Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Qvo6.xml ist das ein Trojaner?

Qvo6.xml ist das ein Trojaner?


Plagegeister aller Art und deren Bekämpfung: Qvo6.xml ist das ein Trojaner?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 3 von 4 12 3 4
Alt 23.08.2013, 06:25   #31
HelmutS
 
Qvo6.xml ist das ein Trojaner? - Standard

Qvo6.xml ist das ein Trojaner?


Hallo Heiko,
danke, habe ich soweit alles gemacht. Muß heute Abend nochmal schauen. Der Rechner ist plötzlich ganz langsam und die CPU-Auslastung steht auf 100 %.
Ich melde mich wieder.

Alt 23.08.2013, 07:31   #32
Aneri
/// Malwareteam
 
Qvo6.xml ist das ein Trojaner? - Standard

Qvo6.xml ist das ein Trojaner?


Hi, dann bitte folgendes:

lösche die alte Version von FRST die ist nicht mehr aktuell...

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________
Alt 23.08.2013, 18:53   #33
HelmutS
 
Qvo6.xml ist das ein Trojaner? - Standard

Qvo6.xml ist das ein Trojaner?


Hallo Heiko,
habe keine neuere Version von FRST für mein WinXP als die Vers. 3.3.8.1 gefunden.
Mir ist nur eine FRST.txt leider keine Addition.txt erstellt worden.
50 % der CPU-Auslastung kommen von jqs.exe
Beim Löschen von TuneUpUtilities 2012 ist das Programm hängengeblieben weil wohl eine msiexec.exe die CPU-Auslastung komplette auf 100% gesetzt hat.
Sorry !





FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-08-2013 02 (ATTENTION: ====> FRST version is 12 days old and could be outdated)
Ran by Administrator (administrator) on 23-08-2013 19:16:22
Running from C:\
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) ===================


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - REM RTHDCPL.EXE [x]
HKLM\...\Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [CHotkey] - REM mHotkey.exe [x]
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe [1009835 2006-01-04] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe [118784 2006-01-04] (Acronis)
HKLM\...\Run: [mspd] - C:\WINDOWS\system32\mspd.exe [389632 2003-08-27] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] - Z:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [UpdatePDRShortCut] - z:\Programme\CyberLink\PowerDirector\PowerDirector\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [iTunesHelper] - F:\Programme\iTunes\iTunesHelper.exe [141608 2010-01-22] (Apple Inc.)
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [KiesTrayAgent] - Z:\Kies\KiesTrayAgent.exe [309688 2012-11-12] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [avgnt] - Z:\Programme\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-06] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avast] - C:\Programme\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll [X]
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKCU\...\Run: [AOLMIcon] - C:\Programme\Gemeinsame Dateien\AOLSHARE\AOLMIcon.exe [x]
HKCU\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Programme\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB [x]
HKCU\...\RunOnce: [NeroHomeFirstStart] - "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFirstStart.exe" [16680 2007-06-27] (Nero AG)
HKCU\...\Runonce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe [x]
HKU\Default User\...\Run: [AOLMIcon] - C:\Programme\Gemeinsame Dateien\AOLSHARE\AOLMIcon.exe [x]
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFirstStart.exe [ 2007-06-27] (Nero AG)
HKU\UpdatusUser\...\Run: [AOLMIcon] - C:\Programme\Gemeinsame Dateien\AOLSHARE\AOLMIcon.exe [x]
HKU\UpdatusUser\...\RunOnce: [NeroHomeFirstStart] - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFirstStart.exe [ 2007-06-27] (Nero AG)
Lsa: [Authentication Packages] msv1_0 relog_ap
Lsa: [Notification Packages] :\WINDOWS\system3
BootExecute: autocheck autochk * oodbs

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.medion.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM - {074A4B8E-16EA-418f-82D3-FDF259FCC700} URL = hxxp://go.web.de/suchbox/amazon?field-keywords={searchTerms}
SearchScopes: HKLM - {5A90DDBA-05B8-4689-A5D5-F209DD8B4D62} URL = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
SearchScopes: HKLM - {96DEA305-33AB-4BFF-A2E3-3D9BD23472E0} URL = hxxp://go.web.de/suchbox/webdesuche?su={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {7980FFE6-9DFE-4d9d-920A-CEB86D279C79} URL = 
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: metaspinner GmbH - {84B94901-3645-4D80-A6B7-4D0050B19455} - F:\Programme\teXXas\IEButtonAmazonInterface.dll ()
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE.dll (AVAST Software)
BHO: ZuneIEPlugin.ZuneBHO - {A8533C62-9399-4640-B36B-D1DDE91EB8B1} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
BHO: metaspinner GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - F:\Programme\teXXas\IEButtonEbayInterface.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {15B782AF-55D8-11D1-B477-006097098764} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128778405937
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141142460296
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} hxxp://www.netnews.cc/netfoto/XUpload.ocx
Handler: ipp - No CLSID Value - 
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value - 
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: CShellExecuteHookImpl Object - {57B86673-276A-48B2-BAE7-C6DBB3020EB8} -  No File [ ]
Winsock: Catalog5 04 C:\Programme\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Programme\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Programme\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Programme\Google\Chrome\Application\29.0.1547.57\pdf.dll ()
CHR Plugin: (Microsoft\u00AE DRM) - C:\Programme\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Programme\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Programme\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - Z:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - Z:\Programme\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - Z:\Programme\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - Z:\Programme\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - Z:\Programme\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - Z:\Programme\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - Z:\Programme\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Programme\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - F:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (DivX\u00AE Content Upload Plugin) - z:\Programme\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - z:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (DivX Web Player) - z:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Picasa) - z:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - z:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - z:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - z:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Extension: (Google Docs) - C:\DOKUME~1\ADMINI~1\LOKALE~1\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\DOKUME~1\ADMINI~1\LOKALE~1\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\DOKUME~1\ADMINI~1\LOKALE~1\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\DOKUME~1\ADMINI~1\LOKALE~1\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet Service) - C:\DOKUME~1\ADMINI~1\LOKALE~1\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0
CHR Extension: (Gmail) - C:\DOKUME~1\ADMINI~1\LOKALE~1\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Dokumente und Einstellungen\Helmut\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx
CHR StartMenuInternet: Google Chrome - C:\Programme\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

S2 6to4; C:\Windows\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
S2 AcrSch2Svc; C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe [172032 2006-01-04] (Acronis)
S4 AdminSVC; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Web.de\adminsvc.exe [180224 2006-10-12] (hablamax)
S2 AntiVirSchedulerService; Z:\Programme\Avira\AntiVir Desktop\sched.exe [84024 2013-07-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; Z:\Programme\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-06] (Avira Operations GmbH & Co. KG)
S2 Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
S2 avast! Antivirus; C:\Programme\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 Bonjour Service; C:\Programme\Bonjour\mDNSResponder.exe [238888 2008-12-12] (Apple Inc.)
S4 CLCapSvc; z:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe [221257 2005-12-01] ()
S4 CLSched; z:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe [110663 2005-12-01] ()
S2 CyberLink Media Library Service; C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe [61440 2005-12-01] (Cyberlink)
S2 DBService; C:\Programme\Gemeinsame Dateien\DATA BECKER Shared\DBService.exe [189776 2010-10-28] (DATA BECKER GmbH & Co KG)
S2 FSService; z:\Programme\Folder Shield\FSService.exe [45056 2006-04-13] ()
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2009-12-28] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2009-12-28] (Google Inc.)
S2 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [194104 2011-09-13] (Google)
S4 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation)
S3 iPod Service; C:\Programme\iPod\bin\iPodService.exe [545576 2010-01-22] (Apple Inc.)
S4 LightScribeService; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [79136 2007-10-18] (Hewlett-Packard Company)
S2 MDM; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe [322120 2003-06-20] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [117656 2013-08-14] (Mozilla Foundation)
S4 NBService; C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe [800040 2007-09-17] (Nero AG)
S4 NMIndexingService; C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
S2 nvUpdatusService; C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1258856 2012-09-23] (NVIDIA Corporation)
S2 O&O Defrag; C:\WINDOWS\system32\oodag.exe [339456 2006-06-02] (O&O Software GmbH)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
S2 PSI_SVC_2; C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe [189728 2010-03-10] (Protexis Inc.)
S4 RichVideo; C:\Programme\CyberLink\Shared Files\RichVideo.exe [247152 2009-04-17] ()
S2 TuneUp.UtilitiesSvc; C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1528672 2012-05-29] (TuneUp Software)
S4 UleadBurningHelper; C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-03-13] (Ulead Systems, Inc.)
S2 vToolbarUpdater15.2.0; C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-21] (AVG Secure Search)
S4 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-10-24] (Microsoft Corporation)
S4 x10nets; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480 2001-11-12] (X10)
S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]
S4 AVG Anti-Spyware Guard; F:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe [x]
S2 FileZilla Server; "z:\Programme\FileZilla Server\FileZilla Server.exe" [x]
S2 JavaQuickStarterService; "C:\Programme\Java\jre7\bin\jqs.exe" -service -config "C:\Programme\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) ====================

