Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.01.2013, 10:30   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus - Standard

Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.certified-toolbar.com?si=41460&bs=true&tid=3231&q={searchTerms}
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.certified-toolbar.com?si=41460&bs=true&tid=3231&q={searchTerms}
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = http://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..keyword.URL: "http://search.certified-toolbar.com?si=41460&tid=3231&bs=true&q="
FF - user.js - File not found
[2013.01.04 20:12:15 | 000,003,269 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\p3n96zvx.default\searchplugins\Web Search.xml
:Files
C:\Users\User\AppData\Local\Conduit
C:\Users\User\Desktop\MBR.dat
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.01.2013, 15:44   #17
kiranoris
 
Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus - Standard

Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus



Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1926261916-575310351-292605388-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1926261916-575310351-292605388-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}\ not found.
Prefs.js: "Web Search" removed from browser.search.defaultengine
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "Web Search" removed from browser.search.order.1
Prefs.js: "Web Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.certified-toolbar.com?si=41460&tid=3231&bs=true&q=" removed from keyword.URL
C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\p3n96zvx.default\searchplugins\Web Search.xml moved successfully.
========== FILES ==========
C:\Users\User\AppData\Local\Conduit folder moved successfully.
C:\Users\User\Desktop\MBR.dat moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\User\Downloads\cmd.bat deleted successfully.
C:\Users\User\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: User
->Temp folder emptied: 92569070 bytes
->Temporary Internet Files folder emptied: 81695428 bytes
->FireFox cache emptied: 4895644 bytes
->Flash cache emptied: 903 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4758156 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 10199 bytes
 
Total Files Cleaned = 175,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 01102013_153232

Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
__________________


Alt 10.01.2013, 20:54   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus - Standard

Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus



Eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
__________________

Alt 10.01.2013, 21:06   #19
kiranoris
 
Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus - Standard

Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus



1.
Code:
ATTFilter
OTL logfile created on: 10.01.2013 20:58:21 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 48,28% Memory free
7,73 Gb Paging File | 5,33 Gb Available in Paging File | 68,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 150,00 Gb Total Space | 53,98 Gb Free Space | 35,99% Space Free | Partition Type: NTFS
Drive D: | 315,66 Gb Total Space | 205,96 Gb Free Space | 65,25% Space Free | Partition Type: NTFS
Drive E: | 761,15 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\User\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe (Adobe Systems, Inc.)
PRC - C:\Users\User\AppData\Roaming\ICQM\icq.exe (ICQ)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\mIRC\mirc.exe (mIRC Co. Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\4bf4968dcd45b0e3a980fee0b75ef7b9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\89b92188053d879d2df594c60377118d\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\b821a360f5c505b67d665f6b0a1c8168\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5576b9023011d93539e6130c02e4d51b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4e58865909005a18934507c7c09edce7\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15a0b846a01e5d9c5f5fc974b40267ed\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\0442a78d75f4624d9ca98dd06ea3a2cf\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\02ef0ca224970692c1794658ab1b0286\mscorlib.ni.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
MOD - C:\Users\User\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (IGBASVC) -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (FPSensor) -- C:\Windows\SysNative\drivers\FPSensor.sys (EgisTec)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (nuvotoncir) -- C:\Windows\SysNative\drivers\nuvotoncir.sys (Nuvoton Technology Corporation)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (winbondcir) -- C:\Windows\SysNative\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CA 5E B2 F1 A6 EA CD 01  [binary data]
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "hxxp://sf-hq-forum.de/index.php|https://service.gmx.net/de/cgi/g.fcgi/application/navigator?CUSTOMERNO=22789777&t=de1866861646.1357772696.f6d969fb|hxxp://w2.de.mymagictales.com/xhodon/chat.php|hxxp://play.cultures-online.de/co/bin/index.php|hxxp://fliplife.com/skills/user|hxxp://forum.starfleetonline.de/login.php?redirect=search.php&search_id=newposts&sid=3d0bda6180c387c67d8b070a31e621ff|http://www.trojaner-board.de/129161-...odes/bttf.htm"
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.3.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.04 19:15:18 | 000,000,000 | ---D | M]
 
