Alt 30.07.2013, 13:01   #16
/// the machine
/// TB-Ausbilder

Wie entferne ich den Win32.Downloader.gen Trojaner - Standard

Wie entferne ich den Win32.Downloader.gen Trojaner

Wo erkennt Spybot die?

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x]
2013-07-28 08:04 - 2013-07-28 08:47 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
Task: {9485626A-3604-4CC6-BE7D-02C829CF2A15} - System32\Tasks\EPUpdater => C:\Users\CK\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe No File

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Proud Member of UNITE and ASAP since 2009

Alt 30.07.2013, 13:19   #17
Wie entferne ich den Win32.Downloader.gen Trojaner - Standard

Wie entferne ich den Win32.Downloader.gen Trojaner


ich habe die Fixlist auf dem Desktop gespeichert. Jedoch konnte ich sie dort nicht finden. Aber vielleicht ist das ja normal?

Das Fixlog von FRST sieht wie folgt aus:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-07-2013 04
Ran by CK at 2013-07-30 14:07:34 Run:1
Running from C:\Users\CK\Desktop
Boot Mode: Normal

Could not move "C:\Windows\SysWOW64\rundll32.exe" => Scheduled to move on reboot.
IntcAzAudAddService => Service deleted successfully.
C:\Windows\System32\Tasks\BrowserDefendert => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9485626A-3604-4CC6-BE7D-02C829CF2A15} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9485626A-3604-4CC6-BE7D-02C829CF2A15} => Key not found.
C:\Windows\System32\Tasks\EPUpdater => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater => Key not found.

=========== Result of Scheduled Files to move ===========
C:\Windows\SysWOW64\rundll32.exe => File moved successfully.

==== End of Fixlog ====

Zu deiner Frage ("Wo erkennt Spybot die?"):
Dummerweise kann ich in Spybot den Ort des Fundes nicht kopieren. Darum schreibe ich ihn mal ab (geht bestimmt auch einfacher, aber ich weiß nicht wie...):

Nachdem ich eben den Computer nochmal runter und wieder hoch gefahren habe, ist mir jedoch aufgefallen das die Fehlermeldung nicht mehr kommt. Die Toolbar wird trotzdem noch von Spybot erkannt.

Geändert von Troink (30.07.2013 um 13:32 Uhr)

Alt 30.07.2013, 14:09   #18
/// the machine
/// TB-Ausbilder

Wie entferne ich den Win32.Downloader.gen Trojaner - Standard

Wie entferne ich den Win32.Downloader.gen Trojaner

Kopiere den Text in der Codebox in deinen Editor (z.B. Notepad) und speichere es unter dem Namen regfix.reg (bei Dateityp bitte "alle Dateien" wählen)

Windows Registry Editor Version 5.00

Starte die regfix.reg duch Doppelklick.

Alt 30.07.2013, 14:28   #19
Wie entferne ich den Win32.Downloader.gen Trojaner - Standard

Wie entferne ich den Win32.Downloader.gen Trojaner


ich habe die Regfix.reg auf dem Desktop gespeichert und mit einem Doppelklick gestartet. Nach einer Warnung kam dann die BEstätigung, dass alles geklappt hat. Daraufhin habe ich Spybot erneut durchlaufen lassen und leider wurde die Delta Toolbar erneut gefunden. Wieder am gleichen Ort wie oben beschrieben.

Ich schicke mal ein FRST Log (das kann ich ja mittlerweile ganz gut...):


FRST Logfile:

FRST Logfile:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-07-2013 04
Ran by CK (administrator) on 30-07-2013 15:25:49
Running from C:\Users\CK\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [ODDPwr] - C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe [223264 2010-04-22] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [WrtMon.exe] - C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKCU\...\Run: [NTRedirect] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\CK\AppData\Roaming\BabSolution\Shared\NTRedirect.dll",Run [x] <===== ATTENTION
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-05-25] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-04-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [MDS_Menu] - C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-04-23] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2010-12-13] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\Default\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475072 2009-07-14] (Microsoft Corporation)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27360111m006l04f3z135t57j1j194
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27360111m006l04f3z135t57j1j194
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27360111m006l04f3z135t57j1j194
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer]

FF ProfilePath: C:\Users\CK\AppData\Roaming\Mozilla\Firefox\Profiles\rn308trj.default
FF Homepage: www.spiegel.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Extension: No Name - C:\Users\CK\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Garmin Communicator - C:\Users\CK\AppData\Roaming\Mozilla\Firefox\Profiles\rn308trj.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF Extension: No Name - C:\Users\CK\AppData\Roaming\Mozilla\Firefox\Profiles\rn308trj.default\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi
FF Extension: No Name - C:\Users\CK\AppData\Roaming\Mozilla\Firefox\Profiles\rn308trj.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [821792 2010-06-11] (Acer Incorporated)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.)
R2 ODDPwrSvc; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [171040 2010-04-22] (Acer Incorporated)
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] ()
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-08] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-08] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-09-16] (Avira GmbH)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-13] (hxxp://libusb-win32.sourceforge.net)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-30 15:21 - 2013-07-30 15:21 - 00000131 _____ C:\Users\CK\Desktop\regfix.reg
2013-07-30 15:18 - 2013-07-30 15:18 - 00000658 _____ C:\Users\CK\Desktop\Age of Empires III - Verknüpfung.lnk
2013-07-30 14:57 - 2013-07-30 14:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2013-07-30 14:36 - 2013-07-30 14:36 - 00003024 _____ C:\Windows\System32\Tasks\{05D1DC08-D3B7-46C7-98B4-033E5E270892}
2013-07-30 12:38 - 2013-07-30 12:38 - 00000000 ____D C:\ProgramData\Age of Empires 3
2013-07-30 08:39 - 2013-07-30 08:39 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-29 22:24 - 2013-07-29 22:24 - 00000000 ____D C:\Program Files (x86)\2K Games
2013-07-29 21:57 - 2013-07-29 21:57 - 00002023 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-07-29 21:55 - 2013-07-30 15:12 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-29 21:55 - 2013-07-29 21:55 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-29 21:31 - 2013-07-29 21:31 - 00001125 _____ C:\Users\CK\Desktop\JRT.txt
2013-07-29 21:23 - 2013-07-29 21:23 - 00000946 _____ C:\AdwCleaner[S2].txt
2013-07-29 20:35 - 2013-07-30 12:38 - 00000000 ____D C:\Users\CK\Documents\My Games
2013-07-29 20:35 - 2013-07-30 11:34 - 00000000 ____D C:\Users\CK\AppData\Local\My Games
2013-07-29 20:30 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2013-07-29 20:30 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2013-07-29 20:30 - 2007-06-20 20:45 - 00021352 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_2.dll
2013-07-29 20:30 - 2007-06-20 20:45 - 00018280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_2.dll
2013-07-29 20:30 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2013-07-29 20:30 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2013-07-29 20:30 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2013-07-29 20:30 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2013-07-29 20:30 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2013-07-29 20:30 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2013-07-29 20:30 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2013-07-29 20:30 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2013-07-29 20:30 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2013-07-29 20:30 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2013-07-29 20:30 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2013-07-29 20:30 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2013-07-29 20:30 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2013-07-29 20:30 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-07-29 20:30 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2013-07-29 20:30 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2013-07-29 20:30 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2013-07-29 20:30 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2013-07-29 20:30 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2013-07-29 20:30 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2013-07-29 20:30 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2013-07-29 20:30 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2013-07-29 20:30 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2013-07-29 20:30 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2013-07-29 20:30 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2013-07-29 20:30 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2013-07-29 20:30 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2013-07-29 20:30 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2013-07-29 20:30 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2013-07-29 20:30 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2013-07-29 20:30 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2013-07-29 20:30 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2013-07-29 20:30 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2013-07-29 20:30 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2013-07-29 20:30 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2013-07-29 20:30 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2013-07-29 20:30 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2013-07-29 20:30 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2013-07-29 20:30 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2013-07-29 20:30 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2013-07-29 20:30 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2013-07-29 20:30 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2013-07-29 20:30 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2013-07-29 20:30 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2013-07-29 20:30 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2013-07-29 20:30 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2013-07-29 20:30 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2013-07-29 20:30 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2013-07-29 20:30 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2013-07-29 20:30 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-07-29 20:30 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2013-07-29 20:30 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2013-07-29 20:30 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2013-07-29 20:30 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2013-07-29 20:30 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2013-07-29 20:30 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2013-07-29 08:57 - 2013-07-29 08:57 - 00891098 _____ C:\Users\CK\Desktop\SecurityCheck.exe
2013-07-29 08:54 - 2013-07-29 08:54 - 02347384 _____ (ESET) C:\Users\CK\Desktop\esetsmartinstaller_enu.exe
2013-07-28 18:01 - 2013-07-28 18:01 - 00000000 ____D C:\Windows\ERUNT
2013-07-28 18:00 - 2013-07-28 18:00 - 00016189 _____ C:\Users\CK\Desktop\AdwCleaner[S1].txt
2013-07-28 17:56 - 2013-07-28 17:57 - 00016189 _____ C:\AdwCleaner[S1].txt
2013-07-28 17:55 - 2013-07-28 17:55 - 00017305 _____ C:\AdwCleaner[R1].txt
2013-07-28 17:54 - 2013-07-28 17:54 - 00666633 _____ C:\Users\CK\Desktop\adwcleaner.exe
2013-07-28 17:54 - 2013-07-28 17:54 - 00561198 _____ (Oleg N. Scherbakov) C:\Users\CK\Desktop\JRT.exe
2013-07-28 08:52 - 2013-07-28 08:52 - 00017265 _____ C:\ComboFix.txt
2013-07-28 08:39 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-28 08:39 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-28 08:39 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-28 08:39 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-28 08:39 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-28 08:39 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-28 08:39 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-28 08:39 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-28 08:38 - 2013-07-28 08:52 - 00000000 ____D C:\Qoobox
2013-07-28 08:38 - 2013-07-28 08:51 - 00000000 ____D C:\Windows\erdnt
2013-07-28 08:37 - 2013-07-28 08:37 - 05095176 ____R (Swearware) C:\Users\CK\Desktop\ComboFix.exe
2013-07-27 20:39 - 2013-07-28 00:39 - 00000058 _____ C:\Users\CK\AppData\Roaming\WB.CFG
2013-07-27 20:39 - 2013-07-27 20:39 - 00000005 _____ C:\Users\CK\AppData\Roaming\WBPU-TTL.DAT
2013-07-27 20:30 - 2013-07-30 14:10 - 00000000 ____D C:\FRST
2013-07-27 20:30 - 2013-07-27 20:30 - 01780815 _____ (Farbar) C:\Users\CK\Desktop\FRST64.exe
2013-07-26 15:19 - 2013-07-26 15:19 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-07-13 18:37 - 2013-07-13 18:39 - 00000000 ____D C:\Windows\system32\MRT
2013-07-05 12:31 - 2013-07-27 18:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-07-30 15:21 - 2013-07-30 15:21 - 00000131 _____ C:\Users\CK\Desktop\regfix.reg
2013-07-30 15:18 - 2013-07-30 15:18 - 00000658 _____ C:\Users\CK\Desktop\Age of Empires III - Verknüpfung.lnk
2013-07-30 15:18 - 2011-12-29 13:07 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-30 15:12 - 2013-07-29 21:55 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-30 15:12 - 2010-09-16 23:30 - 00274465 _____ C:\Windows\DirectX.log
2013-07-30 14:57 - 2013-07-30 14:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2013-07-30 14:50 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-30 14:50 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-30 14:46 - 2010-09-16 23:07 - 01808203 _____ C:\Windows\WindowsUpdate.log
2013-07-30 14:42 - 2011-12-29 13:07 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-30 14:42 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-30 14:42 - 2009-07-14 06:51 - 00368750 _____ C:\Windows\setupact.log
2013-07-30 14:36 - 2013-07-30 14:36 - 00003024 _____ C:\Windows\System32\Tasks\{05D1DC08-D3B7-46C7-98B4-033E5E270892}
2013-07-30 14:10 - 2013-07-27 20:30 - 00000000 ____D C:\FRST
2013-07-30 13:37 - 2010-09-17 08:59 - 00654166 _____ C:\Windows\system32\perfh007.dat
2013-07-30 13:37 - 2010-09-17 08:59 - 00130006 _____ C:\Windows\system32\perfc007.dat
2013-07-30 13:37 - 2009-07-14 07:13 - 01519874 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-30 12:38 - 2013-07-30 12:38 - 00000000 ____D C:\ProgramData\Age of Empires 3
2013-07-30 12:38 - 2013-07-29 20:35 - 00000000 ____D C:\Users\CK\Documents\My Games
2013-07-30 12:37 - 2010-07-02 13:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-30 11:38 - 2010-09-16 23:04 - 00042348 _____ C:\Windows\PFRO.log
2013-07-30 11:34 - 2013-07-29 20:35 - 00000000 ____D C:\Users\CK\AppData\Local\My Games
2013-07-30 08:39 - 2013-07-30 08:39 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-29 22:24 - 2013-07-29 22:24 - 00000000 ____D C:\Program Files (x86)\2K Games
2013-07-29 22:00 - 2011-01-21 19:08 - 00000000 ____D C:\Users\CK\AppData\Local\Adobe
2013-07-29 21:57 - 2013-07-29 21:57 - 00002023 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-07-29 21:57 - 2010-07-02 13:59 - 00000000 ____D C:\ProgramData\Adobe
2013-07-29 21:57 - 2010-07-02 13:58 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-29 21:55 - 2013-07-29 21:55 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-29 21:55 - 2012-06-11 14:54 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-29 21:55 - 2011-05-21 02:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-29 21:38 - 2011-02-01 13:36 - 00000000 ____D C:\Program Files (x86)\Doom 3
2013-07-29 21:31 - 2013-07-29 21:31 - 00001125 _____ C:\Users\CK\Desktop\JRT.txt
2013-07-29 21:23 - 2013-07-29 21:23 - 00000946 _____ C:\AdwCleaner[S2].txt
2013-07-29 08:57 - 2013-07-29 08:57 - 00891098 _____ C:\Users\CK\Desktop\SecurityCheck.exe
2013-07-29 08:54 - 2013-07-29 08:54 - 02347384 _____ (ESET) C:\Users\CK\Desktop\esetsmartinstaller_enu.exe
2013-07-28 18:01 - 2013-07-28 18:01 - 00000000 ____D C:\Windows\ERUNT
2013-07-28 18:00 - 2013-07-28 18:00 - 00016189 _____ C:\Users\CK\Desktop\AdwCleaner[S1].txt
2013-07-28 17:57 - 2013-07-28 17:56 - 00016189 _____ C:\AdwCleaner[S1].txt
2013-07-28 17:55 - 2013-07-28 17:55 - 00017305 _____ C:\AdwCleaner[R1].txt
2013-07-28 17:54 - 2013-07-28 17:54 - 00666633 _____ C:\Users\CK\Desktop\adwcleaner.exe
2013-07-28 17:54 - 2013-07-28 17:54 - 00561198 _____ (Oleg N. Scherbakov) C:\Users\CK\Desktop\JRT.exe
2013-07-28 08:52 - 2013-07-28 08:52 - 00017265 _____ C:\ComboFix.txt
2013-07-28 08:52 - 2013-07-28 08:38 - 00000000 ____D C:\Qoobox
2013-07-28 08:52 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-28 08:51 - 2013-07-28 08:38 - 00000000 ____D C:\Windows\erdnt
2013-07-28 08:48 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-28 08:47 - 2009-07-14 04:34 - 71303168 _____ C:\Windows\system32\config\software.bak
2013-07-28 08:47 - 2009-07-14 04:34 - 16252928 _____ C:\Windows\system32\config\system.bak
2013-07-28 08:47 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-07-28 08:47 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2013-07-28 08:47 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\default.bak
2013-07-28 08:37 - 2013-07-28 08:37 - 05095176 ____R (Swearware) C:\Users\CK\Desktop\ComboFix.exe
2013-07-28 00:39 - 2013-07-27 20:39 - 00000058 _____ C:\Users\CK\AppData\Roaming\WB.CFG
2013-07-27 20:39 - 2013-07-27 20:39 - 00000005 _____ C:\Users\CK\AppData\Roaming\WBPU-TTL.DAT
2013-07-27 20:30 - 2013-07-27 20:30 - 01780815 _____ (Farbar) C:\Users\CK\Desktop\FRST64.exe
2013-07-27 18:40 - 2013-07-05 12:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-26 15:19 - 2013-07-26 15:19 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-07-26 15:19 - 2010-07-02 13:53 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-26 10:47 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-15 20:37 - 2011-11-11 18:43 - 00000000 ____D C:\Users\CK\Desktop\Diverses
2013-07-13 18:39 - 2013-07-13 18:37 - 00000000 ____D C:\Windows\system32\MRT
2013-07-13 18:22 - 2012-05-11 11:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 18:22 - 2012-05-11 11:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-13 08:13 - 2011-12-29 13:07 - 00004098 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 08:13 - 2011-12-29 13:07 - 00003846 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 07:27 - 2011-01-20 15:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-05 15:03 - 2012-05-05 15:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-07-24 11:35

