OTL Logdaten für GVU Trojaner, weißer Bildschirm, kein abgesicherter Modus unter Windows 7

exzel · 06.07.2013, 18:12

Hallo zusammen,

auf meinem Computer ist der GVU Trojaner drauf gewesen. Ich habe die Kaskersky Rescue Disk, Bitdefender Boot Disk und Avira Resuce Disk scannen lassen.

Danach war der Bildschirm beim Hochfahren noch immer weiß und der abgesichterte Modus war nicht verfügbar. Beim abgesichterten Modus startete der Computer einfach in den Normalmodus neu. Mit windowsunlocker auf der Kaspersky Resuce Disk läuft der Computer wieder normal.

Dennoch habe ich zur Sicherheit per OTL die Logdateien erstellt.

Hier die Logfiles.

Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 7/6/2013 11:36:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Media Markt\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.61 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 64.32% Memory free
7.21 Gb Paging File | 5.58 Gb Available in Paging File | 77.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.42 Gb Total Space | 108.68 Gb Free Space | 72.74% Space Free | Partition Type: NTFS
Drive D: | 148.28 Gb Total Space | 134.74 Gb Free Space | 90.87% Space Free | Partition Type: NTFS
Drive F: | 3.70 Gb Total Space | 0.78 Gb Free Space | 21.08% Space Free | Partition Type: FAT32
 
Computer Name: MEDIAMARKT-TOSH | User Name: Media Markt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2034675587-1304552012-727775137-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{80B73AE0-E934-4D3A-B826-15499A1EE320}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{8AB85FB8-A8CB-4B64-9423-BE0E7751E50F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{100C33BA-B7E4-41E0-8631-ACE48F28E3BF}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{24AA54F2-4775-47B4-BA13-BFAC8732BB7B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{855D6FF3-9250-414E-8FCE-1723158F8377}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{8B5383A9-1493-43CE-9BDF-CABE44D74018}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{B9AC452E-8ACC-4E61-88EE-D91F52B1721B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{DCAB7391-D00D-4851-AD3A-B1FAE36514A6}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{E52E69F3-9AFA-4777-8FB6-31345EEC5EEC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{EA14E844-5F61-4442-977B-EB855C9871C2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
"{4ACA5AE7-E68C-5A48-F8E6-D67946267506}" = ATI Catalyst Install Manager
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{6316805C-2485-2FF5-974C-750E3BE1DF65}" = AMD Media Foundation Decoders
"{65486209-5C54-439C-8383-8AC9BBE25932}" = Atheros Bluetooth Filter Driver Package
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A34D9B7F-8453-DA02-DC98-EEEE085411C6}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0146E330-EEE7-B924-B347-B399460893ED}" = CCC Help Czech
"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{09927C92-A652-057A-3A7B-153F23175C58}" = CCC Help Dutch
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{109CBCC5-7151-1CC6-DAD6-6F7DD3162A8A}" = Catalyst Control Center InstallProxy
"{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}" = TOSHIBA Supervisor Password
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19E40731-8E1A-07FB-DA7D-8A54603F6408}" = CCC Help English
"{1B97813D-74A7-25EB-4837-792413507E82}" = CCC Help Danish
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1CF94211-A7BB-8151-44B8-6618C5A162F8}" = CCC Help Portuguese
"{1D7FEEAC-6CEE-5B5F-A8B0-9BE7A6BCB7FB}" = CCC Help Chinese Traditional
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2063D199-D79F-471A-9019-9E647296394D}" = Nero Multimedia Suite 10 Essentials
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{247E03D2-485B-7A70-BF5C-AB9BDF6AFB44}" = CCC Help Polish
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{2EEFB3C4-4706-C2B5-DF69-CF914D87BCE4}" = CCC Help Swedish
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}" = TOSHIBA Hardware Setup
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{337FDED7-D27B-E476-E888-3674E1C01C69}" = CCC Help Spanish
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{4485C9D0-A742-F1BB-C0B0-58FC61960D99}" = CCC Help Korean
"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}" = TOSHIBA Wireless LAN Indicator
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{666E35A7-A224-E3E9-48C2-C641837535D9}" = Catalyst Control Center Localization All
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{8064A378-46F4-4A4E-8AF5-153D0D4018DD}" = Catalyst Control Center - Branding
"{83601916-2E71-F1C7-EE5F-A1C985BC9217}" = CCC Help German
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A34A135-D405-DD03-9B2E-0EB99238A312}" = CCC Help Finnish
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9550EA6C-4CBE-C1F3-1E1C-5E87F2C645ED}" = CCC Help French
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97F67013-3076-4261-DC10-808409655042}" = AMD VISION Engine Control Center
"{986BB897-C295-2FED-8DCA-4ADE3AFCEF84}" = CCC Help Russian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A4FF8F4E-D665-712B-07EE-F03ED360E9BE}" = CCC Help Italian
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADB50F70-98FF-067F-DF39-47DD83E32D58}" = CCC Help Chinese Standard
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B83FCE14-53D5-CBF8-87E9-59B8968ADB4C}" = CCC Help Norwegian
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C78E3449-4F24-839B-5F7A-6911C67A5BE9}" = Catalyst Control Center Graphics Previews Common
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}" = TOSHIBA ConfigFree
"{D6E90970-BA9C-51AA-EFA2-9F80A7AE0956}" = CCC Help Thai
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D826A52E-0AC9-5A55-61B8-0E088477A1B0}" = CCC Help Greek
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69540AC-FFC3-5519-F925-5ACC8D20DED5}" = CCC Help Hungarian
"{E9D96BD5-7D33-7ED3-0A8E-229FA2524487}" = CCC Help Turkish
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F931F27F-A967-982A-9226-494787D5FBBB}" = CCC Help Japanese
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"TeamViewer 7" = TeamViewer 7
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0507cb72-c5eb-4aa9-97bb-f1d5e3c1c400" = Chicken Invaders 3 - Revenge of the Yolk
"WTA-07338320-4f6e-4852-a57d-ce45cb0c3ffa" = Slingo Deluxe
"WTA-12a1c971-b87e-4580-898c-ebc63db2634d" = FATE
"WTA-25873b40-99f0-4452-968b-0df6a9fc6931" = Chuzzle Deluxe
"WTA-2b05260b-1dfb-4398-9696-51b8286a4972" = Insaniquarium Deluxe
"WTA-4b456ca3-99b0-408d-822b-067914805b21" = Plants vs. Zombies - Game of the Year
"WTA-4bb3bc38-822d-4618-b52b-3754cd14d634" = Final Drive: Nitro
"WTA-4f63e92e-6bb8-403b-a98e-ece7172a01a1" = Bejeweled 3
"WTA-7e6d2a38-7713-4c24-b4d7-f456e79d5993" = Zuma Deluxe
"WTA-90e8825f-8174-4f3b-b4aa-fd09f259bc91" = Wedding Dash 2 - Rings Around the World
"WTA-b93b01c6-31f7-4fd2-af4f-32079655cc6b" = Penguins!
"WTA-ba1af77b-b624-44ec-a227-e2f5d328ce0e" = Polar Bowler
"WTA-bab78387-882a-4f46-b7a3-e221b84d6042" = Diner Dash 2 Restaurant Rescue
"WTA-ec389876-92b0-45a9-b5e1-96307d33ce13" = Bejeweled 2 Deluxe
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/14/2013 6:37:13 AM | Computer Name = MediaMarkt-TOSH | Source = WinMgmt | ID = 10
Description = 
 
Error - 5/17/2013 10:09:28 AM | Computer Name = MediaMarkt-TOSH | Source = WinMgmt | ID = 10
Description = 
 
Error - 5/21/2013 8:35:36 AM | Computer Name = MediaMarkt-TOSH | Source = WinMgmt | ID = 10
Description = 
 
Error - 5/23/2013 10:15:11 AM | Computer Name = MediaMarkt-TOSH | Source = WinMgmt | ID = 10
Description = 
 
Error - 5/23/2013 10:34:43 AM | Computer Name = MediaMarkt-TOSH | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: BITS connection error Type: 150::InternetConnectionFailure.
 