[2013.01.04 19:15:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2013.01.06 12:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\p3n96zvx.default\extensions
[2013.01.05 17:20:20 | 000,000,000 | ---D | M] (Hotspot Shield) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\p3n96zvx.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
[2013.01.06 12:11:27 | 000,010,656 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\p3n96zvx.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2013.01.05 17:26:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.04 19:17:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.04 20:12:15 | 000,003,269 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
[2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.01.10 15:32:46 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-21-1926261916-575310351-292605388-1000..\Run: [Driver Whiz] C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe (PC Drivers Headquarters)
O4 - HKU\S-1-5-21-1926261916-575310351-292605388-1000..\Run: [icq] C:\Users\User\AppData\Roaming\ICQM\icq.exe (ICQ)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1926261916-575310351-292605388-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{664E0F60-BB30-420D-B617-BDCFB763E28C}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.03.22 16:17:27 | 000,000,175 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.10 15:32:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.01.10 02:01:25 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2013.01.10 02:00:49 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013.01.10 02:00:49 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013.01.10 02:00:49 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013.01.10 02:00:49 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013.01.10 02:00:49 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013.01.10 02:00:49 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013.01.09 23:37:58 | 000,755,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.01.09 23:37:58 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.01.09 23:37:49 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.01.09 23:37:48 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013.01.09 23:37:36 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013.01.09 23:37:36 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013.01.09 23:37:36 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013.01.09 23:37:36 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013.01.09 23:37:36 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013.01.09 23:37:36 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013.01.09 23:37:36 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013.01.09 23:37:36 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013.01.09 23:37:36 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013.01.09 23:37:36 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013.01.09 23:37:36 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013.01.09 23:37:36 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013.01.09 23:37:36 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013.01.09 23:37:36 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013.01.09 23:37:36 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013.01.09 23:37:36 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013.01.09 23:37:36 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013.01.09 23:37:36 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013.01.09 23:37:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013.01.09 23:37:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013.01.09 23:37:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013.01.09 23:37:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013.01.09 23:37:36 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013.01.09 23:37:36 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013.01.09 23:37:35 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013.01.09 23:37:35 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013.01.09 23:37:35 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013.01.09 23:37:35 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013.01.09 23:37:35 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013.01.09 23:37:35 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013.01.09 23:37:35 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013.01.09 23:37:35 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013.01.09 23:37:27 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.01.09 23:37:27 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.01.09 23:37:27 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.01.09 23:37:27 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.01.09 23:37:27 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.01.09 23:37:27 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.01.09 23:37:26 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.01.09 23:37:26 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.01.09 23:37:26 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.01.09 23:37:26 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.01.09 23:37:26 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.01.09 23:37:26 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.01.09 23:37:26 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.01.09 23:37:26 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.01.09 23:37:26 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.01.09 23:37:26 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.01.09 23:37:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.09 23:37:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.09 23:37:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.09 23:37:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.09 23:37:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.09 23:37:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.09 23:37:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.01.09 23:37:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.01.09 23:37:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.01.09 23:37:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.09 23:37:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.09 23:37:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.01.09 23:37:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.01.09 23:37:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.01.09 23:37:15 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.01.09 23:37:12 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2013.01.09 23:37:12 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2013.01.09 21:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013.01.09 19:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.01.09 19:03:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.01.09 16:40:34 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.01.09 16:23:17 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\tdsskiller.exe
[2013.01.09 16:08:11 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
[2013.01.08 21:35:17 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\mbar-1.01.0.1011
[2013.01.08 21:35:17 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\mbar
[2013.01.08 21:13:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.08 21:04:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.01.08 21:04:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.01.08 21:04:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.08 21:01:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.08 21:01:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.08 20:01:49 | 005,019,950 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2013.01.07 22:01:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2013.01.07 22:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.07 22:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.07 22:01:28 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.07 22:01:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.07 22:01:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Programs
[2013.01.07 22:00:56 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\User\Desktop\mbam-setup-1.70.0.1100.exe
[2013.01.04 23:59:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Adobe
[2013.01.04 23:58:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013.01.04 23:46:43 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2013.01.04 23:45:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\dll-files.com
[2013.01.04 23:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer
[2013.01.04 23:45:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dll-Files.com Fixer
[2013.01.04 23:34:38 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\videos
[2013.01.04 23:34:02 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\sf
[2013.01.04 23:10:47 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Schule
[2013.01.04 23:10:47 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Neuer Ordner
[2013.01.04 22:58:25 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Musik
[2013.01.04 22:46:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eSobi
[2013.01.04 22:29:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2013.01.04 22:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EgisTec IPS
[2013.01.04 22:29:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EgisTec Egis Software Update
[2013.01.04 22:26:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EgisTec
[2013.01.04 22:23:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2013.01.04 22:23:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyberlink
[2013.01.04 22:23:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BS_Player
[2013.01.04 22:23:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013.01.04 22:23:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2013.01.04 22:20:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.01.04 22:09:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.01.04 22:08:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer Inc
[2013.01.04 21:55:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Macromedia
[2013.01.04 21:47:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer GameZone
[2013.01.04 21:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2013.01.04 21:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013.01.04 21:28:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2013.01.04 21:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.01.04 21:26:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer Arcade Deluxe
[2013.01.04 21:23:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer
[2013.01.04 21:21:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.01.04 21:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2013.01.04 21:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.01.04 21:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.01.04 21:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013.01.04 21:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013.01.04 21:19:04 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013.01.04 21:19:04 | 000,000,000 | ---D | C] -- C:\Program Files\Doom Shareware for Windows 95
[2013.01.04 21:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2013.01.04 21:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013.01.04 21:18:59 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2013.01.04 21:18:59 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013.01.04 21:18:58 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Accessory Store
[2013.01.04 21:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\Acer
[2013.01.04 21:16:28 | 012,441,960 | ---- | C] (ICQ) -- C:\Program Files\install_icq7.exe
[2013.01.04 21:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.01.04 21:15:28 | 000,309,768 | ---- | C] (Dritek System Inc.) -- C:\Windows\GVUni.exe
[2013.01.04 21:15:26 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\d3dx9_42.dll
[2013.01.04 21:15:24 | 001,664,248 | ---- | C] (SuYin) -- C:\Windows\Acer Crystal Eye webcam.EXE
[2013.01.04 21:15:10 | 000,000,000 | ---D | C] -- C:\Windows\dsi
[2013.01.04 21:14:53 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2013.01.04 21:14:52 | 000,307,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[2013.01.04 21:14:52 | 000,000,000 | ---D | C] -- C:\Windows\DeployWinRE2
[2013.01.04 21:14:46 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Bilder
[2013.01.04 21:14:21 | 000,348,680 | ---- | C] (Dritek System Inc.) -- C:\Windows\UNINST32.EXE
[2013.01.04 21:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2013.01.04 21:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fotokasten comfort
[2013.01.04 21:07:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\FileZilla
[2013.01.04 21:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2013.01.04 21:07:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2013.01.04 21:04:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apps
[2013.01.04 20:54:52 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2013.01.04 20:40:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Macromedia
[2013.01.04 20:40:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Adobe
[2013.01.04 20:39:11 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.01.04 20:39:11 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.04 20:39:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013.01.04 20:39:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.01.04 20:23:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\WinRAR
[2013.01.04 20:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2013.01.04 20:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013.01.04 20:17:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2013.01.04 20:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013.01.04 20:17:04 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.01.04 20:17:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.01.04 20:17:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2013.01.04 20:17:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013.01.04 20:14:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2013.01.04 20:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013.01.04 20:14:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013.01.04 20:13:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Microsoft Help
[2013.01.04 20:13:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013.01.04 20:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013.01.04 20:13:33 | 000,000,000 | R--D | C] -- C:\MSOCache
[2013.01.04 20:12:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\DownTango
[2013.01.04 20:12:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Sky
[2013.01.04 20:03:16 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Soundpaket
[2013.01.04 19:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
[2013.01.04 19:55:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\mIRC
[2013.01.04 19:55:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mIRC
[2013.01.04 19:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2013.01.04 19:51:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\PC_Drivers_Headquarters
[2013.01.04 19:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Whiz
[2013.01.04 19:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Whiz
[2013.01.04 19:40:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Whiz
[2013.01.04 19:20:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
[2013.01.04 19:19:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ICQM
[2013.01.04 19:19:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ICQ-Profile
[2013.01.04 19:17:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Skype
[2013.01.04 19:17:29 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.01.04 19:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.01.04 19:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.01.04 19:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.01.04 19:15:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Mozilla
[2013.01.04 19:15:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Mozilla
[2013.01.04 19:15:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.01.04 19:15:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.01.04 19:15:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.04 10:30:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2013.01.04 10:30:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Intel Corporation
[2013.01.04 10:27:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ATI
[2013.01.04 10:27:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\ATI
[2013.01.04 10:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.01.04 10:23:04 | 000,123,392 | ---- | C] (Egis Technology Inc.) -- C:\Windows\SysNative\VCryptAPI.dll
[2013.01.04 10:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
[2013.01.04 10:22:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer Bio Protection
[2013.01.04 10:22:27 | 000,469,552 | ---- | C] (EgisTec) -- C:\Windows\SysWow64\NBMatS1SDK.dll
[2013.01.04 10:22:24 | 000,036,400 | ---- | C] (EgisTec) -- C:\Windows\SysNative\drivers\FPSensor.sys
[2013.01.04 10:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2013.01.04 10:14:37 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2013.01.04 10:14:01 | 000,652,344 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStorA.sys
[2013.01.04 10:14:01 | 000,028,216 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStorF.sys
[2013.01.04 10:13:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\InstallShield
[2013.01.04 10:12:59 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013.01.04 10:12:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013.01.04 10:12:36 | 000,000,000 | ---D | C] -- C:\Intel
[2013.01.04 10:11:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation
[2013.01.04 10:11:19 | 002,811,904 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2013.01.04 10:11:19 | 002,811,904 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
[2013.01.04 10:09:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Qualcomm Atheros
[2013.01.04 10:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013.01.04 10:05:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013.01.04 10:05:10 | 017,625,088 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2013.01.04 10:05:10 | 013,487,616 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2013.01.04 10:05:10 | 006,179,328 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2013.01.04 10:05:10 | 004,739,584 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2013.01.04 10:05:10 | 004,684,288 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2013.01.04 10:05:10 | 003,661,824 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atidxx64.dll
[2013.01.04 10:05:10 | 003,629,056 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2013.01.04 10:05:10 | 003,618,304 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
[2013.01.04 10:05:10 | 003,055,616 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2013.01.04 10:05:10 | 002,902,016 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
[2013.01.04 10:05:10 | 002,604,032 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2013.01.04 10:05:10 | 000,448,000 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2013.01.04 10:05:10 | 000,446,464 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2013.01.04 10:05:10 | 000,421,376 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll
[2013.01.04 10:05:10 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2013.01.04 10:05:10 | 000,312,320 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2013.01.04 10:05:10 | 000,225,280 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2013.01.04 10:05:10 | 000,202,752 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2013.01.04 10:05:10 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2013.01.04 10:05:10 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atibtmon.exe
[2013.01.04 10:05:10 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2013.01.04 10:05:10 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2013.01.04 10:05:10 | 000,053,248 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2013.01.04 10:05:10 | 000,053,248 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2013.01.04 10:05:10 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2013.01.04 10:05:10 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2013.01.04 10:05:10 | 000,052,224 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2013.01.04 10:05:10 | 000,052,224 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2013.01.04 10:05:10 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2013.01.04 10:05:10 | 000,043,008 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2013.01.04 10:05:10 | 000,039,936 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2013.01.04 10:05:10 | 000,012,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2013.01.04 10:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013.01.04 10:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013.01.04 10:03:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.01.04 10:02:58 | 002,080,120 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2013.01.04 10:02:58 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosade.dll
[2013.01.04 10:02:58 | 000,836,544 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll
[2013.01.04 10:02:58 | 000,772,224 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2013.01.04 10:02:58 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.01.04 10:02:58 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2013.01.04 10:02:58 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.01.04 10:02:58 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.01.04 10:02:58 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.01.04 10:02:58 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo.dll
[2013.01.04 10:02:58 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2013.01.04 10:02:58 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2013.01.04 10:02:58 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2013.01.04 10:02:58 | 000,065,944 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll
[2013.01.04 10:02:57 | 010,612,736 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2013.01.04 10:02:57 | 009,546,616 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek64.dll
[2013.01.04 10:02:57 | 007,164,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2013.01.04 10:02:57 | 003,673,232 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2013.01.04 10:02:57 | 002,743,440 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2013.01.04 10:02:57 | 002,028,920 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2013.01.04 10:02:57 | 001,561,744 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2013.01.04 10:02:57 | 001,460,600 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2013.01.04 10:02:57 | 001,269,904 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2013.01.04 10:02:57 | 000,881,808 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2013.01.04 10:02:57 | 000,869,752 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013.01.04 10:02:57 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2013.01.04 10:02:57 | 000,434,960 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2013.01.04 10:02:57 | 000,394,616 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2013.01.04 10:02:57 | 000,394,616 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2013.01.04 10:02:57 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.01.04 10:02:57 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2013.01.04 10:02:57 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.01.04 10:02:57 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.01.04 10:02:57 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.01.04 10:02:57 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.01.04 10:02:57 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2013.01.04 10:02:57 | 000,141,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2013.01.04 10:02:57 | 000,124,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2013.01.04 10:02:57 | 000,118,928 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2013.01.04 10:02:57 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.01.04 10:02:57 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.01.04 10:02:57 | 000,075,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2013.01.04 10:02:57 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll
[2013.01.04 10:02:56 | 002,714,720 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.01.04 10:02:56 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2013.01.04 10:02:56 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2013.01.04 10:02:56 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2013.01.04 10:02:56 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2013.01.04 10:02:56 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2013.01.04 10:02:56 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2013.01.04 10:02:56 | 000,501,192 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2013.01.04 10:02:56 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2013.01.04 10:02:56 | 000,487,368 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2013.01.04 10:02:56 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2013.01.04 10:02:56 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2013.01.04 10:02:56 | 000,415,688 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2013.01.04 10:02:56 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2013.01.04 10:02:56 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2013.01.04 10:02:56 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2013.01.04 10:02:56 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2013.01.04 10:02:56 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2013.01.04 10:02:56 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2013.01.04 10:02:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.01.04 10:02:55 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.01.04 10:02:51 | 001,706,640 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2013.01.04 10:02:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.01.04 10:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.01.04 10:01:34 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64H.dll
[2013.01.04 10:01:34 | 003,746,408 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkHDM64.dll
[2013.01.04 10:01:34 | 002,526,824 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RHDMEx64.dll
[2013.01.04 10:01:34 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64H.dll
[2013.01.04 10:01:34 | 000,372,056 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64H.dll
[2013.01.04 10:01:34 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DHT64.dll
[2013.01.04 10:01:34 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DAA64.dll
[2013.01.04 10:01:34 | 000,237,968 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys
[2013.01.04 10:01:34 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64H.dll
[2013.01.04 10:01:34 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64H.dll
[2013.01.04 10:01:34 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64H.dll
[2013.01.04 10:01:34 | 000,097,624 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64H.dll
[2013.01.04 10:01:34 | 000,092,264 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RHCoInst64.dll
[2013.01.04 10:01:34 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64H.dll
[2013.01.04 10:01:34 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64H.dll
[2013.01.04 10:01:31 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013.01.04 10:00:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nuvoton Technology Corporation
[2013.01.04 10:00:24 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.01.04 09:59:54 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013.01.04 09:45:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DriverGenius
[2013.01.04 09:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius
[2013.01.04 09:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver-Soft
[2013.01.04 09:35:19 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013.01.04 09:35:19 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013.01.04 09:35:19 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2013.01.04 09:35:07 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2013.01.04 09:35:07 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.01.04 09:35:07 | 000,000,000 | R--D | C] -- C:\Users\User\Searches
[2013.01.04 09:35:07 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.01.04 09:35:06 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013.01.04 09:35:06 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013.01.04 09:34:53 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013.01.04 09:34:53 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013.01.04 09:34:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Identities
[2013.01.04 09:34:41 | 000,000,000 | R--D | C] -- C:\Users\User\Contacts
[2013.01.04 09:34:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\VirtualStore
[2013.01.04 09:34:27 | 000,000,000 | --SD | C] -- C:\Users\User\AppData\Roaming\Microsoft
[2013.01.04 09:34:27 | 000,000,000 | R--D | C] -- C:\Users\User\Videos
[2013.01.04 09:34:27 | 000,000,000 | R--D | C] -- C:\Users\User\Saved Games
[2013.01.04 09:34:27 | 000,000,000 | R--D | C] -- C:\Users\User\Pictures
[2013.01.04 09:34:27 | 000,000,000 | R--D | C] -- C:\Users\User\Music
[2013.01.04 09:34:27 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.01.04 09:34:27 | 000,000,000 | R--D | C] -- C:\Users\User\Links
[2013.01.04 09:34:27 | 000,000,000 | R--D | C] -- C:\Users\User\Favorites
[2013.01.04 09:34:27 | 000,000,000 | R--D | C] -- C:\Users\User\Downloads
[2013.01.04 09:34:27 | 000,000,000 | R--D | C] -- C:\Users\User\Documents
[2013.01.04 09:34:27 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Vorlagen
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\AppData\Local\Verlauf
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\AppData\Local\Temporary Internet Files
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Startmenü
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\SendTo
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Recent
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Netzwerkumgebung
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Lokale Einstellungen
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Documents\Eigene Videos
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Documents\Eigene Musik
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Eigene Dateien
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Documents\Eigene Bilder
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Druckumgebung
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Cookies
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\AppData\Local\Anwendungsdaten
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Anwendungsdaten
[2013.01.04 09:34:27 | 000,000,000 | -H-D | C] -- C:\Users\User\AppData
[2013.01.04 09:34:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Temp
[2013.01.04 09:34:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Microsoft
[2013.01.04 09:34:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Media Center Programs
[2013.01.04 09:34:27 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop
[2013.01.04 09:34:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.01.04 09:34:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.01.04 09:34:14 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.01.04 09:34:14 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.01.04 09:34:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.01.04 09:34:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.01.04 09:34:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.01.04 09:34:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.01.04 09:34:14 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.01.04 09:34:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.01.04 09:34:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.01.04 09:34:14 | 000,000,000 | ---D | C] -- C:\Recovery
[2013.01.03 20:06:40 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.01.03 20:03:04 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.01.03 20:03:02 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013.01.03 20:02:01 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012.12.25 05:05:31 | 000,435,512 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\k57nd60a.sys
[2012.12.13 17:38:03 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.13 17:38:03 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.13 17:37:36 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.12.13 17:37:36 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.12.13 17:37:36 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscmmc.dll
[2012.12.13 17:37:36 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscmmc.dll
[2012.12.13 17:37:36 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.12.13 17:36:22 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.12.13 17:36:22 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.13 17:36:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.13 17:36:22 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.12.13 17:36:22 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.13 17:36:22 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.12.13 17:36:22 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.12.13 17:36:22 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.13 17:36:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.13 17:36:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.13 17:36:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.13 17:36:22 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.13 17:36:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.13 17:36:22 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.13 17:36:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.10 20:50:21 | 000,016,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.10 20:50:21 | 000,016,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.10 19:31:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.10 16:55:08 | 022,910,771 | ---- | M] () -- C:\Users\User\Desktop\2013-01-10 16.31.38.mp4
[2013.01.10 15:39:06 | 001,475,250 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.10 15:39:06 | 000,644,904 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.10 15:39:06 | 000,608,228 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.10 15:39:06 | 000,126,930 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.10 15:39:06 | 000,104,104 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.10 15:34:33 | 3111,546,880 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.10 15:32:46 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013.01.10 15:18:30 | 000,417,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.09 23:47:42 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\DLL-Files.Com Fixer_MONTHLY.job
[2013.01.09 21:28:43 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.01.09 21:28:43 | 000,002,046 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.01.09 16:40:27 | 462,941,528 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.09 16:23:28 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\tdsskiller.exe
[2013.01.09 16:09:06 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
[2013.01.08 21:34:30 | 013,485,902 | R--- | M] () -- C:\Users\User\Desktop\mbar-1.01.0.1011.zip
[2013.01.08 20:02:13 | 005,019,950 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2013.01.07 22:08:35 | 000,000,074 | ---- | M] () -- C:\Users\User\AppData\Roaming\mbam.context.scan
[2013.01.07 22:01:29 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.07 22:01:05 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\User\Desktop\mbam-setup-1.70.0.1100.exe
[2013.01.06 18:58:11 | 178,040,490 | ---- | M] () -- C:\Users\User\Desktop\6x12 - The Egg Salad Equivalency.avi
[2013.01.06 02:02:34 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\DLL-Files.Com Fixer_Updates.job
[2013.01.04 23:46:46 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2013.01.04 22:19:11 | 000,000,355 | ---- | M] () -- C:\Users\User\Desktop\Computer - Verknüpfung.lnk
[2013.01.04 21:55:00 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.01.04 21:54:59 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.04 20:17:50 | 000,003,047 | ---- | M] () -- C:\Users\User\Desktop\Microsoft Excel 2010.lnk
[2013.01.04 20:17:50 | 000,003,029 | ---- | M] () -- C:\Users\User\Desktop\Microsoft Word 2010.lnk
[2013.01.04 19:55:33 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\mIRC.lnk
[2013.01.04 19:20:02 | 000,001,798 | ---- | M] () -- C:\Users\User\Desktop\ICQ.lnk
[2013.01.04 19:17:29 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.01.04 19:15:21 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.01.04 10:30:56 | 001,500,444 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.04 10:25:34 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2013.01.04 10:22:27 | 000,469,552 | ---- | M] (EgisTec) -- C:\Windows\SysWow64\NBMatS1SDK.dll
[2013.01.04 10:22:24 | 000,036,400 | ---- | M] (EgisTec) -- C:\Windows\SysNative\drivers\FPSensor.sys
[2013.01.04 10:00:54 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_nuvotoncir_01009.Wdf
[2013.01.04 10:00:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013.01.03 20:10:00 | 000,207,887 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.01.03 20:10:00 | 000,207,887 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.01.03 20:07:16 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.12.16 19:35:04 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2012.12.16 18:34:49 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2012.12.16 18:32:44 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.16 16:05:28 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 15:44:34 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.16 15:44:25 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.13 17:39:17 | 000,066,048 | ---- | M] (Legolash2o) -- C:\Windows\SysNative\WinToolkitRunOnce.exe
[2012.12.13 17:38:03 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.13 17:38:03 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.13 17:37:36 | 000,225,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.12.13 17:37:36 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.12.13 17:37:36 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dnscmmc.dll
[2012.12.13 17:37:36 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscmmc.dll
[2012.12.13 17:37:36 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.12.13 17:36:22 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.12.13 17:36:22 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.13 17:36:22 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.13 17:36:22 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.12.13 17:36:22 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.13 17:36:22 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.12.13 17:36:22 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.12.13 17:36:22 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.13 17:36:22 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.13 17:36:22 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.13 17:36:22 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.13 17:36:22 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.13 17:36:22 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.13 17:36:22 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.13 17:36:22 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
 