==================== End Of Log ============================
--- --- ---

--- --- ---


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2013 04
Ran by CK at 2013-07-30 15:26:23
Running from C:\Users\CK\Desktop
Boot Mode: Normal

==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
64 Bit HP CIO Components Installer (Version: 7.2.8)
7-Zip 9.20 (x64 edition) (Version:
Acer Arcade Deluxe (x32 Version: 4.0.7615)
Acer Arcade Movie (x32 Version: 9.0.6423)
Acer Backup Manager (x32 Version:
Acer Crystal Eye webcam (x32 Version:
Acer eRecovery Management (x32 Version: 4.05.3013)
Acer PowerSmart Manager (x32 Version: 5.02.3004)
Acer ScreenSaver (x32 Version: 1.1.0222.2010)
Acer Updater (x32 Version: 1.02.3001)
Acer VCM (x32 Version: 4.05.3002)
Acrobat.com (x32 Version: 1.6.65)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Age of Empires III (x32 Version: 1.00.0000)
Airport Mania First Flight (x32)
Alcor Micro USB Card Reader (x32 Version:
Amazon MP3-Downloader 1.0.17 (x32 Version: 1.0.17)
Amazonia (x32)
Apple Application Support (x32 Version: 1.4.1)
Apple Mobile Device Support (Version:
Apple Software Update (x32 Version:
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version:
ATI Catalyst Install Manager (Version: 3.0.765.0)
Avira Free Antivirus (x32 Version:
Backup Manager Basic (x32 Version:
Bonjour (Version:
Cake Mania (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2010.0421.657.10561)
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0421.657.10561)
Catalyst Control Center Graphics Full New (x32 Version: 2010.0421.657.10561)
Catalyst Control Center Graphics Light (x32 Version: 2010.0421.657.10561)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0421.657.10561)
Catalyst Control Center InstallProxy (x32 Version: 2010.0421.657.10561)
Catalyst Control Center Localization All (x32 Version: 2010.0421.657.10561)
CCC Help Chinese Standard (x32 Version: 2010.0421.0656.10561)
CCC Help Chinese Traditional (x32 Version: 2010.0421.0656.10561)
CCC Help Czech (x32 Version: 2010.0421.0656.10561)
CCC Help Danish (x32 Version: 2010.0421.0656.10561)
CCC Help Dutch (x32 Version: 2010.0421.0656.10561)
CCC Help English (x32 Version: 2010.0421.0656.10561)
CCC Help Finnish (x32 Version: 2010.0421.0656.10561)
CCC Help French (x32 Version: 2010.0421.0656.10561)
CCC Help German (x32 Version: 2010.0421.0656.10561)
CCC Help Greek (x32 Version: 2010.0421.0656.10561)
CCC Help Hungarian (x32 Version: 2010.0421.0656.10561)
CCC Help Italian (x32 Version: 2010.0421.0656.10561)
CCC Help Japanese (x32 Version: 2010.0421.0656.10561)
CCC Help Korean (x32 Version: 2010.0421.0656.10561)
CCC Help Norwegian (x32 Version: 2010.0421.0656.10561)
CCC Help Polish (x32 Version: 2010.0421.0656.10561)
CCC Help Portuguese (x32 Version: 2010.0421.0656.10561)
CCC Help Russian (x32 Version: 2010.0421.0656.10561)
CCC Help Spanish (x32 Version: 2010.0421.0656.10561)
CCC Help Swedish (x32 Version: 2010.0421.0656.10561)
CCC Help Thai (x32 Version: 2010.0421.0656.10561)
CCC Help Turkish (x32 Version: 2010.0421.0656.10561)
ccc-core-static (x32 Version: 2010.0421.657.10561)
ccc-utility64 (Version: 2010.0421.657.10561)
CDBurnerXP (Version:
CDBurnerXP (x32 Version:
dows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices  (07/07/2009 1.12.2) (Version: 07/07/2009 1.12.2)
Dream Day First Home (x32)
EPSON BX620FWD Series Printer Uninstall
EPSON Scan (x32)
EpsonNet Print (x32 Version: 2.4j)
EpsonNet Setup 3.3 (x32 Version: 3.3b)
ESET Online Scanner v3 (x32)
eSobi v2 (x32 Version:
Farm Frenzy 2 (x32)
Free Studio version (x32 Version:
Galapago (x32)
Garmin Training Center (x32 Version: 3.6.5)
Garmin USB Drivers (x32 Version:
Google Earth (x32 Version:
Google Update Helper (x32 Version:
Heroes of Hellas (x32)
HPDiagnosticAlert (x32 Version: 1.00.0000)
Identity Card (x32 Version: 1.00.3003)
Intel(R) Control Center (x32 Version:
Intel(R) Management Engine Components (x32 Version:
Intel(R) Rapid Storage Technology (x32 Version:
Intel(R) Turbo Boost Technology Driver (x32 Version:
iTunes (Version:
Junk Mail filter update (x32 Version: 14.0.8089.726)
Launch Manager (x32 Version: 4.0.7)
MediaShow Espresso (x32 Version: 5.5.1403_23691)
Merriam Websters Spell Jam (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version:
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyWinLocker (x32 Version:
MyWinLocker Suite (x32 Version:
No23 Recorder (x32 Version:
NTI Backup Now 5 (x32 Version:
NTI Backup Now Standard (x32 Version:
NTI Media Maker 8 (x32 Version:
Optical Drive Power Management (x32 Version: 1.01.3007)
Pointofix (x32)
Poker Pop (x32)
ProtectDisc Driver, Version 11 (x32 Version:
PX Profile Update (x32 Version: 1.00.1.)
QuickTime (x32 Version:
Shredder (Version:
Shredder (x32 Version:
Spin & Win (x32)
Spybot - Search & Destroy (x32 Version: 1.6.2)
Synaptics Pointing Device Driver (Version:
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition (x32)
Update for Zip Opener (HKCU)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
VLC media player 1.1.5 (x32 Version: 1.1.5)
Welcome Center (x32 Version: 1.02.3002)
WIDCOMM Bluetooth Software (Version:
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 (Version: 06/03/2009
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Fotogalerie (x32 Version: 14.0.8081.709)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
ZoneAlarm Free (x32 Version:

==================== Restore Points  =========================

13-07-2013 16:36:27 Windows Update
22-07-2013 10:13:09 Geplanter Prüfpunkt
28-07-2013 06:39:16 ComboFix created restore point
29-07-2013 18:28:24 DirectX wurde installiert
29-07-2013 18:30:19 Installiert Sid Meier's Civilization IV Colonization
29-07-2013 19:38:13 Removed Doom 3
29-07-2013 20:23:19 DirectX wurde installiert
29-07-2013 20:24:43 Installiert Sid Meier's Civilization 4 Complete
30-07-2013 09:54:07 Installiert Age of Empires III
30-07-2013 11:13:01 Windows Update
30-07-2013 11:51:10 Windows Update
30-07-2013 12:38:33 Entfernt Age of Empires III
30-07-2013 12:49:39 Installiert Age of Empires III

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-07-28 08:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {08A4A439-1854-4381-AEF9-C5F0D9237A4B} - \BrowserDefendert No Task File
Task: {184F287B-5BAF-4B93-A3C9-247BBB692F02} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-29] (Google Inc.)
Task: {18A5B7F0-440A-4E7D-A103-73D1E30B3CAA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-29] (Adobe Systems Incorporated)
Task: {7135F53D-64D0-4167-BD36-BD7369CF4B5C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {9485626A-3604-4CC6-BE7D-02C829CF2A15} - \EPUpdater No Task File
Task: {B475A789-C8C4-47A9-84FA-367309498DC1} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2009-07-14] (Microsoft Corporation)
Task: {CAABDE9C-4FC1-4578-9F49-C3AAD2A012DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-29] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: High Definition Audio-Controller
Description: High Definition Audio-Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
Error: (07/30/2013 02:46:03 PM) (Source: MsiInstaller) (User: CK-PC)
Description: Produkt: Age of Empires III -- Diese Installation kann nicht durch direktes Laden des MSI-Pakets ausgeführt werden. Sie müssen Setup.exe ausführen.

Error: (07/30/2013 00:38:16 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ins5F6E.tmp, Version:, Zeitstempel: 0x40daa4fa
Name des fehlerhaften Moduls: ins5F6E.tmp, Version:, Zeitstempel: 0x40daa4fa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00058b9c
ID des fehlerhaften Prozesses: 0x1220
Startzeit der fehlerhaften Anwendung: 0xins5F6E.tmp0
Pfad der fehlerhaften Anwendung: ins5F6E.tmp1
Pfad des fehlerhaften Moduls: ins5F6E.tmp2
Berichtskennung: ins5F6E.tmp3

Error: (07/30/2013 00:37:51 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: age3.exe, Version: 4.107.803.3365, Zeitstempel: 0x46b74385
Name des fehlerhaften Moduls: USER32.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdb3c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000005
ID des fehlerhaften Prozesses: 0xf6c
Startzeit der fehlerhaften Anwendung: 0xage3.exe0
Pfad der fehlerhaften Anwendung: age3.exe1
Pfad des fehlerhaften Moduls: age3.exe2
Berichtskennung: age3.exe3

Error: (07/30/2013 00:25:10 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (07/30/2013 11:53:38 AM) (Source: MsiInstaller) (User: CK-PC)
Description: Produkt: Age of Empires III -- Diese Installation kann nicht durch direktes Laden des MSI-Pakets ausgeführt werden. Sie müssen Setup.exe ausführen.

Error: (07/30/2013 08:39:25 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (07/30/2013 08:39:19 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (07/30/2013 08:39:19 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (07/29/2013 10:00:24 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version:, Zeitstempel: 0x51c06b1b
Name des fehlerhaften Moduls: xul.dll, Version:, Zeitstempel: 0x51c06a5b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00173668
ID des fehlerhaften Prozesses: 0x1078
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

System errors:
Error: (07/30/2013 11:50:11 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 

Error: (07/29/2013 09:38:04 PM) (Source: DCOM) (User: )
Description: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe -Embedding740{B3EDE298-AE75-4A1C-AB7E-1B9229B77BBE}

Microsoft Office Sessions:
Error: (04/24/2012 11:08:56 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 37 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/05/2011 06:15:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6671 seconds with 3840 seconds of active time.  This session ended with a crash.

Error: (10/16/2011 00:12:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 76 seconds with 60 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
  Date: 2013-07-28 08:46:17.112
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-28 08:46:17.002
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-11-20 17:38:16.030
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-11-20 17:21:57.809
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-11-20 17:14:05.562
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-11-20 15:20:17.137
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-11-20 15:15:11.639
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-11-20 15:05:07.943
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-11-20 14:49:32.049
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-11-20 13:39:06.489
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

==================== Memory info =========================== 

Percentage of memory in use: 39%
Total physical RAM: 3766.69 MB
Available physical RAM: 2291.04 MB
Total Pagefile: 7531.51 MB
Available Pagefile: 5845.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:227.39 GB) (Free:171.82 GB) NTFS (Disk=0 Partition=3)
Drive e: (MeineDateien) (Fixed) (Total:225.27 GB) (Free:191.66 GB) NTFS (Disk=0 Partition=4)
Drive f: (AOE III DISC 1) (CDROM) (Total:0.53 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 11A2AAD5)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=227 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=225 GB) - (Type=OF Extended)

==================== End Of Log ============================

Alt 30.07.2013, 17:09   #20
/// the machine
/// TB-Ausbilder

Wie entferne ich den Win32.Downloader.gen Trojaner - Standard

Wie entferne ich den Win32.Downloader.gen Trojaner

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

HKCU\...\Run: [NTRedirect] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\CK\AppData\Roaming\BabSolution\Shared\NTRedirect.dll",Run [x] <===== ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

Regfix bitte nochmal ausführen, mit Rechtsklick als Admin ausführen. Dann bitte mal ein Log von Spybot posten


Proud Member of UNITE and ASAP since 2009

Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.07.2013, 17:45   #21
Wie entferne ich den Win32.Downloader.gen Trojaner - Standard

Wie entferne ich den Win32.Downloader.gen Trojaner

Hallo Schrauber,

sorry, es tut mir echt leid, dass ich dir so viel Zeit mit dieser blöden Toolbar stehle, obwohl es ja eigentlich um den Trojaner ging...

Wie dem auch sei, die Fixlist habe ich erstellt und daraufhin FRST laufen lassen. Das Ergebnis folgt. Allerdings sei gesagt, dass FRST wenn ich auf Fix klicke weniger als eine Sekunde braucht um durchzulaufen. Ist das normal? Sonst dauert alles immer länger...:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-07-2013 04
Ran by CK at 2013-07-30 18:42:32 Run:3
Running from C:\Users\CK\Desktop
Boot Mode: Normal

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\NTRedirect => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Value not found.
HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Key not found.
"C:\Users\CK\AppData\Roaming\BabSolution" => File/Directory not found.

==== End of Fixlog ====
Den Regfix wollte ich mit einem Rechtsklick als Administrator ausführen, aber diese Option wurde mir nicht angezeigt. Keine Ahnung warum nicht. Darum habe ich es dann einfach mit einem Doppelklick ausgeführt, was auch funktioniert hat.

Spybot habe ich nun zum gefühlt 10.000 Mal durchlaufen lassen und die Toolbar wird leider immer noch erkannt. Das Spybot Log folgt (ich hoffe es ist das richtige. Hat etwas gedauert bis ich das gefunden hatte...):

--- Search result list ---
Delta.Toolbar: [SBI $D54913A1] Einstellungen (Registrierungsdatenbank-Wert, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\bProtectTabs

--- Spybot - Search & Destroy version: 1.6.2  (build: 20090126) ---

2009-01-26 blindman.exe (
2009-01-26 SDFiles.exe (
2009-01-26 SDMain.exe (
2009-01-26 SDShred.exe (
2009-01-26 SDUpdate.exe (
2009-01-26 SDWinSec.exe (
2009-01-26 SpybotSD.exe (
2009-03-05 TeaTimer.exe (
2011-01-20 unins000.exe (
2009-01-26 Update.exe (
2009-11-04 advcheck.dll (
2007-04-02 aports.dll (
2008-06-14 DelZip179.dll (
2009-01-26 SDHelper.dll (
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (
2009-01-16 UninsSrv.dll (
2013-04-11 Includes\Adware.sbi (*)
2013-07-03 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2013-04-11 Includes\DialerC.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2013-04-11 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2013-06-25 Includes\Keyloggers.sbi (*)
2013-04-11 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-07-24 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-07-22 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2013-04-11 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-06-19 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2013-01-16 Includes\Trojans.sbi (*)
2013-07-11 Includes\TrojansC-02.sbi (*)
2013-07-24 Includes\TrojansC-03.sbi (*)
2013-06-27 Includes\TrojansC-04.sbi (*)
2013-06-13 Includes\TrojansC-05.sbi (*)
2013-04-19 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

--- System information ---
Unknown Windows version 6.1 (Build: 7600) (6.1.7600)

--- Startup entries list ---
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
   file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
   size: 958576
    MD5: 48BE298F7FD1BEF4D8FBACB04D8D95C4

Located: HK_LM:Run, ArcadeMovieService
command: "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
   file: C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
   size: 124136
    MD5: 0F073B3EF1CDC4AEDF844BF5BC54C143

Located: HK_LM:Run, avgnt
command: "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
   file: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
   size: 348664
    MD5: 07761DE4451878A20690B5BDD3934123