S3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [826752 2005-12-06] (Philips Semiconductors GmbH)
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [48128 2008-04-14] (Microsoft Corporation)
S2 A4SII300; C:\Windows\System32\drivers\A4SII300.SYS [25632 1998-02-26] (Microsoft Corporation)
S2 acedrv11; C:\WINDOWS\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [19915 2005-10-09] (Meetinghouse Data Communications)
R3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [327168 2006-11-22] (Aladdin Knowledge Systems Ltd.)
R3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [100096 2006-11-22] (Aladdin Knowledge Systems Ltd.)
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
S2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-22] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-22] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-08-22] ()
S3 AVCSTRM; C:\Windows\System32\DRIVERS\avcstrm.sys [13696 2008-04-14] (Microsoft Corporation)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-05-21] (AVG Technologies)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-29] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-29] (Avira Operations GmbH & Co. KG)
R0 bxShield; C:\Windows\System32\Drivers\bxShield.sys [45056 2006-04-13] (Alfa Corporation)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 cdrblock; C:\Windows\System32\DRIVERS\cdrblock.sys [27704 2008-05-30] (Canopus Co,. Ltd.)
S1 cdrport; C:\Windows\System32\DRIVERS\cdrport.sys [4608 2005-03-11] (Canopus Co,. Ltd.)
R3 CMISTOR; C:\Windows\System32\DRIVERS\cmiucr.SYS [72320 2005-10-04] (C-Media Corporation)
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20032 2012-05-23] (Devguru Co., Ltd)
R3 dtscsi; C:\Windows\System32\Drivers\dtscsi.sys [223128 2008-09-17] ()
S3 GT680x; C:\Windows\System32\Drivers\Gt680x.sys [17504 2003-02-19] (   )
S2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)
S3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
S3 MSTAPE; C:\Windows\System32\DRIVERS\mstape.sys [49024 2008-04-14] (Microsoft Corporation)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [34064 2007-11-06] (CACE Technologies)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.)
S1 PQNTDrv; C:\Windows\System32\Drivers\PQNTDrv.sys [4228 2002-09-16] (PowerQuest Corporation)
R3 RT2500USB; C:\Windows\System32\DRIVERS\rt2500usb.sys [241536 2005-07-14] (Ralink Technology Inc.)
R3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [642560 2008-09-16] ()
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39016 2012-07-20] (RapidSolution Software AG)
R1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [30688 2008-10-09] (Acronis)
S3 TuneUpUtilitiesDrv; C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2012-05-08] (TuneUp Software)
S3 usbsermptxp; C:\Windows\System32\DRIVERS\usbsermptxp.sys [25600 2007-12-22] (Microsoft Corporation)
R0 viamraid; C:\Windows\System32\DRIVERS\viamraid.sys [117248 2008-01-22] (VIA Technologies inc,.ltd)
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [17792 2005-05-19] (X10 Wireless Technology, Inc.)
S3 akshhl; system32\DRIVERS\akshhl.sys [x]
S1 AVG Anti-Spyware Driver; \??\F:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.sys [x]
S1 AvgAsCln; System32\DRIVERS\AvgAsCln.sys [x]
S4 IntelIde; No ImagePath
S0 rseb; No ImagePath
U3 Winsock - Google Desktop Search Backup Before First Install; No ImagePath
U3 Winsock - Google Desktop Search Backup Before Last Install; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-22 20:36 - 2013-08-22 20:36 - 00000700 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
2013-08-22 20:36 - 2013-08-22 20:36 - 00000000 ____D C:\Programme\Mozilla Maintenance Service
2013-08-22 19:51 - 2013-08-22 19:51 - 00001781 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
2013-08-22 19:51 - 2013-08-22 19:51 - 00001086 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1ce9f604adfe6ec.job
2013-08-22 19:49 - 2013-08-23 05:41 - 00000370 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-08-22 19:49 - 2013-08-22 19:49 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-08-22 19:49 - 2013-08-22 19:49 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-08-22 19:49 - 2013-08-22 19:49 - 00175176 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-08-22 19:49 - 2013-08-22 19:49 - 00001657 _____ C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
2013-08-22 19:49 - 2013-08-22 19:49 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys.sum
2013-08-22 19:49 - 2013-08-22 19:49 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2013-08-22 19:49 - 2013-08-22 19:49 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSnx.sys.sum
2013-08-22 19:49 - 2013-05-09 10:59 - 00066336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-08-22 19:49 - 2013-05-09 10:59 - 00056080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-08-22 19:49 - 2013-05-09 10:59 - 00049760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2013-08-22 19:49 - 2013-05-09 10:59 - 00049376 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-08-22 19:49 - 2013-05-09 10:59 - 00029816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-08-22 19:49 - 2013-05-09 10:58 - 00229648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-08-22 19:29 - 2013-08-22 19:29 - 00000000 ____D C:\Programme\AVAST Software
2013-08-22 19:29 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-08-22 17:28 - 2013-08-22 17:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-08-19 18:00 - 2013-08-19 18:00 - 00000000 ____D C:\Programme\ESET
2013-08-19 17:49 - 2013-08-19 17:50 - 00042850 _____ C:\2013-08-19-FRST-danach.txt
2013-08-19 17:47 - 2013-08-19 17:47 - 00000000 __SHD C:\Dokumente und Einstellungen\Administrator\PrivacIE
2013-08-15 07:09 - 2013-08-15 07:09 - 00006154 _____ C:\WINDOWS\KB2863058.log
2013-08-15 07:09 - 2013-08-15 07:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-08-15 07:09 - 2013-08-15 07:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-08-15 07:09 - 2013-08-15 07:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-08-14 09:01 - 2013-08-14 09:01 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2013-08-14 07:17 - 2013-08-22 17:29 - 00014930 _____ C:\WINDOWS\KB2850869.log
2013-08-14 07:17 - 2013-08-15 07:09 - 00012682 _____ C:\WINDOWS\KB2859537.log
2013-08-13 20:57 - 2013-08-13 20:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\mbam-setup-1.75.0.1300.exe
2013-08-13 09:41 - 2013-08-13 09:41 - 00000000 ____D C:\WINDOWS\ERUNT
2013-08-12 14:12 - 2013-08-12 09:27 - 01068593 _____ (Farbar) C:\FRST.exe
2013-08-12 11:59 - 2013-08-12 11:59 - 00000000 __SHD C:\Dokumente und Einstellungen\Administrator\IETldCache
2013-08-12 09:28 - 2013-08-19 17:03 - 00000000 ____D C:\FRST
2013-08-11 08:38 - 2013-08-11 19:55 - 00000000 ____D C:\Programme\WinZipper
2013-08-09 22:01 - 2013-08-10 21:02 - 00000000 ____D C:\Programme\Check Point Software Technologies LTD
2013-08-09 22:00 - 2013-08-10 21:02 - 00000000 ____D C:\Programme\East Imperial Soft
2013-08-08 16:34 - 2013-08-08 16:34 - 00000000 ____H C:\WINDOWS\system32\config\SYSTEM_tureg_new.LOG
2013-08-08 16:34 - 2013-08-08 16:34 - 00000000 ____H C:\WINDOWS\system32\config\SOFTWARE_tureg_new.LOG
2013-08-08 16:34 - 2013-08-08 16:34 - 00000000 ____H C:\WINDOWS\system32\config\SAM_tureg_new.LOG
2013-08-08 16:34 - 2013-08-08 16:34 - 00000000 ____H C:\WINDOWS\system32\config\DEFAULT_tureg_new.LOG
2013-08-08 16:29 - 2013-08-08 16:29 - 00000000 ____H C:\WINDOWS\system32\config\SECURITY_tureg_new.LOG
2013-08-06 11:02 - 2013-08-10 19:03 - 00000000 ____D C:\Programme\MSECache
2013-07-30 05:27 - 2013-07-30 05:32 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-07-25 19:03 - 2013-07-30 05:34 - 00011489 _____ C:\WINDOWS\KB2834886.log
2013-07-25 19:03 - 2013-07-30 05:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2013-07-25 19:03 - 2013-07-25 19:03 - 00004458 _____ C:\WINDOWS\KB2834904.log
2013-07-25 19:03 - 2013-07-25 19:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$
2013-07-25 19:03 - 2013-07-25 19:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$
2013-07-25 19:02 - 2013-07-25 19:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2013-07-25 18:59 - 2013-07-25 19:00 - 00004146 _____ C:\WINDOWS\KB2845142.log
2013-07-25 18:59 - 2013-07-25 19:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845142_WM64$