========== Files Created - No Company Name ==========
 
[2013.01.10 16:48:01 | 022,910,771 | ---- | C] () -- C:\Users\User\Desktop\2013-01-10 16.31.38.mp4
[2013.01.09 16:40:27 | 462,941,528 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.01.08 21:34:13 | 013,485,902 | R--- | C] () -- C:\Users\User\Desktop\mbar-1.01.0.1011.zip
[2013.01.08 21:04:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.01.08 21:04:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.01.08 21:04:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.01.08 21:04:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.08 21:04:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.07 22:08:35 | 000,000,074 | ---- | C] () -- C:\Users\User\AppData\Roaming\mbam.context.scan
[2013.01.07 22:01:29 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.06 18:33:51 | 178,040,490 | ---- | C] () -- C:\Users\User\Desktop\6x12 - The Egg Salad Equivalency.avi
[2013.01.04 23:46:24 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\DLL-Files.Com Fixer_Updates.job
[2013.01.04 23:46:14 | 000,000,274 | ---- | C] () -- C:\Windows\tasks\DLL-Files.Com Fixer_MONTHLY.job
[2013.01.04 23:36:06 | 000,579,878 | ---- | C] () -- C:\Users\User\Desktop\DSC01332.JPG
[2013.01.04 22:19:11 | 000,000,355 | ---- | C] () -- C:\Users\User\Desktop\Computer - Verknüpfung.lnk
[2013.01.04 21:28:32 | 000,002,046 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.01.04 21:28:31 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.01.04 21:16:32 | 019,223,879 | ---- | C] () -- C:\Program Files\Sims3_1.2.7.00002_from_1.0.631.00002.zip
[2013.01.04 21:16:30 | 001,729,115 | ---- | C] () -- C:\Program Files\mirc635.zip
[2013.01.04 21:15:37 | 000,206,072 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2013.01.04 21:15:37 | 000,000,741 | ---- | C] () -- C:\Windows\NewDeployWinRE.cmd
[2013.01.04 21:15:37 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2013.01.04 21:15:37 | 000,000,070 | ---- | C] () -- C:\Windows\patch.loag
[2013.01.04 21:15:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2013.01.04 21:15:31 | 000,002,080 | ---- | C] () -- C:\Windows\MOD01SET78000G000X.enc
[2013.01.04 21:15:31 | 000,002,048 | ---- | C] () -- C:\Windows\MOD01SET75000N0006.enc
[2013.01.04 21:15:30 | 000,002,476 | ---- | C] () -- C:\Windows\MOD01SET74DE0N0003.enc
[2013.01.04 21:15:30 | 000,002,112 | ---- | C] () -- C:\Windows\MOD01SET0J000N000M.enc
[2013.01.04 21:15:30 | 000,002,008 | ---- | C] () -- C:\Windows\MOD01SET5K000G0002.enc
[2013.01.04 21:15:30 | 000,001,976 | ---- | C] () -- C:\Windows\MOD01SET00000000H7.enc
[2013.01.04 21:15:29 | 000,002,572 | ---- | C] () -- C:\Windows\MOD01OPK04000N0001.enc
[2013.01.04 21:15:29 | 000,000,184 | ---- | C] () -- C:\Windows\LManager.UNI
[2013.01.04 21:15:28 | 000,632,056 | ---- | C] () -- C:\Windows\Image.dll
[2013.01.04 21:15:28 | 000,000,098 | ---- | C] () -- C:\Windows\GridV.UNI
[2013.01.04 21:15:28 | 000,000,037 | ---- | C] () -- C:\Windows\EB6BE8A5-11AE-4e2b-8B6E-974168C301C8.DSI
[2013.01.04 21:15:26 | 000,011,453 | ---- | C] () -- C:\Windows\ChangeLang_Done.tag
[2013.01.04 21:15:26 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2013.01.04 21:15:26 | 000,000,050 | ---- | C] () -- C:\Windows\cdplayer.ini
[2013.01.04 21:15:26 | 000,000,000 | ---- | C] () -- C:\Windows\Acer.tag
[2013.01.04 21:15:24 | 000,000,033 | ---- | C] () -- C:\Windows\0
[2013.01.04 21:14:45 | 000,038,028 | ---- | C] () -- C:\Users\User\Desktop\Haushalt 2009.ods
[2013.01.04 21:14:22 | 239,728,683 | ---- | C] () -- C:\Windows\VGA_ATI_8.670.5.1000_W7x86W7x64_A.zip
[2013.01.04 21:14:22 | 000,025,848 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2013.01.04 21:14:21 | 000,009,168 | ---- | C] () -- C:\Windows\Suyin.reg
[2013.01.04 20:17:50 | 000,003,047 | ---- | C] () -- C:\Users\User\Desktop\Microsoft Excel 2010.lnk
[2013.01.04 20:17:50 | 000,003,029 | ---- | C] () -- C:\Users\User\Desktop\Microsoft Word 2010.lnk
[2013.01.04 20:12:17 | 000,011,264 | ---- | C] () -- C:\Windows\Launcher.exe
[2013.01.04 19:55:33 | 000,000,951 | ---- | C] () -- C:\Users\Public\Desktop\mIRC.lnk
[2013.01.04 19:20:02 | 000,001,798 | ---- | C] () -- C:\Users\User\Desktop\ICQ.lnk
[2013.01.04 19:17:29 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.01.04 19:15:21 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.01.04 19:15:21 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.01.04 10:30:56 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.04 10:25:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.01.04 10:23:04 | 000,952,683 | ---- | C] () -- C:\Windows\SysNative\VMC3KAPI.dll
[2013.01.04 10:11:19 | 000,481,350 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
[2013.01.04 10:11:19 | 000,073,919 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
[2013.01.04 10:05:10 | 000,402,016 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2013.01.04 10:05:10 | 000,402,016 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2013.01.04 10:05:10 | 000,332,288 | ---- | C] () -- C:\Windows\SysNative\ATIODE.exe
[2013.01.04 10:05:10 | 000,196,565 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2013.01.04 10:05:10 | 000,051,200 | ---- | C] () -- C:\Windows\SysNative\ATIODCLI.exe
[2013.01.04 10:05:10 | 000,019,017 | ---- | C] () -- C:\Windows\atiogl.xml
[2013.01.04 10:02:57 | 000,381,365 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013.01.04 10:00:54 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_nuvotoncir_01009.Wdf
[2013.01.04 10:00:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013.01.04 09:35:22 | 000,001,439 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.01.04 09:35:21 | 000,001,405 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.01.03 20:08:53 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.01.03 20:08:51 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.01.03 20:07:16 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.01.03 20:03:02 | 3111,546,880 | -HS- | C] () -- C:\hiberfil.sys
[2012.11.23 19:31:40 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.11.23 20:23:20 | 014,176,768 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.11.23 20:23:20 | 012,874,752 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
2.
Code:
ATTFilter
OTL Extras logfile created on: 10.01.2013 20:58:21 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 48,28% Memory free
7,73 Gb Paging File | 5,33 Gb Available in Paging File | 68,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 150,00 Gb Total Space | 53,98 Gb Free Space | 35,99% Space Free | Partition Type: NTFS
Drive D: | 315,66 Gb Total Space | 205,96 Gb Free Space | 65,25% Space Free | Partition Type: NTFS
Drive E: | 761,15 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{856A94B9-0C24-4034-92F1-3A3D9998A807}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | 
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{75F8A468-106F-4148-A4AA-AF1F42E7C590}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{78FA8668-2499-4B24-9C25-82CD6EB4C6B0}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{DE309D9C-0427-42BD-8467-4938EB07E542}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"UDP Query User{67C7A80B-44E9-4716-B4A5-8E8F60FDEE27}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"UDP Query User{91B130EA-86BD-492E-938E-A1BDD792C748}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{A4EA0AC4-47E7-48A3-B4A2-8EB5A712C356}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{11F38253-8940-FFDA-D131-B14120C357E4}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BD41C9CA-7722-7C0F-8BFE-E88A81865287}" = ccc-utility64
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB 2.0 UVC HD WebCam" = USB 2.0 UVC HD WebCam
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B540DA4-41AE-4B79-BEAB-0F07E09669AB}" = Driver Whiz
"{14D6085A-9A42-C0B5-823E-8C9619AC1026}" = Catalyst Control Center Graphics Full New
"{1FF19BBD-554D-733C-3BDF-B55C99349198}" = Catalyst Control Center Core Implementation
"{346D6B7A-4AD8-5C2C-E249-34CA3CD7D34B}" = CCC Help Polish
"{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding
"{357C0C30-051F-FE77-4709-025786123FB1}" = ccc-core-static
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{41BC23C5-157F-77A0-6662-17A5096E7946}" = Catalyst Control Center Graphics Previews Vista
"{4507185D-FAB8-B77D-4546-2CF31DA906AD}" = Catalyst Control Center Graphics Full Existing
"{4967ADB1-27A6-635F-A217-754BD9A05E2E}" = CCC Help Czech
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{54DFD48E-0E0D-5D0C-BD93-CE3DF090EC1C}" = CCC Help Japanese
"{5528C69D-4018-C4BD-7D00-67F90623EB33}" = CCC Help Italian
"{5582C24D-5597-42D2-537E-BA329164D78D}" = CCC Help Thai
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{785F975B-50FB-C523-5E58-C6EFE9E62424}" = CCC Help Portuguese
"{7D62622F-78B7-91B0-5B75-4082DDFAC775}" = CCC Help Swedish
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
"{7DE2B39B-97F0-EC01-06D6-E25C6D4164DF}" = CCC Help German
"{878789F8-276E-4D98-20E6-78DCBD77AD7D}" = CCC Help Turkish
"{8F2AE892-C036-C2F8-0D45-0ED891440D68}" = CCC Help French
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{95D40BD8-2EA7-C51E-A218-B2F863481573}" = CCC Help Chinese Standard
"{98A7C691-304F-31DC-A21C-3675E1D68501}" = CCC Help Chinese Traditional
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A33B56D0-F273-F6C2-C335-50AE0C83C85C}" = CCC Help Finnish
"{A8CB3994-B273-D81E-315C-CA3A8376415E}" = Catalyst Control Center Localization All
"{A8D450FB-F8F7-4250-7CE3-A3C24CDE5722}" = CCC Help Hungarian
"{AB82BA59-B05B-70DC-992B-D2D7A2AF4EE5}" = CCC Help Korean
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BFB59706-4FEC-37A8-96CD-C7F6932AD6DD}" = CCC Help Norwegian
"{C09EECFB-8925-5E54-1580-3FAEB6A78856}" = Catalyst Control Center Graphics Light
"{C0ED2557-8BCC-71B6-253C-BDFE26A9B37D}" = CCC Help Spanish
"{CC62C6C8-0D7F-3F0D-9BD6-49CB16029A6A}" = CCC Help Greek
"{CC6D2A70-B152-E250-ABEA-5D7D681469F8}" = CCC Help English
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DAFFBC42-ABA2-882C-68CB-593B9CF9ACF5}" = CCC Help Russian
"{DFF2D0B9-1706-6AA8-85CD-A70DF44AE3F8}" = CCC Help Danish
"{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution
"{E6AAFC37-EB31-768D-A9A5-AA8A84612615}" = CCC Help Dutch
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6B7BF58-36D0-A76E-53E2-F65DBD4A6A52}" = Catalyst Control Center InstallProxy
"{FBC79D04-051E-4367-8051-1DB0C893FBE0}" = Nuvoton CIR Device Drivers
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Dll-Files Fixer_is1" = Dll-Files Fixer
"FileZilla Client" = FileZilla Client 3.6.0.2
"InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"mIRC" = mIRC
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Protected Search_is1" = Protected Search 1.1
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ICQ" = ICQ 8.0 (build 5981, für aktuellen Benutzer)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.01.2013 11:00:12 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.01.2013 11:16:15 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 6.0.60.126, Zeitstempel:
 0x509cf347  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000204  ID des fehlerhaften Prozesses:
 0xc34  Startzeit der fehlerhaften Anwendung: 0x01cdee7a0c6a08bd  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 823575c4-5a6f-11e2-b2cf-506313da0578
 