 
Error - 5/24/2013 4:44:37 AM | Computer Name = MediaMarkt-TOSH | Source = WinMgmt | ID = 10
Description = 
 
Error - 5/24/2013 8:58:00 AM | Computer Name = MediaMarkt-TOSH | Source = WinMgmt | ID = 10
Description = 
 
Error - 5/27/2013 8:48:32 AM | Computer Name = MediaMarkt-TOSH | Source = WinMgmt | ID = 10
Description = 
 
Error - 5/29/2013 10:13:22 AM | Computer Name = MediaMarkt-TOSH | Source = WinMgmt | ID = 10
Description = 
 
Error - 5/29/2013 12:54:30 PM | Computer Name = MediaMarkt-TOSH | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 7/4/2013 3:43:21 AM | Computer Name = MediaMarkt-TOSH | Source = DCOM | ID = 10010
Description = 
 
Error - 7/4/2013 7:07:49 AM | Computer Name = MediaMarkt-TOSH | Source = DCOM | ID = 10005
Description = 
 
Error - 7/4/2013 7:07:48 AM | Computer Name = MediaMarkt-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Client Virtualization Handler" ist vom Dienst "Application
 Virtualization Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%1068
 
Error - 7/4/2013 7:07:49 AM | Computer Name = MediaMarkt-TOSH | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   avipbb  avkmgr  discache  spldr  Wanarpv6
 
Error - 7/4/2013 7:07:56 AM | Computer Name = MediaMarkt-TOSH | Source = DCOM | ID = 10005
Description = 
 
Error - 7/4/2013 7:07:57 AM | Computer Name = MediaMarkt-TOSH | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athihvs.dll  Fehlercode: 21  
 
Error - 7/4/2013 10:29:00 AM | Computer Name = MediaMarkt-TOSH | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?07.?2013 um 13:09:38 unerwartet heruntergefahren.
 
Error - 7/6/2013 4:06:50 PM | Computer Name = MediaMarkt-TOSH | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?07.?2013 um 16:46:51 unerwartet heruntergefahren.
 
Error - 7/6/2013 4:10:49 PM | Computer Name = MediaMarkt-TOSH | Source = DCOM | ID = 10010
Description = 
 
Error - 7/6/2013 4:14:42 PM | Computer Name = MediaMarkt-TOSH | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >

OTL.txt

Code:

ATTFilter

OTL logfile created on: 7/6/2013 11:36:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Media Markt\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.61 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 64.32% Memory free
7.21 Gb Paging File | 5.58 Gb Available in Paging File | 77.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.42 Gb Total Space | 108.68 Gb Free Space | 72.74% Space Free | Partition Type: NTFS
Drive D: | 148.28 Gb Total Space | 134.74 Gb Free Space | 90.87% Space Free | Partition Type: NTFS
Drive F: | 3.70 Gb Total Space | 0.78 Gb Free Space | 21.08% Space Free | Partition Type: FAT32
 
Computer Name: MEDIAMARKT-TOSH | User Name: Media Markt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Media Markt\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (GFNEXSrv) -- C:\Windows\SysNative\GFNEXSrv.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (NAUpdate) -- c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2034675587-1304552012-727775137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
IE - HKU\S-1-5-21-2034675587-1304552012-727775137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2034675587-1304552012-727775137-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2034675587-1304552012-727775137-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TEUA_deDE459
IE - HKU\S-1-5-21-2034675587-1304552012-727775137-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Media Markt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Media Markt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Mail = C:\Users\Media Markt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2034675587-1304552012-727775137-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19067128-07C1-4D82-849A-97DD7A22C106}: DhcpNameServer = 172.24.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73298EF0-ABC3-49CF-BF6A-FC80762A3785}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2034675587-1304552012-727775137-1000 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/06 23:35:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Media Markt\Desktop\OTL.exe
[2013/07/03 20:10:38 | 000,000,000 | ---D | C] -- C:\bd_logs
[2013/07/03 17:49:34 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013/06/16 09:47:24 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/06/16 09:47:23 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/06/16 09:47:21 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/16 09:47:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/16 09:47:20 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/06/16 09:47:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/06/16 09:47:20 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/06/16 09:47:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/06/16 09:47:18 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/06/16 09:47:18 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/06/16 09:47:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/06/16 09:47:17 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/06/16 09:47:16 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/06/16 09:47:16 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/06/16 09:47:16 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/06/16 08:46:17 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/06/16 08:46:17 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/06/16 08:46:06 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/06/16 08:46:06 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/06/16 08:45:40 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/06/16 08:45:15 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/06/16 08:45:15 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/06/16 08:45:15 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/06/16 08:45:14 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/06/16 08:45:14 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013/06/16 08:45:14 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/06/16 08:45:03 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/06/16 08:45:02 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/06 23:40:21 | 000,024,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/06 23:40:21 | 000,024,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/06 23:37:40 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/06 23:37:40 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/07/06 23:37:40 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/06 23:37:40 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/07/06 23:37:40 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/06 23:32:24 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/06 23:32:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/06 23:31:34 | 2904,616,960 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/06 18:29:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Media Markt\Desktop\OTL.exe
[2013/07/04 16:47:22 | 000,000,004 | ---- | M] () -- C:\Users\Media Markt\AppData\Roaming\skype.ini
[2013/07/04 09:18:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/03 14:03:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/23 16:10:38 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/06/16 09:20:20 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/16 09:20:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2013/07/03 14:11:29 | 000,000,004 | ---- | C] () -- C:\Users\Media Markt\AppData\Roaming\skype.ini
[2012/02/20 17:57:51 | 000,114,688 | ---- | C] () -- C:\Users\Media Markt\AppData\Roaming\skype.dat
[2011/12/12 15:08:40 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/19 12:34:09 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011/10/19 11:51:11 | 000,128,312 | ---- | C] () -- C:\Windows\SysWow64\GFNEX.dll
[2011/10/19 11:49:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/19 11:46:09 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/12/12 15:16:59 | 000,000,000 | ---D | M] -- C:\Users\Media Markt\AppData\Roaming\SoftGrid Client
[2011/12/14 13:32:56 | 000,000,000 | ---D | M] -- C:\Users\Media Markt\AppData\Roaming\Toshiba
[2011/12/12 15:11:14 | 000,000,000 | ---D | M] -- C:\Users\Media Markt\AppData\Roaming\TP
 
========== Purity Check ==========
 
 

< End of report >

Könnt ihr mir sagen, ob es sich darin manipulationen erkennen lassen und wie man die weder entfernt.

Gruß und Dank!

schrauber · 06.07.2013, 18:18

Hi,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

exzel · 07.07.2013, 10:39

Hallo und danke für die schnelle Rückmeldung!

Hier also das Log.