Located: HK_LM:Run, BackupManagerTray
command: "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
   file: C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
   size: 265984
    MD5: BCDFB6FAFD26A7FD8BF907E27F51B7A3

Located: HK_LM:Run, EgisTecPMMUpdate
command: "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
   file: C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
   size: 407920
    MD5: 0ADF079D36B2C25E6E9BECE1BD937ACE

Located: HK_LM:Run, EgisUpdate
command: "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
   file: C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
   size: 201584
    MD5: F255E48EA981E943A14CF16269F3F3AF

Located: HK_LM:Run, GrooveMonitor
command: "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
   file: C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
   size: 30040
    MD5: 0E34B7BB1FCF22BCC1E394D16F9E992B

Located: HK_LM:Run, IAStorIcon
command: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
   file: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
   size: 284696
    MD5: 25107F58D1B8F60D67D1EE95798C0DE8

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
   file: C:\Program Files (x86)\iTunes\iTunesHelper.exe
   size: 421160
    MD5: E5B82EA4B98828D50C61137BFA8793F1

Located: HK_LM:Run, LManager
command: C:\Program Files (x86)\Launch Manager\LManager.exe
   file: C:\Program Files (x86)\Launch Manager\LManager.exe
   size: 1300560
    MD5: 522EEC6D2CAF10ADF7D9B6868A5BDEA9

Located: HK_LM:Run, MDS_Menu
command: "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
   file: C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe
   size: 222504
    MD5: 4EFCDF3DB1BBA69C09622991280C4ACB

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
   file: C:\Program Files (x86)\QuickTime\QTTask.exe
   size: 421888
    MD5: 0AEE5668EB59912F32FF245BFA72465F

Located: HK_LM:Run, StartCCC
command: "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
   file: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
   size: 98304
    MD5: CA9949725E12283FB3461CCF05AA2438

Located: HK_LM:Run, SuiteTray
command: "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
   file: C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
   size: 337264
    MD5: AF7DE2922E01EFA48BF5F2A8511CF896

Located: Startup (allgemein), Acer VCM.lnk
  where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
   file: C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
   size: 704032
    MD5: 322640D2A69831A182DE6BC937C1828E

Located: Startup (allgemein), Bluetooth.lnk
  where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
   file: C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

--- Browser helper object list ---
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: 
        CLSID name: Spybot-S&D IE Protection
       description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDHelper.dll
         info link: hxxp://www.safer-networking.org/
       info source: Safer-Networking Ltd.
              Path: C:\Program Files (x86)\Spybot - Search & Destroy\
         Long name:       SDHelper.dll
        Short name:                   
    Date (created): 20.01.2011 16:06:42
Date (last access): 20.01.2011 16:06:42
 Date (last write): 26.01.2009 16:31:02
          Filesize:            1879896
        Attributes:           archive 
               MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
             CRC32:           5BA24007

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: 
        CLSID name: Groove GFS Browser Helper
              Path: C:\Program Files (x86)\Microsoft Office\Office12\
         Long name: GrooveShellExtensions.dll
        Short name:       GR469A~1.DLL
    Date (created): 26.02.2009 19:36:54
Date (last access): 30.10.2011 17:19:58
 Date (last write): 26.02.2009 19:36:54
          Filesize:            2217832
        Attributes:           archive 
               MD5: 30DB64D316F502558DB2380F7343C9FD
             CRC32:           152B40A2
           Version:     12.0.6500.5000

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Anmelde-Hilfsprogramm)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: 
        CLSID name: Windows Live Anmelde-Hilfsprogramm
              Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
         Long name: WindowsLiveLogin.dll
        Short name:       WINDOW~1.DLL
    Date (created): 22.01.2009 15:41:30
Date (last access): 16.09.2010 23:28:58
 Date (last write): 22.01.2009 15:41:30
          Filesize:             408448
        Attributes:           archive 
               MD5: B7899C3E21B299D7A3C0DA96CAE340BD
             CRC32:           288935F8
           Version:          5.0.818.5

--- ActiveX list ---

--- Process list ---
PID:    0 (   0) [System]
PID: 2644 (2836) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
 size: 349552
  MD5: 0D6972A795995F07B6D78CA7724744FB
PID: 3120 (2836) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
 size: 26448
  MD5: B8B1A3F5EFA0DBE88EAB41A7110B9A31
PID: 3188 (2836) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
 size: 704032
  MD5: 322640D2A69831A182DE6BC937C1828E
PID: 3392 (3120) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
 size: 30544
  MD5: 53A968F934EAFC233BA42BE797775852
PID: 3500 (3140) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
 size: 284696
  MD5: 25107F58D1B8F60D67D1EE95798C0DE8
PID: 3508 (3140) C:\Program Files (x86)\Launch Manager\LManager.exe
 size: 1300560
  MD5: 522EEC6D2CAF10ADF7D9B6868A5BDEA9
PID: 3560 (3140) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
 size: 407920
  MD5: 0ADF079D36B2C25E6E9BECE1BD937ACE
PID: 3572 (3140) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
 size: 265984
PID: 3612 (3140) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
 size: 124136
  MD5: 0F073B3EF1CDC4AEDF844BF5BC54C143
PID: 3648 (3140) C:\Program Files (x86)\iTunes\iTunesHelper.exe
 size: 421160
  MD5: E5B82EA4B98828D50C61137BFA8793F1
PID: 3656 (3140) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
 size: 348664
  MD5: 07761DE4451878A20690B5BDD3934123
PID: 3900 (3552) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
 size: 201584
  MD5: F255E48EA981E943A14CF16269F3F3AF
PID:  244 (2836) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 size: 920472
  MD5: C8D28F8B498CADBB9445AC4545BD41B7
PID: 4940 ( 244) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
 size: 17304
  MD5: E9349A03FD81B4806714A16796B5E20A
PID: 4124 (4940) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
 size: 1861512
  MD5: D8425B8D6DC2AA8D871363B0775BCF18
PID:  368 (4124) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
 size: 1861512
  MD5: D8425B8D6DC2AA8D871363B0775BCF18
PID:  460 (2836) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
 size: 5365592
  MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID:    4 (   0) System
PID:  316 (   4) smss.exe
PID:  424 ( 416) csrss.exe
PID:  512 ( 416) wininit.exe
 size: 96256
PID:  540 ( 524) csrss.exe
PID:  572 ( 512) services.exe
PID:  600 ( 512) lsass.exe
PID:  608 ( 512) lsm.exe
PID:  724 ( 524) winlogon.exe
PID:  736 ( 572) svchost.exe
 size: 20992
PID:  840 ( 572) svchost.exe
 size: 20992
PID:  904 ( 572) atiesrxx.exe
PID:  972 ( 572) svchost.exe
 size: 20992
PID: 1012 ( 572) svchost.exe
 size: 20992
PID:  284 ( 572) svchost.exe
 size: 20992
PID:  544 ( 572) svchost.exe
 size: 20992
PID: 1064 ( 572) svchost.exe
 size: 20992
PID: 1216 (1012) wlanext.exe
 size: 77312
PID: 1224 ( 424) conhost.exe
PID: 1320 ( 572) spoolsv.exe
PID: 1348 ( 572) sched.exe
PID: 1400 ( 904) atieclxx.exe
PID: 1488 ( 572) svchost.exe
 size: 20992
PID: 1596 ( 572) eEBSvc.exe
PID: 1756 ( 572) armsvc.exe
PID: 1792 ( 572) avguard.exe
PID: 1860 ( 572) AppleMobileDeviceService.exe
PID: 1912 ( 572) mDNSResponder.exe
PID: 1932 ( 572) btwdins.exe
PID: 1972 ( 572) dsiwmis.exe
PID: 1128 ( 572) ePowerSvc.exe
PID: 1588 ( 572) LMS.exe
PID: 1808 ( 572) svchost.exe
 size: 20992
PID: 1176 ( 572) IScheduleSvc.exe
PID: 1420 ( 572) SchedulerSvc.exe
PID: 2036 ( 572) ODDPWRSvc.exe
PID: 2040 ( 572) svchost.exe
 size: 20992
PID: 2076 ( 572) RichVideo.exe
PID: 2104 ( 572) RS_Service.exe
PID: 2156 ( 572) svchost.exe
 size: 20992
PID: 2212 ( 572) UpdaterService.exe
PID: 2344 ( 572) SDWinSec.exe
 size: 1153368
  MD5: 794D4B48DFB6E999537C7C3947863463
PID: 2676 ( 572) C:\Windows\System32\taskhost.exe
PID: 2696 ( 284) taskeng.exe
 size: 192000
PID: 2656 (1012) C:\Windows\System32\dwm.exe
PID: 2836 (2596) C:\Windows\explorer.exe
 size: 2870272
  MD5: 0862495E0C825893DB75EF44FAEA8E93
PID: 3048 (2836) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
 size: 320000
  MD5: 2C2C3D428E6581CF56A80416AA327425
PID: 2624 (2836) C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
 size: 223264
  MD5: A5F30B7295A8D0CE87FDE15FCF9646E1
PID: 2460 (2836) C:\Windows\System32\igfxpers.exe
PID: 2832 (2836) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 size: 1842472
  MD5: 3B30F234512DB4EFDD0168928C61FC8E
PID: 3100 ( 736) C:\Windows\System32\wbem\unsecapp.exe
PID: 3212 ( 736) WmiPrvSE.exe
PID: 3232 (2836) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
 size: 1125152
  MD5: 30273CDB6D7175A8B3BC83706BFB7EB5
PID: 3384 (2208) C:\Windows\System32\GfxUI.exe
PID: 3544 (3508) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
 size: 72712
  MD5: C19AAD30985941B6B7E8D3A7BEFF715B
PID: 3796 (1972) LMworker.exe
PID: 3860 (1792) avshadow.exe
PID: 3868 ( 424) conhost.exe
PID: 3932 ( 572) SearchIndexer.exe
 size: 428032
PID: 3168 ( 572) iPodService.exe
PID: 3440 (2832) SynTPHelper.exe
PID: 4720 (3092) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
 size: 850464
  MD5: D7B56AA1057D236634D08B806D7F6512
PID: 4756 (1128) ePowerEvent.exe
PID: 4856 (3580) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
 size: 65536
  MD5: E7704CBF568815C1CAA6E513387BD3F2
PID: 4100 (4856) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
 size: 65536
  MD5: 74EF310FAC89341CE2897B7F2C4A7B0F
PID: 5024 ( 572) IAStorDataMgrSvc.exe
PID: 3452 ( 572) UNS.exe
PID: 4236 ( 572) wmpnetwk.exe
PID: 1944 ( 572) svchost.exe
 size: 20992
PID: 4964 ( 572) svchost.exe
 size: 20992
PID: 4192 ( 972) audiodg.exe

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 30.07.2013 18:40:20

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

--- Winsock Layered Service Provider list ---
Protocol  0: MSAFD-Tcpip [TCP/IP]
        GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP IP protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD Tcpip[*]

Protocol  1: MSAFD-Tcpip [UDP/IP]
        GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP IP protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD Tcpip[*]