==================== One Month Modified Files and Folders =======

2013-08-23 19:15 - 2007-01-27 10:54 - 00922162 _____ C:\WINDOWS\system32\OODBS.lor
2013-08-23 19:15 - 2005-10-09 07:46 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-08-23 19:14 - 2011-02-18 20:03 - 00327680 _____ C:\WINDOWS\system32\config\TuneUp.evt
2013-08-23 19:14 - 2006-06-06 20:48 - 00000274 _____ C:\WINDOWS\wiadebug.log
2013-08-23 19:14 - 2006-06-06 20:48 - 00000052 _____ C:\WINDOWS\wiaservc.log
2013-08-23 19:14 - 2006-06-06 17:53 - 01992607 _____ C:\WINDOWS\WindowsUpdate.log
2013-08-23 19:06 - 2010-11-05 19:18 - 00000190 ___SH C:\Dokumente und Einstellungen\Administrator\ntuser.ini
2013-08-23 18:55 - 2006-06-06 18:02 - 00000000 ____D C:\Dokumente und Einstellungen\Helmut
2013-08-23 17:28 - 2013-08-23 17:28 - 00001891 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
2013-08-23 17:28 - 2005-10-09 12:25 - 00000000 ____D C:\Programme\Google
2013-08-23 05:41 - 2013-08-22 19:49 - 00000370 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-08-22 20:36 - 2013-08-22 20:36 - 00000700 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
2013-08-22 20:36 - 2013-08-22 20:36 - 00000000 ____D C:\Programme\Mozilla Maintenance Service
2013-08-22 20:36 - 2005-10-08 23:52 - 00000000 ___RD C:\Programme
2013-08-22 20:35 - 2009-03-22 12:16 - 00000000 ____D C:\Programme\Mozilla Firefox
2013-08-22 19:56 - 2007-01-27 10:57 - 00000000 ____D C:\WINDOWS\system32\oodag
2013-08-22 19:51 - 2013-08-22 19:51 - 00001781 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
2013-08-22 19:51 - 2013-08-22 19:51 - 00001086 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1ce9f604adfe6ec.job
2013-08-22 19:49 - 2013-08-22 19:49 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-08-22 19:49 - 2013-08-22 19:49 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-08-22 19:49 - 2013-08-22 19:49 - 00175176 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-08-22 19:49 - 2013-08-22 19:49 - 00001657 _____ C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
2013-08-22 19:49 - 2013-08-22 19:49 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys.sum
2013-08-22 19:49 - 2013-08-22 19:49 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2013-08-22 19:49 - 2013-08-22 19:49 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSnx.sys.sum
2013-08-22 19:49 - 2005-10-08 22:57 - 00003000 _____ C:\WINDOWS\system32\config.nt
2013-08-22 19:29 - 2013-08-22 19:29 - 00000000 ____D C:\Programme\AVAST Software
2013-08-22 17:47 - 2005-10-08 15:17 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-08-22 17:35 - 2012-06-07 13:32 - 75778376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-08-22 17:32 - 2005-10-08 23:52 - 01166212 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-08-22 17:29 - 2013-08-22 17:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-08-22 17:29 - 2013-08-14 07:17 - 00014930 _____ C:\WINDOWS\KB2850869.log
2013-08-22 17:29 - 2012-04-12 17:37 - 00756252 _____ C:\WINDOWS\setupapi.log
2013-08-22 17:29 - 2012-04-12 17:37 - 00517343 _____ C:\WINDOWS\FaxSetup.log
2013-08-22 17:29 - 2012-04-12 17:37 - 00248304 _____ C:\WINDOWS\ocgen.log
2013-08-22 17:29 - 2012-04-12 17:37 - 00198156 _____ C:\WINDOWS\tsoc.log
2013-08-22 17:29 - 2012-04-12 17:37 - 00172496 _____ C:\WINDOWS\comsetup.log
2013-08-22 17:29 - 2012-04-12 17:37 - 00104470 _____ C:\WINDOWS\ntdtcsetup.log
2013-08-22 17:29 - 2012-04-12 17:37 - 00082802 _____ C:\WINDOWS\iis6.log
2013-08-22 17:29 - 2012-04-12 17:37 - 00028728 _____ C:\WINDOWS\ocmsn.log
2013-08-22 17:29 - 2012-04-12 17:37 - 00025956 _____ C:\WINDOWS\msgsocm.log
2013-08-22 17:29 - 2012-04-12 17:37 - 00001374 _____ C:\WINDOWS\imsins.log
2013-08-22 17:29 - 2012-04-12 17:36 - 00084745 _____ C:\WINDOWS\updspapi.log
2013-08-20 20:24 - 2013-06-20 18:30 - 00000000 ____D C:\Magazin-1
2013-08-20 19:54 - 2006-06-07 19:57 - 00000116 _____ C:\WINDOWS\NeroDigital.ini
2013-08-20 18:30 - 2005-10-09 14:27 - 00000400 _____ C:\WINDOWS\ODBC.INI
2013-08-19 18:00 - 2013-08-19 18:00 - 00000000 ____D C:\Programme\ESET
2013-08-19 17:50 - 2013-08-19 17:49 - 00042850 _____ C:\2013-08-19-FRST-danach.txt
2013-08-19 17:47 - 2013-08-19 17:47 - 00000000 __SHD C:\Dokumente und Einstellungen\Administrator\PrivacIE
2013-08-19 17:47 - 2010-11-05 19:18 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe
2013-08-19 17:47 - 2010-11-05 19:18 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator
2013-08-19 17:03 - 2013-08-12 09:28 - 00000000 ____D C:\FRST
2013-08-18 15:30 - 2013-06-22 08:58 - 00007680 ___SH C:\WINDOWS\Thumbs.db
2013-08-18 12:58 - 2012-04-01 10:57 - 00023405 _____ C:\WINDOWS\wmsetup.log
2013-08-18 09:47 - 2006-06-16 12:16 - 00005134 _____ C:\WINDOWS\xnview.ini
2013-08-17 17:41 - 2013-06-20 16:56 - 00000000 ____D C:\Programme\Hybrid
2013-08-17 17:41 - 2012-07-19 19:14 - 00000000 ____D C:\Programme\TuneUp Utilities 2012
2013-08-17 12:24 - 2006-06-11 09:50 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2013-08-17 11:22 - 2005-10-08 22:56 - 00000000 ____D C:\WINDOWS\Registration
2013-08-15 07:09 - 2013-08-15 07:09 - 00006154 _____ C:\WINDOWS\KB2863058.log
2013-08-15 07:09 - 2013-08-15 07:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-08-15 07:09 - 2013-08-15 07:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-08-15 07:09 - 2013-08-15 07:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-08-15 07:09 - 2013-08-14 07:17 - 00012682 _____ C:\WINDOWS\KB2859537.log
2013-08-15 07:09 - 2012-04-12 17:37 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-08-15 07:09 - 2007-02-18 04:01 - 00883452 _____ C:\WINDOWS\system32\TZLog.log
2013-08-14 09:28 - 2012-12-27 10:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2753842-v2$
2013-08-14 09:28 - 2009-03-11 22:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB959772_WM11$
2013-08-14 09:01 - 2013-08-14 09:01 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2013-08-13 20:57 - 2013-08-13 20:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\mbam-setup-1.75.0.1300.exe
2013-08-13 20:48 - 2006-06-17 09:33 - 00001966 _____ C:\WINDOWS\Ulead32.ini
2013-08-13 18:48 - 2005-10-08 23:52 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Dokumente
2013-08-13 09:41 - 2013-08-13 09:41 - 00000000 ____D C:\WINDOWS\ERUNT
2013-08-13 09:35 - 2012-04-09 10:41 - 00000000 ____D C:\Programme\Gemeinsame Dateien\AVG Secure Search
2013-08-12 11:59 - 2013-08-12 11:59 - 00000000 __SHD C:\Dokumente und Einstellungen\Administrator\IETldCache
2013-08-12 09:27 - 2013-08-12 14:12 - 01068593 _____ (Farbar) C:\FRST.exe
2013-08-11 19:55 - 2013-08-11 08:38 - 00000000 ____D C:\Programme\WinZipper
2013-08-11 19:55 - 2005-10-08 23:51 - 00430984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-08-11 19:54 - 2005-10-08 23:00 - 00000000 __SHD C:\Dokumente und Einstellungen\NetworkService
2013-08-11 19:54 - 2005-10-08 23:00 - 00000000 __SHD C:\Dokumente und Einstellungen\LocalService
2013-08-11 19:53 - 2006-06-06 17:54 - 00032452 _____ C:\WINDOWS\SchedLgU.Txt
2013-08-11 19:53 - 2005-10-08 23:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-08-11 09:05 - 2009-12-28 08:49 - 00001090 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-10 21:03 - 2005-10-08 23:52 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü
2013-08-10 21:02 - 2013-08-09 22:01 - 00000000 ____D C:\Programme\Check Point Software Technologies LTD
2013-08-10 21:02 - 2013-08-09 22:00 - 00000000 ____D C:\Programme\East Imperial Soft
2013-08-10 21:02 - 2013-07-17 21:20 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Uniblue
2013-08-10 21:02 - 2013-07-17 21:00 - 00000000 ____D C:\Programme\DVDVideoSoft
2013-08-10 21:02 - 2013-07-09 17:07 - 00000000 ____D C:\Programme\DsNET Corp
2013-08-10 21:02 - 2013-06-27 16:03 - 00000000 ___SD C:\Dokumente und Einstellungen\UpdatusUser\UserData
2013-08-10 21:02 - 2013-06-27 16:03 - 00000000 ___RD C:\Dokumente und Einstellungen\UpdatusUser\Startmenü
2013-08-10 21:02 - 2013-06-27 16:03 - 00000000 ____D C:\Dokumente und Einstellungen\UpdatusUser\WINDOWS
2013-08-10 21:02 - 2013-06-27 14:52 - 00000000 ____D C:\NVIDIA
2013-08-10 21:02 - 2013-06-20 18:15 - 00000000 ____D C:\Programme\Greenshot
2013-08-10 21:02 - 2013-06-19 16:52 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Skype
2013-08-10 21:02 - 2013-05-23 17:22 - 00000000 ____D C:\Programme\Gemeinsame Dateien\DVDVideoSoft
2013-08-10 21:02 - 2013-03-09 21:46 - 00000000 ____D C:\Programme\CheckPoint
2013-08-10 21:02 - 2012-12-12 19:21 - 00000000 ____D C:\Programme\Dropbox
2013-08-10 21:02 - 2012-03-04 20:51 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Spigot(3)
2013-08-10 21:02 - 2012-03-04 20:51 - 00000000 ____D C:\Programme\Application Updater(3)
2013-08-10 21:02 - 2011-09-20 14:59 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Protexis
2013-08-10 21:02 - 2011-09-11 14:36 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Corel
2013-08-10 21:02 - 2011-09-10 20:45 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Spigot(2)
2013-08-10 21:02 - 2011-09-10 20:45 - 00000000 ____D C:\Programme\Application Updater(2)
2013-08-10 21:02 - 2011-02-26 17:45 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Aladdin Shared
2013-08-10 21:02 - 2011-02-26 14:19 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Aladdin Shared(2)
2013-08-10 21:02 - 2011-02-19 14:38 - 00000000 ____D C:\Programme\CodecOption
2013-08-10 21:02 - 2010-11-27 16:32 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Snell & Wilcox Shared
2013-08-10 21:02 - 2010-11-27 16:32 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Grass Valley
2013-08-10 21:02 - 2010-11-24 21:37 - 00000000 ____D C:\Programme\directx
2013-08-10 21:02 - 2010-11-23 20:14 - 00000000 ____D C:\MappedFiles
2013-08-10 21:02 - 2010-11-05 19:18 - 00000000 ___SD C:\Dokumente und Einstellungen\Administrator\UserData
2013-08-10 21:02 - 2010-11-05 19:18 - 00000000 ___RD C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme
2013-08-10 21:02 - 2010-11-05 19:18 - 00000000 ___RD C:\Dokumente und Einstellungen\Administrator\Startmenü
2013-08-10 21:02 - 2010-11-05 19:18 - 00000000 ___RD C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Musik
2013-08-10 21:02 - 2010-11-05 19:18 - 00000000 ___RD C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Dokumente
2013-08-10 21:02 - 2010-11-05 19:18 - 00000000 ___RD C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Bilder
2013-08-10 21:02 - 2010-11-05 19:18 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\WINDOWS
2013-08-10 21:02 - 2010-11-05 19:18 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Mein Geld
2013-08-10 21:02 - 2009-11-27 20:26 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\CyberLink
2013-08-10 21:02 - 2009-11-27 20:23 - 00000000 ____D C:\Dokumente und Einstellungen\Besitzer\Startmenü
2013-08-10 21:02 - 2009-11-21 22:16 - 00000000 ____D C:\Programme\Bonjour
2013-08-10 21:02 - 2009-11-11 20:38 - 00000000 ____D C:\Programme\AVS4YOU
2013-08-10 21:02 - 2009-11-01 14:52 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Apple
2013-08-10 21:02 - 2009-07-05 12:11 - 00000000 ____D C:\Programme\Gemeinsame Dateien\SWF Studio
2013-08-10 21:02 - 2008-12-19 20:32 - 00000000 ____D C:\Programme\DATA BECKER
2013-08-10 21:02 - 2008-12-16 19:43 - 00000000 ____D C:\Programme\Gemeinsame Dateien\DATA BECKER Shared
2013-08-10 21:02 - 2008-10-29 19:59 - 00000000 ____D C:\Intel
2013-08-10 21:02 - 2008-10-27 18:37 - 00000000 ____D C:\Programme\BearPaw 2448TA Plus
2013-08-10 21:02 - 2008-10-21 21:12 - 00000000 ____D C:\Programme\Gemeinsame Dateien\TechSmith Shared
2013-08-10 21:02 - 2008-10-09 19:03 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Acronis
2013-08-10 21:02 - 2008-10-09 19:03 - 00000000 ____D C:\Programme\Acronis
2013-08-10 21:02 - 2008-10-09 17:42 - 00000000 ____D C:\Programme\Canon
2013-08-10 21:02 - 2008-10-09 17:36 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Canon
2013-08-10 21:02 - 2008-09-16 20:58 - 00000000 ____D C:\Programme\Gemeinsame Dateien\xing shared
2013-08-10 21:02 - 2007-12-22 18:20 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Motorola Shared
2013-08-10 21:02 - 2007-06-18 20:16 - 00000000 ____D C:\Programme\Gemeinsame Dateien\SONY Digital Images
2013-08-10 21:02 - 2007-06-10 12:27 - 00000000 ____D C:\Programme\Gemeinsame Dateien\AVSMedia
2013-08-10 21:02 - 2007-02-07 19:28 - 00000000 ____D C:\Programme\Codec Pack - All In 1
2013-08-10 21:02 - 2007-02-06 20:52 - 00000000 ____D C:\Programme\Apple Software Update
2013-08-10 21:02 - 2007-01-21 22:50 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Adobe
2013-08-10 21:02 - 2007-01-10 14:32 - 00000000 ____D C:\Dokumente und Einstellungen\Besitzer
2013-08-10 21:02 - 2006-10-08 15:03 - 00000000 ____D C:\Programme\Canopus
2013-08-10 21:02 - 2006-08-03 08:39 - 00000000 ____D C:\Programme\Gemeinsame Dateien\ODBC
2013-08-10 21:02 - 2006-07-01 09:43 - 00000000 ____D C:\Programme\AOL
2013-08-10 21:02 - 2006-06-16 11:29 - 00000000 ____D C:\Programme\Digitale Telefonauskunft
2013-08-10 21:02 - 2006-06-07 19:00 - 00000000 ____D C:\Programme\Gemeinsame Dateien\InterVideo
2013-08-10 21:02 - 2006-06-07 19:00 - 00000000 ____D C:\Programme\Creative
2013-08-10 21:02 - 2006-06-07 18:38 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Canopus Shared
2013-08-10 21:02 - 2006-06-07 18:04 - 00000000 ____D C:\MSCAN
2013-08-10 21:02 - 2006-06-06 20:58 - 00000000 ____D C:\Programme\Dornier GmbH
2013-08-10 21:02 - 2006-06-06 20:07 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Ulead Systems
2013-08-10 21:02 - 2006-06-06 19:18 - 00000000 ____D C:\Programme\Gemeinsame Dateien\DESIGNER
2013-08-10 21:02 - 2006-02-28 16:57 - 00000000 ____D C:\Programme\Gemeinsame Dateien\aol
2013-08-10 21:02 - 2006-02-28 16:07 - 00000000 ____D C:\Programme\Home Cinema
2013-08-10 21:02 - 2006-02-28 16:07 - 00000000 ____D C:\Programme\CyberLink
2013-08-10 21:02 - 2006-02-28 16:03 - 00000000 ____D C:\Programme\Gemeinsame Dateien\LightScribe
2013-08-10 21:02 - 2006-02-28 16:02 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Ahead
2013-08-10 21:02 - 2006-02-28 16:02 - 00000000 ____D C:\Programme\Ahead
2013-08-10 21:02 - 2006-02-28 16:01 - 00000000 ____D C:\PCM
2013-08-10 21:02 - 2006-02-28 15:56 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Java
2013-08-10 21:02 - 2006-02-28 15:56 - 00000000 ____D C:\Programme\Adobe
2013-08-10 21:02 - 2006-02-28 15:51 - 00000000 ____D C:\Programme\C-Media USB2.0 Card Reader
2013-08-10 21:02 - 2005-10-09 14:56 - 00000000 ____D C:\Programme\Gemeinsame Dateien\MAGIX Shared
2013-08-10 21:02 - 2005-10-09 14:55 - 00000000 ____D C:\Programme\ALDI Sued Foto Service
2013-08-10 21:02 - 2005-10-09 14:49 - 00000000 ____D C:\Programme\Gemeinsame Dateien\DataDesign
2013-08-10 21:02 - 2005-10-09 14:46 - 00000000 ____D C:\Programme\Gemeinsame Dateien\muvee Technologies
2013-08-10 21:02 - 2005-10-09 14:33 - 00000000 ____D C:\Programme\Encarta
2013-08-10 21:02 - 2005-10-09 12:28 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Nullsoft
2013-08-10 21:02 - 2005-10-09 12:25 - 00000000 ____D C:\Programme\DivX
2013-08-10 21:02 - 2005-10-09 11:25 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Real
2013-08-10 21:02 - 2005-10-08 23:52 - 00000000 ____D C:\Programme\Gemeinsame Dateien\SpeechEngines
2013-08-10 21:02 - 2005-10-08 23:52 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Microsoft Shared
2013-08-10 21:02 - 2005-10-08 22:56 - 00000000 ____D C:\Programme\Gemeinsame Dateien\System
2013-08-10 21:02 - 2005-10-08 22:56 - 00000000 ____D C:\Programme\Gemeinsame Dateien\MSSoap
2013-08-10 21:02 - 2005-10-08 22:56 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Dienste
2013-08-10 21:02 - 2005-10-08 15:59 - 00000000 ____D C:\Programme\HighMAT CD Writing Wizard
2013-08-10 21:02 - 2005-10-08 15:28 - 00000000 ____D C:\Programme\Gemeinsame Dateien\InstallShield
2013-08-10 19:03 - 2013-08-06 11:02 - 00000000 ____D C:\Programme\MSECache
2013-08-10 19:03 - 2013-07-07 20:43 - 00000000 ____D C:\Programme\Ontrack
2013-08-10 19:03 - 2013-06-20 18:06 - 00000000 ____D C:\Programme\MediaInfo
2013-08-10 19:03 - 2013-04-13 18:52 - 00000000 ____D C:\Programme\NVIDIA Corporation
2013-08-10 19:03 - 2013-04-05 19:07 - 00000000 ____D C:\Programme\NCH Software
2013-08-10 19:03 - 2013-03-29 17:06 - 00000000 ____D C:\Programme\SIW
2013-08-10 19:03 - 2012-07-05 20:03 - 00000000 ____D C:\Programme\MarkAny
2013-08-10 19:03 - 2012-06-26 20:29 - 00000000 ____D C:\Programme\Office 2007
2013-08-10 19:03 - 2011-09-20 15:00 - 00000000 ____D C:\Programme\Microsoft SDKs
2013-08-10 19:03 - 2011-09-10 22:26 - 00000000 ____D C:\Programme\Microsoft Visual Studio 9.0
2013-08-10 19:03 - 2011-03-10 21:05 - 00000000 ____D C:\Programme\Microsoft Silverlight
2013-08-10 19:03 - 2010-02-13 22:01 - 00000000 ____D C:\Programme\iPod
2013-08-10 19:03 - 2009-11-27 20:23 - 00000000 ____D C:\Programme\SmartSound Software
2013-08-10 19:03 - 2009-08-15 14:40 - 00000000 ____D C:\Programme\Reference Assemblies
2013-08-10 19:03 - 2009-08-15 14:40 - 00000000 ____D C:\Programme\MSBuild
2013-08-10 19:03 - 2009-08-15 14:37 - 00000000 ____D C:\Programme\MSXML 6.0
2013-08-10 19:03 - 2009-07-30 09:56 - 00000000 ____D C:\Programme\Sony
2013-08-10 19:03 - 2008-10-28 21:59 - 00000000 ____D C:\Programme\Trend Micro
2013-08-10 19:03 - 2008-10-09 20:59 - 00000000 ____D C:\Programme\Kaspersky Lab
2013-08-10 19:03 - 2007-12-22 16:53 - 00000000 ____D C:\Programme\Motorola Phone Tools
2013-08-10 19:03 - 2007-02-25 18:27 - 00000000 ____D C:\Programme\Multi_Media_Germany
2013-08-10 19:03 - 2007-02-11 18:49 - 00000000 ____D C:\Programme\Nero
2013-08-10 19:03 - 2006-11-19 21:11 - 00000000 ____D C:\Programme\MSXML 4.0
2013-08-10 19:03 - 2006-06-06 19:18 - 00000000 ____D C:\Programme\Microsoft.NET
2013-08-10 19:03 - 2006-06-06 19:18 - 00000000 ____D C:\Programme\Microsoft Visual Studio
2013-08-10 19:03 - 2006-02-28 18:22 - 00000000 ____D C:\Programme\MSN Messenger
2013-08-10 19:03 - 2006-02-28 16:57 - 00000000 ____D C:\Programme\Learn2.com
2013-08-10 19:03 - 2006-02-28 15:56 - 00000000 ____D C:\Programme\Java
2013-08-10 19:03 - 2006-02-28 15:52 - 00000000 ____D C:\Programme\Medion Info Display
2013-08-10 19:03 - 2006-01-30 12:25 - 00000000 ____D C:\Programme\Realtek
2013-08-10 19:03 - 2005-10-09 19:13 - 00000000 ____D C:\Programme\NVIDIA Demo Kiosk
2013-08-10 19:03 - 2005-10-09 14:46 - 00000000 ____D C:\Programme\muvee Technologies
2013-08-10 19:03 - 2005-10-09 14:36 - 00000000 ____D C:\Programme\Microsoft AutoRoute
2013-08-10 19:03 - 2005-10-09 14:26 - 00000000 ____D C:\Programme\Microsoft Office
2013-08-10 19:03 - 2005-10-09 14:23 - 00000000 ____D C:\Programme\Microsoft Works Suite 2006
2013-08-10 19:03 - 2005-10-09 14:23 - 00000000 ____D C:\Programme\Microsoft Works
2013-08-10 19:03 - 2005-10-09 11:53 - 00000000 ____D C:\Programme\RALINK
2013-08-10 19:03 - 2005-10-09 11:25 - 00000000 ____D C:\Programme\Real
2013-08-10 19:03 - 2005-10-08 22:58 - 00000000 ____D C:\Programme\microsoft frontpage
2013-08-10 19:03 - 2005-10-08 22:56 - 00000000 ____D C:\Programme\Outlook Express
2013-08-10 19:03 - 2005-10-08 22:56 - 00000000 ____D C:\Programme\Online-Dienste
2013-08-10 19:03 - 2005-10-08 22:56 - 00000000 ____D C:\Programme\NetMeeting
2013-08-10 19:03 - 2005-10-08 22:56 - 00000000 ____D C:\Programme\Movie Maker
2013-08-10 19:03 - 2005-10-08 22:55 - 00000000 ____D C:\Programme\Online Services
2013-08-10 19:03 - 2005-10-08 22:55 - 00000000 ____D C:\Programme\MSN Gaming Zone
2013-08-10 19:03 - 2005-10-08 22:55 - 00000000 ____D C:\Programme\MSN
2013-08-10 19:03 - 2005-10-08 22:55 - 00000000 ____D C:\Programme\Messenger
2013-08-10 19:03 - 2005-10-08 15:24 - 00000000 ____D C:\Programme\Intel
2013-08-10 19:03 - 2003-01-01 11:14 - 00000000 ____D C:\Programme\StreamTransport
2013-08-09 22:03 - 2005-10-09 11:11 - 00001479 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2013-08-08 17:20 - 2009-03-21 12:16 - 00002259 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Jaksta Streaming Media Recorder and Converter.lnk
2013-08-08 16:34 - 2013-08-08 16:34 - 00000000 ____H C:\WINDOWS\system32\config\SYSTEM_tureg_new.LOG
2013-08-08 16:34 - 2013-08-08 16:34 - 00000000 ____H C:\WINDOWS\system32\config\SOFTWARE_tureg_new.LOG
2013-08-08 16:34 - 2013-08-08 16:34 - 00000000 ____H C:\WINDOWS\system32\config\SAM_tureg_new.LOG
2013-08-08 16:34 - 2013-08-08 16:34 - 00000000 ____H C:\WINDOWS\system32\config\DEFAULT_tureg_new.LOG
2013-08-08 16:34 - 2005-10-09 00:51 - 58982400 _____ C:\WINDOWS\system32\config\SOFTWARE_tureg_old
2013-08-08 16:34 - 2005-10-09 00:51 - 10485760 _____ C:\WINDOWS\system32\config\SYSTEM_tureg_old
2013-08-08 16:34 - 2005-10-08 23:51 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY_tureg_old
2013-08-08 16:29 - 2013-08-08 16:29 - 00000000 ____H C:\WINDOWS\system32\config\SECURITY_tureg_new.LOG
2013-08-08 16:27 - 2005-10-09 00:51 - 00786432 _____ C:\WINDOWS\system32\config\DEFAULT_tureg_old
2013-08-08 16:27 - 2005-10-08 23:51 - 00024576 _____ C:\WINDOWS\system32\config\SAM_tureg_old
2013-08-03 13:05 - 2009-03-22 22:18 - 00001044 _____ C:\WINDOWS\Tasks\Google Software Updater.job
2013-07-30 05:34 - 2013-07-25 19:03 - 00011489 _____ C:\WINDOWS\KB2834886.log
2013-07-30 05:34 - 2013-07-25 19:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2013-07-30 05:32 - 2013-07-30 05:27 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-07-27 20:29 - 2007-02-06 20:52 - 00000276 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-07-27 11:08 - 2006-04-13 15:02 - 00000174 _____ C:\WINDOWS\system32\fsbx.ini
2013-07-25 19:03 - 2013-07-25 19:03 - 00004458 _____ C:\WINDOWS\KB2834904.log
2013-07-25 19:03 - 2013-07-25 19:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$
2013-07-25 19:03 - 2013-07-25 19:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$
2013-07-25 19:03 - 2013-07-11 16:46 - 00025336 _____ C:\WINDOWS\KB2850851.log
2013-07-25 19:02 - 2013-07-25 19:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2013-07-25 19:02 - 2013-07-11 16:45 - 00023359 _____ C:\WINDOWS\KB2845187.log
2013-07-25 19:00 - 2013-07-25 18:59 - 00004146 _____ C:\WINDOWS\KB2845142.log
2013-07-25 19:00 - 2013-07-25 18:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845142_WM64$