Error - 09.01.2013 11:17:38 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1707, 
Zeitstempel: 0x509be8bf  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.22044,
 Zeitstempel: 0x4ff4b27e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e3be  ID des fehlerhaften
 Prozesses: 0x1290  Startzeit der fehlerhaften Anwendung: 0x01cdee7bb1846d25  Pfad der
 fehlerhaften Anwendung: C:\Users\User\Desktop\aswMBR.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: b37c9f5b-5a6f-11e2-b2cf-506313da0578
 
Error - 09.01.2013 11:19:01 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 6.0.60.126, Zeitstempel:
 0x509cf347  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000204  ID des fehlerhaften Prozesses:
 0x11bc  Startzeit der fehlerhaften Anwendung: 0x01cdee7ca55ccdbf  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: e4ca0a9a-5a6f-11e2-b2cf-506313da0578
 
Error - 09.01.2013 11:19:10 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 6.0.60.126, Zeitstempel:
 0x509cf347  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000204  ID des fehlerhaften Prozesses:
 0x394  Startzeit der fehlerhaften Anwendung: 0x01cdee7ca9df8098  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: ea63fde9-5a6f-11e2-b2cf-506313da0578
 
Error - 09.01.2013 11:41:05 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.01.2013 19:40:47 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.01.2013 20:45:20 | Computer Name = User-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 10.01.2013 10:19:57 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.01.2013 10:32:25 | Computer Name = User-PC | Source = Application Hang | ID = 1002
Description = Programm icq.exe, Version 8.0.5981.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 438    Startzeit: 
01cdef3d8b7e1d77    Endzeit: 7    Anwendungspfad: C:\Users\User\AppData\Roaming\ICQM\icq.exe

Berichts-ID:
   
 
Error - 10.01.2013 10:36:26 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 08.01.2013 16:04:42 | Computer Name = User-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
Error - 08.01.2013 16:04:42 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%-2147024891
 
Error - 08.01.2013 16:09:06 | Computer Name = User-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 08.01.2013 16:10:39 | Computer Name = User-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 08.01.2013 16:11:06 | Computer Name = User-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 08.01.2013 16:11:13 | Computer Name = User-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 09.01.2013 11:40:32 | Computer Name = User-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?01.?2013 um 16:38:39 unerwartet heruntergefahren.
 
Error - 09.01.2013 11:40:40 | Computer Name = User-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 10.01.2013 10:19:35 | Computer Name = User-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler 
beendet:   %%16405
 
Error - 10.01.2013 10:32:32 | Computer Name = User-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "EgisTec Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
 
< End of report >
         

Alt 10.01.2013, 21:20   #20
kiranoris
 
Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus - Standard

Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus



1.
Code:
ATTFilter
OTL logfile created on: 10.01.2013 20:58:21 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 48,28% Memory free
7,73 Gb Paging File | 5,33 Gb Available in Paging File | 68,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 150,00 Gb Total Space | 53,98 Gb Free Space | 35,99% Space Free | Partition Type: NTFS
Drive D: | 315,66 Gb Total Space | 205,96 Gb Free Space | 65,25% Space Free | Partition Type: NTFS
Drive E: | 761,15 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\User\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe (Adobe Systems, Inc.)
PRC - C:\Users\User\AppData\Roaming\ICQM\icq.exe (ICQ)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\mIRC\mirc.exe (mIRC Co. Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\4bf4968dcd45b0e3a980fee0b75ef7b9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\89b92188053d879d2df594c60377118d\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\b821a360f5c505b67d665f6b0a1c8168\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5576b9023011d93539e6130c02e4d51b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4e58865909005a18934507c7c09edce7\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15a0b846a01e5d9c5f5fc974b40267ed\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\0442a78d75f4624d9ca98dd06ea3a2cf\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\02ef0ca224970692c1794658ab1b0286\mscorlib.ni.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
MOD - C:\Users\User\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (IGBASVC) -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (FPSensor) -- C:\Windows\SysNative\drivers\FPSensor.sys (EgisTec)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (nuvotoncir) -- C:\Windows\SysNative\drivers\nuvotoncir.sys (Nuvoton Technology Corporation)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (winbondcir) -- C:\Windows\SysNative\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CA 5E B2 F1 A6 EA CD 01  [binary data]
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "hxxp://sf-hq-forum.de/index.php|https://service.gmx.net/de/cgi/g.fcgi/application/navigator?CUSTOMERNO=22789777&t=de1866861646.1357772696.f6d969fb|hxxp://w2.de.mymagictales.com/xhodon/chat.php|hxxp://play.cultures-online.de/co/bin/index.php|hxxp://fliplife.com/skills/user|hxxp://forum.starfleetonline.de/login.php?redirect=search.php&search_id=newposts&sid=3d0bda6180c387c67d8b070a31e621ff|http://www.trojaner-board.de/129161-...odes/bttf.htm"
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.3.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.04 19:15:18 | 000,000,000 | ---D | M]
 