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by SYSTEM on 07-07-2013 16:13:51
Running from C:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-09] (Toshiba Europe GmbH)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11775592 2011-01-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3  [2186856 2011-01-10] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-08-08] (Toshiba Europe GmbH)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart [1409424 2011-06-29] (Nero AG)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-06-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60 [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [385248 2013-01-23] (Avira Operations GmbH & Co. KG)
HKU\Default\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-15] (TOSHIBA)
HKU\Default User\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-15] (TOSHIBA)
HKU\Media Markt\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION 
Startup: C:\ProgramData\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk
ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-01-28] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-01-28] (Avira Operations GmbH & Co. KG)
S2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-09] (Toshiba Europe GmbH)

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [99912 2012-12-03] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [129216 2012-12-03] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27800 2012-11-16] (Avira Operations GmbH & Co. KG)
S3 TDEIO; \??\c:\Windows\SysWOW64\sysprep\Bootprio\tdeio64.sys [x]
S3 Tosrfcom; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-07 16:13 - 2013-07-07 16:13 - 00000000 ____D C:\FRST
2013-07-06 14:19 - 2013-07-06 14:19 - 00000000 ____D C:\ProgramData\Avira
2013-07-06 14:19 - 2013-07-06 14:19 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-06 14:19 - 2012-12-03 05:36 - 00129216 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-07-06 14:19 - 2012-12-03 05:36 - 00099912 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-07-06 14:19 - 2012-11-16 10:17 - 00027800 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-07-06 13:59 - 2013-02-20 22:34 - 109939648 ____A C:\Users\Media Markt\Desktop\avira_free_antivirus_de 2013.exe
2013-07-06 13:57 - 2013-07-06 13:57 - 00053906 ____A C:\Users\Media Markt\Desktop\Extras.Txt
2013-07-06 13:53 - 2013-07-06 13:53 - 00062542 ____A C:\Users\Media Markt\Desktop\OTL.Txt
2013-07-06 13:35 - 2013-07-06 08:29 - 00602112 ____A (OldTimer Tools) C:\Users\Media Markt\Desktop\OTL.exe
2013-07-05 10:45 - 2013-07-05 10:48 - 00053512 ____A C:\OTL.Txt
2013-07-03 07:49 - 2013-07-06 14:05 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-07-03 04:11 - 2013-07-04 06:47 - 00000004 ____A C:\Users\Media Markt\AppData\Roaming\skype.ini
2013-06-15 23:47 - 2013-05-16 20:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 23:47 - 2013-05-16 19:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 23:47 - 2013-05-16 19:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-15 23:47 - 2013-05-16 19:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-15 23:47 - 2013-05-16 19:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 23:47 - 2013-05-16 19:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-15 23:47 - 2013-05-16 19:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-15 23:47 - 2013-05-16 18:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-15 23:47 - 2013-05-16 18:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-15 23:47 - 2013-05-16 18:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-15 23:47 - 2013-05-16 18:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-15 23:47 - 2013-05-16 18:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-15 23:47 - 2013-05-16 18:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 23:47 - 2013-05-16 18:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 23:47 - 2013-05-16 18:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-15 23:47 - 2013-05-16 18:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 23:47 - 2013-05-16 15:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 23:47 - 2013-05-16 14:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 23:47 - 2013-05-16 14:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-15 23:47 - 2013-05-16 14:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-15 23:47 - 2013-05-16 14:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 23:47 - 2013-05-16 14:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-15 23:47 - 2013-05-16 14:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-15 23:47 - 2013-05-16 14:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-15 23:47 - 2013-05-16 14:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-15 23:47 - 2013-05-16 14:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-15 23:47 - 2013-05-16 14:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-15 23:47 - 2013-05-16 14:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-15 23:47 - 2013-05-16 14:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 23:47 - 2013-05-16 14:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-15 23:47 - 2013-05-16 14:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-15 23:47 - 2013-05-16 14:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 22:49 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-15 22:46 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-15 22:46 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-15 22:46 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-15 22:46 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-15 22:45 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-15 22:45 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-15 22:45 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-15 22:45 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-15 22:45 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-15 22:45 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-15 22:45 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-15 22:45 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-15 22:45 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-15 22:45 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-15 22:45 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-15 22:45 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-15 22:45 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-15 22:45 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-07 16:13 - 2013-07-07 16:13 - 00000000 ____D C:\FRST
2013-07-06 14:21 - 2011-10-19 01:45 - 01086308 ____A C:\Windows\WindowsUpdate.log
2013-07-06 14:21 - 2009-07-13 20:45 - 00024912 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-06 14:21 - 2009-07-13 20:45 - 00024912 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-06 14:19 - 2013-07-06 14:19 - 00000000 ____D C:\ProgramData\Avira
2013-07-06 14:19 - 2013-07-06 14:19 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-06 14:18 - 2012-04-05 06:05 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-06 14:17 - 2011-08-08 01:43 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-06 14:17 - 2010-11-20 19:47 - 00184662 ____A C:\Windows\PFRO.log
2013-07-06 14:17 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-06 14:17 - 2009-07-13 20:51 - 00058012 ____A C:\Windows\setupact.log
2013-07-06 14:05 - 2013-07-03 07:49 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-07-06 14:03 - 2011-08-08 01:43 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-06 13:57 - 2013-07-06 13:57 - 00053906 ____A C:\Users\Media Markt\Desktop\Extras.Txt
2013-07-06 13:53 - 2013-07-06 13:53 - 00062542 ____A C:\Users\Media Markt\Desktop\OTL.Txt
2013-07-06 13:37 - 2011-02-11 00:21 - 00654844 ____A C:\Windows\System32\perfh007.dat
2013-07-06 13:37 - 2011-02-11 00:21 - 00130426 ____A C:\Windows\System32\perfc007.dat
2013-07-06 13:37 - 2009-07-13 21:13 - 01500254 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-06 08:29 - 2013-07-06 13:35 - 00602112 ____A (OldTimer Tools) C:\Users\Media Markt\Desktop\OTL.exe
2013-07-05 10:48 - 2013-07-05 10:45 - 00053512 ____A C:\OTL.Txt
2013-07-05 10:40 - 2011-11-23 05:20 - 00000000 ____D C:\users\Media Markt
2013-07-04 06:47 - 2013-07-03 04:11 - 00000004 ____A C:\Users\Media Markt\AppData\Roaming\skype.ini
2013-07-03 03:56 - 2009-07-13 21:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-23 06:10 - 2011-08-08 01:44 - 00002190 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-15 23:44 - 2011-12-30 02:37 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-15 23:20 - 2012-04-05 06:05 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-15 23:20 - 2012-02-27 05:38 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\Users\Media Markt\AppData\Roaming\skype.dat
C:\Users\Media Markt\AppData\Roaming\skype.ini

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-05-17 06:27:40
Restore point made on: 2013-05-17 08:00:22
Restore point made on: 2013-05-21 04:45:09
Restore point made on: 2013-05-24 05:04:03
Restore point made on: 2013-05-29 06:20:07
Restore point made on: 2013-06-05 06:23:27
Restore point made on: 2013-06-10 05:06:25
Restore point made on: 2013-06-15 22:45:25
Restore point made on: 2013-06-15 23:43:12
Restore point made on: 2013-06-23 05:15:31
Restore point made on: 2013-06-28 04:52:28
Restore point made on: 2013-07-02 03:56:32

==================== Memory info =========================== 

Percentage of memory in use: 17%
Total physical RAM: 3693.41 MB
Available physical RAM: 3064.17 MB
Total Pagefile: 3691.61 MB
Available Pagefile: 3062.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:149.42 GB) (Free:108.13 GB) NTFS (Disk=0 Partition=2)
Drive e: (Data) (Fixed) (Total:148.28 GB) (Free:134.74 GB) NTFS (Disk=0 Partition=3)
Drive f: (SYSTEM) (Fixed) (Total:0.39 GB) (Free:0.15 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (LEXAR) (Removable) (Total:3.7 GB) (Free:0.78 GB) FAT32 (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 16A4AA25)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=148 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)


LastRegBack: 2011-12-03 09:01

==================== End Of Log ============================

--- --- ---

Gruß

schrauber · 07.07.2013, 11:09

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\Media Markt\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION 
C:\Users\Media Markt\AppData\Roaming\skype.dat
C:\Users\Media Markt\AppData\Roaming\skype.ini

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

exzel · 07.07.2013, 18:33

Hallo und danke für die Antwort!