Protocol  2: MSAFD-Tcpip [RAW/IP]
        GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP IP protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD Tcpip[*]

Protocol  3: MSAFD-Tcpip [TCP/IPv6]
        GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP IPv6 protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD Tcpip[*]

Protocol  4: MSAFD-Tcpip [UDP/IPv6]
        GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP IPv6 protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD Tcpip[*]

Protocol  5: MSAFD-Tcpip [RAW/IPv6]
        GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP IPv6 protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD Tcpip[*]

Protocol  6: RSVP-TCPv6-Dienstanbieter
        GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP RVSP
 DB filename: %SystemRoot%\system32\rsvpsp.dll
 DB protocol: RSVP * Service Provider

Protocol  7: RSVP-TCP-Dienstanbieter
        GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP RVSP
 DB filename: %SystemRoot%\system32\rsvpsp.dll
 DB protocol: RSVP * Service Provider

Protocol  8: RSVP-UDPv6-Dienstanbieter
        GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP RVSP
 DB filename: %SystemRoot%\system32\rsvpsp.dll
 DB protocol: RSVP * Service Provider

Protocol  9: RSVP-UDP-Dienstanbieter
        GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP RVSP
 DB filename: %SystemRoot%\system32\rsvpsp.dll
 DB protocol: RSVP * Service Provider

Protocol 10: MSAFD RfComm [Bluetooth]
        GUID: {9FC48064-7298-43E4-B7BD-181F2089792A}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Bluetooth
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD RfComm [Bluetooth]

Namespace Provider  0: NLA (Network Location Awareness, NLAv1)-Namespace
        GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
 Description: Microsoft Windows NT/2k/XP name space provider
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: NLA-Namespace

Namespace Provider  1: TCP/IP
        GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
 Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: TCP/IP

Namespace Provider  2: NTDS
        GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
 Description: Microsoft Windows NT/2k/XP name space provider
 DB filename: %SystemRoot%\system32\winrnr.dll
 DB protocol: NTDS

Namespace Provider  3: E-Mail-Namenshimanbieter
        GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}

Namespace Provider  4: PNRP-Wolken-Namespaceanbieter
        GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}

Namespace Provider  5: PNRP-Namen-Namespaceanbieter
        GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}

Namespace Provider  6: Bluetooth-Namespace
        GUID: {06AA63E0-7D60-41FF-AFB2-3EE6D2D9392D}
    Filename: %SystemRoot%\system32\wshbth.dll
 Description: Bluetooth
 DB filename: %SystemRoot%\system32\wshbth.dll
 DB protocol: Bluetooth-Namespace

Namespace Provider  7: mdnsNSP
        GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
    Filename: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
 Description: Apple Rendezvous protocol
 DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
 DB protocol: mdnsNSP

Wie entferne ich den Win32.Downloader.gen Trojaner - Standard

Wie entferne ich den Win32.Downloader.gen Trojaner


Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)
  • Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Wie entferne ich den Win32.Downloader.gen Trojaner - Standard

Wie entferne ich den Win32.Downloader.gen Trojaner

Guten Morgen Schrauber,

es hat alles geklappt und auch nur ca. 5 Minuten gedauert. Der Editor öffnete sich mit folgendem Log:

SystemLook 30.07.11 by jpshortstuff
Log created at 09:25 on 31/07/2013 by CK
Administrator - Elevation successful

========== filefind ==========

Searching for "*bProtect*"
No files found.

