexec.bat

2014-06-04 19:46 - 2014-06-04 19:46 - 00002268 _____ () C:\Users\TV\Desktop\SpyHunter.lnk

2014-06-04 19:46 - 2014-06-04 19:46 - 00000000 ____D () C:\Users\TV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter

2014-06-04 19:46 - 2014-06-04 19:46 - 00000000 ____D () C:\sh4ldr

2014-06-04 19:46 - 2014-06-04 19:46 - 00000000 ____D () C:\Program Files\Enigma Software Group

2014-06-04 19:46 - 2012-06-22 11:01 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys

2014-06-04 19:45 - 2014-06-04 19:46 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP

2014-06-04 19:42 - 2014-06-04 19:42 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\TV\Downloads\SpyHunter-Installer.exe

2014-05-26 10:40 - 2014-06-16 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle

2014-05-26 10:40 - 2014-05-26 10:40 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-05-26 10:40 - 2014-05-26 10:40 - 00001163 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-05-26 10:40 - 2014-05-26 10:40 - 00000000 ____D () C:\ProgramData\Mozilla

2014-05-26 10:40 - 2014-05-26 10:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-05-26 10:40 - 2014-05-26 10:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-05-26 10:39 - 2014-05-26 10:39 - 00000000 ____D () C:\Program Files (x86)\sweetpacks bundle uninstaller_Firefox_1539824
 

==================== One Month Modified Files and Folders =======
 

2014-06-16 18:31 - 2014-06-11 20:32 - 00000000 ____D () C:\FRST

2014-06-16 18:31 - 2013-11-28 16:56 - 00000000 ____D () C:\Users\TV\AppData\Local\Temp

2014-06-16 18:28 - 2013-11-28 16:02 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-287583680-2149288412-797248488-1001

2014-06-16 18:27 - 2014-02-27 12:02 - 01274525 _____ () C:\Windows\WindowsUpdate.log

2014-06-16 18:27 - 2013-11-28 16:05 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{DB9B522E-EEA7-47AA-BF62-DF2ED5951F9D}

2014-06-16 18:25 - 2013-09-02 09:52 - 00822348 _____ () C:\Windows\system32\perfh007.dat

2014-06-16 18:25 - 2013-09-02 09:52 - 00183042 _____ () C:\Windows\system32\perfc007.dat

2014-06-16 18:25 - 2013-09-02 09:20 - 01927414 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-06-16 18:24 - 2014-06-16 18:24 - 00000739 _____ () C:\Users\TV\Desktop\JRT.txt

2014-06-16 18:22 - 2014-06-16 18:22 - 00000000 ____D () C:\Windows\ERUNT

2014-06-16 18:18 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-16 18:17 - 2014-05-15 17:42 - 00008680 _____ () C:\Windows\PFRO.log

2014-06-16 18:17 - 2013-08-22 22:57 - 00000000 ____D () C:\Windows\en-GB

2014-06-16 18:11 - 2014-06-16 18:06 - 00000000 ____D () C:\AdwCleaner

2014-06-16 18:11 - 2014-05-26 10:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle

2014-06-16 18:02 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru

2014-06-16 17:48 - 2014-06-16 17:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-16 17:47 - 2014-06-16 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-16 17:47 - 2014-06-16 17:47 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-16 17:47 - 2014-06-16 17:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-16 17:40 - 2014-06-16 17:40 - 00000000 ____D () C:\Users\TV\AppData\Local\VS Revo Group

2014-06-16 17:40 - 2014-06-16 17:40 - 00000000 ____D () C:\ProgramData\VS Revo Group

2014-06-16 17:40 - 2014-06-16 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

2014-06-16 17:40 - 2014-06-16 17:40 - 00000000 ____D () C:\Program Files\VS Revo Group

2014-06-16 17:35 - 2014-06-16 17:35 - 00001284 _____ () C:\Users\TV\Desktop\Revo Uninstaller.lnk

2014-06-16 17:35 - 2014-06-16 17:35 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-06-16 14:12 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness

2014-06-13 10:07 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache

2014-06-12 18:00 - 2013-11-28 16:57 - 00000000 ___RD () C:\Users\TV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-06-12 18:00 - 2013-11-28 16:57 - 00000000 ___RD () C:\Users\TV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-06-12 17:48 - 2013-08-22 16:44 - 00615544 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-06-12 16:22 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData

2014-06-12 16:22 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel

2014-06-12 16:22 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore

2014-06-12 16:22 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\oobe

2014-06-12 14:49 - 2014-01-19 12:36 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-06-12 14:49 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp

2014-06-12 14:48 - 2013-12-12 18:49 - 00000000 ____D () C:\Windows\system32\MRT

2014-06-12 14:47 - 2013-12-12 18:49 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-06-12 14:39 - 2014-06-12 14:39 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2014-06-11 21:28 - 2013-11-28 16:56 - 00000000 ____D () C:\Users\TV

2014-06-11 20:25 - 2014-06-11 20:25 - 00000000 ____D () C:\Users\TV\Downloads\Trojaner

2014-06-04 20:06 - 2014-03-12 18:56 - 00004746 _____ () C:\Windows\setupact.log

2014-06-04 19:54 - 2014-06-04 19:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf

2014-06-04 19:47 - 2014-06-04 19:47 - 00000000 _____ () C:\autoexec.bat

2014-06-04 19:46 - 2014-06-04 19:46 - 00002268 _____ () C:\Users\TV\Desktop\SpyHunter.lnk

2014-06-04 19:46 - 2014-06-04 19:46 - 00000000 ____D () C:\Users\TV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter

2014-06-04 19:46 - 2014-06-04 19:46 - 00000000 ____D () C:\sh4ldr

2014-06-04 19:46 - 2014-06-04 19:46 - 00000000 ____D () C:\Program Files\Enigma Software Group

2014-06-04 19:46 - 2014-06-04 19:45 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP

2014-06-04 19:42 - 2014-06-04 19:42 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\TV\Downloads\SpyHunter-Installer.exe