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2005-10-09 07:46] - [2008-04-14 08:52] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e 

C:\Windows\System32\winlogon.exe
[2005-10-09 07:46] - [2008-04-14 08:53] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a 

C:\Windows\System32\svchost.exe
[2005-10-09 07:46] - [2008-04-14 08:53] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366 

C:\Windows\System32\services.exe
[2008-09-18 20:21] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc 

C:\Windows\System32\User32.dll
[2005-10-09 07:46] - [2008-04-14 08:52] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd 

C:\Windows\System32\userinit.exe
[2008-09-18 20:21] - [2008-04-14 08:53] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106 

C:\Windows\System32\Drivers\volsnap.sys
[2008-09-18 20:21] - [2008-04-14 08:22] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d 


==================== End Of Log ============================
--- --- ---
__________________
Alt 23.08.2013, 21:31   #34
Aneri
/// Malwareteam
 
Qvo6.xml ist das ein Trojaner? - Standard

Qvo6.xml ist das ein Trojaner?


kein Problem, bedeutet das, dass deine CPU Auslastung wieder normal ist?
__________________
Gruß Aneri
Mitglied von UNITE

Lob oder Kritik? hier wirst du es los

Alt 24.08.2013, 16:03   #35
HelmutS
 
Qvo6.xml ist das ein Trojaner? - Standard

Qvo6.xml ist das ein Trojaner?