Searching for "*delta*"
C:\Program Files (x86)\Doom 3\base\savegames\AutoSave__Delta_Labs_Sector_1.save	--a---- 19867939 bytes	[19:59 10/02/2011]	[19:59 10/02/2011] C8A45408E8C3D40AFA695D38EA1DA302
C:\Program Files (x86)\Doom 3\base\savegames\AutoSave__Delta_Labs_Sector_1.txt	--a---- 91 bytes	[19:59 10/02/2011]	[19:59 10/02/2011] 89FEBA7A9369C358461477E4DE48495E
C:\Program Files (x86)\Doom 3\base\savegames\AutoSave__Delta_Labs_Sector_2a.save	--a---- 12701270 bytes	[21:12 12/02/2011]	[21:12 12/02/2011] CC361335228237F412612FBABF976680
C:\Program Files (x86)\Doom 3\base\savegames\AutoSave__Delta_Labs_Sector_2a.txt	--a---- 94 bytes	[21:12 12/02/2011]	[21:12 12/02/2011] 44825CB7349E4CCBEDD65AACF0D25F79
C:\Program Files (x86)\Doom 3\base\savegames\AutoSave__Delta_Labs_Sector_2b.save	--a---- 10540949 bytes	[17:46 15/02/2011]	[17:46 15/02/2011] 9E5D41077673139306F93A5890D8FFAA
C:\Program Files (x86)\Doom 3\base\savegames\AutoSave__Delta_Labs_Sector_2b.txt	--a---- 94 bytes	[17:46 15/02/2011]	[17:46 15/02/2011] A244C27992FF2D1DD24112FCF2166502
C:\Program Files (x86)\Doom 3\base\savegames\AutoSave__Delta_Labs_Sector_3.save	--a---- 14789066 bytes	[16:18 05/03/2011]	[16:18 05/03/2011] 3266A078AD70779F4D0C9FF766B261A1
C:\Program Files (x86)\Doom 3\base\savegames\AutoSave__Delta_Labs_Sector_3.txt	--a---- 91 bytes	[16:18 05/03/2011]	[16:18 05/03/2011] BD96B42D13D070BFCC4B8927AFF3C136
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar.zip	--a---- 575 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 853A310683E9B7021E2ECA1FE6B994D7
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar1.zip	--a---- 570 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] AA707FD76A7F6BBF9F90C289A89C44D8
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar10.zip	--a---- 730 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 92884871658C28C3879B17A80A956487
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar100.zip	--a---- 651 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] DA35864670DF9BB98BBEE44DB2DB9B7F
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar101.zip	--a---- 571 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] A3030AC2F6286FF442E8BD7C68F1DC28
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar102.zip	--a---- 644 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 69505F93AD56A214FD0BEB078B65B555
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar103.zip	--a---- 572 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] AABF82A455BE205FF194A69AE235865C
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar104.zip	--a---- 646 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 363626C422DC4767848FAFB1652AFB12
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar105.zip	--a---- 551 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 177A1023F2F83334E4B2D3429E910D7D
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar106.zip	--a---- 617 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 5ACB97DA84C7C7151DD5C3D0E312262E
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar11.zip	--a---- 896 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] B9DF5631323CDA36BE8A24D034149769
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar12.zip	--a---- 793 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] D2882E6A2C5E97CF62C87B216AAE14CE
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar13.zip	--a---- 758 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 475F936F5C591CBE1A0D3EA39B74EF2C
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar14.zip	--a---- 717 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 6FDA13082DBE5E0795165AC316090E84
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar15.zip	--a---- 682 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 158ACC9AAB654417D0D06EF387A64DE1
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar16.zip	--a---- 671 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 507E0F797EFFCC2DCC148CA092E68AB2
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar17.zip	--a---- 671 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 2665281C7464B4310DE604C6EE870DEC
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar18.zip	--a---- 653 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 3DAF01FC59BBFD514FD2FA7961F5B5A6
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar19.zip	--a---- 1606 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] F2B353F572366FA4758980F2D57E1703
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar2.zip	--a---- 500 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] BD66670BBB8926F89028C9D10675442F
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar20.zip	--a---- 1775 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 4F6C32B0ADCFFA86495DC990460B071F
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar21.zip	--a---- 5551 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 11D399C68799F56AA7429D46AD3BF664
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar22.zip	--a---- 3838 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 8CB732C444A630AC4AD74145C22BE30F
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar23.zip	--a---- 2828220 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] B7F4551486D7C9BF47E437C569E47344
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar24.zip	--a---- 1091778 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 28D8A07E4524ED06D5C7591F70FEC6E6
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar25.zip	--a---- 6162 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] FFE335545F598E024D48EF1E47736CBF
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar26.zip	--a---- 2411 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] C913AE423052607365ECB86D48B23B5D
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar27.zip	--a---- 31124 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 776DB0F8EB0FF9E4FFDDF23816E9B419
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar28.zip	--a---- 2828213 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 0CF9DDC74EDDEB7E256F017639B139F4
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar29.zip	--a---- 1781 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 723FFE158A4AB954A128CBB6BC3E9F1C
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar3.zip	--a---- 580 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 4E51A07C122DCCD9A31C67A09EEE13F2
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar30.zip	--a---- 1594 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 92F534FC961B10892FC9EEFED6513038
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar31.zip	--a---- 865 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] FBAEC6648AE09C16EE88811B01DB1792
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar32.zip	--a---- 1039 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] DFC533B3F4436E6A3F3C17371B5740D8
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar33.zip	--a---- 591 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 518670D00706BB320583B5612AD5ECE2
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar34.zip	--a---- 628 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 303BEA5961AB52C2397905A5A627903E
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar35.zip	--a---- 578 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] D4B6D63451ECF09723ECDD97AE049914
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar36.zip	--a---- 6791919 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 4219ECEFABA557459B8C7ED63F0B0989
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar37.zip	--a---- 1352 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 8CFA8B14474CCA09971E04C52AE715FB
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar38.zip	--a---- 564 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 13355392D91D8A8ECB2CB17498FEA224
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar39.zip	--a---- 147248 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] CAEBA08FC93F6DB1B658CFFE1C9D7610
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar4.zip	--a---- 934 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 4AEB1419ECA6D514E8DFEA750B878279
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar40.zip	--a---- 611 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 5C152E5F906557E002DC6473A9D58DC9
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar41.zip	--a---- 538 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 3D8324CBBE494B7AD622D0643A020753
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar42.zip	--a---- 542 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 701428CCDF6C3EE327B5AB121C536AA5
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar43.zip	--a---- 634 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 130647D411A239409878EC9E22BCAF30
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar44.zip	--a---- 614 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 64459A137EAD1A49EE35FEBE49E2DAC0
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar45.zip	--a---- 609 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] D66B49CA2833B6330B7E6D666CA1C589
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar46.zip	--a---- 146457 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] E43374CB29E95705B7C9F7C4906DDBC5
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar47.zip	--a---- 614 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] DA645BF91326D6E52E57E13792B154D5
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar48.zip	--a---- 539 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 5A0EA3F36E7886DA00EA5B728C60CD43
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar49.zip	--a---- 543 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] F35C574DD0BD5912E6BAE1BBEEF660C0
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar5.zip	--a---- 636 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 915AAB649D52D3E758E7E696023C23F3
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar50.zip	--a---- 637 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 35E1B3F71EDAE94569A77424223981C4
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar51.zip	--a---- 693 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 6623B57C90969626D45F241C76B76FB5
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar52.zip	--a---- 615 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] FD9B335154221E90C278E45064FC23B3
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar53.zip	--a---- 607 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] E72F27D6C7F48FBF7977DD5BF680B33C
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar54.zip	--a---- 142333 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 385E5F3DED16FF76065B30BF743AD604
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar55.zip	--a---- 609 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] C938FE8A4BF5BD51F4EE5D798E6C0A04
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar56.zip	--a---- 540 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 9D5943F3B034D4FD7906E7F619DE2FAC
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar57.zip	--a---- 544 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 0EDC94A2D0E943661570B5E7D4ECDA24
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar58.zip	--a---- 633 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 1B2942DEA1949A0A79D2E4C24E6996BE
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar59.zip	--a---- 617 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] DD27418F51EBDF44BB801DD052F9E9AE
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar6.zip	--a---- 613 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] DAC4EC40432DDB9664BF27C06A254694
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar60.zip	--a---- 611 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 58BBFF1A6D085E49C0B5AB2E939B5E87
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar61.zip	--a---- 551 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 0DCCD18D6B229632B850B7A483ED8F0B
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar62.zip	--a---- 617 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] FD2642EA6E87EB17C77291C0192FEFBF
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar63.zip	--a---- 625 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] DBF800E1AC9D87B65598AFC56AC035AC
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar64.zip	--a---- 269235 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 2A2C5EE131F3BBD0206B52655E704B52
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar65.zip	--a---- 611 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 8470C85FBA10786C9672ECF8E03575F9
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar66.zip	--a---- 544 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 42BEDE05BF469CD2AA70F68C11103E36
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar67.zip	--a---- 547 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] BB924335BB35FEA616C371CB0A32A675
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar68.zip	--a---- 636 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 6130682696072141752CD03B5735D079
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar69.zip	--a---- 616 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 9474721088B6E13A889001500128FE5A
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar7.zip	--a---- 608 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 8F10C51DD5057A448FFA4CB54007B7F6
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar70.zip	--a---- 612 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 77F4231756643AC6EAD3723311532417
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar71.zip	--a---- 550 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] BF1D70A521DD4FD28335F316FE147322
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar72.zip	--a---- 618 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 14249E108FE517BEC808B2D04F06E0DC
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar73.zip	--a---- 1656676 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] FF9B3E57F989F65403095D786B711189
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar74.zip	--a---- 599 bytes	[15:38 29/07/2013]	[15:38 29/07/2013] FC7AFF635828BB8216459F2F5479FC9C
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar77.zip	--a---- 561 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] AB8C0C6C8FF5EE8E92673A0260522672
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar78.zip	--a---- 183001 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 204B384140B4F88D22DC3132C70B707F
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar79.zip	--a---- 549 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 3E690C89DB26D9889CA5EF01B31A7C31
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar8.zip	--a---- 494 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 0113286DB7A17D0D6E86F574C765E2DA
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar80.zip	--a---- 613 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] D573B2245D0ECD372212A981247451D6
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar81.zip	--a---- 571 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 1F897C3F1B417B74A25660F3889913F2
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar82.zip	--a---- 646 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 3DBD7FF77C89DFF4BF595827004B6E56
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar83.zip	--a---- 571 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 0A322D688A28D84E003372F2F648B914
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar84.zip	--a---- 649 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 9AEE58137964CA853460ADC334DA1F04
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar85.zip	--a---- 569 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] FB69BC589E1F43CE1162FE8E0E826BB0
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar86.zip	--a---- 645 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 78A93D4A137D9972A4AF7716DE9C54F4
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar87.zip	--a---- 571 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 2817CDAD470A36ADD2FBC0DD8876ECEB
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar88.zip	--a---- 646 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] FA2A20F6CD2BD98A2695C167BC89A98D
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar89.zip	--a---- 570 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] EA972ADBE8A7BF7C965FDA9C791AC6E1
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar9.zip	--a---- 650 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 945647B16EBE2BA7B35E4A335D9294C2
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar90.zip	--a---- 648 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 6B3D02E757CDED0595B64A12804BF136
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar91.zip	--a---- 570 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 51269004284C4B2788E1FFEF06F67D6A
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar92.zip	--a---- 646 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 57CE6DA9F74129FE2DED9A018B644C68
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar93.zip	--a---- 571 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] F7144686592C29A9BD8C378C68FC1FFA
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar94.zip	--a---- 643 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] F6B842DB62BF1264D59E7AD4F3B2BA33
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar95.zip	--a---- 571 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 2A147507CB00BBD5468DAB6D33AAE8AE
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar96.zip	--a---- 650 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] E7943CD8D4B0A7F8A4FEC89A46F5DD43
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar97.zip	--a---- 573 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] F4AF175D15DBD5AB44A5B3B99399E2B2
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar98.zip	--a---- 645 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] D856FD95A6F5EBAAC39E2FF43741DA46
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar99.zip	--a---- 573 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 2B2BFA626D1FC1234ADD62EE055E46A1
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar.zip	--a---- 575 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 853A310683E9B7021E2ECA1FE6B994D7
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar1.zip	--a---- 570 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] AA707FD76A7F6BBF9F90C289A89C44D8
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar10.zip	--a---- 730 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 92884871658C28C3879B17A80A956487
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar100.zip	--a---- 651 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] DA35864670DF9BB98BBEE44DB2DB9B7F
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar101.zip	--a---- 571 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] A3030AC2F6286FF442E8BD7C68F1DC28