[2013.01.04 19:15:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2013.01.06 12:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\p3n96zvx.default\extensions
[2013.01.05 17:20:20 | 000,000,000 | ---D | M] (Hotspot Shield) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\p3n96zvx.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
[2013.01.06 12:11:27 | 000,010,656 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\p3n96zvx.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2013.01.05 17:26:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.04 19:17:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.04 20:12:15 | 000,003,269 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
[2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.01.10 15:32:46 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-21-1926261916-575310351-292605388-1000..\Run: [Driver Whiz] C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe (PC Drivers Headquarters)
O4 - HKU\S-1-5-21-1926261916-575310351-292605388-1000..\Run: [icq] C:\Users\User\AppData\Roaming\ICQM\icq.exe (ICQ)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1926261916-575310351-292605388-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{664E0F60-BB30-420D-B617-BDCFB763E28C}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.03.22 16:17:27 | 000,000,175 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.10 15:32:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.01.10 02:01:25 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2013.01.10 02:00:49 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013.01.10 02:00:49 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013.01.10 02:00:49 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013.01.10 02:00:49 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013.01.10 02:00:49 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013.01.10 02:00:49 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013.01.09 23:37:58 | 000,755,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.01.09 23:37:58 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.01.09 23:37:49 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.01.09 23:37:48 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013.01.09 23:37:36 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013.01.09 23:37:36 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013.01.09 23:37:36 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013.01.09 23:37:36 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013.01.09 23:37:36 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013.01.09 23:37:36 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013.01.09 23:37:36 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013.01.09 23:37:36 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013.01.09 23:37:36 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013.01.09 23:37:36 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013.01.09 23:37:36 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013.01.09 23:37:36 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013.01.09 23:37:36 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013.01.09 23:37:36 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013.01.09 23:37:36 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013.01.09 23:37:36 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013.01.09 23:37:36 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013.01.09 23:37:36 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013.01.09 23:37:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013.01.09 23:37:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013.01.09 23:37:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013.01.09 23:37:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013.01.09 23:37:36 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013.01.09 23:37:36 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013.01.09 23:37:35 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013.01.09 23:37:35 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013.01.09 23:37:35 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013.01.09 23:37:35 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013.01.09 23:37:35 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013.01.09 23:37:35 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013.01.09 23:37:35 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013.01.09 23:37:35 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013.01.09 23:37:27 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.01.09 23:37:27 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.01.09 23:37:27 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.01.09 23:37:27 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.01.09 23:37:27 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.01.09 23:37:27 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.01.09 23:37:26 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.01.09 23:37:26 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.01.09 23:37:26 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.01.09 23:37:26 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.01.09 23:37:26 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.01.09 23:37:26 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.01.09 23:37:26 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.01.09 23:37:26 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.01.09 23:37:26 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.01.09 23:37:26 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.01.09 23:37:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.09 23:37:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.09 23:37:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.09 23:37:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.09 23:37:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.09 23:37:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.09 23:37:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.01.09 23:37:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.01.09 23:37:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.01.09 23:37:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.09 23:37:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.09 23:37:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.01.09 23:37:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.01.09 23:37:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.01.09 23:37:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.01.09 23:37:15 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.01.09 23:37:12 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2013.01.09 23:37:12 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2013.01.09 21:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013.01.09 19:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.01.09 19:03:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.01.09 16:40:34 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.01.09 16:23:17 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\tdsskiller.exe
[2013.01.09 16:08:11 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
[2013.01.08 21:35:17 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\mbar-1.01.0.1011
[2013.01.08 21:35:17 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\mbar
[2013.01.08 21:13:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.08 21:04:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.01.08 21:04:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.01.08 21:04:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.08 21:01:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.08 21:01:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.08 20:01:49 | 005,019,950 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2013.01.07 22:01:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2013.01.07 22:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.07 22:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.07 22:01:28 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.07 22:01:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.07 22:01:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Programs
[2013.01.07 22:00:56 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\User\Desktop\mbam-setup-1.70.0.1100.exe
[2013.01.04 23:59:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Adobe
[2013.01.04 23:58:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013.01.04 23:46:43 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2013.01.04 23:45:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\dll-files.com
[2013.01.04 23:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer
[2013.01.04 23:45:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dll-Files.com Fixer
[2013.01.04 23:34:38 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\videos
[2013.01.04 23:34:02 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\sf
[2013.01.04 23:10:47 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Schule
[2013.01.04 23:10:47 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Neuer Ordner
[2013.01.04 22:58:25 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Musik
[2013.01.04 22:46:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eSobi
[2013.01.04 22:29:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2013.01.04 22:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EgisTec IPS
[2013.01.04 22:29:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EgisTec Egis Software Update
[2013.01.04 22:26:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EgisTec
[2013.01.04 22:23:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2013.01.04 22:23:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyberlink
[2013.01.04 22:23:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BS_Player
[2013.01.04 22:23:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013.01.04 22:23:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2013.01.04 22:20:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.01.04 22:09:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.01.04 22:08:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer Inc
[2013.01.04 21:55:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Macromedia
[2013.01.04 21:47:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer GameZone
[2013.01.04 21:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2013.01.04 21:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013.01.04 21:28:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2013.01.04 21:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.01.04 21:26:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer Arcade Deluxe
[2013.01.04 21:23:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer
[2013.01.04 21:21:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.01.04 21:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2013.01.04 21:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.01.04 21:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.01.04 21:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013.01.04 21:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013.01.04 21:19:04 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013.01.04 21:19:04 | 000,000,000 | ---D | C] -- C:\Program Files\Doom Shareware for Windows 95
[2013.01.04 21:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2013.01.04 21:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013.01.04 21:18:59 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2013.01.04 21:18:59 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013.01.04 21:18:58 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Accessory Store
[2013.01.04 21:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\Acer
[2013.01.04 21:16:28 | 012,441,960 | ---- | C] (ICQ) -- C:\Program Files\install_icq7.exe
[2013.01.04 21:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.01.04 21:15:28 | 000,309,768 | ---- | C] (Dritek System Inc.) -- C:\Windows\GVUni.exe
[2013.01.04 21:15:26 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\d3dx9_42.dll
[2013.01.04 21:15:24 | 001,664,248 | ---- | C] (SuYin) -- C:\Windows\Acer Crystal Eye webcam.EXE
[2013.01.04 21:15:10 | 000,000,000 | ---D | C] -- C:\Windows\dsi
[2013.01.04 21:14:53 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2013.01.04 21:14:52 | 000,307,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[2013.01.04 21:14:52 | 000,000,000 | ---D | C] -- C:\Windows\DeployWinRE2
[2013.01.04 21:14:46 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Bilder
[2013.01.04 21:14:21 | 000,348,680 | ---- | C] (Dritek System Inc.) -- C:\Windows\UNINST32.EXE
[2013.01.04 21:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2013.01.04 21:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fotokasten comfort
[2013.01.04 21:07:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\FileZilla
[2013.01.04 21:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2013.01.04 21:07:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2013.01.04 21:04:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apps
[2013.01.04 20:54:52 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2013.01.04 20:40:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Macromedia
[2013.01.04 20:40:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Adobe
[2013.01.04 20:39:11 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.01.04 20:39:11 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.04 20:39:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013.01.04 20:39:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.01.04 20:23:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\WinRAR
[2013.01.04 20:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2013.01.04 20:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013.01.04 20:17:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2013.01.04 20:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013.01.04 20:17:04 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.01.04 20:17:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.01.04 20:17:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2013.01.04 20:17:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013.01.04 20:14:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2013.01.04 20:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013.01.04 20:14:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013.01.04 20:13:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Microsoft Help
[2013.01.04 20:13:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013.01.04 20:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013.01.04 20:13:33 | 000,000,000 | R--D | C] -- C:\MSOCache
[2013.01.04 20:12:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\DownTango
[2013.01.04 20:12:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Sky
[2013.01.04 20:03:16 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Soundpaket
[2013.01.04 19:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
[2013.01.04 19:55:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\mIRC
[2013.01.04 19:55:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mIRC
[2013.01.04 19:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2013.01.04 19:51:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\PC_Drivers_Headquarters
[2013.01.04 19:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Whiz
[2013.01.04 19:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Whiz
[2013.01.04 19:40:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Whiz
[2013.01.04 19:20:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
[2013.01.04 19:19:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ICQM
[2013.01.04 19:19:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ICQ-Profile
[2013.01.04 19:17:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Skype
[2013.01.04 19:17:29 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.01.04 19:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.01.04 19:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.01.04 19:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.01.04 19:15:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Mozilla
[2013.01.04 19:15:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Mozilla
[2013.01.04 19:15:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.01.04 19:15:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.01.04 19:15:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.04 10:30:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2013.01.04 10:30:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Intel Corporation
[2013.01.04 10:27:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ATI
[2013.01.04 10:27:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\ATI
[2013.01.04 10:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.01.04 10:23:04 | 000,123,392 | ---- | C] (Egis Technology Inc.) -- C:\Windows\SysNative\VCryptAPI.dll
[2013.01.04 10:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
[2013.01.04 10:22:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer Bio Protection
[2013.01.04 10:22:27 | 000,469,552 | ---- | C] (EgisTec) -- C:\Windows\SysWow64\NBMatS1SDK.dll
[2013.01.04 10:22:24 | 000,036,400 | ---- | C] (EgisTec) -- C:\Windows\SysNative\drivers\FPSensor.sys
[2013.01.04 10:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2013.01.04 10:14:37 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2013.01.04 10:14:01 | 000,652,344 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStorA.sys
[2013.01.04 10:14:01 | 000,028,216 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStorF.sys
[2013.01.04 10:13:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\InstallShield
[2013.01.04 10:12:59 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013.01.04 10:12:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013.01.04 10:12:36 | 000,000,000 | ---D | C] -- C:\Intel
[2013.01.04 10:11:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation
[2013.01.04 10:11:19 | 002,811,904 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2013.01.04 10:11:19 | 002,811,904 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
[2013.01.04 10:09:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Qualcomm Atheros
[2013.01.04 10:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013.01.04 10:05:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013.01.04 10:05:10 | 017,625,088 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2013.01.04 10:05:10 | 013,487,616 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2013.01.04 10:05:10 | 006,179,328 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2013.01.04 10:05:10 | 004,739,584 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2013.01.04 10:05:10 | 004,684,288 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2013.01.04 10:05:10 | 003,661,824 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atidxx64.dll
[2013.01.04 10:05:10 | 003,629,056 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2013.01.04 10:05:10 | 003,618,304 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
[2013.01.04 10:05:10 | 003,055,616 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2013.01.04 10:05:10 | 002,902,016 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
[2013.01.04 10:05:10 | 002,604,032 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2013.01.04 10:05:10 | 000,448,000 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2013.01.04 10:05:10 | 000,446,464 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2013.01.04 10:05:10 | 000,421,376 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll
[2013.01.04 10:05:10 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2013.01.04 10:05:10 | 000,312,320 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2013.01.04 10:05:10 | 000,225,280 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2013.01.04 10:05:10 | 000,202,752 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2013.01.04 10:05:10 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2013.01.04 10:05:10 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atibtmon.exe