2014-06-03 14:27 - 2013-12-12 19:25 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2014-06-03 14:27 - 2013-12-12 19:25 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2014-05-31 07:13 - 2014-05-15 17:45 - 00703992 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-05-31 07:13 - 2014-05-15 17:45 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-05-30 12:21 - 2014-06-12 14:42 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-30 11:45 - 2014-06-12 14:42 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-05-30 11:28 - 2014-06-12 14:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-05-30 11:20 - 2014-06-12 14:42 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-05-30 11:18 - 2014-06-12 14:42 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-05-30 11:08 - 2014-06-12 14:42 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-05-30 11:06 - 2014-06-12 14:42 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-05-30 10:46 - 2014-06-12 14:42 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-30 10:44 - 2014-06-12 14:42 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-05-30 10:43 - 2014-06-12 14:42 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-05-30 10:38 - 2014-06-12 14:42 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-05-30 10:35 - 2014-06-12 14:42 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-05-30 10:29 - 2014-06-12 14:42 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-05-30 10:27 - 2014-06-12 14:42 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-05-30 10:23 - 2014-06-12 14:42 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-05-30 10:16 - 2014-06-12 14:42 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-05-30 10:04 - 2014-06-12 14:42 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-05-30 10:02 - 2014-06-12 14:42 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-05-30 09:56 - 2014-06-12 14:42 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-05-30 09:56 - 2014-06-12 14:42 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-05-30 09:54 - 2014-06-12 14:42 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-05-30 09:49 - 2014-06-12 14:42 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-05-30 09:43 - 2014-06-12 14:42 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-05-30 09:40 - 2014-06-12 14:42 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-05-30 09:30 - 2014-06-12 14:42 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-05-30 09:21 - 2014-06-12 14:42 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-05-30 09:15 - 2014-06-12 14:42 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-05-30 09:13 - 2014-06-12 14:42 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-05-30 09:13 - 2014-06-12 14:42 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-05-26 10:40 - 2014-05-26 10:40 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-05-26 10:40 - 2014-05-26 10:40 - 00001163 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-05-26 10:40 - 2014-05-26 10:40 - 00000000 ____D () C:\ProgramData\Mozilla

2014-05-26 10:40 - 2014-05-26 10:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-05-26 10:40 - 2014-05-26 10:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-05-26 10:39 - 2014-05-26 10:39 - 00000000 ____D () C:\Program Files (x86)\sweetpacks bundle uninstaller_Firefox_1539824

2014-05-20 13:04 - 2014-03-01 11:44 - 00000000 ___SD () C:\Users\TV\Documents\Meine Datenquellen

2014-05-20 11:12 - 2014-01-02 12:02 - 00000000 ____D () C:\download

2014-05-19 08:31 - 2014-06-12 14:40 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\drvcfg.exe

2014-05-19 08:21 - 2014-06-12 14:40 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\drvinst.exe

2014-05-19 07:23 - 2014-06-12 14:40 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
 

Some content of TEMP:

====================

C:\Users\TV\AppData\Local\Temp\avgnt.exe

C:\Users\TV\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

C:\Users\TV\AppData\Local\Temp\Quarantine.exe

C:\Users\TV\AppData\Local\Temp\SHSetup.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-06-11 19:53
 

==================== End Of Log ============================

--- --- ---

Und den Inhalt aus dem neuen Addition.txt

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2014

Ran by TV at 2014-06-16 18:31:22

Running from C:\Users\TV\Downloads\Trojaner\mitb

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 

==================== Installed Programs ======================
 

64 Bit HP CIO Components Installer (Version: 4.2.1 - Hewlett-Packard) Hidden

Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)

Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)

BufferChm (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)

CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) Hidden

CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3807_46074 - CyberLink Corp.) Hidden

CyberLink PhotoDirector 3 (x32 Version: 3.0.4017 - CyberLink Corp.) Hidden

CyberLink Power2Go 8 (x32 Version: 8.0.0.2426b - CyberLink Corp.) Hidden

CyberLink PowerDirector (Version: 9.0.0.5129 - CyberLink Corp.) Hidden

CyberLink PowerDVD 10 (x32 Version: 10.0.5211.02 - CyberLink Corp.) Hidden

CyberLink PowerDVD Copy 1.5 (x32 Version: 1.5.0.3725 - CyberLink Corp.) Hidden

CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0913 - CyberLink Corp.)

CyberLink PowerRecover (Version: 5.7.0.0913 - CyberLink Corp.) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)

DeviceDiscovery (x32 Version: 100.0.190.000 - Hewlett-Packard) Hidden

DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

ELVIS Einzelplatz v12.1 (HKLM-x32\...\{9F1B16BF-85FF-428F-9A31-A623AAE3DF2D}) (Version: v12.1 - ORBIT GmbH)

ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )

Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Fotogalerija (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Fotogalleri (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Fotogalleriet (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Fotoğraf Galerisi (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Fotótár (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Galeria de Fotografias (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Galería de fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Galeria fotografii (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

HP Color LaserJet CM1312 MFP Series 5.1 (HKLM\...\{8EEDB90E-6ABC-42bb-AD4C-39DEE05E3EEA}) (Version: 5.1 - HP)

HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)

HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)

HP Update (HKLM-x32\...\{11B83AD3-7A46-4C2E-A568-9505981D4C6F}) (Version: 4.000.007.003 - Hewlett-Packard)

hppCLJCM1312 (x32 Version: 005.001.00142 - Hewlett-Packard) Hidden

hppFaxDrvCM1312 (x32 Version: 005.000.00001 - Hewlett-Packard) Hidden

hppFaxUtilityCM1312 (x32 Version: 005.001.00137 - Ihr Firmenname) Hidden

hppFonts (x32 Version: 001.001.00061 - Hewlett-Packard) Hidden

hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden

hppManualsCM1312 (x32 Version: 005.001.00145 - Ihr Firmenname) Hidden

hppPQVideoCM1312 (x32 Version: 005.001.00142 - Ihr Firmenname) Hidden

hppQFolderCM1312 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

hppScanToCM1312 (x32 Version: 005.001.00140 - Ihr Firmenname) Hidden

hppSendFaxCM1312 (x32 Version: 005.000.00001 - Ihr Firmenname) Hidden

hppTLBXFXCM1312 (x32 Version: 001.017.00050 - Hewlett-Packard) Hidden

hppusgCM1312 (x32 Version: 1.1.0.1 - Hewlett-Packard) Hidden

HPSSupply (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden

hpzTLBXFX (x32 Version: 005.003.00171 - Hewlett-Packard) Hidden

Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3282 - Intel Corporation)

Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)

Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden

IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)

Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Lightscreen (HKLM-x32\...\Lightscreen) (Version:  - )

Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

MarketResearch (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden

Medion Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)

Medion Home Cinema 10 (x32 Version: 10.2419 - CyberLink Corp.) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server 2005 Express Edition (ELVIS) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden

Microsoft SQL Server Native Client (HKLM\...\{7C39E0D1-E138-42B1-B083-213EC2CF7692}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft SQL Server VSS Writer (HKLM\...\{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

Mozilla Thunderbird 24.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.2.0 (x86 de)) (Version: 24.2.0 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

PDF24 Creator 6.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)

PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)

PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.213.1 - Tracker Software Products Ltd)

Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

PhotoNow (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden

Podstawowe programy Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)

Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden

Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)

SpyHunter (HKLM\...\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)

TrayApp (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden

Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM-x32\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{4B93560B-F33D-4A67-A224-F5E1C329BD22}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)

Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)

Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)

Valokuvavalikoima (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

WebReg (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden

Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Temel Parçalar (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Liven peruspaketti (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Συλλογή φωτογραφιών (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
 

==================== Restore Points  =========================
 

30-05-2014 07:56:11 Geplanter Prüfpunkt

04-06-2014 17:45:54 Installed SpyHunter

12-06-2014 12:44:59 Windows Update

16-06-2014 15:42:21 Revo Uninstaller Pro's restore point - Search Protect
 

==================== Hosts content: ==========================
 

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask

Task: {09A9F230-CDE3-4A36-9F35-1275FD0AAB05} - System32\Tasks\CCleanerSkipUAC => C:\Prg\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)

Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {2784A3FC-E99C-4380-B1D9-F741EF2602D5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-06-12] (Microsoft Corporation)

Task: {2953D882-CF91-44D8-8989-B052AC93098A} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload

Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate

Task: {31DF2A0C-05D7-4394-929C-00EC21B735CA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe

Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)

Task: {384284C8-C6C0-4CBA-B720-21D11483A7A8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe

Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)

Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance

Task: {5F340102-200B-46CB-B170-B4D7ADE98AC7} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)

Task: {62198E4A-7D55-4F57-A891-015BE662B078} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv

Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup

Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task

Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task

Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask

Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work

Task: {A0469FD1-4E7D-4FBC-BF84-1FD595D52E7C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe

Task: {C221BE5D-FCE1-4D09-AB2D-B8B641579434} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation

Task: {C2A4D7EC-CA37-4F91-B481-A348A43B558D} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management

Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask

Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization

Task: {DFE05C6E-3BB6-474E-8B92-619C2E07C67A} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics

Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
 

==================== Loaded Modules (whitelisted) =============
 

2013-09-03 07:50 - 2010-08-19 18:43 - 00386344 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe

2010-03-17 03:46 - 2010-03-17 03:46 - 00563200 _____ () C:\Program Files (x86)\Lightscreen\lightscreen.exe

2013-12-12 20:02 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll

2013-12-12 20:02 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl

2013-12-12 20:02 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

2013-12-12 20:02 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl

2013-12-12 20:02 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

2009-01-10 12:32 - 2009-01-10 12:32 - 00011362 _____ () C:\Program Files (x86)\Lightscreen\mingwm10.dll

2009-06-22 20:42 - 2009-06-22 20:42 - 00043008 _____ () C:\Program Files (x86)\Lightscreen\libgcc_s_dw2-1.dll

2010-02-16 19:09 - 2010-02-16 19:09 - 00936448 _____ () C:\Program Files (x86)\Lightscreen\QtCore4.dll

2010-02-10 16:43 - 2010-02-10 16:43 - 03844096 _____ () C:\Program Files (x86)\Lightscreen\QtGui4.dll

2010-02-10 16:10 - 2010-02-10 16:10 - 00431104 _____ () C:\Program Files (x86)\Lightscreen\QtNetwork4.dll

2010-02-10 20:01 - 2010-02-10 20:01 - 00192000 _____ () C:\Program Files (x86)\Lightscreen\imageformats\qjpeg4.dll

2013-09-03 07:48 - 2013-03-05 05:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

2013-03-05 12:41 - 2013-03-05 12:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

2009-10-22 10:26 - 2009-10-22 10:26 - 00061440 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\HPTools.dll

2009-10-22 10:26 - 2009-10-22 10:26 - 00069632 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\HPToolkit.dll

2009-10-22 10:26 - 2009-10-22 10:26 - 00069632 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\AppConstants.dll

2009-10-22 10:26 - 2009-10-22 10:26 - 00516096 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\HPAppTools.dll

2009-10-22 10:26 - 2009-10-22 10:26 - 00130560 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\DMBaseObjects.dll

2009-10-22 10:26 - 2009-10-22 10:26 - 00840192 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\PLSDMXMLObjects.dll

2009-10-22 10:26 - 2009-10-22 10:26 - 00674816 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\LEDMXMLObjects.dll

2009-10-22 10:26 - 2009-10-22 10:26 - 00086016 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\HPFaxUtilities.dll

2009-10-22 10:26 - 2009-10-22 10:26 - 00835584 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\Alerts.dll

2009-10-15 09:25 - 2009-10-15 09:25 - 00364544 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\nativeutils.dll

2014-05-26 10:40 - 2014-05-07 04:27 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== EXE Association (whitelisted) =============
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

HKLM\...\StartupApproved\Run32: => "HPPQVideo"
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================
 

System errors:

=============

Error: (06/16/2014 06:31:31 PM) (Source: DCOM) (EventID: 10010) (User: TV-Computer)

Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 

Error: (06/16/2014 06:31:01 PM) (Source: DCOM) (EventID: 10010) (User: TV-Computer)

Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 

Error: (06/16/2014 06:30:31 PM) (Source: DCOM) (EventID: 10010) (User: TV-Computer)

Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 

Error: (06/16/2014 06:30:01 PM) (Source: DCOM) (EventID: 10010) (User: TV-Computer)

Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 

Error: (06/16/2014 06:29:31 PM) (Source: DCOM) (EventID: 10010) (User: TV-Computer)

Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 

Error: (06/16/2014 06:29:01 PM) (Source: DCOM) (EventID: 10010) (User: TV-Computer)

Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 

Error: (06/16/2014 06:28:24 PM) (Source: DCOM) (EventID: 10010) (User: TV-Computer)

Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 

Error: (06/16/2014 06:27:54 PM) (Source: DCOM) (EventID: 10010) (User: TV-Computer)

Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 

Error: (06/16/2014 06:27:24 PM) (Source: DCOM) (EventID: 10010) (User: TV-Computer)

Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 

Error: (06/16/2014 06:26:53 PM) (Source: DCOM) (EventID: 10010) (User: TV-Computer)

Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
 

Microsoft Office Sessions:

=========================
 

==================== Memory info =========================== 
 

Percentage of memory in use: 36%

Total physical RAM: 4018.27 MB

Available physical RAM: 2560.7 MB

Total Pagefile: 5426.27 MB

Available Pagefile: 3578.9 MB

Total Virtual: 131072 MB

Available Virtual: 131071.84 MB
 

==================== Drives ================================
 

Drive c: (Boot) (Fixed) (Total:869.8 GB) (Free:829.04 GB) NTFS

Drive d: (Recover) (Fixed) (Total:60 GB) (Free:44.62 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 932 GB) (Disk ID: 00000000)
 

Partition: GPT Partition Type.
 

==================== End Of Log ============================

Ich gehe davon aus, dass ich alles entsprechend den Anweisungen durchgeführt habe und bin jetzt in der spannenden Erwartung ob auch wirklich alles weg ist.

Mit herzlichen Grüßen

H.P.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Hallo und Guten Abend,

Hier das Logfile vom ESET Onliner Scanner:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7587

# api_version=3.0.2

# EOSSerial=2f98de7b96a61f4a813ce60d2304993b

# engine=18771

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-06-18 03:11:21

# local_time=2014-06-18 05:11:21 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1031

# osver=6.2.9200 NT 

# compatibility_mode_1='Avira Desktop'

# compatibility_mode=1810 16777213 100 100 9781 16522443 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 100 94 3040764 19259959 0 0

# scanned=199800

# found=0

# cleaned=0

# scan_time=4386

Hier das Logfile vom SecurityCheck:

Code:

Results of screen317's Security Check version 0.99.83  

   x64 (UAC is enabled)  

 Internet Explorer 11  
 ``````````````Antivirus/Firewall Check:`````````````` 

Avira Desktop      

Windows Defender   

 Antivirus up to date!  (On Access scanning disabled!) 
 `````````Anti-malware/Other Utilities Check:````````` 

 Spybot - Search & Destroy 

 Java 7 Update 55  

  Adobe Flash Player         11.9.900.170 Flash Player out of Date!  

 Mozilla Firefox (29.0.1) 

 Mozilla Thunderbird (24.2.0) 
 ````````Process Check: objlist.exe by Laurent````````  

 Spybot Teatimer.exe is disabled! 

 Avira Antivir avgnt.exe 

 Avira Antivir avguard.exe 
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 
 ````````````````````End of Log``````````````````````

Und zu Guter letzt das neue FRST.txt:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-06-2014

Ran by TV (administrator) on TV-COMPUTER on 18-06-2014 18:42:35

Running from C:\Users\TV\Downloads\Trojaner\mitb

Platform: Windows 8.1 (X64) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

() C:\Program Files\CyberLink\Shared files\RichVideo64.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

() C:\Program Files (x86)\Lightscreen\lightscreen.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Geek Software GmbH) C:\prg\PDF24\pdf24.exe

(HP) C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

() C:\Users\TV\Downloads\Trojaner\mitb\SecurityCheck.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)

HKLM\...\Run: [HP Color LaserJet CM1312 MFP Series Fax] => C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe [3700736 2009-09-22] (Hewlett-Packard Company)

HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110144 2013-03-05] (CyberLink)

HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [492248 2012-12-26] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-03] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [PDFPrint] => C:\prg\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)

HKLM-x32\...\Run: [HPUsageTracking] => C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe [24576 2009-05-11] (Hewlett-Packard Company)

HKLM-x32\...\Run: [HPPQVideo] => C:\Program Files (x86)\HP\ScheduledLaunch\HP Color LaserJet CM1312 MFP Series\bin\hppschlnch.exe [106496 2007-05-07] (Hewlett-Packard)

HKLM-x32\...\Run: [ToolBoxFX] => C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe [53248 2009-10-22] (HP)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1

HKU\S-1-5-21-287583680-2149288412-797248488-1001\...\Run: [Lightscreen] => C:\Program Files (x86)\Lightscreen\lightscreen.exe [563200 2010-03-17] ()

HKU\S-1-5-21-287583680-2149288412-797248488-1001\...\Run: [ztoytlnu] => regsvr32.exe "

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

BootExecute: autocheck autochk * sdnclean64.exe
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKCU - {2EDFFF1B-7952-41B2-ABDE-CCB0287C3224} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\TV\AppData\Roaming\Mozilla\Firefox\Profiles\v65z7t4l.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()

FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\prg\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\prg\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\prg\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\prg\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\prg\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)

S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-06-03] (Avira Operations GmbH & Co. KG)

R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)

R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)

R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-06-01] (HP) [File not signed]

R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]

R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)

R2 MSSQL$ELVIS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)

S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]

S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]

R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-06-03] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)

R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)

S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)

S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()

S2 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()

S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)

S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)

S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)

R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)

S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)

R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)

S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)

S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)

R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )

S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)

S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)

R3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-06-18 15:54 - 2014-06-18 15:54 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-06-16 18:24 - 2014-06-16 18:24 - 00000739 _____ () C:\Users\TV\Desktop\JRT.txt

2014-06-16 18:22 - 2014-06-16 18:22 - 00000000 ____D () C:\Windows\ERUNT

2014-06-16 18:06 - 2014-06-16 18:11 - 00000000 ____D () C:\AdwCleaner

2014-06-16 17:48 - 2014-06-16 17:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-16 17:47 - 2014-06-16 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-16 17:47 - 2014-06-16 17:47 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-16 17:47 - 2014-06-16 17:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-16 17:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-06-16 17:47 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-06-16 17:47 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-06-16 17:40 - 2014-06-16 17:40 - 00000000 ____D () C:\Users\TV\AppData\Local\VS Revo Group