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar102.zip	--a---- 644 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 69505F93AD56A214FD0BEB078B65B555
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar103.zip	--a---- 572 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] AABF82A455BE205FF194A69AE235865C
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar104.zip	--a---- 646 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 363626C422DC4767848FAFB1652AFB12
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar105.zip	--a---- 551 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 177A1023F2F83334E4B2D3429E910D7D
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar106.zip	--a---- 617 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 5ACB97DA84C7C7151DD5C3D0E312262E
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar11.zip	--a---- 896 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] B9DF5631323CDA36BE8A24D034149769
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar12.zip	--a---- 793 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] D2882E6A2C5E97CF62C87B216AAE14CE
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar13.zip	--a---- 758 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 475F936F5C591CBE1A0D3EA39B74EF2C
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar14.zip	--a---- 717 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 6FDA13082DBE5E0795165AC316090E84
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar15.zip	--a---- 682 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 158ACC9AAB654417D0D06EF387A64DE1
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar16.zip	--a---- 671 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 507E0F797EFFCC2DCC148CA092E68AB2
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar17.zip	--a---- 671 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 2665281C7464B4310DE604C6EE870DEC
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar18.zip	--a---- 653 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 3DAF01FC59BBFD514FD2FA7961F5B5A6
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar19.zip	--a---- 1606 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] F2B353F572366FA4758980F2D57E1703
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar2.zip	--a---- 500 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] BD66670BBB8926F89028C9D10675442F
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar20.zip	--a---- 1775 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 4F6C32B0ADCFFA86495DC990460B071F
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar21.zip	--a---- 5551 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 11D399C68799F56AA7429D46AD3BF664
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar22.zip	--a---- 3838 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 8CB732C444A630AC4AD74145C22BE30F
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar23.zip	--a---- 2828220 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] B7F4551486D7C9BF47E437C569E47344
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar24.zip	--a---- 1091778 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 28D8A07E4524ED06D5C7591F70FEC6E6
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar25.zip	--a---- 6162 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] FFE335545F598E024D48EF1E47736CBF
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar26.zip	--a---- 2411 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] C913AE423052607365ECB86D48B23B5D
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar27.zip	--a---- 31124 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 776DB0F8EB0FF9E4FFDDF23816E9B419
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar28.zip	--a---- 2828213 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 0CF9DDC74EDDEB7E256F017639B139F4
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar29.zip	--a---- 1781 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 723FFE158A4AB954A128CBB6BC3E9F1C
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar3.zip	--a---- 580 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 4E51A07C122DCCD9A31C67A09EEE13F2
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar30.zip	--a---- 1594 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 92F534FC961B10892FC9EEFED6513038
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar31.zip	--a---- 865 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] FBAEC6648AE09C16EE88811B01DB1792
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar32.zip	--a---- 1039 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] DFC533B3F4436E6A3F3C17371B5740D8
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar33.zip	--a---- 591 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 518670D00706BB320583B5612AD5ECE2
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar34.zip	--a---- 628 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 303BEA5961AB52C2397905A5A627903E
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar35.zip	--a---- 578 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] D4B6D63451ECF09723ECDD97AE049914
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar36.zip	--a---- 6791919 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 4219ECEFABA557459B8C7ED63F0B0989
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar37.zip	--a---- 1352 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 8CFA8B14474CCA09971E04C52AE715FB
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar38.zip	--a---- 564 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 13355392D91D8A8ECB2CB17498FEA224
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar39.zip	--a---- 147248 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] CAEBA08FC93F6DB1B658CFFE1C9D7610
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar4.zip	--a---- 934 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 4AEB1419ECA6D514E8DFEA750B878279
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar40.zip	--a---- 611 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 5C152E5F906557E002DC6473A9D58DC9
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar41.zip	--a---- 538 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 3D8324CBBE494B7AD622D0643A020753
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar42.zip	--a---- 542 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 701428CCDF6C3EE327B5AB121C536AA5
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar43.zip	--a---- 634 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 130647D411A239409878EC9E22BCAF30
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar44.zip	--a---- 614 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 64459A137EAD1A49EE35FEBE49E2DAC0
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar45.zip	--a---- 609 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] D66B49CA2833B6330B7E6D666CA1C589
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar46.zip	--a---- 146457 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] E43374CB29E95705B7C9F7C4906DDBC5
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar47.zip	--a---- 614 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] DA645BF91326D6E52E57E13792B154D5
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar48.zip	--a---- 539 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 5A0EA3F36E7886DA00EA5B728C60CD43
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar49.zip	--a---- 543 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] F35C574DD0BD5912E6BAE1BBEEF660C0
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar5.zip	--a---- 636 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 915AAB649D52D3E758E7E696023C23F3
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar50.zip	--a---- 637 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 35E1B3F71EDAE94569A77424223981C4
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar51.zip	--a---- 693 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 6623B57C90969626D45F241C76B76FB5
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar52.zip	--a---- 615 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] FD9B335154221E90C278E45064FC23B3
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar53.zip	--a---- 607 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] E72F27D6C7F48FBF7977DD5BF680B33C
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar54.zip	--a---- 142333 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 385E5F3DED16FF76065B30BF743AD604
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar55.zip	--a---- 609 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] C938FE8A4BF5BD51F4EE5D798E6C0A04
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar56.zip	--a---- 540 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 9D5943F3B034D4FD7906E7F619DE2FAC
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar57.zip	--a---- 544 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 0EDC94A2D0E943661570B5E7D4ECDA24
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar58.zip	--a---- 633 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 1B2942DEA1949A0A79D2E4C24E6996BE
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar59.zip	--a---- 617 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] DD27418F51EBDF44BB801DD052F9E9AE
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar6.zip	--a---- 613 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] DAC4EC40432DDB9664BF27C06A254694
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar60.zip	--a---- 611 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 58BBFF1A6D085E49C0B5AB2E939B5E87
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar61.zip	--a---- 551 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 0DCCD18D6B229632B850B7A483ED8F0B
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar62.zip	--a---- 617 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] FD2642EA6E87EB17C77291C0192FEFBF
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar63.zip	--a---- 625 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] DBF800E1AC9D87B65598AFC56AC035AC
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar64.zip	--a---- 269235 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 2A2C5EE131F3BBD0206B52655E704B52
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar65.zip	--a---- 611 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 8470C85FBA10786C9672ECF8E03575F9
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar66.zip	--a---- 544 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 42BEDE05BF469CD2AA70F68C11103E36
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar67.zip	--a---- 547 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] BB924335BB35FEA616C371CB0A32A675
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar68.zip	--a---- 636 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 6130682696072141752CD03B5735D079
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar69.zip	--a---- 616 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 9474721088B6E13A889001500128FE5A
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar7.zip	--a---- 608 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 8F10C51DD5057A448FFA4CB54007B7F6
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar70.zip	--a---- 612 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 77F4231756643AC6EAD3723311532417
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar71.zip	--a---- 550 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] BF1D70A521DD4FD28335F316FE147322
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar72.zip	--a---- 618 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 14249E108FE517BEC808B2D04F06E0DC
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar73.zip	--a---- 1656676 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] FF9B3E57F989F65403095D786B711189
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar74.zip	--a---- 599 bytes	[15:38 29/07/2013]	[15:38 29/07/2013] FC7AFF635828BB8216459F2F5479FC9C
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar77.zip	--a---- 561 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] AB8C0C6C8FF5EE8E92673A0260522672
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar78.zip	--a---- 183001 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 204B384140B4F88D22DC3132C70B707F
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar79.zip	--a---- 549 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 3E690C89DB26D9889CA5EF01B31A7C31
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar8.zip	--a---- 494 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 0113286DB7A17D0D6E86F574C765E2DA
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar80.zip	--a---- 613 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] D573B2245D0ECD372212A981247451D6
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar81.zip	--a---- 571 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 1F897C3F1B417B74A25660F3889913F2
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar82.zip	--a---- 646 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 3DBD7FF77C89DFF4BF595827004B6E56
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar83.zip	--a---- 571 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 0A322D688A28D84E003372F2F648B914
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar84.zip	--a---- 649 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 9AEE58137964CA853460ADC334DA1F04
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar85.zip	--a---- 569 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] FB69BC589E1F43CE1162FE8E0E826BB0
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar86.zip	--a---- 645 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 78A93D4A137D9972A4AF7716DE9C54F4
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar87.zip	--a---- 571 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 2817CDAD470A36ADD2FBC0DD8876ECEB
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar88.zip	--a---- 646 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] FA2A20F6CD2BD98A2695C167BC89A98D
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar89.zip	--a---- 570 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] EA972ADBE8A7BF7C965FDA9C791AC6E1
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar9.zip	--a---- 650 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 945647B16EBE2BA7B35E4A335D9294C2
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar90.zip	--a---- 648 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 6B3D02E757CDED0595B64A12804BF136
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar91.zip	--a---- 570 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 51269004284C4B2788E1FFEF06F67D6A
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar92.zip	--a---- 646 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 57CE6DA9F74129FE2DED9A018B644C68
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar93.zip	--a---- 571 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] F7144686592C29A9BD8C378C68FC1FFA
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar94.zip	--a---- 643 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] F6B842DB62BF1264D59E7AD4F3B2BA33
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar95.zip	--a---- 571 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 2A147507CB00BBD5468DAB6D33AAE8AE
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar96.zip	--a---- 650 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] E7943CD8D4B0A7F8A4FEC89A46F5DD43
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar97.zip	--a---- 573 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] F4AF175D15DBD5AB44A5B3B99399E2B2
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar98.zip	--a---- 645 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] D856FD95A6F5EBAAC39E2FF43741DA46
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar99.zip	--a---- 573 bytes	[17:01 27/07/2013]	[17:01 27/07/2013] 2B2BFA626D1FC1234ADD62EE055E46A1
C:\Windows\System32\msdelta.dll	--a---- 451584 bytes	[23:22 13/07/2009]	[01:41 14/07/2009] D9A5B279A8D2F8775FA254927F33DA6D
C:\Windows\SysWOW64\msdelta.dll	--a---- 305152 bytes	[23:12 13/07/2009]	[01:15 14/07/2009] 739E51268B4BB79AB4F9E55F0018D0BC
C:\Windows\winsxs\amd64_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.1.7600.16385_none_9c2159bf9f702069\msdelta.dll	--a---- 451584 bytes	[23:22 13/07/2009]	[01:41 14/07/2009] D9A5B279A8D2F8775FA254927F33DA6D
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b\msdelta.dll	--a---- 451584 bytes	[02:55 14/07/2009]	[02:55 14/07/2009] D9A5B279A8D2F8775FA254927F33DA6D
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\msdelta.dll	--a---- 451584 bytes	[02:55 14/07/2009]	[02:55 14/07/2009] D9A5B279A8D2F8775FA254927F33DA6D
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\msdelta.dll	--a---- 451584 bytes	[02:55 14/07/2009]	[02:55 14/07/2009] D9A5B279A8D2F8775FA254927F33DA6D
C:\Windows\winsxs\FileMaps\$$_media_delta_0f36d7d9b4f7293c.cdf-ms	--a---- 2436 bytes	[02:59 14/07/2009]	[05:32 14/07/2009] 0ED4291DC068EB860AC15A6E5360224C
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.1.7600.16385_none_9c2159bf9f702069.manifest	--a---- 2888 bytes	[02:33 14/07/2009]	[02:21 14/07/2009] 6B7D6AD4FA771B7D532B7AD67D396853
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.1.7600.16385_none_c5d387d64eb8e1f2.manifest	--a---- 2461 bytes	[02:33 14/07/2009]	[02:26 14/07/2009] B84326CF1509A48DF01F10CC45B97A3F
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-s..l-soundthemes-delta_31bf3856ad364e35_6.1.7600.16385_none_fbf7e0678b64a4b8.manifest	--a---- 27794 bytes	[02:17 14/07/2009]	[02:18 14/07/2009] 2D159244CBBD3875345AFDD9C34B444B
C:\Windows\winsxs\Manifests\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.1.7600.16385_none_4002be3be712af33.manifest	--a---- 2886 bytes	[02:33 14/07/2009]	[01:54 14/07/2009] 110D843CC1C2B3A02A46D4AD962C04B6
C:\Windows\winsxs\Manifests\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.1.7600.16385_none_69b4ec52965b70bc.manifest	--a---- 2459 bytes	[02:33 14/07/2009]	[01:57 14/07/2009] 6A0B78A725C86457BCED783D682C9BB5
C:\Windows\winsxs\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.1.7600.16385_none_4002be3be712af33\msdelta.dll	--a---- 305152 bytes	[23:12 13/07/2009]	[01:15 14/07/2009] 739E51268B4BB79AB4F9E55F0018D0BC
C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_0935b76c289e0fd5\msdelta.dll	--a---- 305152 bytes	[02:43 14/07/2009]	[02:43 14/07/2009] 739E51268B4BB79AB4F9E55F0018D0BC
C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_0b66cb34258c936f\msdelta.dll	--a---- 305152 bytes	[02:43 14/07/2009]	[02:43 14/07/2009] 739E51268B4BB79AB4F9E55F0018D0BC
C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\msdelta.dll	--a---- 305152 bytes	[02:43 14/07/2009]	[02:43 14/07/2009] 739E51268B4BB79AB4F9E55F0018D0BC