[2013.01.04 10:05:10 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2013.01.04 10:05:10 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2013.01.04 10:05:10 | 000,053,248 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2013.01.04 10:05:10 | 000,053,248 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2013.01.04 10:05:10 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2013.01.04 10:05:10 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2013.01.04 10:05:10 | 000,052,224 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2013.01.04 10:05:10 | 000,052,224 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2013.01.04 10:05:10 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2013.01.04 10:05:10 | 000,043,008 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2013.01.04 10:05:10 | 000,039,936 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2013.01.04 10:05:10 | 000,012,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2013.01.04 10:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013.01.04 10:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013.01.04 10:03:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.01.04 10:02:58 | 002,080,120 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2013.01.04 10:02:58 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosade.dll
[2013.01.04 10:02:58 | 000,836,544 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll
[2013.01.04 10:02:58 | 000,772,224 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2013.01.04 10:02:58 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.01.04 10:02:58 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2013.01.04 10:02:58 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.01.04 10:02:58 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.01.04 10:02:58 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.01.04 10:02:58 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo.dll
[2013.01.04 10:02:58 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2013.01.04 10:02:58 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2013.01.04 10:02:58 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2013.01.04 10:02:58 | 000,065,944 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll
[2013.01.04 10:02:57 | 010,612,736 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2013.01.04 10:02:57 | 009,546,616 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek64.dll
[2013.01.04 10:02:57 | 007,164,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2013.01.04 10:02:57 | 003,673,232 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2013.01.04 10:02:57 | 002,743,440 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2013.01.04 10:02:57 | 002,028,920 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2013.01.04 10:02:57 | 001,561,744 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2013.01.04 10:02:57 | 001,460,600 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2013.01.04 10:02:57 | 001,269,904 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2013.01.04 10:02:57 | 000,881,808 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2013.01.04 10:02:57 | 000,869,752 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013.01.04 10:02:57 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2013.01.04 10:02:57 | 000,434,960 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2013.01.04 10:02:57 | 000,394,616 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2013.01.04 10:02:57 | 000,394,616 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2013.01.04 10:02:57 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.01.04 10:02:57 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2013.01.04 10:02:57 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.01.04 10:02:57 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.01.04 10:02:57 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.01.04 10:02:57 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.01.04 10:02:57 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2013.01.04 10:02:57 | 000,141,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2013.01.04 10:02:57 | 000,124,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2013.01.04 10:02:57 | 000,118,928 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2013.01.04 10:02:57 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.01.04 10:02:57 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.01.04 10:02:57 | 000,075,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2013.01.04 10:02:57 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll
[2013.01.04 10:02:56 | 002,714,720 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.01.04 10:02:56 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2013.01.04 10:02:56 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2013.01.04 10:02:56 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2013.01.04 10:02:56 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2013.01.04 10:02:56 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2013.01.04 10:02:56 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2013.01.04 10:02:56 | 000,501,192 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2013.01.04 10:02:56 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2013.01.04 10:02:56 | 000,487,368 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2013.01.04 10:02:56 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2013.01.04 10:02:56 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2013.01.04 10:02:56 | 000,415,688 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2013.01.04 10:02:56 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2013.01.04 10:02:56 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2013.01.04 10:02:56 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2013.01.04 10:02:56 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2013.01.04 10:02:56 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2013.01.04 10:02:56 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2013.01.04 10:02:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.01.04 10:02:55 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.01.04 10:02:51 | 001,706,640 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2013.01.04 10:02:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.01.04 10:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.01.04 10:01:34 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64H.dll
[2013.01.04 10:01:34 | 003,746,408 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkHDM64.dll
[2013.01.04 10:01:34 | 002,526,824 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RHDMEx64.dll
[2013.01.04 10:01:34 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64H.dll
[2013.01.04 10:01:34 | 000,372,056 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64H.dll
[2013.01.04 10:01:34 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DHT64.dll
[2013.01.04 10:01:34 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DAA64.dll
[2013.01.04 10:01:34 | 000,237,968 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys
[2013.01.04 10:01:34 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64H.dll
[2013.01.04 10:01:34 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64H.dll
[2013.01.04 10:01:34 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64H.dll
[2013.01.04 10:01:34 | 000,097,624 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64H.dll
[2013.01.04 10:01:34 | 000,092,264 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RHCoInst64.dll
[2013.01.04 10:01:34 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64H.dll
[2013.01.04 10:01:34 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64H.dll
[2013.01.04 10:01:31 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013.01.04 10:00:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nuvoton Technology Corporation
[2013.01.04 10:00:24 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.01.04 09:59:54 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013.01.04 09:45:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DriverGenius
[2013.01.04 09:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius
[2013.01.04 09:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver-Soft
[2013.01.04 09:35:19 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013.01.04 09:35:19 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013.01.04 09:35:19 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2013.01.04 09:35:07 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2013.01.04 09:35:07 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.01.04 09:35:07 | 000,000,000 | R--D | C] -- C:\Users\User\Searches
[2013.01.04 09:35:07 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.01.04 09:35:06 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013.01.04 09:35:06 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013.01.04 09:34:53 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013.01.04 09:34:53 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013.01.04 09:34:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Identities
[2013.01.04 09:34:41 | 000,000,000 | R--D | C] -- C:\Users\User\Contacts
[2013.01.04 09:34:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\VirtualStore
[2013.01.04 09:34:27 | 000,000,000 | --SD | C] -- C:\Users\User\AppData\Roaming\Microsoft
[2013.01.04 09:34:27 | 000,000,000 | R--D | C] -- C:\Users\User\Videos
[2013.01.04 09:34:27 | 000,000,000 | R--D | C] -- C:\Users\User\Saved Games
[2013.01.04 09:34:27 | 000,000,000 | R--D | C] -- C:\Users\User\Pictures
[2013.01.04 09:34:27 | 000,000,000 | R--D | C] -- C:\Users\User\Music
[2013.01.04 09:34:27 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.01.04 09:34:27 | 000,000,000 | R--D | C] -- C:\Users\User\Links
[2013.01.04 09:34:27 | 000,000,000 | R--D | C] -- C:\Users\User\Favorites
[2013.01.04 09:34:27 | 000,000,000 | R--D | C] -- C:\Users\User\Downloads
[2013.01.04 09:34:27 | 000,000,000 | R--D | C] -- C:\Users\User\Documents
[2013.01.04 09:34:27 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Vorlagen
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\AppData\Local\Verlauf
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\AppData\Local\Temporary Internet Files
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Startmenü
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\SendTo
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Recent
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Netzwerkumgebung
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Lokale Einstellungen
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Documents\Eigene Videos
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Documents\Eigene Musik
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Eigene Dateien
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Documents\Eigene Bilder
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Druckumgebung
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Cookies
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\AppData\Local\Anwendungsdaten
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Anwendungsdaten
[2013.01.04 09:34:27 | 000,000,000 | -H-D | C] -- C:\Users\User\AppData
[2013.01.04 09:34:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Temp
[2013.01.04 09:34:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Microsoft
[2013.01.04 09:34:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Media Center Programs
[2013.01.04 09:34:27 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop
[2013.01.04 09:34:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.01.04 09:34:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.01.04 09:34:14 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.01.04 09:34:14 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.01.04 09:34:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.01.04 09:34:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.01.04 09:34:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.01.04 09:34:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.01.04 09:34:14 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.01.04 09:34:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.01.04 09:34:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.01.04 09:34:14 | 000,000,000 | ---D | C] -- C:\Recovery
[2013.01.03 20:06:40 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.01.03 20:03:04 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.01.03 20:03:02 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013.01.03 20:02:01 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012.12.25 05:05:31 | 000,435,512 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\k57nd60a.sys
[2012.12.13 17:38:03 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.13 17:38:03 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.13 17:37:36 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.12.13 17:37:36 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.12.13 17:37:36 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscmmc.dll
[2012.12.13 17:37:36 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscmmc.dll
[2012.12.13 17:37:36 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.12.13 17:36:22 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.12.13 17:36:22 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.13 17:36:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.13 17:36:22 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.12.13 17:36:22 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.13 17:36:22 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.12.13 17:36:22 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.12.13 17:36:22 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.13 17:36:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.13 17:36:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.13 17:36:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.13 17:36:22 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.13 17:36:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.13 17:36:22 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.13 17:36:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.10 20:50:21 | 000,016,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.10 20:50:21 | 000,016,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.10 19:31:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.10 16:55:08 | 022,910,771 | ---- | M] () -- C:\Users\User\Desktop\2013-01-10 16.31.38.mp4
[2013.01.10 15:39:06 | 001,475,250 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.10 15:39:06 | 000,644,904 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.10 15:39:06 | 000,608,228 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.10 15:39:06 | 000,126,930 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.10 15:39:06 | 000,104,104 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.10 15:34:33 | 3111,546,880 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.10 15:32:46 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013.01.10 15:18:30 | 000,417,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.09 23:47:42 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\DLL-Files.Com Fixer_MONTHLY.job
[2013.01.09 21:28:43 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.01.09 21:28:43 | 000,002,046 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.01.09 16:40:27 | 462,941,528 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.09 16:23:28 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\tdsskiller.exe
[2013.01.09 16:09:06 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
[2013.01.08 21:34:30 | 013,485,902 | R--- | M] () -- C:\Users\User\Desktop\mbar-1.01.0.1011.zip
[2013.01.08 20:02:13 | 005,019,950 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2013.01.07 22:08:35 | 000,000,074 | ---- | M] () -- C:\Users\User\AppData\Roaming\mbam.context.scan
[2013.01.07 22:01:29 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.07 22:01:05 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\User\Desktop\mbam-setup-1.70.0.1100.exe
[2013.01.06 18:58:11 | 178,040,490 | ---- | M] () -- C:\Users\User\Desktop\6x12 - The Egg Salad Equivalency.avi
[2013.01.06 02:02:34 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\DLL-Files.Com Fixer_Updates.job
[2013.01.04 23:46:46 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2013.01.04 22:19:11 | 000,000,355 | ---- | M] () -- C:\Users\User\Desktop\Computer - Verknüpfung.lnk
[2013.01.04 21:55:00 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.01.04 21:54:59 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.04 20:17:50 | 000,003,047 | ---- | M] () -- C:\Users\User\Desktop\Microsoft Excel 2010.lnk
[2013.01.04 20:17:50 | 000,003,029 | ---- | M] () -- C:\Users\User\Desktop\Microsoft Word 2010.lnk
[2013.01.04 19:55:33 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\mIRC.lnk
[2013.01.04 19:20:02 | 000,001,798 | ---- | M] () -- C:\Users\User\Desktop\ICQ.lnk
[2013.01.04 19:17:29 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.01.04 19:15:21 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.01.04 10:30:56 | 001,500,444 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.04 10:25:34 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2013.01.04 10:22:27 | 000,469,552 | ---- | M] (EgisTec) -- C:\Windows\SysWow64\NBMatS1SDK.dll
[2013.01.04 10:22:24 | 000,036,400 | ---- | M] (EgisTec) -- C:\Windows\SysNative\drivers\FPSensor.sys
[2013.01.04 10:00:54 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_nuvotoncir_01009.Wdf
[2013.01.04 10:00:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013.01.03 20:10:00 | 000,207,887 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.01.03 20:10:00 | 000,207,887 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.01.03 20:07:16 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.12.16 19:35:04 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2012.12.16 18:34:49 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2012.12.16 18:32:44 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.16 16:05:28 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 15:44:34 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.16 15:44:25 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.13 17:39:17 | 000,066,048 | ---- | M] (Legolash2o) -- C:\Windows\SysNative\WinToolkitRunOnce.exe
[2012.12.13 17:38:03 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.13 17:38:03 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.13 17:37:36 | 000,225,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.12.13 17:37:36 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.12.13 17:37:36 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dnscmmc.dll
[2012.12.13 17:37:36 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscmmc.dll
[2012.12.13 17:37:36 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.12.13 17:36:22 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.12.13 17:36:22 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.13 17:36:22 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.13 17:36:22 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.12.13 17:36:22 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.13 17:36:22 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.12.13 17:36:22 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.12.13 17:36:22 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.13 17:36:22 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.13 17:36:22 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.13 17:36:22 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.13 17:36:22 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.13 17:36:22 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.13 17:36:22 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.13 17:36:22 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
 