Hier der Inhalt der Logdatei.

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-07-2013
Ran by SYSTEM at 2013-07-08 00:31:28 Run:1
Running from C:\
Boot Mode: Recovery
==============================================

HKU\Media Markt\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Media Markt\AppData\Roaming\skype.dat => Moved successfully.
C:\Users\Media Markt\AppData\Roaming\skype.ini => Moved successfully.

==== End of Fixlog ====

Gruß und Dank

schrauber · 07.07.2013, 18:43

neu booten und freuen

exzel · 08.07.2013, 08:26

Hallo und danke für die Antwort!

Finde ich super, dass ihr so schnell und kompetent seid. Hab gerade 10€ gespendet.

Danke!

schrauber · 08.07.2013, 08:49

Kontrollscans sind noch fällig im normalen Windows

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

exzel · 08.07.2013, 10:19

Hallo!

Hier die Logdaten:

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v2.304 - Datei am 08/07/2013 um 10:37:31 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Media Markt - MEDIAMARKT-TOSH
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Media Markt\Desktop\adwcleaner_2.3.0.4.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\Partner

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Software

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16618

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v27.0.1453.116

Datei : C:\Users\Media Markt\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [962 octets] - [08/07/2013 10:36:24]
AdwCleaner[S1].txt - [898 octets] - [08/07/2013 10:37:31]

########## EOF - C:\AdwCleaner[S1].txt - [957 octets] ##########

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Media Markt on 08.07.2013 at 10:41:57,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.07.2013 at 10:52:32,36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by Media Markt (administrator) on 08-07-2013 10:58:12
Running from C:\Users\Media Markt\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Windows\System32\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Nero AG) c:\Program Files (x86)\Nero\Update\NASvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11775592 2011-01-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3  [2186856 2011-01-10] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-08-08] (Toshiba Europe GmbH)
HKCU\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION 
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart [1409424 2011-06-29] (Nero AG)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-06-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [385248 2013-01-23] (Avira Operations GmbH & Co. KG)
HKU\Default\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-16] (TOSHIBA)
HKU\Default User\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-16] (TOSHIBA)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk
ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 217.237.148.102

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\Media Markt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Google Search) - C:\Users\Media Markt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (Gmail) - C:\Users\Media Markt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-01-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-01-28] (Avira Operations GmbH & Co. KG)
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [99912 2012-12-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [129216 2012-12-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27800 2012-11-16] (Avira Operations GmbH & Co. KG)
S3 TDEIO; \??\c:\Windows\SysWOW64\sysprep\Bootprio\tdeio64.sys [x]
S3 Tosrfcom; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-08 10:41 - 2013-07-08 10:41 - 00000000 ____D C:\Windows\ERUNT
2013-07-08 10:41 - 2013-07-08 10:41 - 00000000 ____D C:\JRT
2013-07-08 10:41 - 2013-07-08 10:34 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Media Markt\Desktop\JRT494.exe
2013-07-08 10:41 - 2013-07-07 10:51 - 01934636 ____A (Farbar) C:\Users\Media Markt\Desktop\FRST64.exe
2013-07-08 10:37 - 2013-07-08 10:37 - 00001023 ____A C:\AdwCleaner[S1].txt
2013-07-08 10:36 - 2013-07-08 10:36 - 00000962 ____A C:\AdwCleaner[R1].txt
2013-07-08 10:36 - 2013-07-08 10:33 - 00650027 ____A C:\Users\Media Markt\Desktop\adwcleaner_2.3.0.4.exe
2013-07-08 10:27 - 2013-07-07 20:51 - 01934636 ____A (Farbar) C:\FRST64.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-08 09:35 - 2013-07-08 09:35 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-08 09:35 - 2013-07-08 09:35 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-08 09:35 - 2013-07-08 09:35 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-08 09:35 - 2013-07-08 09:35 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-08 09:35 - 2013-07-08 09:35 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-08 09:35 - 2013-07-08 09:35 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-08 09:35 - 2013-07-08 09:35 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-08 09:35 - 2013-07-08 09:35 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-08 09:35 - 2013-07-08 09:35 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-08 09:35 - 2013-07-08 09:35 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-08 09:31 - 2013-07-08 09:46 - 00009228 ____A C:\Windows\IE10_main.log
2013-07-08 02:13 - 2013-07-08 02:13 - 00000000 ____D C:\FRST
2013-07-07 16:41 - 2013-07-07 16:41 - 00000000 ____D C:\Users\Media Markt\AppData\Roaming\Avira
2013-07-07 00:19 - 2013-07-07 00:19 - 00000000 ____D C:\ProgramData\Avira
2013-07-07 00:19 - 2013-07-07 00:19 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-07 00:19 - 2012-12-03 15:36 - 00129216 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-07-07 00:19 - 2012-12-03 15:36 - 00099912 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-07-07 00:19 - 2012-11-16 20:17 - 00027800 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-07-05 20:45 - 2013-07-05 20:48 - 00053512 ____A C:\OTL.Txt
2013-07-03 17:49 - 2013-07-07 00:05 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-06-16 08:49 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-16 08:46 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-16 08:46 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-16 08:46 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-16 08:46 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-16 08:45 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-16 08:45 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-16 08:45 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-16 08:45 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-16 08:45 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-16 08:45 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-16 08:45 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-16 08:45 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-16 08:45 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-16 08:45 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-16 08:45 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-16 08:45 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-16 08:45 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-16 08:45 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-08 10:47 - 2009-07-14 06:45 - 00024912 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-08 10:47 - 2009-07-14 06:45 - 00024912 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-08 10:41 - 2013-07-08 10:41 - 00000000 ____D C:\Windows\ERUNT
2013-07-08 10:41 - 2013-07-08 10:41 - 00000000 ____D C:\JRT
2013-07-08 10:39 - 2011-08-08 11:43 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-08 10:39 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-08 10:39 - 2009-07-14 06:51 - 00058292 ____A C:\Windows\setupact.log
2013-07-08 10:38 - 2011-10-19 11:45 - 01231939 ____A C:\Windows\WindowsUpdate.log
2013-07-08 10:37 - 2013-07-08 10:37 - 00001023 ____A C:\AdwCleaner[S1].txt
2013-07-08 10:36 - 2013-07-08 10:36 - 00000962 ____A C:\AdwCleaner[R1].txt
2013-07-08 10:34 - 2013-07-08 10:41 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Media Markt\Desktop\JRT494.exe
2013-07-08 10:33 - 2013-07-08 10:36 - 00650027 ____A C:\Users\Media Markt\Desktop\adwcleaner_2.3.0.4.exe
2013-07-08 10:29 - 2012-04-05 16:05 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-08 10:03 - 2011-08-08 11:43 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-08 09:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-08 09:46 - 2013-07-08 09:31 - 00009228 ____A C:\Windows\IE10_main.log
2013-07-08 09:35 - 2013-07-08 09:35 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-08 09:35 - 2013-07-08 09:35 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-08 09:35 - 2013-07-08 09:35 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-08 09:35 - 2013-07-08 09:35 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-08 09:35 - 2013-07-08 09:35 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-08 09:35 - 2013-07-08 09:35 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-08 09:35 - 2013-07-08 09:35 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-08 09:35 - 2013-07-08 09:35 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-08 09:35 - 2013-07-08 09:35 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-08 09:35 - 2013-07-08 09:35 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-08 09:35 - 2013-07-08 09:35 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-08 09:29 - 2011-02-11 10:21 - 00654844 ____A C:\Windows\System32\perfh007.dat
2013-07-08 09:29 - 2011-02-11 10:21 - 00130426 ____A C:\Windows\System32\perfc007.dat
2013-07-08 09:29 - 2009-07-14 07:13 - 01522246 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-08 09:23 - 2012-02-20 17:29 - 00002026 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-07-08 02:13 - 2013-07-08 02:13 - 00000000 ____D C:\FRST
2013-07-07 20:51 - 2013-07-08 10:27 - 01934636 ____A (Farbar) C:\FRST64.exe
2013-07-07 16:41 - 2013-07-07 16:41 - 00000000 ____D C:\Users\Media Markt\AppData\Roaming\Avira
2013-07-07 16:34 - 2010-11-21 05:47 - 00186508 ____A C:\Windows\PFRO.log
2013-07-07 10:51 - 2013-07-08 10:41 - 01934636 ____A (Farbar) C:\Users\Media Markt\Desktop\FRST64.exe
2013-07-07 00:19 - 2013-07-07 00:19 - 00000000 ____D C:\ProgramData\Avira
2013-07-07 00:19 - 2013-07-07 00:19 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-07 00:05 - 2013-07-03 17:49 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-07-05 20:48 - 2013-07-05 20:45 - 00053512 ____A C:\OTL.Txt
2013-07-05 20:40 - 2011-11-23 15:20 - 00000000 ____D C:\users\Media Markt
2013-07-03 13:56 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-23 16:10 - 2011-08-08 11:44 - 00002190 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-16 09:44 - 2011-12-30 12:37 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-16 09:20 - 2012-04-05 16:05 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-16 09:20 - 2012-02-27 15:38 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2011-12-03 19:01