Nur "halbnormal" Heiko. 50 % der CPU-Auslastung sind immer noch konstant vorhanden (von jqs.exe).
Wie soll ich jetzt weiter vorgehen. Soll ich jqs.exe einfach löschen?

Habe jetzt den TFC im abgesicherten Modus laufen lassen (total files cleaned 401 MB) und danach nochmal den FRST


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-08-2013
Ran by Administrator (administrator) on 24-08-2013 11:48:29
Running from C:\
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) ===================


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - REM RTHDCPL.EXE [x]
HKLM\...\Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [CHotkey] - REM mHotkey.exe [x]
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe [1009835 2006-01-04] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe [118784 2006-01-04] (Acronis)
HKLM\...\Run: [mspd] - C:\WINDOWS\system32\mspd.exe [389632 2003-08-27] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] - Z:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [UpdatePDRShortCut] - z:\Programme\CyberLink\PowerDirector\PowerDirector\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [iTunesHelper] - F:\Programme\iTunes\iTunesHelper.exe [141608 2010-01-22] (Apple Inc.)
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [KiesTrayAgent] - Z:\Kies\KiesTrayAgent.exe [309688 2012-11-12] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [avgnt] - Z:\Programme\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-06] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avast] - C:\Programme\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll [X]
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKCU\...\Run: [AOLMIcon] - C:\Programme\Gemeinsame Dateien\AOLSHARE\AOLMIcon.exe [x]
HKCU\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Programme\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB [x]
HKCU\...\RunOnce: [NeroHomeFirstStart] - "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFirstStart.exe" [16680 2007-06-27] (Nero AG)
HKCU\...\Runonce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe [x]
HKU\Default User\...\Run: [AOLMIcon] - C:\Programme\Gemeinsame Dateien\AOLSHARE\AOLMIcon.exe [x]
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFirstStart.exe [ 2007-06-27] (Nero AG)
HKU\UpdatusUser\...\Run: [AOLMIcon] - C:\Programme\Gemeinsame Dateien\AOLSHARE\AOLMIcon.exe [x]
HKU\UpdatusUser\...\RunOnce: [NeroHomeFirstStart] - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFirstStart.exe [ 2007-06-27] (Nero AG)
Lsa: [Authentication Packages] msv1_0 relog_ap
Lsa: [Notification Packages] :\WINDOWS\system3
BootExecute: autocheck autochk * oodbs

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.medion.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM - {074A4B8E-16EA-418f-82D3-FDF259FCC700} URL = hxxp://go.web.de/suchbox/amazon?field-keywords={searchTerms}
SearchScopes: HKLM - {5A90DDBA-05B8-4689-A5D5-F209DD8B4D62} URL = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
SearchScopes: HKLM - {96DEA305-33AB-4BFF-A2E3-3D9BD23472E0} URL = hxxp://go.web.de/suchbox/webdesuche?su={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {7980FFE6-9DFE-4d9d-920A-CEB86D279C79} URL = 
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: metaspinner GmbH - {84B94901-3645-4D80-A6B7-4D0050B19455} - F:\Programme\teXXas\IEButtonAmazonInterface.dll ()
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE.dll (AVAST Software)
BHO: ZuneIEPlugin.ZuneBHO - {A8533C62-9399-4640-B36B-D1DDE91EB8B1} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
BHO: metaspinner GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - F:\Programme\teXXas\IEButtonEbayInterface.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {15B782AF-55D8-11D1-B477-006097098764} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128778405937
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141142460296
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} hxxp://www.netnews.cc/netfoto/XUpload.ocx
Handler: ipp - No CLSID Value - 
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value - 
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: CShellExecuteHookImpl Object - {57B86673-276A-48B2-BAE7-C6DBB3020EB8} -  No File [ ]
Winsock: Catalog5 04 C:\Programme\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Programme\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Programme\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Programme\Google\Chrome\Application\29.0.1547.57\pdf.dll ()
CHR Plugin: (Microsoft\u00AE DRM) - C:\Programme\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Programme\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Programme\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - Z:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - Z:\Programme\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - Z:\Programme\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - Z:\Programme\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - Z:\Programme\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - Z:\Programme\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - Z:\Programme\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Programme\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - F:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (DivX\u00AE Content Upload Plugin) - z:\Programme\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - z:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (DivX Web Player) - z:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Picasa) - z:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - z:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - z:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - z:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Extension: (Google Docs) - C:\DOKUME~1\ADMINI~1\LOKALE~1\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\DOKUME~1\ADMINI~1\LOKALE~1\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\DOKUME~1\ADMINI~1\LOKALE~1\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\DOKUME~1\ADMINI~1\LOKALE~1\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet Service) - C:\DOKUME~1\ADMINI~1\LOKALE~1\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0
CHR Extension: (Gmail) - C:\DOKUME~1\ADMINI~1\LOKALE~1\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Dokumente und Einstellungen\Helmut\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx

========================== Services (Whitelisted) =================

S2 6to4; C:\Windows\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
S2 AcrSch2Svc; C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe [172032 2006-01-04] (Acronis)
S4 AdminSVC; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Web.de\adminsvc.exe [180224 2006-10-12] (hablamax)
S2 AntiVirSchedulerService; Z:\Programme\Avira\AntiVir Desktop\sched.exe [84024 2013-07-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; Z:\Programme\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-06] (Avira Operations GmbH & Co. KG)
S2 Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
S2 avast! Antivirus; C:\Programme\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 Bonjour Service; C:\Programme\Bonjour\mDNSResponder.exe [238888 2008-12-12] (Apple Inc.)
S4 CLCapSvc; z:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe [221257 2005-12-01] ()
S4 CLSched; z:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe [110663 2005-12-01] ()
S2 CyberLink Media Library Service; C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe [61440 2005-12-01] (Cyberlink)
S2 DBService; C:\Programme\Gemeinsame Dateien\DATA BECKER Shared\DBService.exe [189776 2010-10-28] (DATA BECKER GmbH & Co KG)
S2 FSService; z:\Programme\Folder Shield\FSService.exe [45056 2006-04-13] ()
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2009-12-28] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2009-12-28] (Google Inc.)
S2 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [194104 2011-09-13] (Google)
S4 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation)
S3 iPod Service; C:\Programme\iPod\bin\iPodService.exe [545576 2010-01-22] (Apple Inc.)
S4 LightScribeService; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [79136 2007-10-18] (Hewlett-Packard Company)
S3 McComponentHostService; 
S2 MDM; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe [322120 2003-06-20] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [117656 2013-08-14] (Mozilla Foundation)
S4 NBService; C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe [800040 2007-09-17] (Nero AG)
S4 NMIndexingService; C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
S2 nvUpdatusService; C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1258856 2012-09-23] (NVIDIA Corporation)
S2 O&O Defrag; C:\WINDOWS\system32\oodag.exe [339456 2006-06-02] (O&O Software GmbH)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
S2 PSI_SVC_2; C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe [189728 2010-03-10] (Protexis Inc.)
S4 RichVideo; C:\Programme\CyberLink\Shared Files\RichVideo.exe [247152 2009-04-17] ()
S2 TuneUp.UtilitiesSvc; C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1528672 2012-05-29] (TuneUp Software)
S4 UleadBurningHelper; C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-03-13] (Ulead Systems, Inc.)
S2 vToolbarUpdater15.2.0; C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-21] (AVG Secure Search)
S4 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-10-24] (Microsoft Corporation)
S4 x10nets; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480 2001-11-12] (X10)
S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]
S4 AVG Anti-Spyware Guard; F:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe [x]
S2 FileZilla Server; "z:\Programme\FileZilla Server\FileZilla Server.exe" [x]
S2 JavaQuickStarterService; "C:\Programme\Java\jre7\bin\jqs.exe" -service -config "C:\Programme\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) ====================