========== regfind ==========

Searching for "bProtect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]

Searching for "delta"
@="C:\Windows\Media\Delta\Windows Ding.wav"
@="C:\Windows\Media\Delta\Windows Logon Sound.wav"
@="C:\Windows\Media\Delta\Windows Battery Critical.wav"
@="C:\Windows\Media\Delta\Windows Hardware Insert.wav"
@="C:\Windows\Media\Delta\Windows Hardware Remove.wav"
@="C:\Windows\Media\Delta\Windows Hardware Fail.wav"
@="C:\Windows\Media\Delta\Windows Notify.wav"
@="C:\Windows\Media\Delta\Windows Battery Low.wav"
@="C:\Windows\Media\Delta\Windows Notify.wav"
@="C:\Windows\Media\Delta\Windows Print complete.wav"
@="C:\Windows\Media\Delta\Windows Error.wav"
@="C:\Windows\Media\Delta\Windows Exclamation.wav"
@="C:\Windows\Media\Delta\Windows Critical Stop.wav"
@="C:\Windows\Media\Delta\Windows Balloon.wav"
@="C:\Windows\Media\Delta\Windows Logoff Sound.wav"
@="C:\Windows\Media\Delta\Windows Logon Sound.wav"
@="C:\Windows\Media\Delta\Windows User Account Control.wav"
@="C:\Windows\Media\Delta\Windows Pop-up Blocked.wav"
@="C:\Windows\Media\Delta\Windows Feed Discovered.wav"
@="C:\Windows\Media\Delta\Windows Navigation Start.wav"
@="C:\Windows\Media\Delta\Windows Information Bar.wav"
[HKEY_CURRENT_USER\Software\Macromedia\Shockwave 8\uicontrol\sw3dbaddriverlist1]
[HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Namespace]
"LocalDelta"="C:\Users\CK\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNSD.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Namespace]
"RemoteDelta"="C:\Users\CK\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNSR.XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\Half SD]
"WinSAT_CPU Delta"="-1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\HD Default]
"WinSAT_CPU Delta"="2.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD AVC-MP4]
"WinSAT_CPU Delta"="0.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD AVC-MPG-ISO]
"WinSAT_CPU Delta"="0.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD AVC-MPG-TTS]
"WinSAT_CPU Delta"="0.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD Default]
"WinSAT_CPU Delta"="0.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD WMV]
"WinSAT_CPU Delta"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object  consists of counters that describe the behavior of physical and virtual memory on the computer.  Physical memory is the amount of random access memory on the computer.  Virtual memory consists of the space in physical memory and on disk.  Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory.  Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Player NSS\3.0\Input Formats\Half SD]
"WinSAT_CPU Delta"="-1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Player NSS\3.0\Input Formats\HD Default]
"WinSAT_CPU Delta"="2.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD AVC-MP4]
"WinSAT_CPU Delta"="0.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD AVC-MPG-ISO]
"WinSAT_CPU Delta"="0.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD AVC-MPG-TTS]
"WinSAT_CPU Delta"="0.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD Default]
"WinSAT_CPU Delta"="0.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD WMV]
"WinSAT_CPU Delta"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object  consists of counters that describe the behavior of physical and virtual memory on the computer.  Physical memory is the amount of random access memory on the computer.  Virtual memory consists of the space in physical memory and on disk.  Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory.  Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl
@="C:\Windows\Media\Delta\Windows Ding.wav"
@="C:\Windows\Media\Delta\Windows Logon Sound.wav"
@="C:\Windows\Media\Delta\Windows Battery Critical.wav"
@="C:\Windows\Media\Delta\Windows Hardware Insert.wav"
@="C:\Windows\Media\Delta\Windows Hardware Remove.wav"
@="C:\Windows\Media\Delta\Windows Hardware Fail.wav"
@="C:\Windows\Media\Delta\Windows Notify.wav"
@="C:\Windows\Media\Delta\Windows Battery Low.wav"
@="C:\Windows\Media\Delta\Windows Notify.wav"
@="C:\Windows\Media\Delta\Windows Print complete.wav"
@="C:\Windows\Media\Delta\Windows Error.wav"
@="C:\Windows\Media\Delta\Windows Exclamation.wav"
@="C:\Windows\Media\Delta\Windows Critical Stop.wav"
@="C:\Windows\Media\Delta\Windows Balloon.wav"
@="C:\Windows\Media\Delta\Windows Logoff Sound.wav"
@="C:\Windows\Media\Delta\Windows Logon Sound.wav"
@="C:\Windows\Media\Delta\Windows User Account Control.wav"
@="C:\Windows\Media\Delta\Windows Pop-up Blocked.wav"
@="C:\Windows\Media\Delta\Windows Feed Discovered.wav"
@="C:\Windows\Media\Delta\Windows Navigation Start.wav"
@="C:\Windows\Media\Delta\Windows Information Bar.wav"
@="C:\Windows\Media\Delta\Windows Ding.wav"
@="C:\Windows\Media\Delta\Windows Logon Sound.wav"
@="C:\Windows\Media\Delta\Windows Battery Critical.wav"
@="C:\Windows\Media\Delta\Windows Hardware Insert.wav"
@="C:\Windows\Media\Delta\Windows Hardware Remove.wav"
@="C:\Windows\Media\Delta\Windows Hardware Fail.wav"
@="C:\Windows\Media\Delta\Windows Notify.wav"
@="C:\Windows\Media\Delta\Windows Battery Low.wav"
@="C:\Windows\Media\Delta\Windows Notify.wav"
@="C:\Windows\Media\Delta\Windows Print complete.wav"
@="C:\Windows\Media\Delta\Windows Error.wav"
@="C:\Windows\Media\Delta\Windows Exclamation.wav"
@="C:\Windows\Media\Delta\Windows Critical Stop.wav"
@="C:\Windows\Media\Delta\Windows Balloon.wav"
@="C:\Windows\Media\Delta\Windows Logoff Sound.wav"
@="C:\Windows\Media\Delta\Windows Logon Sound.wav"
@="C:\Windows\Media\Delta\Windows User Account Control.wav"
@="C:\Windows\Media\Delta\Windows Pop-up Blocked.wav"
@="C:\Windows\Media\Delta\Windows Feed Discovered.wav"
@="C:\Windows\Media\Delta\Windows Navigation Start.wav"
@="C:\Windows\Media\Delta\Windows Information Bar.wav"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\Namespace]
"LocalDelta"="C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNSD.XML"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\Namespace]
"RemoteDelta"="C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNSR.XML"
@="C:\Windows\Media\Delta\Windows Ding.wav"
@="C:\Windows\Media\Delta\Windows Logon Sound.wav"
@="C:\Windows\Media\Delta\Windows Battery Critical.wav"
@="C:\Windows\Media\Delta\Windows Hardware Insert.wav"
@="C:\Windows\Media\Delta\Windows Hardware Remove.wav"
@="C:\Windows\Media\Delta\Windows Hardware Fail.wav"
@="C:\Windows\Media\Delta\Windows Notify.wav"
@="C:\Windows\Media\Delta\Windows Battery Low.wav"
@="C:\Windows\Media\Delta\Windows Notify.wav"
@="C:\Windows\Media\Delta\Windows Print complete.wav"
@="C:\Windows\Media\Delta\Windows Error.wav"
@="C:\Windows\Media\Delta\Windows Exclamation.wav"
@="C:\Windows\Media\Delta\Windows Critical Stop.wav"
@="C:\Windows\Media\Delta\Windows Balloon.wav"
@="C:\Windows\Media\Delta\Windows Logoff Sound.wav"
@="C:\Windows\Media\Delta\Windows Logon Sound.wav"
@="C:\Windows\Media\Delta\Windows User Account Control.wav"
@="C:\Windows\Media\Delta\Windows Pop-up Blocked.wav"
@="C:\Windows\Media\Delta\Windows Feed Discovered.wav"
@="C:\Windows\Media\Delta\Windows Navigation Start.wav"
@="C:\Windows\Media\Delta\Windows Information Bar.wav"
[HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\Software\Macromedia\Shockwave 8\uicontrol\sw3dbaddriverlist1]
[HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\Software\Microsoft\Windows Media\WMSDK\Namespace]
"LocalDelta"="C:\Users\CK\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNSD.XML"
[HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\Software\Microsoft\Windows Media\WMSDK\Namespace]
"RemoteDelta"="C:\Users\CK\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNSR.XML"

-= EOF =-

OTL laden wenn noch nit vorhanden:

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Nochmal scannen mit Spybot

Wie entferne ich den Win32.Downloader.gen Trojaner - Standard

Wie entferne ich den Win32.Downloader.gen Trojaner

Hallo Schrauber,

ich kann freudig verkünden: Die Toolbar scheint weg zu sein. Ich habe alles so ausgeführt wie du gesagt hast und Spybot hat sie nicht mehr gefunden.
Nun ist mir aber folgendes aufgefallen (damit uns nicht langweilig wird...): In C: kann ich nicht mehr auf die Ordner "Dokumente und Einstellungen", "Documents and settings" und "Programme" zugreifen. Wenn ich die Ordner öffnen will in einem Fenster: "Auf ... kann nicht zugegriffen werden. Zugriff verweigert"
Ist da irgendetwas an den Administratorechten verändert worden?

Für die Entfernung des Trojaners und der Toolbar bedanke ich mich ausdrücklich bei dir!

Achso, der Log von OTL:

========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs\\bProtectTabs deleted successfully.
Registry key HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\.Default\Delta\ deleted successfully.
========== COMMANDS ==========
OTL by OldTimer - Version log created on 07312013_192308

Kannste die rechte übernehmen? Rechtsklick > Eigenschaften > Sicherheit?

Wenn nicht:

Downloade dir bitte Windows Repair (All In One) von hier.
  • Installiere das Programm. Starte es, nachdem die Installation abgeschlossen wurde.
  • Klicke auf Step 2 und drücke unter Check Disk auf Do It.

  • Wenn der Vorgang abgeschlossen ist, klicke auf Step 3 und drücke unter System File Check auf Do It.

  • Nachdem der Vorgang abgeschlossen ist, klicke auf Start Repairs, wähle den Advanced Mode und drücke Start.

  • Gehe bitte sicher, dass die Kästchen wie unten zu sehen angehakt sind. Bitte hake zusätzlich noch Set Windows Services to Default Startup an.
  • Hake Restart System when Finished an.
  • Drücke Start.


Wie entferne ich den Win32.Downloader.gen Trojaner - Standard

Wie entferne ich den Win32.Downloader.gen Trojaner

Hallo Schrauber,

ich habe alles soweit ausgeführt. Ich hatte eine etwas andere Version von Windows Repair (V. 1.9.14) aber ich habe alle von dir aufgeführten Schritte ausgeführt. Bei "Start Repairs" gab es ein paar weitere Haken als in deinem Screenshot, aber ich habe nur die angeklickt die auch im Screenshot angeklickt waren.
Die Probleme mit den Zugriffen auf einzelne Ordner haben sich nicht gelöst, sondern eher geändert. Insgesamt sind jetzt hier einige Dinge etwas merkwürdig.
Die kleine "Windowsinformation" (das kleine Fähnchen) unten in der Taskleiste zeigt mir bspw. an, dass ich Windows Defender aktiveren soll. Dabei ist die Windows Firewall aktiviert (laut Systemsteuerung). Ebenso soll ich online nach einem Antivirenprogramm suchen, obwohl Antivir nach wie vor auf dem Rechner ist.
Alle Ordner auf die ich nicht zugreifen konnte sind nun leicht transparent dargestellt. In "Dokumente und Einstellungen" komme ich nun rein, aber in "Documents and settings" nach wie vor nicht. In den "Programme" Ordner komme ich rein (nun gibt es zwei statt vorher einen), jedoch gibt es innerhalb des "Programme" Ordners den Ordner "Gemeinsame Dateien" auf den ich auch nicht zugreifen kann.
Meine Festplatte ist geteilt (in C: für Programme und E: für meine persönlichen Dateien) und nun ist in E: ein Ordner namens "System Volume Information", der ebenfalls leicht transparent aussieht und auf den ich auch nicht zugreifen kann.
Es gibt noch viele weitere merkwürdige Dinge, aber ich will jetzt auch nicht jeden Ordner namentlich auflisten...

Die ganzen Logs von Windows Repair sind zu groß als sie hier in den Post einzufügen (wurde mir zumindest eben so angezeigt). Ich versuche mal sie anzuhängen.

Insgesamt bin ich etwas beunruhigt. Meinst du wir bekommen das wieder hin???
Notfalls bringe ich meinen Rechner in einen Laden, denn für dich ist das ja so ferndiagnosemäßig sicherlich etwas mühsam, oder?

Joah, Ferndiagnose is immer bescheiden

Das Transparente heisst die Ordner sind normal versteckt, du hast nur laut Einstellungen im Moment alle versteckten Ordner sichtbar. das passt soweit.

Ich würd ne Rep-Installation versuchen, wenn das nix bringt DAten sichern und formatieren.

Irgendwas ist da gehörig verbogen.

Wie entferne ich den Win32.Downloader.gen Trojaner - Standard

Wie entferne ich den Win32.Downloader.gen Trojaner

Hallo Schrauber,

ich habe die Daten gesichert und anschließend den Rechner formatiert. Nun sind die Werkseinstellungen wieder hergestellt.
Frage: Statt auf Avira Antivir setze ich nun auf Avast Free Antivirus. Denn nachdem ich hier im Forum etwas rumgestöbert habe schienen mir die meisten von euch der Meinung zu sein, dass Avast besser ist. Soll ich deiner Meinung nach Spybot wieder draufspielen oder kann ich darauf verzichten?

Vielen Dank für deine Unterstützung und deine Hilfe! Dank dir weiß ich nun auch was ein Log ist...

Viele Grüße

Lass Spybot weg

Und gern geschehn