==================== End Of Log ============================

--- --- ---

--- --- ---

Gruß und Dank

schrauber · 08.07.2013, 11:24

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST Log bitte. Noch Probleme?

exzel · 08.07.2013, 15:40

Hallo!

Also hier die Logs:

Der Esset Virenscannner zeigte noch Viren an. Die habe ich dann manuell gelöscht.

Code:

ATTFilter

C:\FRST\Quarantine\skype.dat	a variant of Win32/Kryptik.BEYW trojan
C:\Users\Media Markt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UZXZBMAB\bd20655324052ad655edf7195aa3d2f1[1].htm	HTML/Iframe.B.Gen virus
C:\Users\Media Markt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLPIFCW0\lyi[1].pdf	JS/Exploit.Pdfka.QHC trojan
C:\Users\Media Markt\AppData\Local\Temp\texpapl	a variant of Win32/Kryptik.BEYW trojan
C:\Users\Media Markt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\39d763a4-38a5bede	multiple threats

FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by SYSTEM on 08-07-2013 16:23:53
Running from C:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-09] (Toshiba Europe GmbH)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11775592 2011-01-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3  [2186856 2011-01-10] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-08-08] (Toshiba Europe GmbH)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart [1409424 2011-06-29] (Nero AG)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-06-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-08] (Avira Operations GmbH & Co. KG)
HKU\Default\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-15] (TOSHIBA)
HKU\Default User\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-15] (TOSHIBA)
HKU\Media Markt\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION 
Startup: C:\ProgramData\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk
ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-08] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-08] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-08] (Avira Operations GmbH & Co. KG)
S2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-09] (Toshiba Europe GmbH)