========== Files Created - No Company Name ==========
 
[2013.01.10 16:48:01 | 022,910,771 | ---- | C] () -- C:\Users\User\Desktop\2013-01-10 16.31.38.mp4
[2013.01.09 16:40:27 | 462,941,528 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.01.08 21:34:13 | 013,485,902 | R--- | C] () -- C:\Users\User\Desktop\mbar-1.01.0.1011.zip
[2013.01.08 21:04:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.01.08 21:04:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.01.08 21:04:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.01.08 21:04:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.08 21:04:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.07 22:08:35 | 000,000,074 | ---- | C] () -- C:\Users\User\AppData\Roaming\mbam.context.scan
[2013.01.07 22:01:29 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.06 18:33:51 | 178,040,490 | ---- | C] () -- C:\Users\User\Desktop\6x12 - The Egg Salad Equivalency.avi
[2013.01.04 23:46:24 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\DLL-Files.Com Fixer_Updates.job
[2013.01.04 23:46:14 | 000,000,274 | ---- | C] () -- C:\Windows\tasks\DLL-Files.Com Fixer_MONTHLY.job
[2013.01.04 23:36:06 | 000,579,878 | ---- | C] () -- C:\Users\User\Desktop\DSC01332.JPG
[2013.01.04 22:19:11 | 000,000,355 | ---- | C] () -- C:\Users\User\Desktop\Computer - Verknüpfung.lnk
[2013.01.04 21:28:32 | 000,002,046 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.01.04 21:28:31 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.01.04 21:16:32 | 019,223,879 | ---- | C] () -- C:\Program Files\Sims3_1.2.7.00002_from_1.0.631.00002.zip
[2013.01.04 21:16:30 | 001,729,115 | ---- | C] () -- C:\Program Files\mirc635.zip
[2013.01.04 21:15:37 | 000,206,072 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2013.01.04 21:15:37 | 000,000,741 | ---- | C] () -- C:\Windows\NewDeployWinRE.cmd
[2013.01.04 21:15:37 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2013.01.04 21:15:37 | 000,000,070 | ---- | C] () -- C:\Windows\patch.loag
[2013.01.04 21:15:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2013.01.04 21:15:31 | 000,002,080 | ---- | C] () -- C:\Windows\MOD01SET78000G000X.enc
[2013.01.04 21:15:31 | 000,002,048 | ---- | C] () -- C:\Windows\MOD01SET75000N0006.enc
[2013.01.04 21:15:30 | 000,002,476 | ---- | C] () -- C:\Windows\MOD01SET74DE0N0003.enc
[2013.01.04 21:15:30 | 000,002,112 | ---- | C] () -- C:\Windows\MOD01SET0J000N000M.enc
[2013.01.04 21:15:30 | 000,002,008 | ---- | C] () -- C:\Windows\MOD01SET5K000G0002.enc
[2013.01.04 21:15:30 | 000,001,976 | ---- | C] () -- C:\Windows\MOD01SET00000000H7.enc
[2013.01.04 21:15:29 | 000,002,572 | ---- | C] () -- C:\Windows\MOD01OPK04000N0001.enc
[2013.01.04 21:15:29 | 000,000,184 | ---- | C] () -- C:\Windows\LManager.UNI
[2013.01.04 21:15:28 | 000,632,056 | ---- | C] () -- C:\Windows\Image.dll
[2013.01.04 21:15:28 | 000,000,098 | ---- | C] () -- C:\Windows\GridV.UNI
[2013.01.04 21:15:28 | 000,000,037 | ---- | C] () -- C:\Windows\EB6BE8A5-11AE-4e2b-8B6E-974168C301C8.DSI
[2013.01.04 21:15:26 | 000,011,453 | ---- | C] () -- C:\Windows\ChangeLang_Done.tag
[2013.01.04 21:15:26 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2013.01.04 21:15:26 | 000,000,050 | ---- | C] () -- C:\Windows\cdplayer.ini
[2013.01.04 21:15:26 | 000,000,000 | ---- | C] () -- C:\Windows\Acer.tag
[2013.01.04 21:15:24 | 000,000,033 | ---- | C] () -- C:\Windows\0
[2013.01.04 21:14:45 | 000,038,028 | ---- | C] () -- C:\Users\User\Desktop\Haushalt 2009.ods
[2013.01.04 21:14:22 | 239,728,683 | ---- | C] () -- C:\Windows\VGA_ATI_8.670.5.1000_W7x86W7x64_A.zip
[2013.01.04 21:14:22 | 000,025,848 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2013.01.04 21:14:21 | 000,009,168 | ---- | C] () -- C:\Windows\Suyin.reg
[2013.01.04 20:17:50 | 000,003,047 | ---- | C] () -- C:\Users\User\Desktop\Microsoft Excel 2010.lnk
[2013.01.04 20:17:50 | 000,003,029 | ---- | C] () -- C:\Users\User\Desktop\Microsoft Word 2010.lnk
[2013.01.04 20:12:17 | 000,011,264 | ---- | C] () -- C:\Windows\Launcher.exe
[2013.01.04 19:55:33 | 000,000,951 | ---- | C] () -- C:\Users\Public\Desktop\mIRC.lnk
[2013.01.04 19:20:02 | 000,001,798 | ---- | C] () -- C:\Users\User\Desktop\ICQ.lnk
[2013.01.04 19:17:29 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.01.04 19:15:21 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.01.04 19:15:21 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.01.04 10:30:56 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.04 10:25:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.01.04 10:23:04 | 000,952,683 | ---- | C] () -- C:\Windows\SysNative\VMC3KAPI.dll
[2013.01.04 10:11:19 | 000,481,350 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
[2013.01.04 10:11:19 | 000,073,919 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
[2013.01.04 10:05:10 | 000,402,016 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2013.01.04 10:05:10 | 000,402,016 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2013.01.04 10:05:10 | 000,332,288 | ---- | C] () -- C:\Windows\SysNative\ATIODE.exe
[2013.01.04 10:05:10 | 000,196,565 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2013.01.04 10:05:10 | 000,051,200 | ---- | C] () -- C:\Windows\SysNative\ATIODCLI.exe
[2013.01.04 10:05:10 | 000,019,017 | ---- | C] () -- C:\Windows\atiogl.xml
[2013.01.04 10:02:57 | 000,381,365 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013.01.04 10:00:54 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_nuvotoncir_01009.Wdf
[2013.01.04 10:00:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013.01.04 09:35:22 | 000,001,439 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.01.04 09:35:21 | 000,001,405 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.01.03 20:08:53 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.01.03 20:08:51 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.01.03 20:07:16 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.01.03 20:03:02 | 3111,546,880 | -HS- | C] () -- C:\hiberfil.sys
[2012.11.23 19:31:40 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.11.23 20:23:20 | 014,176,768 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.11.23 20:23:20 | 012,874,752 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
2.
Code:
ATTFilter
OTL Extras logfile created on: 10.01.2013 20:58:21 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 48,28% Memory free
7,73 Gb Paging File | 5,33 Gb Available in Paging File | 68,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 150,00 Gb Total Space | 53,98 Gb Free Space | 35,99% Space Free | Partition Type: NTFS
Drive D: | 315,66 Gb Total Space | 205,96 Gb Free Space | 65,25% Space Free | Partition Type: NTFS
Drive E: | 761,15 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{856A94B9-0C24-4034-92F1-3A3D9998A807}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | 
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{75F8A468-106F-4148-A4AA-AF1F42E7C590}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{78FA8668-2499-4B24-9C25-82CD6EB4C6B0}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{DE309D9C-0427-42BD-8467-4938EB07E542}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"UDP Query User{67C7A80B-44E9-4716-B4A5-8E8F60FDEE27}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"UDP Query User{91B130EA-86BD-492E-938E-A1BDD792C748}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{A4EA0AC4-47E7-48A3-B4A2-8EB5A712C356}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{11F38253-8940-FFDA-D131-B14120C357E4}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BD41C9CA-7722-7C0F-8BFE-E88A81865287}" = ccc-utility64
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB 2.0 UVC HD WebCam" = USB 2.0 UVC HD WebCam
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B540DA4-41AE-4B79-BEAB-0F07E09669AB}" = Driver Whiz
"{14D6085A-9A42-C0B5-823E-8C9619AC1026}" = Catalyst Control Center Graphics Full New
"{1FF19BBD-554D-733C-3BDF-B55C99349198}" = Catalyst Control Center Core Implementation
"{346D6B7A-4AD8-5C2C-E249-34CA3CD7D34B}" = CCC Help Polish
"{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding
"{357C0C30-051F-FE77-4709-025786123FB1}" = ccc-core-static
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{41BC23C5-157F-77A0-6662-17A5096E7946}" = Catalyst Control Center Graphics Previews Vista
"{4507185D-FAB8-B77D-4546-2CF31DA906AD}" = Catalyst Control Center Graphics Full Existing
"{4967ADB1-27A6-635F-A217-754BD9A05E2E}" = CCC Help Czech
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{54DFD48E-0E0D-5D0C-BD93-CE3DF090EC1C}" = CCC Help Japanese
"{5528C69D-4018-C4BD-7D00-67F90623EB33}" = CCC Help Italian
"{5582C24D-5597-42D2-537E-BA329164D78D}" = CCC Help Thai
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{785F975B-50FB-C523-5E58-C6EFE9E62424}" = CCC Help Portuguese
"{7D62622F-78B7-91B0-5B75-4082DDFAC775}" = CCC Help Swedish
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
"{7DE2B39B-97F0-EC01-06D6-E25C6D4164DF}" = CCC Help German
"{878789F8-276E-4D98-20E6-78DCBD77AD7D}" = CCC Help Turkish
"{8F2AE892-C036-C2F8-0D45-0ED891440D68}" = CCC Help French
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{95D40BD8-2EA7-C51E-A218-B2F863481573}" = CCC Help Chinese Standard
"{98A7C691-304F-31DC-A21C-3675E1D68501}" = CCC Help Chinese Traditional
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A33B56D0-F273-F6C2-C335-50AE0C83C85C}" = CCC Help Finnish
"{A8CB3994-B273-D81E-315C-CA3A8376415E}" = Catalyst Control Center Localization All
"{A8D450FB-F8F7-4250-7CE3-A3C24CDE5722}" = CCC Help Hungarian
"{AB82BA59-B05B-70DC-992B-D2D7A2AF4EE5}" = CCC Help Korean
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BFB59706-4FEC-37A8-96CD-C7F6932AD6DD}" = CCC Help Norwegian
"{C09EECFB-8925-5E54-1580-3FAEB6A78856}" = Catalyst Control Center Graphics Light
"{C0ED2557-8BCC-71B6-253C-BDFE26A9B37D}" = CCC Help Spanish
"{CC62C6C8-0D7F-3F0D-9BD6-49CB16029A6A}" = CCC Help Greek
"{CC6D2A70-B152-E250-ABEA-5D7D681469F8}" = CCC Help English
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DAFFBC42-ABA2-882C-68CB-593B9CF9ACF5}" = CCC Help Russian
"{DFF2D0B9-1706-6AA8-85CD-A70DF44AE3F8}" = CCC Help Danish
"{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution
"{E6AAFC37-EB31-768D-A9A5-AA8A84612615}" = CCC Help Dutch
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6B7BF58-36D0-A76E-53E2-F65DBD4A6A52}" = Catalyst Control Center InstallProxy
"{FBC79D04-051E-4367-8051-1DB0C893FBE0}" = Nuvoton CIR Device Drivers
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Dll-Files Fixer_is1" = Dll-Files Fixer
"FileZilla Client" = FileZilla Client 3.6.0.2
"InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"mIRC" = mIRC
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Protected Search_is1" = Protected Search 1.1
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ICQ" = ICQ 8.0 (build 5981, für aktuellen Benutzer)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.01.2013 11:00:12 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.01.2013 11:16:15 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 6.0.60.126, Zeitstempel:
 0x509cf347  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000204  ID des fehlerhaften Prozesses:
 0xc34  Startzeit der fehlerhaften Anwendung: 0x01cdee7a0c6a08bd  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 823575c4-5a6f-11e2-b2cf-506313da0578
 