S3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [826752 2005-12-06] (Philips Semiconductors GmbH)
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [48128 2008-04-14] (Microsoft Corporation)
S2 A4SII300; C:\Windows\System32\drivers\A4SII300.SYS [25632 1998-02-26] (Microsoft Corporation)
S2 acedrv11; C:\WINDOWS\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [19915 2005-10-09] (Meetinghouse Data Communications)
R3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [327168 2006-11-22] (Aladdin Knowledge Systems Ltd.)
R3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [100096 2006-11-22] (Aladdin Knowledge Systems Ltd.)
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
S2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-22] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-22] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-08-22] ()
S3 AVCSTRM; C:\Windows\System32\DRIVERS\avcstrm.sys [13696 2008-04-14] (Microsoft Corporation)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-05-21] (AVG Technologies)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-29] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-29] (Avira Operations GmbH & Co. KG)
R0 bxShield; C:\Windows\System32\Drivers\bxShield.sys [45056 2006-04-13] (Alfa Corporation)
R1 cdrblock; C:\Windows\System32\DRIVERS\cdrblock.sys [27704 2008-05-30] (Canopus Co,. Ltd.)
S1 cdrport; C:\Windows\System32\DRIVERS\cdrport.sys [4608 2005-03-11] (Canopus Co,. Ltd.)
R3 CMISTOR; C:\Windows\System32\DRIVERS\cmiucr.SYS [72320 2005-10-04] (C-Media Corporation)
R3 dtscsi; C:\Windows\System32\Drivers\dtscsi.sys [223128 2008-09-17] ()
S3 GT680x; C:\Windows\System32\Drivers\Gt680x.sys [17504 2003-02-19] (   )
S2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.)
S3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
S3 MSTAPE; C:\Windows\System32\DRIVERS\mstape.sys [49024 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [34064 2007-11-06] (CACE Technologies)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.)
S1 PQNTDrv; C:\Windows\System32\Drivers\PQNTDrv.sys [4228 2002-09-16] (PowerQuest Corporation)
R3 RT2500USB; C:\Windows\System32\DRIVERS\rt2500usb.sys [241536 2005-07-14] (Ralink Technology Inc.)
R3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [642560 2008-09-16] ()
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39016 2012-07-20] (RapidSolution Software AG)
R1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [30688 2008-10-09] (Acronis)
S3 TuneUpUtilitiesDrv; C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2012-05-08] (TuneUp Software)
S3 usbsermptxp; C:\Windows\System32\DRIVERS\usbsermptxp.sys [25600 2007-12-22] (Microsoft Corporation)
R0 viamraid; C:\Windows\System32\DRIVERS\viamraid.sys [117248 2008-01-22] (VIA Technologies inc,.ltd)
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [17792 2005-05-19] (X10 Wireless Technology, Inc.)
S3 akshhl; system32\DRIVERS\akshhl.sys [x]
S1 AVG Anti-Spyware Driver; \??\F:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.sys [x]
S1 AvgAsCln; System32\DRIVERS\AvgAsCln.sys [x]
S4 IntelIde; No ImagePath
S0 rseb; No ImagePath
U3 Winsock - Google Desktop Search Backup Before First Install; No ImagePath
U3 Winsock - Google Desktop Search Backup Before Last Install; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-24 11:22 - 2013-08-24 11:22 - 00692104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-08-24 11:22 - 2013-08-24 11:22 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-08-24 11:22 - 2013-08-24 11:22 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-08-24 11:03 - 2013-08-24 10:11 - 00448512 _____ (OldTimer Tools) C:\TFC.exe
2013-08-23 17:28 - 2013-08-23 17:28 - 00001891 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
2013-08-22 20:36 - 2013-08-22 20:36 - 00000700 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
2013-08-22 20:36 - 2013-08-22 20:36 - 00000000 ____D C:\Programme\Mozilla Maintenance Service
2013-08-22 19:51 - 2013-08-22 19:51 - 00001781 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
2013-08-22 19:51 - 2013-08-22 19:51 - 00001086 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1ce9f604adfe6ec.job
2013-08-22 19:49 - 2013-08-23 05:41 - 00000370 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-08-22 19:49 - 2013-08-22 19:49 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-08-22 19:49 - 2013-08-22 19:49 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-08-22 19:49 - 2013-08-22 19:49 - 00175176 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-08-22 19:49 - 2013-08-22 19:49 - 00001657 _____ C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
2013-08-22 19:49 - 2013-08-22 19:49 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys.sum
2013-08-22 19:49 - 2013-08-22 19:49 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2013-08-22 19:49 - 2013-08-22 19:49 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSnx.sys.sum
2013-08-22 19:49 - 2013-05-09 10:59 - 00066336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-08-22 19:49 - 2013-05-09 10:59 - 00056080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-08-22 19:49 - 2013-05-09 10:59 - 00049760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2013-08-22 19:49 - 2013-05-09 10:59 - 00049376 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-08-22 19:49 - 2013-05-09 10:59 - 00029816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-08-22 19:49 - 2013-05-09 10:58 - 00229648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-08-22 19:29 - 2013-08-22 19:29 - 00000000 ____D C:\Programme\AVAST Software
2013-08-22 19:29 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-08-22 17:28 - 2013-08-22 17:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-08-19 18:00 - 2013-08-19 18:00 - 00000000 ____D C:\Programme\ESET
2013-08-19 17:47 - 2013-08-19 17:47 - 00000000 __SHD C:\Dokumente und Einstellungen\Administrator\PrivacIE
2013-08-15 07:09 - 2013-08-15 07:09 - 00006154 _____ C:\WINDOWS\KB2863058.log
2013-08-15 07:09 - 2013-08-15 07:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-08-15 07:09 - 2013-08-15 07:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-08-15 07:09 - 2013-08-15 07:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-08-14 09:01 - 2013-08-14 09:01 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2013-08-14 07:17 - 2013-08-22 17:29 - 00014930 _____ C:\WINDOWS\KB2850869.log
2013-08-14 07:17 - 2013-08-15 07:09 - 00012682 _____ C:\WINDOWS\KB2859537.log
2013-08-13 20:57 - 2013-08-13 20:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\mbam-setup-1.75.0.1300.exe
2013-08-13 09:41 - 2013-08-13 09:41 - 00000000 ____D C:\WINDOWS\ERUNT
2013-08-12 11:59 - 2013-08-12 11:59 - 00000000 __SHD C:\Dokumente und Einstellungen\Administrator\IETldCache
2013-08-12 09:28 - 2013-08-19 17:03 - 00000000 ____D C:\FRST
2013-08-11 08:38 - 2013-08-11 19:55 - 00000000 ____D C:\Programme\WinZipper
2013-08-09 22:01 - 2013-08-10 21:02 - 00000000 ____D C:\Programme\Check Point Software Technologies LTD
2013-08-09 22:00 - 2013-08-10 21:02 - 00000000 ____D C:\Programme\East Imperial Soft
2013-08-08 16:34 - 2013-08-08 16:34 - 00000000 ____H C:\WINDOWS\system32\config\SYSTEM_tureg_new.LOG
2013-08-08 16:34 - 2013-08-08 16:34 - 00000000 ____H C:\WINDOWS\system32\config\SOFTWARE_tureg_new.LOG
2013-08-08 16:34 - 2013-08-08 16:34 - 00000000 ____H C:\WINDOWS\system32\config\SAM_tureg_new.LOG
2013-08-08 16:34 - 2013-08-08 16:34 - 00000000 ____H C:\WINDOWS\system32\config\DEFAULT_tureg_new.LOG
2013-08-08 16:29 - 2013-08-08 16:29 - 00000000 ____H C:\WINDOWS\system32\config\SECURITY_tureg_new.LOG
2013-08-06 11:02 - 2013-08-10 19:03 - 00000000 ____D C:\Programme\MSECache
2013-07-30 05:27 - 2013-07-30 05:32 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-07-25 19:03 - 2013-07-30 05:34 - 00011489 _____ C:\WINDOWS\KB2834886.log
2013-07-25 19:03 - 2013-07-30 05:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2013-07-25 19:03 - 2013-07-25 19:03 - 00004458 _____ C:\WINDOWS\KB2834904.log
2013-07-25 19:03 - 2013-07-25 19:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$
2013-07-25 19:03 - 2013-07-25 19:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$
2013-07-25 19:02 - 2013-07-25 19:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2013-07-25 18:59 - 2013-07-25 19:00 - 00004146 _____ C:\WINDOWS\KB2845142.log
2013-07-25 18:59 - 2013-07-25 19:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845142_WM64$