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-07-08] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-07-08] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-07-08] (Avira Operations GmbH & Co. KG)
S3 TDEIO; \??\c:\Windows\SysWOW64\sysprep\Bootprio\tdeio64.sys [x]
S3 Tosrfcom; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-08 16:23 - 2013-07-08 16:23 - 00000000 ____D C:\FRST
2013-07-08 03:41 - 2013-07-08 03:41 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-08 02:09 - 2013-07-08 02:09 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-07-08 02:08 - 2013-07-08 02:08 - 00000000 ____D C:\Users\Media Markt\AppData\Roaming\Avira
2013-07-08 02:07 - 2013-07-08 02:07 - 00000000 ____D C:\ProgramData\APN
2013-07-08 02:06 - 2013-07-08 02:06 - 00000000 ____D C:\ProgramData\Avira
2013-07-08 02:06 - 2013-07-08 02:06 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-08 02:06 - 2013-07-08 02:05 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-07-08 02:06 - 2013-07-08 02:05 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-07-08 02:06 - 2013-07-08 02:05 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-07-08 00:41 - 2013-07-08 00:41 - 00000000 ____D C:\Windows\ERUNT
2013-07-08 00:41 - 2013-07-08 00:41 - 00000000 ____D C:\JRT
2013-07-08 00:27 - 2013-07-07 10:51 - 01934636 ____A (Farbar) C:\FRST64.exe
2013-07-07 23:35 - 2013-07-07 23:35 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-07 23:35 - 2013-07-07 23:35 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-07 23:35 - 2013-07-07 23:35 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-07 23:35 - 2013-07-07 23:35 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-07 23:35 - 2013-07-07 23:35 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-07 23:35 - 2013-07-07 23:35 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-07 23:35 - 2013-07-07 23:35 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-07 23:35 - 2013-07-07 23:35 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-07 23:35 - 2013-07-07 23:35 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-07 23:35 - 2013-07-07 23:35 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-07 23:35 - 2013-07-07 23:35 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-07 23:35 - 2013-07-07 23:35 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-07 23:35 - 2013-07-07 23:35 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-07 23:35 - 2013-07-07 23:35 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-07 23:35 - 2013-07-07 23:35 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-07 23:35 - 2013-07-07 23:35 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-07 23:35 - 2013-07-07 23:35 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-07 23:35 - 2013-07-07 23:35 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-07 23:35 - 2013-07-07 23:35 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-07 23:35 - 2013-07-07 23:35 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-07 23:35 - 2013-07-07 23:35 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-07 23:35 - 2013-07-07 23:35 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-07 23:35 - 2013-07-07 23:35 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-07 23:35 - 2013-07-07 23:35 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-07 23:35 - 2013-07-07 23:35 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-07 23:35 - 2013-07-07 23:35 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-07 23:31 - 2013-07-07 23:46 - 00009228 ____A C:\Windows\IE10_main.log
2013-07-05 10:45 - 2013-07-05 10:48 - 00053512 ____A C:\OTL.Txt
2013-07-03 07:49 - 2013-07-06 14:05 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-06-15 22:49 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-15 22:46 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-15 22:46 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-15 22:46 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-15 22:46 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-15 22:45 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-15 22:45 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-15 22:45 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-15 22:45 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-15 22:45 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-15 22:45 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-15 22:45 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-15 22:45 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-15 22:45 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-15 22:45 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-15 22:45 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-15 22:45 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-15 22:45 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-15 22:45 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-08 16:23 - 2013-07-08 16:23 - 00000000 ____D C:\FRST
2013-07-08 06:20 - 2011-08-08 01:43 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-08 06:20 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-08 06:20 - 2009-07-13 20:51 - 00058628 ____A C:\Windows\setupact.log
2013-07-08 06:18 - 2012-04-05 06:05 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-08 06:18 - 2011-10-19 01:45 - 01280957 ____A C:\Windows\WindowsUpdate.log
2013-07-08 06:03 - 2011-08-08 01:43 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-08 03:41 - 2013-07-08 03:41 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-08 02:23 - 2009-07-13 20:45 - 00024912 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-08 02:23 - 2009-07-13 20:45 - 00024912 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-08 02:11 - 2010-11-20 19:47 - 00276004 ____A C:\Windows\PFRO.log
2013-07-08 02:09 - 2013-07-08 02:09 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-07-08 02:08 - 2013-07-08 02:08 - 00000000 ____D C:\Users\Media Markt\AppData\Roaming\Avira
2013-07-08 02:07 - 2013-07-08 02:07 - 00000000 ____D C:\ProgramData\APN
2013-07-08 02:06 - 2013-07-08 02:06 - 00000000 ____D C:\ProgramData\Avira
2013-07-08 02:06 - 2013-07-08 02:06 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-08 02:05 - 2013-07-08 02:06 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-07-08 02:05 - 2013-07-08 02:06 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-07-08 02:05 - 2013-07-08 02:06 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-07-08 00:41 - 2013-07-08 00:41 - 00000000 ____D C:\Windows\ERUNT
2013-07-08 00:41 - 2013-07-08 00:41 - 00000000 ____D C:\JRT
2013-07-07 23:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-07 23:46 - 2013-07-07 23:31 - 00009228 ____A C:\Windows\IE10_main.log
2013-07-07 23:35 - 2013-07-07 23:35 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-07 23:35 - 2013-07-07 23:35 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-07 23:35 - 2013-07-07 23:35 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-07 23:35 - 2013-07-07 23:35 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-07 23:35 - 2013-07-07 23:35 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-07 23:35 - 2013-07-07 23:35 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-07 23:35 - 2013-07-07 23:35 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-07 23:35 - 2013-07-07 23:35 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-07 23:35 - 2013-07-07 23:35 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-07 23:35 - 2013-07-07 23:35 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-07 23:35 - 2013-07-07 23:35 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-07 23:35 - 2013-07-07 23:35 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-07 23:35 - 2013-07-07 23:35 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-07 23:35 - 2013-07-07 23:35 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-07 23:35 - 2013-07-07 23:35 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-07 23:35 - 2013-07-07 23:35 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-07 23:35 - 2013-07-07 23:35 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-07 23:35 - 2013-07-07 23:35 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-07 23:35 - 2013-07-07 23:35 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-07 23:35 - 2013-07-07 23:35 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-07 23:35 - 2013-07-07 23:35 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-07 23:35 - 2013-07-07 23:35 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-07 23:35 - 2013-07-07 23:35 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-07 23:35 - 2013-07-07 23:35 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-07 23:35 - 2013-07-07 23:35 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-07 23:35 - 2013-07-07 23:35 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-07 23:35 - 2013-07-07 23:35 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-07 23:29 - 2011-02-11 00:21 - 00654844 ____A C:\Windows\System32\perfh007.dat
2013-07-07 23:29 - 2011-02-11 00:21 - 00130426 ____A C:\Windows\System32\perfc007.dat
2013-07-07 23:29 - 2009-07-13 21:13 - 01522246 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-07 23:23 - 2012-02-20 07:29 - 00002026 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-07-07 10:51 - 2013-07-08 00:27 - 01934636 ____A (Farbar) C:\FRST64.exe
2013-07-06 14:05 - 2013-07-03 07:49 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-07-05 10:48 - 2013-07-05 10:45 - 00053512 ____A C:\OTL.Txt
2013-07-05 10:40 - 2011-11-23 05:20 - 00000000 ____D C:\users\Media Markt
2013-07-03 03:56 - 2009-07-13 21:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-23 06:10 - 2011-08-08 01:44 - 00002190 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-15 23:44 - 2011-12-30 02:37 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-15 23:20 - 2012-04-05 06:05 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-15 23:20 - 2012-02-27 05:38 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-05-24 05:04:03
Restore point made on: 2013-05-29 06:20:07
Restore point made on: 2013-06-05 06:23:27
Restore point made on: 2013-06-10 05:06:25
Restore point made on: 2013-06-15 22:45:25
Restore point made on: 2013-06-15 23:43:12
Restore point made on: 2013-06-23 05:15:31
Restore point made on: 2013-06-28 04:52:28
Restore point made on: 2013-07-02 03:56:32
Restore point made on: 2013-07-07 23:06:29
Restore point made on: 2013-07-07 23:26:20

==================== Memory info =========================== 

Percentage of memory in use: 16%
Total physical RAM: 3693.41 MB
Available physical RAM: 3095.32 MB
Total Pagefile: 3691.61 MB
Available Pagefile: 3092.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:149.42 GB) (Free:107.2 GB) NTFS (Disk=0 Partition=2)
Drive d: (Data) (Fixed) (Total:148.28 GB) (Free:134.74 GB) NTFS (Disk=0 Partition=3)
Drive e: (SYSTEM) (Fixed) (Total:0.39 GB) (Free:0.15 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 16A4AA25)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=148 GB) - (Type=07 NTFS)


LastRegBack: 2011-12-03 09:01

==================== End Of Log ============================

--- --- ---

SecurityCheck

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.68  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java(TM) 6 Update 20  
 Java version out of Date! 
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Google Chrome 27.0.1453.110  
 Google Chrome 27.0.1453.116  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

Gruß

schrauber · 08.07.2013, 18:22

Java und Adobe updaten.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Das FRST Log bitte vom Desktop aus

exzel · 08.07.2013, 20:08

Hallo!

TFC ist gelaufen und hier ist die Logdatei von FRST unter Windows.