Error - 09.01.2013 11:17:38 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1707, 
Zeitstempel: 0x509be8bf  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.22044,
 Zeitstempel: 0x4ff4b27e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e3be  ID des fehlerhaften
 Prozesses: 0x1290  Startzeit der fehlerhaften Anwendung: 0x01cdee7bb1846d25  Pfad der
 fehlerhaften Anwendung: C:\Users\User\Desktop\aswMBR.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: b37c9f5b-5a6f-11e2-b2cf-506313da0578
 
Error - 09.01.2013 11:19:01 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 6.0.60.126, Zeitstempel:
 0x509cf347  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000204  ID des fehlerhaften Prozesses:
 0x11bc  Startzeit der fehlerhaften Anwendung: 0x01cdee7ca55ccdbf  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: e4ca0a9a-5a6f-11e2-b2cf-506313da0578
 
Error - 09.01.2013 11:19:10 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 6.0.60.126, Zeitstempel:
 0x509cf347  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000204  ID des fehlerhaften Prozesses:
 0x394  Startzeit der fehlerhaften Anwendung: 0x01cdee7ca9df8098  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: ea63fde9-5a6f-11e2-b2cf-506313da0578
 
Error - 09.01.2013 11:41:05 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.01.2013 19:40:47 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.01.2013 20:45:20 | Computer Name = User-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 10.01.2013 10:19:57 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.01.2013 10:32:25 | Computer Name = User-PC | Source = Application Hang | ID = 1002
Description = Programm icq.exe, Version 8.0.5981.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 438    Startzeit: 
01cdef3d8b7e1d77    Endzeit: 7    Anwendungspfad: C:\Users\User\AppData\Roaming\ICQM\icq.exe

Berichts-ID:
   
 
Error - 10.01.2013 10:36:26 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 08.01.2013 16:04:42 | Computer Name = User-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
Error - 08.01.2013 16:04:42 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%-2147024891
 
Error - 08.01.2013 16:09:06 | Computer Name = User-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 08.01.2013 16:10:39 | Computer Name = User-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 08.01.2013 16:11:06 | Computer Name = User-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 08.01.2013 16:11:13 | Computer Name = User-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 09.01.2013 11:40:32 | Computer Name = User-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?01.?2013 um 16:38:39 unerwartet heruntergefahren.
 
Error - 09.01.2013 11:40:40 | Computer Name = User-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 10.01.2013 10:19:35 | Computer Name = User-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler 
beendet:   %%16405
 
Error - 10.01.2013 10:32:32 | Computer Name = User-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "EgisTec Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
 
< End of report >
         


Alt 10.01.2013, 21:44   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus - Standard

Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus



Code:
ATTFilter
[2013.01.04 21:16:32 | 019,223,879 | ---- | C] () -- C:\Program Files\Sims3_1.2.7.00002_from_1.0.631.00002.zip
         
Von WO bitte hast du das denn jetzt her?!
__________________
--> Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus

Alt 10.01.2013, 23:16   #22
kiranoris
 
Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus - Standard

Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus



hab ich nicht neu drauf gemacht, war schon drauf, hatte ich von meiner externen festplatte ja alles am freitag wieder drauf gespielt, nachdem ich die alte interne ersetzen musste. ist aber noch nicht wieder installiert, weil dvd mit key noch im umzugskarton ist. ist vielleicht beim halbieren des textes beim letzten scan verloren gegangen

Alt 11.01.2013, 00:09   #23
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus - Standard

Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus



Das soll die Ausrede für eine gecrackte Software sein?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.01.2013, 00:12   #24
kiranoris
 
Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus - Standard

Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus



das ist keine ausrede, ich nehme an, dass mein mann es mir früher als fix drauf gemacht hat, weil ich mit der software probleme hatte, ich habe mir das spiel vor 5 Jahren ganz legal in den USA gekauft, als ich dort unterwegs war, wenn du mir nicht glaubst, kann ich gerne das spiel heraussuchen und es dir beweisen.

Alt 11.01.2013, 00:21   #25
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus - Standard

Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus



Wie irgendwer als TO irgendwas gekauft hat ist uns völlig Banane
Wenn wir Cracks sehen bzw. gecrackte Software gibt es einen Hinweis auf die Einstellung der Bereingung und ein Hinweis zur Neuinstallation wird gepostet.

JEDER kann posten er hätte das Original, aber das ist nicht unsere Aufgabe das zu prüfen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.01.2013, 00:25   #26
kiranoris
 
Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus - Standard

Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus



als TO? Wie gesagt, ich habe kein Problem damit zu beweisen, dass ich das Original habe und weiß auch nicht, was es mit der zip datei auf sich hat, das einzige was ich mir vorstellen kann, ist, dass es als fix benötigt wurde, ich habe keine illegale software auf dem PC und möchte auch nicht, dass das jemand von mr denkt. Ich bin jederzeit bereit meine Unschuld unter Beweis zu stellen.

Alt 11.01.2013, 00:44   #27
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus - Standard

Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus



Es ist zwar nicht installiert, aber dennoch wilst du gecrackte/illegale Software wohl nutzen weil mal wieder "beim Umzug alles verloren" gegangen sei?

Willst du wissen wie oft ich diese Ausrede mit dem Umzug schon gehört (gelesen) habe?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.01.2013, 00:50   #28
kiranoris
 
Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus - Standard

Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus



das mag sein, aber es ist nicht verloren, ich weiß in welcher kiste es ist und kann es in zehn minuten hier haben. Es tut mir leid, dass man kein Vertrauen hat, aber ich bin wirklich gewillt, es dir zu beweisen. Bist du dir sicher, dass das Ding illegal ist? Das kann ich nicht glauben, dass mir mein Mann illegale Sachen auf den PC macht, wie gesagt, nur zum fixen irgendwelcher Probleme. Ich kann dir Bilder von der DVD mit mir schicken, ich kann es dir morgen im skype oder sonst was... ich will dir nur beweisen, dass ich keine illegale Software habe. Ich weiß selber, wie das mit Ausreden ist, ich bin Grundschullehrerin und schon alleine aus diesem Grund, würde mir nie einfallen auf meinen Laptop illegale Sachen zu machen. Bitte!

hab die dvd rausgesucht, sogar noch mit kaufbeleg... sag mir, was du für einen beweis willst, ich liefere ihn dir.

Geändert von kiranoris (11.01.2013 um 01:05 Uhr)

Alt 11.01.2013, 13:59   #29
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus - Standard

Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus



Zitat:
Bist du dir sicher, dass das Ding illegal ist?
Ja. Prüf es doch selber. Originalsoftware wird sich so nicht nennen (Dateiname) und als ZIP liegt (legale) Originalsoftware wohl auch nicht auf der CD oder DVD

Hier google doch mal nach dem Dateinamen => Let me google that for you

Schon auffällig, dass da als Ergebnis nur irgendwelche Clickhoster wie 4shared oder so die Datei hosten, nicht wahr?

Zitat:
hab die dvd rausgesucht, sogar noch mit kaufbeleg... sag mir, was du für einen beweis willst, ich liefere ihn dir.
Eine illegale und wohl mit Schädlingen gespickte Version wird weder legaler noch ungefährlicher nur weil du einen Kaufbeleg hast
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.01.2013, 14:16   #30
kiranoris
 
Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus - Standard

Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus



Okay, ich verstehe, ich ging halt davon aus, dass es sich dabei um eine Art Fehlerbehebungszip handelte und hatte sie deswegen meiner Meinung nach auf der alten Festplatte. Was sollte ich auch mit einem Crack, wenn ich das Original habe... 100ig nachvollziehen kann ich es jetzt nicht, nachdem ich vermutlich wohl schon seit einigen Jahre habe. Wenn Malware drauf war, ist es jedenfalls auch keinem Program aufgefallen in dieser Zeit.

Muss ich also annehmen, dass ich keine weitere Unterstützung von dir erhalten, auch wenn ich meiner Meinung nach nichts illegales oder so unternommen habe?

Antwort

Themen zu Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
00000008.@, administrator, anti-malware, autostart, avira, dateien, ergebnis, explorer, festplatte, folge, gelöscht, home, laptop, log, malwarebytes, microsoft, neue, neue festplatte, scan, services.exe, software, system, system32, tr/atraps.gen, treiber, trojaner, virus




Ähnliche Themen: Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus


  1. Antivir findet immer wieder TR/atraps.gen, TR/atraps.gen2 , HTML/expKit.Gen3
    Log-Analyse und Auswertung - 17.11.2013 (12)
  2. WIEDERKEHRENDE TROJANER NAMENS TR/Necurs.A.49; TR/ATRAPS.Gen; TR/ATRAPS.Gen2, TR/Rootkit.Gen; TR/Crypt.ZPACK.Gen.+ DANKE! +
    Log-Analyse und Auswertung - 02.12.2012 (49)
  3. Trojaner Befall TR/ATRAPS.GEN ,TR/ATRAPS.GEN2 , TR/Cutwail.jhg , TR/ZAccess.H , TR/Sirefef.A.37
    Plagegeister aller Art und deren Bekämpfung - 08.10.2012 (17)
  4. W32/Patched.UA in "C:\Windows\System32\services.exe" + TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.GEN2
    Plagegeister aller Art und deren Bekämpfung - 26.08.2012 (2)
  5. TR/ATRAPS.GEN2; TR/ATRAPS.GEN und diverse andere Trojaner
    Plagegeister aller Art und deren Bekämpfung - 17.08.2012 (1)
  6. antivir meldet alle paar minuten den fund TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 01.08.2012 (4)
  7. Von Avira gefundene Trojaner - TR/Crypt.ZPACK.Gen, TR/ATRAPS.Gen, TR/ATRAPS.Gen2 und BDS/ZAccess.T
    Log-Analyse und Auswertung - 27.07.2012 (25)
  8. Trojaner Meldung Von FreeAntiVir TR/ATraps/Gen2 / TR/ATraps/Gen
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (3)
  9. Trojaner TR/ATRAPS.gen und TR/ATRAPS.Gen2 lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (30)
  10. Trojaner Atraps.Gen, Atraps.Gen2 und Sirefef.AB.20 - gelöscht, aber auch sicher?
    Log-Analyse und Auswertung - 14.07.2012 (23)
  11. Virus gefunden: TR/ATRAPS.Gen, TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 12.07.2012 (1)
  12. Antivir findet 4 Trojaner: TR/ATRAPS.Gen, TR/ATRAPS.Gen2, Sirefef.P.342, Dldr.Phdet.E.41
    Log-Analyse und Auswertung - 11.07.2012 (1)
  13. Trojaner tr/atraps.gen & tr atraps.gen2 von AntiVir gemeldet
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (5)
  14. Nach Befall tr/atraps.gen tr/atraps.gen2 formatiert - Computer startet selbständig neu
    Log-Analyse und Auswertung - 09.07.2012 (1)
  15. Virus (Rootkit.0Access, TR/ATRAPS.Gen, TR/ATRAPS.Gen2) entfernt; tatsächlich clean?
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (7)
  16. TR/Small.FI, TR/ATRAPS.Gen, TR/ATRAPS.GEN2 und W32/Patched.UA in "C:\Windows\System32\services.exe"
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (15)
  17. Und noch einer: Trojaner TR/ATRAPS.Gen2 und TR/ATRAPS.Gen und W32/Patched.UA HILFE!!!
    Log-Analyse und Auswertung - 28.06.2012 (7)

Zum Thema Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus - Fixen mit OTL Starte bitte die OTL.exe . Kopiere nun den Inhalt aus der Codebox in die Textbox. Code: Alles auswählen Aufklappen ATTFilter :OTL IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.certified-toolbar.com?si=41460&bs=true&tid=3231&q={searchTerms} - Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus...
Archiv
Du betrachtest: Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.