==================== One Month Modified Files and Folders =======

2013-08-24 11:47 - 2005-10-09 07:46 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-08-24 11:46 - 2007-01-27 10:54 - 00924498 _____ C:\WINDOWS\system32\OODBS.lor
2013-08-24 11:45 - 2011-02-18 20:03 - 00327680 _____ C:\WINDOWS\system32\config\TuneUp.evt
2013-08-24 11:45 - 2006-06-06 20:48 - 00000275 _____ C:\WINDOWS\wiadebug.log
2013-08-24 11:45 - 2006-06-06 20:48 - 00000052 _____ C:\WINDOWS\wiaservc.log
2013-08-24 11:45 - 2006-06-06 17:53 - 02022403 _____ C:\WINDOWS\WindowsUpdate.log
2013-08-24 11:40 - 2012-04-12 17:37 - 00008071 _____ C:\WINDOWS\setupact.log
2013-08-24 11:22 - 2013-08-24 11:22 - 00692104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-08-24 11:22 - 2013-08-24 11:22 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-08-24 11:22 - 2013-08-24 11:22 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-08-24 11:22 - 2005-10-08 23:52 - 00000000 ___RD C:\Programme
2013-08-24 11:09 - 2010-11-05 19:18 - 00000190 ___SH C:\Dokumente und Einstellungen\Administrator\ntuser.ini
2013-08-24 10:35 - 2006-06-06 18:02 - 00000000 ____D C:\Dokumente und Einstellungen\Helmut
2013-08-24 10:11 - 2013-08-24 11:03 - 00448512 _____ (OldTimer Tools) C:\TFC.exe
2013-08-23 18:34 - 2013-08-24 11:39 - 01070315 _____ (Farbar) C:\FRST.exe
2013-08-23 17:28 - 2013-08-23 17:28 - 00001891 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
2013-08-23 17:28 - 2005-10-09 12:25 - 00000000 ____D C:\Programme\Google
2013-08-23 05:41 - 2013-08-22 19:49 - 00000370 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-08-22 20:36 - 2013-08-22 20:36 - 00000700 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
2013-08-22 20:36 - 2013-08-22 20:36 - 00000000 ____D C:\Programme\Mozilla Maintenance Service
2013-08-22 20:35 - 2009-03-22 12:16 - 00000000 ____D C:\Programme\Mozilla Firefox
2013-08-22 19:56 - 2007-01-27 10:57 - 00000000 ____D C:\WINDOWS\system32\oodag
2013-08-22 19:51 - 2013-08-22 19:51 - 00001781 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
2013-08-22 19:51 - 2013-08-22 19:51 - 00001086 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1ce9f604adfe6ec.job
2013-08-22 19:49 - 2013-08-22 19:49 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-08-22 19:49 - 2013-08-22 19:49 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-08-22 19:49 - 2013-08-22 19:49 - 00175176 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-08-22 19:49 - 2013-08-22 19:49 - 00001657 _____ C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
2013-08-22 19:49 - 2013-08-22 19:49 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys.sum
2013-08-22 19:49 - 2013-08-22 19:49 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2013-08-22 19:49 - 2013-08-22 19:49 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSnx.sys.sum
2013-08-22 19:49 - 2005-10-08 22:57 - 00003000 _____ C:\WINDOWS\system32\config.nt
2013-08-22 19:29 - 2013-08-22 19:29 - 00000000 ____D C:\Programme\AVAST Software
2013-08-22 17:47 - 2005-10-08 15:17 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-08-22 17:35 - 2012-06-07 13:32 - 75778376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-08-22 17:32 - 2005-10-08 23:52 - 01166212 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-08-22 17:29 - 2013-08-22 17:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-08-22 17:29 - 2013-08-14 07:17 - 00014930 _____ C:\WINDOWS\KB2850869.log
2013-08-22 17:29 - 2012-04-12 17:37 - 00756252 _____ C:\WINDOWS\setupapi.log
2013-08-22 17:29 - 2012-04-12 17:37 - 00517343 _____ C:\WINDOWS\FaxSetup.log
2013-08-22 17:29 - 2012-04-12 17:37 - 00248304 _____ C:\WINDOWS\ocgen.log
2013-08-22 17:29 - 2012-04-12 17:37 - 00198156 _____ C:\WINDOWS\tsoc.log
2013-08-22 17:29 - 2012-04-12 17:37 - 00172496 _____ C:\WINDOWS\comsetup.log
2013-08-22 17:29 - 2012-04-12 17:37 - 00104470 _____ C:\WINDOWS\ntdtcsetup.log
2013-08-22 17:29 - 2012-04-12 17:37 - 00082802 _____ C:\WINDOWS\iis6.log
2013-08-22 17:29 - 2012-04-12 17:37 - 00028728 _____ C:\WINDOWS\ocmsn.log
2013-08-22 17:29 - 2012-04-12 17:37 - 00025956 _____ C:\WINDOWS\msgsocm.log
2013-08-22 17:29 - 2012-04-12 17:37 - 00001374 _____ C:\WINDOWS\imsins.log
2013-08-22 17:29 - 2012-04-12 17:36 - 00084745 _____ C:\WINDOWS\updspapi.log
2013-08-20 20:24 - 2013-06-20 18:30 - 00000000 ____D C:\Magazin-1
2013-08-20 19:54 - 2006-06-07 19:57 - 00000116 _____ C:\WINDOWS\NeroDigital.ini
2013-08-20 18:30 - 2005-10-09 14:27 - 00000400 _____ C:\WINDOWS\ODBC.INI
2013-08-19 18:00 - 2013-08-19 18:00 - 00000000 ____D C:\Programme\ESET
2013-08-19 17:47 - 2013-08-19 17:47 - 00000000 __SHD C:\Dokumente und Einstellungen\Administrator\PrivacIE
2013-08-19 17:47 - 2010-11-05 19:18 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe
2013-08-19 17:47 - 2010-11-05 19:18 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator
2013-08-19 17:03 - 2013-08-12 09:28 - 00000000 ____D C:\FRST
2013-08-18 15:30 - 2013-06-22 08:58 - 00007680 ___SH C:\WINDOWS\Thumbs.db
2013-08-18 12:58 - 2012-04-01 10:57 - 00023405 _____ C:\WINDOWS\wmsetup.log
2013-08-18 09:47 - 2006-06-16 12:16 - 00005134 _____ C:\WINDOWS\xnview.ini
2013-08-17 17:41 - 2013-06-20 16:56 - 00000000 ____D C:\Programme\Hybrid
2013-08-17 17:41 - 2012-07-19 19:14 - 00000000 ____D C:\Programme\TuneUp Utilities 2012
2013-08-17 12:24 - 2006-06-11 09:50 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2013-08-17 11:22 - 2005-10-08 22:56 - 00000000 ____D C:\WINDOWS\Registration
2013-08-15 07:09 - 2013-08-15 07:09 - 00006154 _____ C:\WINDOWS\KB2863058.log
2013-08-15 07:09 - 2013-08-15 07:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-08-15 07:09 - 2013-08-15 07:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-08-15 07:09 - 2013-08-15 07:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-08-15 07:09 - 2013-08-14 07:17 - 00012682 _____ C:\WINDOWS\KB2859537.log
2013-08-15 07:09 - 2012-04-12 17:37 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-08-15 07:09 - 2007-02-18 04:01 - 00883452 _____ C:\WINDOWS\system32\TZLog.log
2013-08-14 09:28 - 2012-12-27 10:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2753842-v2$
2013-08-14 09:28 - 2009-03-11 22:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB959772_WM11$
2013-08-14 09:01 - 2013-08-14 09:01 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2013-08-13 20:57 - 2013-08-13 20:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\mbam-setup-1.75.0.1300.exe
2013-08-13 20:48 - 2006-06-17 09:33 - 00001966 _____ C:\WINDOWS\Ulead32.ini
2013-08-13 18:48 - 2005-10-08 23:52 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Dokumente
2013-08-13 09:41 - 2013-08-13 09:41 - 00000000 ____D C:\WINDOWS\ERUNT
2013-08-13 09:35 - 2012-04-09 10:41 - 00000000 ____D C:\Programme\Gemeinsame Dateien\AVG Secure Search
2013-08-12 11:59 - 2013-08-12 11:59 - 00000000 __SHD C:\Dokumente und Einstellungen\Administrator\IETldCache
2013-08-11 19:55 - 2013-08-11 08:38 - 00000000 ____D C:\Programme\WinZipper
2013-08-11 19:55 - 2005-10-08 23:51 - 00430984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-08-11 19:54 - 2005-10-08 23:00 - 00000000 __SHD C:\Dokumente und Einstellungen\NetworkService
2013-08-11 19:54 - 2005-10-08 23:00 - 00000000 __SHD C:\Dokumente und Einstellungen\LocalService
2013-08-11 19:53 - 2006-06-06 17:54 - 00032452 _____ C:\WINDOWS\SchedLgU.Txt
2013-08-11 19:53 - 2005-10-08 23:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-08-11 09:05 - 2009-12-28 08:49 - 00001090 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-10 21:03 - 2005-10-08 23:52 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü
2013-08-10 21:02 - 2013-08-09 22:01 - 00000000 ____D C:\Programme\Check Point Software Technologies LTD
2013-08-10 21:02 - 2013-08-09 22:00 - 00000000 ____D C:\Programme\East Imperial Soft
2013-08-10 21:02 - 2013-07-17 21:20 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Uniblue
2013-08-10 21:02 - 2013-07-17 21:00 - 00000000 ____D C:\Programme\DVDVideoSoft
2013-08-10 21:02 - 2013-07-09 17:07 - 00000000 ____D C:\Programme\DsNET Corp
2013-08-10 21:02 - 2013-06-27 16:03 - 00000000 ___SD C:\Dokumente und Einstellungen\UpdatusUser\UserData
2013-08-10 21:02 - 2013-06-27 16:03 - 00000000 ___RD C:\Dokumente und Einstellungen\UpdatusUser\Startmenü
2013-08-10 21:02 - 2013-06-27 16:03 - 00000000 ____D C:\Dokumente und Einstellungen\UpdatusUser\WINDOWS
2013-08-10 21:02 - 2013-06-27 14:52 - 00000000 ____D C:\NVIDIA
2013-08-10 21:02 - 2013-06-20 18:15 - 00000000 ____D C:\Programme\Greenshot
2013-08-10 21:02 - 2013-06-19 16:52 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Skype
2013-08-10 21:02 - 2013-05-23 17:22 - 00000000 ____D C:\Programme\Gemeinsame Dateien\DVDVideoSoft
2013-08-10 21:02 - 2013-03-09 21:46 - 00000000 ____D C:\Programme\CheckPoint
2013-08-10 21:02 - 2012-12-12 19:21 - 00000000 ____D C:\Programme\Dropbox
2013-08-10 21:02 - 2012-03-04 20:51 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Spigot(3)
2013-08-10 21:02 - 2012-03-04 20:51 - 00000000 ____D C:\Programme\Application Updater(3)
2013-08-10 21:02 - 2011-09-20 14:59 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Protexis
2013-08-10 21:02 - 2011-09-11 14:36 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Corel
2013-08-10 21:02 - 2011-09-10 20:45 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Spigot(2)
2013-08-10 21:02 - 2011-09-10 20:45 - 00000000 ____D C:\Programme\Application Updater(2)
2013-08-10 21:02 - 2011-02-26 17:45 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Aladdin Shared
2013-08-10 21:02 - 2011-02-26 14:19 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Aladdin Shared(2)
2013-08-10 21:02 - 2011-02-19 14:38 - 00000000 ____D C:\Programme\CodecOption
2013-08-10 21:02 - 2010-11-27 16:32 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Snell & Wilcox Shared
2013-08-10 21:02 - 2010-11-27 16:32 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Grass Valley
2013-08-10 21:02 - 2010-11-24 21:37 - 00000000 ____D C:\Programme\directx
2013-08-10 21:02 - 2010-11-23 20:14 - 00000000 ____D C:\MappedFiles
2013-08-10 21:02 - 2010-11-05 19:18 - 00000000 ___SD C:\Dokumente und Einstellungen\Administrator\UserData
2013-08-10 21:02 - 2010-11-05 19:18 - 00000000 ___RD C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme
2013-08-10 21:02 - 2010-11-05 19:18 - 00000000 ___RD C:\Dokumente und Einstellungen\Administrator\Startmenü
2013-08-10 21:02 - 2010-11-05 19:18 - 00000000 ___RD C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Musik
2013-08-10 21:02 - 2010-11-05 19:18 - 00000000 ___RD C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Dokumente
2013-08-10 21:02 - 2010-11-05 19:18 - 00000000 ___RD C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Bilder
2013-08-10 21:02 - 2010-11-05 19:18 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\WINDOWS
2013-08-10 21:02 - 2010-11-05 19:18 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Mein Geld
2013-08-10 21:02 - 2009-11-27 20:26 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\CyberLink
2013-08-10 21:02 - 2009-11-27 20:23 - 00000000 ____D C:\Dokumente und Einstellungen\Besitzer\Startmenü
2013-08-10 21:02 - 2009-11-21 22:16 - 00000000 ____D C:\Programme\Bonjour
2013-08-10 21:02 - 2009-11-11 20:38 - 00000000 ____D C:\Programme\AVS4YOU
2013-08-10 21:02 - 2009-11-01 14:52 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Apple
2013-08-10 21:02 - 2009-07-05 12:11 - 00000000 ____D C:\Programme\Gemeinsame Dateien\SWF Studio
2013-08-10 21:02 - 2008-12-19 20:32 - 00000000 ____D C:\Programme\DATA BECKER
2013-08-10 21:02 - 2008-12-16 19:43 - 00000000 ____D C:\Programme\Gemeinsame Dateien\DATA BECKER Shared
2013-08-10 21:02 - 2008-10-29 19:59 - 00000000 ____D C:\Intel
2013-08-10 21:02 - 2008-10-27 18:37 - 00000000 ____D C:\Programme\BearPaw 2448TA Plus
2013-08-10 21:02 - 2008-10-21 21:12 - 00000000 ____D C:\Programme\Gemeinsame Dateien\TechSmith Shared