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by Media Markt (administrator) on 08-07-2013 21:03:56
Running from C:\Users\Media Markt\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Windows\System32\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Nero AG) c:\Program Files (x86)\Nero\Update\NASvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11775592 2011-01-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3  [2186856 2011-01-10] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-08-08] (Toshiba Europe GmbH)
HKCU\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION 
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart [1409424 2011-06-29] (Nero AG)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-06-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-08] (Avira Operations GmbH & Co. KG)
HKU\Default\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-16] (TOSHIBA)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk
ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 217.237.148.102

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\Media Markt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Google Search) - C:\Users\Media Markt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (Gmail) - C:\Users\Media Markt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-08] (Avira Operations GmbH & Co. KG)
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-07-08] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-07-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-07-08] (Avira Operations GmbH & Co. KG)
S3 TDEIO; \??\c:\Windows\SysWOW64\sysprep\Bootprio\tdeio64.sys [x]
S3 Tosrfcom; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-09 02:36 - 2013-07-09 02:36 - 00036049 ____A C:\FRST.txt
2013-07-09 02:23 - 2013-07-09 02:23 - 00000000 ____D C:\FRST
2013-07-08 20:45 - 2012-08-04 04:38 - 00448512 ____A (OldTimer Tools) C:\Users\Media Markt\Desktop\TFC.exe
2013-07-08 13:41 - 2013-07-08 13:41 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-08 12:09 - 2013-07-08 12:09 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-07-08 12:08 - 2013-07-08 12:08 - 00000000 ____D C:\Users\Media Markt\AppData\Roaming\Avira
2013-07-08 12:07 - 2013-07-08 12:07 - 00000000 ____D C:\ProgramData\APN
2013-07-08 12:06 - 2013-07-08 12:06 - 00000000 ____D C:\ProgramData\Avira
2013-07-08 12:06 - 2013-07-08 12:06 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-08 12:06 - 2013-07-08 12:05 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-07-08 12:06 - 2013-07-08 12:05 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-07-08 12:06 - 2013-07-08 12:05 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-07-08 10:41 - 2013-07-08 10:41 - 00000000 ____D C:\Windows\ERUNT
2013-07-08 10:41 - 2013-07-08 10:41 - 00000000 ____D C:\JRT
2013-07-08 10:27 - 2013-07-07 20:51 - 01934636 ____A (Farbar) C:\Users\Media Markt\Desktop\FRST64.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-08 09:35 - 2013-07-08 09:35 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-08 09:35 - 2013-07-08 09:35 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-08 09:35 - 2013-07-08 09:35 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-08 09:35 - 2013-07-08 09:35 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-08 09:35 - 2013-07-08 09:35 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-08 09:35 - 2013-07-08 09:35 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-08 09:35 - 2013-07-08 09:35 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-08 09:35 - 2013-07-08 09:35 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-08 09:35 - 2013-07-08 09:35 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-08 09:35 - 2013-07-08 09:35 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-08 09:31 - 2013-07-08 09:46 - 00009228 ____A C:\Windows\IE10_main.log
2013-07-05 20:45 - 2013-07-05 20:48 - 00053512 ____A C:\OTL.Txt
2013-06-16 08:49 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-16 08:46 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-16 08:46 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-16 08:46 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-16 08:46 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-16 08:45 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-16 08:45 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-16 08:45 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-16 08:45 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-16 08:45 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-16 08:45 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-16 08:45 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-16 08:45 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-16 08:45 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-16 08:45 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-16 08:45 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-16 08:45 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-16 08:45 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-16 08:45 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-09 02:36 - 2013-07-09 02:36 - 00036049 ____A C:\FRST.txt
2013-07-09 02:23 - 2013-07-09 02:23 - 00000000 ____D C:\FRST
2013-07-08 21:03 - 2011-08-08 11:43 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-08 20:50 - 2009-07-14 06:45 - 00024912 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-08 20:50 - 2009-07-14 06:45 - 00024912 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-08 20:46 - 2011-02-11 10:21 - 00654844 ____A C:\Windows\System32\perfh007.dat
2013-07-08 20:46 - 2011-02-11 10:21 - 00130426 ____A C:\Windows\System32\perfc007.dat
2013-07-08 20:46 - 2009-07-14 07:13 - 01500254 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-08 20:41 - 2011-08-08 11:43 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-08 20:41 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-08 20:41 - 2009-07-14 06:51 - 00058684 ____A C:\Windows\setupact.log
2013-07-08 16:18 - 2012-04-05 16:05 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-08 16:18 - 2011-10-19 11:45 - 01284282 ____A C:\Windows\WindowsUpdate.log
2013-07-08 13:41 - 2013-07-08 13:41 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-08 12:11 - 2010-11-21 05:47 - 00276004 ____A C:\Windows\PFRO.log
2013-07-08 12:09 - 2013-07-08 12:09 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-07-08 12:08 - 2013-07-08 12:08 - 00000000 ____D C:\Users\Media Markt\AppData\Roaming\Avira
2013-07-08 12:07 - 2013-07-08 12:07 - 00000000 ____D C:\ProgramData\APN
2013-07-08 12:06 - 2013-07-08 12:06 - 00000000 ____D C:\ProgramData\Avira
2013-07-08 12:06 - 2013-07-08 12:06 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-08 12:05 - 2013-07-08 12:06 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-07-08 12:05 - 2013-07-08 12:06 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-07-08 12:05 - 2013-07-08 12:06 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-07-08 10:41 - 2013-07-08 10:41 - 00000000 ____D C:\Windows\ERUNT
2013-07-08 10:41 - 2013-07-08 10:41 - 00000000 ____D C:\JRT
2013-07-08 09:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-08 09:46 - 2013-07-08 09:31 - 00009228 ____A C:\Windows\IE10_main.log
2013-07-08 09:35 - 2013-07-08 09:35 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-08 09:35 - 2013-07-08 09:35 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-08 09:35 - 2013-07-08 09:35 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-08 09:35 - 2013-07-08 09:35 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-08 09:35 - 2013-07-08 09:35 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-08 09:35 - 2013-07-08 09:35 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-08 09:35 - 2013-07-08 09:35 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-08 09:35 - 2013-07-08 09:35 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-08 09:35 - 2013-07-08 09:35 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-08 09:35 - 2013-07-08 09:35 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-08 09:35 - 2013-07-08 09:35 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-08 09:23 - 2012-02-20 17:29 - 00002026 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-07-07 20:51 - 2013-07-08 10:27 - 01934636 ____A (Farbar) C:\Users\Media Markt\Desktop\FRST64.exe
2013-07-05 20:48 - 2013-07-05 20:45 - 00053512 ____A C:\OTL.Txt
2013-07-05 20:40 - 2011-11-23 15:20 - 00000000 ____D C:\users\Media Markt
2013-07-03 13:56 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-23 16:10 - 2011-08-08 11:44 - 00002190 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-16 09:44 - 2011-12-30 12:37 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-16 09:20 - 2012-04-05 16:05 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-16 09:20 - 2012-02-27 15:38 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2011-12-03 19:01

==================== End Of Log ============================

--- --- ---

Gruß und Dank

schrauber · 08.07.2013, 21:26

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKCU\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

exzel · 09.07.2013, 08:12

Hallo!

Hier das Log.