2014-06-16 17:40 - 2014-06-16 17:40 - 00000000 ____D () C:\ProgramData\VS Revo Group

2014-06-16 17:40 - 2014-06-16 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

2014-06-16 17:40 - 2014-06-16 17:40 - 00000000 ____D () C:\Program Files\VS Revo Group

2014-06-16 17:40 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys

2014-06-16 17:35 - 2014-06-16 17:35 - 00001284 _____ () C:\Users\TV\Desktop\Revo Uninstaller.lnk

2014-06-16 17:35 - 2014-06-16 17:35 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-06-12 14:42 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-06-12 14:42 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-06-12 14:42 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-06-12 14:42 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-06-12 14:42 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-06-12 14:42 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-06-12 14:42 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-06-12 14:42 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-06-12 14:42 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-06-12 14:42 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-06-12 14:42 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-06-12 14:42 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-06-12 14:42 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-06-12 14:42 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-06-12 14:42 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-06-12 14:42 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-06-12 14:42 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-06-12 14:42 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-06-12 14:42 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-06-12 14:42 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-06-12 14:42 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-06-12 14:42 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-06-12 14:42 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-06-12 14:42 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-06-12 14:42 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-06-12 14:42 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-06-12 14:42 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-06-12 14:42 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-06-12 14:42 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-06-12 14:42 - 2014-05-10 05:46 - 02151424 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-06-12 14:42 - 2014-05-10 05:22 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2014-06-12 14:42 - 2014-05-09 01:06 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys

2014-06-12 14:42 - 2014-05-05 06:02 - 03360256 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-06-12 14:42 - 2014-05-03 09:14 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe

2014-06-12 14:42 - 2014-05-03 06:21 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-06-12 14:42 - 2014-05-03 06:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-06-12 14:42 - 2014-05-03 05:41 - 00921088 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll

2014-06-12 14:42 - 2014-05-03 05:38 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll

2014-06-12 14:42 - 2014-04-30 13:16 - 01336648 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-06-12 14:42 - 2014-04-30 05:51 - 01064448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-06-12 14:42 - 2014-04-03 09:59 - 02518872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2014-06-12 14:42 - 2014-04-03 09:59 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS

2014-06-12 14:42 - 2014-02-06 13:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-06-12 14:42 - 2014-02-06 13:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-06-12 14:42 - 2014-02-06 13:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-06-12 14:42 - 2014-02-06 12:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-06-12 14:42 - 2014-02-06 12:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-06-12 14:42 - 2014-02-06 12:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-06-12 14:42 - 2014-02-06 12:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-06-12 14:42 - 2014-02-06 12:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-06-12 14:42 - 2014-02-06 11:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-06-12 14:42 - 2014-02-06 11:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-06-12 14:42 - 2014-02-06 11:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-06-12 14:42 - 2014-02-06 11:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-06-12 14:41 - 2014-04-18 16:57 - 00032600 _____ (Microsoft Corporation) C:\Windows\system32\ploptin.dll

2014-06-12 14:41 - 2014-04-18 16:44 - 01466856 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll

2014-06-12 14:41 - 2014-04-18 15:29 - 01200288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll

2014-06-12 14:41 - 2014-04-18 11:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\energyprov.dll

2014-06-12 14:41 - 2014-04-18 11:32 - 13287936 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll

2014-06-12 14:41 - 2014-04-18 10:58 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll

2014-06-12 14:41 - 2014-04-18 10:32 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll

2014-06-12 14:41 - 2014-04-18 10:21 - 01126912 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll

2014-06-12 14:41 - 2014-04-18 10:09 - 08652800 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll

2014-06-12 14:41 - 2014-04-18 09:51 - 00836608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll

2014-06-12 14:41 - 2014-04-18 09:49 - 05833216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll

2014-06-12 14:41 - 2014-04-14 11:20 - 00324888 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll

2014-06-12 14:41 - 2014-04-14 10:01 - 00285144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll

2014-06-12 14:41 - 2014-04-11 06:51 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll

2014-06-12 14:41 - 2014-04-11 06:23 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll

2014-06-12 14:41 - 2014-04-11 05:30 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll

2014-06-12 14:41 - 2014-04-09 13:53 - 00337240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys

2014-06-12 14:41 - 2014-04-09 08:39 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll

2014-06-12 14:41 - 2014-04-09 07:44 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll

2014-06-12 14:41 - 2014-04-09 06:35 - 01411584 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-06-12 14:41 - 2014-04-09 05:33 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll

2014-06-12 14:41 - 2014-04-08 04:01 - 00589656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys

2014-06-12 14:41 - 2014-04-06 18:34 - 00372568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys

2014-06-12 14:41 - 2014-04-06 18:34 - 00275800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys

2014-06-12 14:41 - 2014-04-06 18:32 - 00125496 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll

2014-06-12 14:41 - 2014-04-06 18:31 - 21268952 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-06-12 14:41 - 2014-04-06 18:30 - 00201920 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll

2014-06-12 14:41 - 2014-04-06 18:24 - 00360792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys

2014-06-12 14:41 - 2014-04-06 18:20 - 02140888 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll

2014-06-12 14:41 - 2014-04-06 18:20 - 01403856 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll

2014-06-12 14:41 - 2014-04-06 18:20 - 01379064 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll

2014-06-12 14:41 - 2014-04-06 18:20 - 00881616 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll

2014-06-12 14:41 - 2014-04-06 18:20 - 00765408 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll

2014-06-12 14:41 - 2014-04-06 18:20 - 00609448 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-06-12 14:41 - 2014-04-06 18:20 - 00491744 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll

2014-06-12 14:41 - 2014-04-06 18:20 - 00467496 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2014-06-12 14:41 - 2014-04-06 18:20 - 00463256 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2014-06-12 14:41 - 2014-04-06 18:20 - 00364640 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2014-06-12 14:41 - 2014-04-06 18:20 - 00244880 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2014-06-12 14:41 - 2014-04-06 18:20 - 00233912 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2014-06-12 14:41 - 2014-04-06 18:20 - 00028408 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2014-06-12 14:41 - 2014-04-06 17:23 - 00098584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll

2014-06-12 14:41 - 2014-04-06 17:22 - 18755672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-06-12 14:41 - 2014-04-06 17:22 - 00178184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVideoDSP.dll

2014-06-12 14:41 - 2014-04-06 17:16 - 02144984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll

2014-06-12 14:41 - 2014-04-06 17:16 - 01209616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll

2014-06-12 14:41 - 2014-04-06 17:16 - 00707048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll

2014-06-12 14:41 - 2014-04-06 17:16 - 00669856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll

2014-06-12 14:41 - 2014-04-06 17:16 - 00518544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-06-12 14:41 - 2014-04-06 17:16 - 00406504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2014-06-12 14:41 - 2014-04-06 17:16 - 00387896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll

2014-06-12 14:41 - 2014-04-06 17:16 - 00326024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2014-06-12 14:41 - 2014-04-06 17:16 - 00305768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2014-06-12 14:41 - 2014-04-06 16:10 - 04190720 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-06-12 14:41 - 2014-04-06 14:58 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2014-06-12 14:41 - 2014-04-06 14:51 - 00467968 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2014-06-12 14:41 - 2014-04-06 14:33 - 00335872 _____ (Microsoft Corporation) C:\Windows\system32\MDEServer.exe

2014-06-12 14:41 - 2014-04-06 14:24 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2014-06-12 14:41 - 2014-04-06 14:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2014-06-12 14:41 - 2014-04-06 13:55 - 16872448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll

2014-06-12 14:41 - 2014-04-06 13:54 - 12711424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll

2014-06-12 14:41 - 2014-04-06 13:26 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\BootMenuUX.dll

2014-06-12 14:41 - 2014-04-06 13:20 - 00201216 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll

2014-06-12 14:41 - 2014-04-06 13:01 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2014-06-12 14:41 - 2014-04-06 12:52 - 00955904 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll

2014-06-12 14:41 - 2014-04-06 12:51 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll

2014-06-12 14:41 - 2014-04-06 12:37 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll

2014-06-12 14:41 - 2014-04-06 12:36 - 00888320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll

2014-06-12 14:41 - 2014-04-06 12:05 - 01222656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll

2014-06-12 14:41 - 2014-04-06 11:59 - 00982016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll

2014-06-12 14:41 - 2014-04-03 10:12 - 02124840 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll

2014-06-12 14:41 - 2014-04-03 10:12 - 00307304 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2014-06-12 14:41 - 2014-04-03 10:12 - 00130144 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll

2014-06-12 14:41 - 2014-04-03 06:03 - 00230808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2014-06-12 14:41 - 2014-04-03 06:03 - 00111528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll

2014-06-12 14:41 - 2014-04-03 05:53 - 01797896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll

2014-06-12 14:41 - 2014-04-03 04:53 - 04269056 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll

2014-06-12 14:41 - 2014-04-03 04:53 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys

2014-06-12 14:41 - 2014-04-03 04:51 - 01584128 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll

2014-06-12 14:41 - 2014-04-03 04:23 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2014-06-12 14:41 - 2014-04-03 04:23 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2014-06-12 14:41 - 2014-04-03 04:23 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tlscsp.dll

2014-06-12 14:41 - 2014-04-03 04:22 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\tlscsp.dll

2014-06-12 14:41 - 2014-04-01 08:23 - 00384856 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys

2014-06-12 14:41 - 2014-03-31 07:42 - 07425368 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2014-06-12 14:41 - 2014-03-31 02:41 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d8thk.dll

2014-06-12 14:41 - 2014-03-31 02:01 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersShell.dll

2014-06-12 14:41 - 2014-03-31 01:43 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll

2014-06-12 14:41 - 2014-03-31 00:54 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll

2014-06-12 14:41 - 2014-03-31 00:49 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll

2014-06-12 14:41 - 2014-03-31 00:35 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll

2014-06-12 14:41 - 2014-03-31 00:11 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll

2014-06-12 14:41 - 2014-03-30 23:47 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe

2014-06-12 14:41 - 2014-03-28 17:58 - 00407016 _____ (Microsoft Corporation) C:\Windows\system32\services.exe

2014-06-12 14:41 - 2014-03-27 08:16 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys

2014-06-12 14:41 - 2014-03-27 07:36 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll

2014-06-12 14:41 - 2014-03-27 06:59 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll

2014-06-12 14:41 - 2014-03-27 06:48 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll

2014-06-12 14:41 - 2014-03-27 06:19 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll

2014-06-12 14:41 - 2014-03-27 05:46 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll

2014-06-12 14:41 - 2014-03-27 05:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll

2014-06-12 14:41 - 2014-03-27 05:10 - 01436160 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe

2014-06-12 14:41 - 2014-03-25 00:58 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2014-06-12 14:41 - 2014-03-20 05:48 - 00263424 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe

2014-06-12 14:41 - 2014-03-20 02:44 - 06645248 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-06-12 14:41 - 2014-03-20 01:33 - 05774848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-06-12 14:41 - 2014-03-19 10:15 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll

2014-06-12 14:41 - 2014-03-19 10:07 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys

2014-06-12 14:41 - 2014-03-19 09:24 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll

2014-06-12 14:41 - 2014-03-19 09:17 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll

2014-06-12 14:41 - 2014-03-19 08:36 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll

2014-06-12 14:41 - 2014-03-19 07:56 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll

2014-06-12 14:41 - 2014-03-19 07:45 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll

2014-06-12 14:41 - 2014-03-19 07:19 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll

2014-06-12 14:41 - 2014-03-19 07:07 - 00370176 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll

2014-06-12 14:41 - 2014-03-19 07:02 - 01527296 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll

2014-06-12 14:41 - 2014-03-19 07:00 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll

2014-06-12 14:41 - 2014-03-19 06:51 - 00300544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll

2014-06-12 14:41 - 2014-03-19 06:31 - 02100736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll

2014-06-12 14:41 - 2014-03-19 06:18 - 02688000 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll

2014-06-12 14:41 - 2014-03-18 10:19 - 00077312 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys

2014-06-12 14:41 - 2014-03-18 07:00 - 07173120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll

2014-06-12 14:41 - 2014-03-18 06:52 - 05104640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll

2014-06-12 14:41 - 2014-03-17 07:09 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll

2014-06-12 14:41 - 2014-03-17 06:11 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2014-06-12 14:41 - 2014-03-17 05:01 - 00486912 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv

2014-06-12 14:41 - 2014-03-17 04:47 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll

2014-06-12 14:41 - 2014-03-17 04:45 - 00370176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv

2014-06-12 14:41 - 2014-03-14 08:26 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll

2014-06-12 14:41 - 2014-03-14 08:10 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll

2014-06-12 14:41 - 2014-03-06 14:42 - 00310616 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys

2014-06-12 14:40 - 2014-05-19 08:31 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\drvcfg.exe

2014-06-12 14:40 - 2014-05-19 08:21 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\drvinst.exe

2014-06-12 14:40 - 2014-05-19 07:23 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe

2014-06-12 14:40 - 2014-05-01 15:31 - 03048904 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe

2014-06-12 14:40 - 2014-05-01 15:31 - 00055328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wpcfltr.sys

2014-06-12 14:40 - 2014-05-01 09:14 - 03118080 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll

2014-06-12 14:40 - 2014-05-01 09:05 - 02861056 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll

2014-06-12 14:40 - 2014-05-01 08:51 - 02344448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll

2014-06-12 14:40 - 2014-05-01 07:24 - 02834944 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll

2014-06-12 14:40 - 2014-04-30 06:43 - 01975296 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2014-06-12 14:40 - 2014-04-30 06:26 - 01345536 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2014-06-12 14:40 - 2014-04-30 05:47 - 01509888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2014-06-12 14:39 - 2014-06-12 14:39 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2014-06-11 20:32 - 2014-06-18 18:42 - 00000000 ____D () C:\FRST

2014-06-11 20:25 - 2014-06-11 20:25 - 00000000 ____D () C:\Users\TV\Downloads\Trojaner

2014-06-04 19:54 - 2014-06-04 19:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf

2014-06-04 19:47 - 2014-06-04 19:47 - 00000000 _____ () C:\autoexec.bat

2014-06-04 19:46 - 2014-06-04 19:46 - 00002268 _____ () C:\Users\TV\Desktop\SpyHunter.lnk

2014-06-04 19:46 - 2014-06-04 19:46 - 00000000 ____D () C:\Users\TV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter

2014-06-04 19:46 - 2014-06-04 19:46 - 00000000 ____D () C:\sh4ldr

2014-06-04 19:46 - 2014-06-04 19:46 - 00000000 ____D () C:\Program Files\Enigma Software Group

2014-06-04 19:46 - 2012-06-22 11:01 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys

2014-06-04 19:45 - 2014-06-04 19:46 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP

2014-06-04 19:42 - 2014-06-04 19:42 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\TV\Downloads\SpyHunter-Installer.exe

2014-05-26 10:40 - 2014-06-16 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle

2014-05-26 10:40 - 2014-05-26 10:40 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-05-26 10:40 - 2014-05-26 10:40 - 00001163 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-05-26 10:40 - 2014-05-26 10:40 - 00000000 ____D () C:\ProgramData\Mozilla

2014-05-26 10:40 - 2014-05-26 10:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-05-26 10:40 - 2014-05-26 10:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-05-26 10:39 - 2014-05-26 10:39 - 00000000 ____D () C:\Program Files (x86)\sweetpacks bundle uninstaller_Firefox_1539824
 

==================== One Month Modified Files and Folders =======
 

2014-06-18 18:42 - 2014-06-11 20:32 - 00000000 ____D () C:\FRST

2014-06-18 18:42 - 2013-11-28 16:56 - 00000000 ____D () C:\Users\TV\AppData\Local\Temp

2014-06-18 18:34 - 2013-11-28 16:05 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{DB9B522E-EEA7-47AA-BF62-DF2ED5951F9D}

2014-06-18 18:02 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru

2014-06-18 17:55 - 2014-02-27 12:02 - 01414352 _____ () C:\Windows\WindowsUpdate.log

2014-06-18 15:57 - 2013-09-02 09:52 - 00822348 _____ () C:\Windows\system32\perfh007.dat

2014-06-18 15:57 - 2013-09-02 09:52 - 00183042 _____ () C:\Windows\system32\perfc007.dat

2014-06-18 15:57 - 2013-09-02 09:20 - 01927414 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-06-18 15:54 - 2014-06-18 15:54 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-06-18 14:09 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-17 09:33 - 2013-11-28 16:02 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-287583680-2149288412-797248488-1001

2014-06-16 19:00 - 2013-12-12 20:02 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-06-16 18:49 - 2014-05-15 17:42 - 00009034 _____ () C:\Windows\PFRO.log

2014-06-16 18:24 - 2014-06-16 18:24 - 00000739 _____ () C:\Users\TV\Desktop\JRT.txt

2014-06-16 18:22 - 2014-06-16 18:22 - 00000000 ____D () C:\Windows\ERUNT

2014-06-16 18:17 - 2013-08-22 22:57 - 00000000 ____D () C:\Windows\en-GB

2014-06-16 18:11 - 2014-06-16 18:06 - 00000000 ____D () C:\AdwCleaner

2014-06-16 18:11 - 2014-05-26 10:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle

2014-06-16 17:48 - 2014-06-16 17:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-16 17:47 - 2014-06-16 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-16 17:47 - 2014-06-16 17:47 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-16 17:47 - 2014-06-16 17:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-16 17:40 - 2014-06-16 17:40 - 00000000 ____D () C:\Users\TV\AppData\Local\VS Revo Group

2014-06-16 17:40 - 2014-06-16 17:40 - 00000000 ____D () C:\ProgramData\VS Revo Group

2014-06-16 17:40 - 2014-06-16 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

2014-06-16 17:40 - 2014-06-16 17:40 - 00000000 ____D () C:\Program Files\VS Revo Group

2014-06-16 17:35 - 2014-06-16 17:35 - 00001284 _____ () C:\Users\TV\Desktop\Revo Uninstaller.lnk

2014-06-16 17:35 - 2014-06-16 17:35 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-06-16 14:12 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness

2014-06-13 10:07 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache

2014-06-12 18:00 - 2013-11-28 16:57 - 00000000 ___RD () C:\Users\TV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-06-12 18:00 - 2013-11-28 16:57 - 00000000 ___RD () C:\Users\TV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-06-12 17:48 - 2013-08-22 16:44 - 00615544 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-06-12 16:22 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData

2014-06-12 16:22 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel

2014-06-12 16:22 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore

2014-06-12 16:22 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\oobe

2014-06-12 14:49 - 2014-01-19 12:36 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-06-12 14:49 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp

2014-06-12 14:48 - 2013-12-12 18:49 - 00000000 ____D () C:\Windows\system32\MRT

2014-06-12 14:47 - 2013-12-12 18:49 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-06-12 14:39 - 2014-06-12 14:39 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2014-06-11 21:28 - 2013-11-28 16:56 - 00000000 ____D () C:\Users\TV

2014-06-11 20:25 - 2014-06-11 20:25 - 00000000 ____D () C:\Users\TV\Downloads\Trojaner

2014-06-04 20:06 - 2014-03-12 18:56 - 00004746 _____ () C:\Windows\setupact.log

2014-06-04 19:54 - 2014-06-04 19:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf

2014-06-04 19:47 - 2014-06-04 19:47 - 00000000 _____ () C:\autoexec.bat

2014-06-04 19:46 - 2014-06-04 19:46 - 00002268 _____ () C:\Users\TV\Desktop\SpyHunter.lnk

2014-06-04 19:46 - 2014-06-04 19:46 - 00000000 ____D () C:\Users\TV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter

2014-06-04 19:46 - 2014-06-04 19:46 - 00000000 ____D () C:\sh4ldr

2014-06-04 19:46 - 2014-06-04 19:46 - 00000000 ____D () C:\Program Files\Enigma Software Group

2014-06-04 19:46 - 2014-06-04 19:45 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP

2014-06-04 19:42 - 2014-06-04 19:42 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\TV\Downloads\SpyHunter-Installer.exe

2014-06-03 14:27 - 2013-12-12 19:25 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2014-06-03 14:27 - 2013-12-12 19:25 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2014-05-31 07:13 - 2014-05-15 17:45 - 00703992 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-05-31 07:13 - 2014-05-15 17:45 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-05-30 12:21 - 2014-06-12 14:42 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-30 11:45 - 2014-06-12 14:42 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-05-30 11:28 - 2014-06-12 14:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-05-30 11:20 - 2014-06-12 14:42 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-05-30 11:18 - 2014-06-12 14:42 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-05-30 11:08 - 2014-06-12 14:42 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-05-30 11:06 - 2014-06-12 14:42 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-05-30 10:46 - 2014-06-12 14:42 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-30 10:44 - 2014-06-12 14:42 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-05-30 10:43 - 2014-06-12 14:42 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-05-30 10:38 - 2014-06-12 14:42 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-05-30 10:35 - 2014-06-12 14:42 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-05-30 10:29 - 2014-06-12 14:42 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-05-30 10:27 - 2014-06-12 14:42 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-05-30 10:23 - 2014-06-12 14:42 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-05-30 10:16 - 2014-06-12 14:42 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-05-30 10:04 - 2014-06-12 14:42 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-05-30 10:02 - 2014-06-12 14:42 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-05-30 09:56 - 2014-06-12 14:42 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-05-30 09:56 - 2014-06-12 14:42 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-05-30 09:54 - 2014-06-12 14:42 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-05-30 09:49 - 2014-06-12 14:42 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-05-30 09:43 - 2014-06-12 14:42 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-05-30 09:40 - 2014-06-12 14:42 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-05-30 09:30 - 2014-06-12 14:42 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-05-30 09:21 - 2014-06-12 14:42 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-05-30 09:15 - 2014-06-12 14:42 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-05-30 09:13 - 2014-06-12 14:42 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-05-30 09:13 - 2014-06-12 14:42 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-05-26 10:40 - 2014-05-26 10:40 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-05-26 10:40 - 2014-05-26 10:40 - 00001163 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-05-26 10:40 - 2014-05-26 10:40 - 00000000 ____D () C:\ProgramData\Mozilla

2014-05-26 10:40 - 2014-05-26 10:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-05-26 10:40 - 2014-05-26 10:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-05-26 10:39 - 2014-05-26 10:39 - 00000000 ____D () C:\Program Files (x86)\sweetpacks bundle uninstaller_Firefox_1539824

2014-05-20 13:04 - 2014-03-01 11:44 - 00000000 ___SD () C:\Users\TV\Documents\Meine Datenquellen

2014-05-20 11:12 - 2014-01-02 12:02 - 00000000 ____D () C:\download

2014-05-19 08:31 - 2014-06-12 14:40 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\drvcfg.exe

2014-05-19 08:21 - 2014-06-12 14:40 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\drvinst.exe

2014-05-19 07:23 - 2014-06-12 14:40 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
 

Some content of TEMP:

====================

C:\Users\TV\AppData\Local\Temp\avgnt.exe

C:\Users\TV\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

C:\Users\TV\AppData\Local\Temp\Quarantine.exe

C:\Users\TV\AppData\Local\Temp\SHSetup.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-06-18 15:26
 

==================== End Of Log ============================

--- --- ---

Ich hoffe daß jetzt alles weg ist, was nicht sauber ist.

Oder ?

Herzliche Grüße

H.P:

Flash Player updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

HKU\S-1-5-21-287583680-2149288412-797248488-1001\...\Run: [ztoytlnu] => regsvr32.exe "

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Hallo undguten Abend,

Ich habe den Flash Player upgedated und die Registry mit FRST gefixt.

Hier das Ergebniss:

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2014

Ran by TV at 2014-06-23 18:52:01 Run:1

Running from C:\Users\TV\Downloads\Trojaner\mitb

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

HKU\S-1-5-21-287583680-2149288412-797248488-1001\...\Run: [ztoytlnu] => regsvr32.exe

*****************
 

HKU\S-1-5-21-287583680-2149288412-797248488-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ztoytlnu => value deleted successfully.
 

==== End of Fixlog ====

Vorerst vielen Dank für die Unterstützung

Die Bewertung der Unterstützung werde ich im Anschluss durchführen.

Mit freundlichen Grüßen

H. P.