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by Media Markt (administrator) on 09-07-2013 09:07:28
Running from C:\Users\Media Markt\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Windows\System32\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Nero AG) c:\Program Files (x86)\Nero\Update\NASvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11775592 2011-01-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3  [2186856 2011-01-10] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-08-08] (Toshiba Europe GmbH)
HKCU\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION 
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart [1409424 2011-06-29] (Nero AG)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-06-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\Default\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-16] (TOSHIBA)
HKU\Default User\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-16] (TOSHIBA)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk
ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\Media Markt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Google Search) - C:\Users\Media Markt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (Gmail) - C:\Users\Media Markt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-08] (Avira Operations GmbH & Co. KG)
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-07-08] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-07-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-07-08] (Avira Operations GmbH & Co. KG)
S3 TDEIO; \??\c:\Windows\SysWOW64\sysprep\Bootprio\tdeio64.sys [x]
S3 Tosrfcom; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-09 02:36 - 2013-07-09 02:36 - 00036049 ____A C:\FRST.txt
2013-07-09 02:23 - 2013-07-09 02:23 - 00000000 ____D C:\FRST
2013-07-08 21:30 - 2013-07-08 21:30 - 00002026 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-07-08 21:29 - 2013-07-08 21:29 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-08 21:23 - 2013-07-08 21:22 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-08 21:23 - 2013-07-08 21:22 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-08 21:22 - 2013-07-08 21:22 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-08 21:22 - 2013-07-08 21:22 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-08 21:22 - 2013-07-08 21:22 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-08 13:41 - 2013-07-08 13:41 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-08 12:09 - 2013-07-08 12:09 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-07-08 12:08 - 2013-07-08 12:08 - 00000000 ____D C:\Users\Media Markt\AppData\Roaming\Avira
2013-07-08 12:07 - 2013-07-08 12:07 - 00000000 ____D C:\ProgramData\APN
2013-07-08 12:06 - 2013-07-08 12:06 - 00000000 ____D C:\ProgramData\Avira
2013-07-08 12:06 - 2013-07-08 12:06 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-08 12:06 - 2013-07-08 12:05 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-07-08 12:06 - 2013-07-08 12:05 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-07-08 12:06 - 2013-07-08 12:05 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-07-08 10:41 - 2013-07-08 10:41 - 00000000 ____D C:\Windows\ERUNT
2013-07-08 10:41 - 2013-07-08 10:41 - 00000000 ____D C:\JRT
2013-07-08 10:27 - 2013-07-07 20:51 - 01934636 ____A (Farbar) C:\Users\Media Markt\Desktop\FRST64.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-08 09:35 - 2013-07-08 09:35 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-08 09:35 - 2013-07-08 09:35 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-08 09:35 - 2013-07-08 09:35 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-08 09:35 - 2013-07-08 09:35 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-08 09:35 - 2013-07-08 09:35 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-08 09:35 - 2013-07-08 09:35 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-08 09:35 - 2013-07-08 09:35 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-08 09:35 - 2013-07-08 09:35 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-08 09:35 - 2013-07-08 09:35 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-08 09:35 - 2013-07-08 09:35 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-08 09:31 - 2013-07-08 09:46 - 00009228 ____A C:\Windows\IE10_main.log
2013-07-05 20:45 - 2013-07-05 20:48 - 00053512 ____A C:\OTL.Txt
2013-06-16 08:49 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-16 08:46 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-16 08:46 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-16 08:46 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-16 08:46 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-16 08:45 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-16 08:45 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-16 08:45 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-16 08:45 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-16 08:45 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-16 08:45 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-16 08:45 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-16 08:45 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-16 08:45 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-16 08:45 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-16 08:45 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-16 08:45 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-16 08:45 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-16 08:45 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-09 09:03 - 2012-04-05 16:05 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-09 09:03 - 2011-08-08 11:43 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-09 09:03 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-09 09:03 - 2009-07-14 06:51 - 00058740 ____A C:\Windows\setupact.log
2013-07-09 09:02 - 2010-11-21 05:47 - 00277010 ____A C:\Windows\PFRO.log
2013-07-09 02:36 - 2013-07-09 02:36 - 00036049 ____A C:\FRST.txt
2013-07-09 02:23 - 2013-07-09 02:23 - 00000000 ____D C:\FRST
2013-07-08 21:31 - 2011-12-12 15:09 - 00000000 ____D C:\Users\Media Markt\AppData\Local\Adobe
2013-07-08 21:31 - 2011-10-19 11:45 - 01293195 ____A C:\Windows\WindowsUpdate.log
2013-07-08 21:30 - 2013-07-08 21:30 - 00002026 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-07-08 21:29 - 2013-07-08 21:29 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-08 21:29 - 2011-08-08 10:57 - 00000000 ____D C:\ProgramData\Adobe
2013-07-08 21:22 - 2013-07-08 21:23 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-08 21:22 - 2013-07-08 21:23 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-08 21:22 - 2013-07-08 21:22 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-08 21:22 - 2013-07-08 21:22 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-08 21:22 - 2013-07-08 21:22 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-08 21:22 - 2011-08-08 10:32 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-08 21:22 - 2011-08-08 10:32 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-08 21:20 - 2012-04-05 16:05 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-08 21:20 - 2012-02-27 15:38 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-08 21:05 - 2011-02-11 10:21 - 00654844 ____A C:\Windows\System32\perfh007.dat
2013-07-08 21:05 - 2011-02-11 10:21 - 00130426 ____A C:\Windows\System32\perfc007.dat
2013-07-08 21:05 - 2009-07-14 07:13 - 01500254 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-08 21:03 - 2011-08-08 11:43 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-08 20:50 - 2009-07-14 06:45 - 00024912 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-08 20:50 - 2009-07-14 06:45 - 00024912 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-08 13:41 - 2013-07-08 13:41 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-08 12:09 - 2013-07-08 12:09 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-07-08 12:08 - 2013-07-08 12:08 - 00000000 ____D C:\Users\Media Markt\AppData\Roaming\Avira
2013-07-08 12:07 - 2013-07-08 12:07 - 00000000 ____D C:\ProgramData\APN
2013-07-08 12:06 - 2013-07-08 12:06 - 00000000 ____D C:\ProgramData\Avira
2013-07-08 12:06 - 2013-07-08 12:06 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-08 12:05 - 2013-07-08 12:06 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-07-08 12:05 - 2013-07-08 12:06 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-07-08 12:05 - 2013-07-08 12:06 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-07-08 10:41 - 2013-07-08 10:41 - 00000000 ____D C:\Windows\ERUNT
2013-07-08 10:41 - 2013-07-08 10:41 - 00000000 ____D C:\JRT
2013-07-08 09:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-08 09:46 - 2013-07-08 09:31 - 00009228 ____A C:\Windows\IE10_main.log
2013-07-08 09:35 - 2013-07-08 09:35 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-08 09:35 - 2013-07-08 09:35 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-08 09:35 - 2013-07-08 09:35 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-08 09:35 - 2013-07-08 09:35 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-08 09:35 - 2013-07-08 09:35 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-08 09:35 - 2013-07-08 09:35 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-08 09:35 - 2013-07-08 09:35 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-08 09:35 - 2013-07-08 09:35 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-08 09:35 - 2013-07-08 09:35 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-08 09:35 - 2013-07-08 09:35 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-08 09:35 - 2013-07-08 09:35 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-08 09:35 - 2013-07-08 09:35 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-08 09:35 - 2013-07-08 09:35 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-07 20:51 - 2013-07-08 10:27 - 01934636 ____A (Farbar) C:\Users\Media Markt\Desktop\FRST64.exe
2013-07-05 20:48 - 2013-07-05 20:45 - 00053512 ____A C:\OTL.Txt
2013-07-05 20:40 - 2011-11-23 15:20 - 00000000 ____D C:\users\Media Markt
2013-07-03 13:56 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-23 16:10 - 2011-08-08 11:44 - 00002190 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-16 09:44 - 2011-12-30 12:37 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2011-12-03 19:01

==================== End Of Log ============================

--- --- ---

Gruß und Dank

07.07.2013, 18:43	#6
schrauber /// the machine /// TB-Ausbilder	OTL Logdaten für GVU Trojaner, weißer Bildschirm, kein abgesicherter Modus unter Windows 7 neu booten und freuen __________________ --> OTL Logdaten für GVU Trojaner, weißer Bildschirm, kein abgesicherter Modus unter Windows 7

OTL Logdaten für GVU Trojaner, weißer Bildschirm, kein abgesicherter Modus unter Windows 7

Log-Analyse und Auswertung: OTL Logdaten für GVU Trojaner, weißer Bildschirm, kein abgesicherter Modus unter Windows 7