2013-08-10 21:02 - 2008-10-09 19:03 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Acronis
2013-08-10 21:02 - 2008-10-09 19:03 - 00000000 ____D C:\Programme\Acronis
2013-08-10 21:02 - 2008-10-09 17:42 - 00000000 ____D C:\Programme\Canon
2013-08-10 21:02 - 2008-10-09 17:36 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Canon
2013-08-10 21:02 - 2008-09-16 20:58 - 00000000 ____D C:\Programme\Gemeinsame Dateien\xing shared
2013-08-10 21:02 - 2007-12-22 18:20 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Motorola Shared
2013-08-10 21:02 - 2007-06-18 20:16 - 00000000 ____D C:\Programme\Gemeinsame Dateien\SONY Digital Images
2013-08-10 21:02 - 2007-06-10 12:27 - 00000000 ____D C:\Programme\Gemeinsame Dateien\AVSMedia
2013-08-10 21:02 - 2007-02-07 19:28 - 00000000 ____D C:\Programme\Codec Pack - All In 1
2013-08-10 21:02 - 2007-02-06 20:52 - 00000000 ____D C:\Programme\Apple Software Update
2013-08-10 21:02 - 2007-01-21 22:50 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Adobe
2013-08-10 21:02 - 2007-01-10 14:32 - 00000000 ____D C:\Dokumente und Einstellungen\Besitzer
2013-08-10 21:02 - 2006-10-08 15:03 - 00000000 ____D C:\Programme\Canopus
2013-08-10 21:02 - 2006-08-03 08:39 - 00000000 ____D C:\Programme\Gemeinsame Dateien\ODBC
2013-08-10 21:02 - 2006-07-01 09:43 - 00000000 ____D C:\Programme\AOL
2013-08-10 21:02 - 2006-06-16 11:29 - 00000000 ____D C:\Programme\Digitale Telefonauskunft
2013-08-10 21:02 - 2006-06-07 19:00 - 00000000 ____D C:\Programme\Gemeinsame Dateien\InterVideo
2013-08-10 21:02 - 2006-06-07 19:00 - 00000000 ____D C:\Programme\Creative
2013-08-10 21:02 - 2006-06-07 18:38 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Canopus Shared
2013-08-10 21:02 - 2006-06-07 18:04 - 00000000 ____D C:\MSCAN
2013-08-10 21:02 - 2006-06-06 20:58 - 00000000 ____D C:\Programme\Dornier GmbH
2013-08-10 21:02 - 2006-06-06 20:07 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Ulead Systems
2013-08-10 21:02 - 2006-06-06 19:18 - 00000000 ____D C:\Programme\Gemeinsame Dateien\DESIGNER
2013-08-10 21:02 - 2006-02-28 16:57 - 00000000 ____D C:\Programme\Gemeinsame Dateien\aol
2013-08-10 21:02 - 2006-02-28 16:07 - 00000000 ____D C:\Programme\Home Cinema
2013-08-10 21:02 - 2006-02-28 16:07 - 00000000 ____D C:\Programme\CyberLink
2013-08-10 21:02 - 2006-02-28 16:03 - 00000000 ____D C:\Programme\Gemeinsame Dateien\LightScribe
2013-08-10 21:02 - 2006-02-28 16:02 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Ahead
2013-08-10 21:02 - 2006-02-28 16:02 - 00000000 ____D C:\Programme\Ahead
2013-08-10 21:02 - 2006-02-28 16:01 - 00000000 ____D C:\PCM
2013-08-10 21:02 - 2006-02-28 15:56 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Java
2013-08-10 21:02 - 2006-02-28 15:56 - 00000000 ____D C:\Programme\Adobe
2013-08-10 21:02 - 2006-02-28 15:51 - 00000000 ____D C:\Programme\C-Media USB2.0 Card Reader
2013-08-10 21:02 - 2005-10-09 14:56 - 00000000 ____D C:\Programme\Gemeinsame Dateien\MAGIX Shared
2013-08-10 21:02 - 2005-10-09 14:55 - 00000000 ____D C:\Programme\ALDI Sued Foto Service
2013-08-10 21:02 - 2005-10-09 14:49 - 00000000 ____D C:\Programme\Gemeinsame Dateien\DataDesign
2013-08-10 21:02 - 2005-10-09 14:46 - 00000000 ____D C:\Programme\Gemeinsame Dateien\muvee Technologies
2013-08-10 21:02 - 2005-10-09 14:33 - 00000000 ____D C:\Programme\Encarta
2013-08-10 21:02 - 2005-10-09 12:28 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Nullsoft
2013-08-10 21:02 - 2005-10-09 12:25 - 00000000 ____D C:\Programme\DivX
2013-08-10 21:02 - 2005-10-09 11:25 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Real
2013-08-10 21:02 - 2005-10-08 23:52 - 00000000 ____D C:\Programme\Gemeinsame Dateien\SpeechEngines
2013-08-10 21:02 - 2005-10-08 23:52 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Microsoft Shared
2013-08-10 21:02 - 2005-10-08 22:56 - 00000000 ____D C:\Programme\Gemeinsame Dateien\System
2013-08-10 21:02 - 2005-10-08 22:56 - 00000000 ____D C:\Programme\Gemeinsame Dateien\MSSoap
2013-08-10 21:02 - 2005-10-08 22:56 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Dienste
2013-08-10 21:02 - 2005-10-08 15:59 - 00000000 ____D C:\Programme\HighMAT CD Writing Wizard
2013-08-10 21:02 - 2005-10-08 15:28 - 00000000 ____D C:\Programme\Gemeinsame Dateien\InstallShield
2013-08-10 19:03 - 2013-08-06 11:02 - 00000000 ____D C:\Programme\MSECache
2013-08-10 19:03 - 2013-07-07 20:43 - 00000000 ____D C:\Programme\Ontrack
2013-08-10 19:03 - 2013-06-20 18:06 - 00000000 ____D C:\Programme\MediaInfo
2013-08-10 19:03 - 2013-04-13 18:52 - 00000000 ____D C:\Programme\NVIDIA Corporation
2013-08-10 19:03 - 2013-04-05 19:07 - 00000000 ____D C:\Programme\NCH Software
2013-08-10 19:03 - 2013-03-29 17:06 - 00000000 ____D C:\Programme\SIW
2013-08-10 19:03 - 2012-07-05 20:03 - 00000000 ____D C:\Programme\MarkAny
2013-08-10 19:03 - 2012-06-26 20:29 - 00000000 ____D C:\Programme\Office 2007
2013-08-10 19:03 - 2011-09-20 15:00 - 00000000 ____D C:\Programme\Microsoft SDKs
2013-08-10 19:03 - 2011-09-10 22:26 - 00000000 ____D C:\Programme\Microsoft Visual Studio 9.0
2013-08-10 19:03 - 2011-03-10 21:05 - 00000000 ____D C:\Programme\Microsoft Silverlight
2013-08-10 19:03 - 2010-02-13 22:01 - 00000000 ____D C:\Programme\iPod
2013-08-10 19:03 - 2009-11-27 20:23 - 00000000 ____D C:\Programme\SmartSound Software
2013-08-10 19:03 - 2009-08-15 14:40 - 00000000 ____D C:\Programme\Reference Assemblies
2013-08-10 19:03 - 2009-08-15 14:40 - 00000000 ____D C:\Programme\MSBuild
2013-08-10 19:03 - 2009-08-15 14:37 - 00000000 ____D C:\Programme\MSXML 6.0
2013-08-10 19:03 - 2009-07-30 09:56 - 00000000 ____D C:\Programme\Sony
2013-08-10 19:03 - 2008-10-28 21:59 - 00000000 ____D C:\Programme\Trend Micro
2013-08-10 19:03 - 2008-10-09 20:59 - 00000000 ____D C:\Programme\Kaspersky Lab
2013-08-10 19:03 - 2007-12-22 16:53 - 00000000 ____D C:\Programme\Motorola Phone Tools
2013-08-10 19:03 - 2007-02-25 18:27 - 00000000 ____D C:\Programme\Multi_Media_Germany
2013-08-10 19:03 - 2007-02-11 18:49 - 00000000 ____D C:\Programme\Nero
2013-08-10 19:03 - 2006-11-19 21:11 - 00000000 ____D C:\Programme\MSXML 4.0
2013-08-10 19:03 - 2006-06-06 19:18 - 00000000 ____D C:\Programme\Microsoft.NET
2013-08-10 19:03 - 2006-06-06 19:18 - 00000000 ____D C:\Programme\Microsoft Visual Studio
2013-08-10 19:03 - 2006-02-28 18:22 - 00000000 ____D C:\Programme\MSN Messenger
2013-08-10 19:03 - 2006-02-28 16:57 - 00000000 ____D C:\Programme\Learn2.com
2013-08-10 19:03 - 2006-02-28 15:56 - 00000000 ____D C:\Programme\Java
2013-08-10 19:03 - 2006-02-28 15:52 - 00000000 ____D C:\Programme\Medion Info Display
2013-08-10 19:03 - 2006-01-30 12:25 - 00000000 ____D C:\Programme\Realtek
2013-08-10 19:03 - 2005-10-09 19:13 - 00000000 ____D C:\Programme\NVIDIA Demo Kiosk
2013-08-10 19:03 - 2005-10-09 14:46 - 00000000 ____D C:\Programme\muvee Technologies
2013-08-10 19:03 - 2005-10-09 14:36 - 00000000 ____D C:\Programme\Microsoft AutoRoute
2013-08-10 19:03 - 2005-10-09 14:26 - 00000000 ____D C:\Programme\Microsoft Office
2013-08-10 19:03 - 2005-10-09 14:23 - 00000000 ____D C:\Programme\Microsoft Works Suite 2006
2013-08-10 19:03 - 2005-10-09 14:23 - 00000000 ____D C:\Programme\Microsoft Works
2013-08-10 19:03 - 2005-10-09 11:53 - 00000000 ____D C:\Programme\RALINK
2013-08-10 19:03 - 2005-10-09 11:25 - 00000000 ____D C:\Programme\Real
2013-08-10 19:03 - 2005-10-08 22:58 - 00000000 ____D C:\Programme\microsoft frontpage
2013-08-10 19:03 - 2005-10-08 22:56 - 00000000 ____D C:\Programme\Outlook Express
2013-08-10 19:03 - 2005-10-08 22:56 - 00000000 ____D C:\Programme\Online-Dienste
2013-08-10 19:03 - 2005-10-08 22:56 - 00000000 ____D C:\Programme\NetMeeting
2013-08-10 19:03 - 2005-10-08 22:56 - 00000000 ____D C:\Programme\Movie Maker
2013-08-10 19:03 - 2005-10-08 22:55 - 00000000 ____D C:\Programme\Online Services
2013-08-10 19:03 - 2005-10-08 22:55 - 00000000 ____D C:\Programme\MSN Gaming Zone
2013-08-10 19:03 - 2005-10-08 22:55 - 00000000 ____D C:\Programme\MSN
2013-08-10 19:03 - 2005-10-08 22:55 - 00000000 ____D C:\Programme\Messenger
2013-08-10 19:03 - 2005-10-08 15:24 - 00000000 ____D C:\Programme\Intel
2013-08-10 19:03 - 2003-01-01 11:14 - 00000000 ____D C:\Programme\StreamTransport
2013-08-09 22:03 - 2005-10-09 11:11 - 00001479 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2013-08-08 17:20 - 2009-03-21 12:16 - 00002259 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Jaksta Streaming Media Recorder and Converter.lnk
2013-08-08 16:34 - 2013-08-08 16:34 - 00000000 ____H C:\WINDOWS\system32\config\SYSTEM_tureg_new.LOG
2013-08-08 16:34 - 2013-08-08 16:34 - 00000000 ____H C:\WINDOWS\system32\config\SOFTWARE_tureg_new.LOG
2013-08-08 16:34 - 2013-08-08 16:34 - 00000000 ____H C:\WINDOWS\system32\config\SAM_tureg_new.LOG
2013-08-08 16:34 - 2013-08-08 16:34 - 00000000 ____H C:\WINDOWS\system32\config\DEFAULT_tureg_new.LOG
2013-08-08 16:34 - 2005-10-09 00:51 - 58982400 _____ C:\WINDOWS\system32\config\SOFTWARE_tureg_old
2013-08-08 16:34 - 2005-10-09 00:51 - 10485760 _____ C:\WINDOWS\system32\config\SYSTEM_tureg_old
2013-08-08 16:34 - 2005-10-08 23:51 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY_tureg_old
2013-08-08 16:29 - 2013-08-08 16:29 - 00000000 ____H C:\WINDOWS\system32\config\SECURITY_tureg_new.LOG
2013-08-08 16:27 - 2005-10-09 00:51 - 00786432 _____ C:\WINDOWS\system32\config\DEFAULT_tureg_old
2013-08-08 16:27 - 2005-10-08 23:51 - 00024576 _____ C:\WINDOWS\system32\config\SAM_tureg_old
2013-08-03 13:05 - 2009-03-22 22:18 - 00001044 _____ C:\WINDOWS\Tasks\Google Software Updater.job
2013-07-30 05:34 - 2013-07-25 19:03 - 00011489 _____ C:\WINDOWS\KB2834886.log
2013-07-30 05:34 - 2013-07-25 19:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2013-07-30 05:32 - 2013-07-30 05:27 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-07-27 20:29 - 2007-02-06 20:52 - 00000276 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-07-27 11:08 - 2006-04-13 15:02 - 00000174 _____ C:\WINDOWS\system32\fsbx.ini
2013-07-25 19:03 - 2013-07-25 19:03 - 00004458 _____ C:\WINDOWS\KB2834904.log
2013-07-25 19:03 - 2013-07-25 19:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$
2013-07-25 19:03 - 2013-07-25 19:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$
2013-07-25 19:03 - 2013-07-11 16:46 - 00025336 _____ C:\WINDOWS\KB2850851.log
2013-07-25 19:02 - 2013-07-25 19:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2013-07-25 19:02 - 2013-07-11 16:45 - 00023359 _____ C:\WINDOWS\KB2845187.log
2013-07-25 19:00 - 2013-07-25 18:59 - 00004146 _____ C:\WINDOWS\KB2845142.log
2013-07-25 19:00 - 2013-07-25 18:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845142_WM64$

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2005-10-09 07:46] - [2008-04-14 08:52] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e 

C:\Windows\System32\winlogon.exe
[2005-10-09 07:46] - [2008-04-14 08:53] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a 

C:\Windows\System32\svchost.exe
[2005-10-09 07:46] - [2008-04-14 08:53] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366 

C:\Windows\System32\services.exe
[2008-09-18 20:21] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc 

C:\Windows\System32\User32.dll
[2005-10-09 07:46] - [2008-04-14 08:52] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd 

C:\Windows\System32\userinit.exe
[2008-09-18 20:21] - [2008-04-14 08:53] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106 

C:\Windows\System32\Drivers\volsnap.sys
[2008-09-18 20:21] - [2008-04-14 08:22] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d 


==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Nachtrag:
Hallo Heiko,
habe jetzt in der Systemsteuerung auf das JAVA-Bedienfeld gedrückt, die Registerkarte „erweitert“ angeklickt und unter „Verschiedenes“ das Kontrollkästen für den Java Quick Starter (jqs) deaktiviert.
Die CPU-Auslastung liegt jetzt bei 3-4 % !!!
Mal schauen, ob ich da was von Java vermisse.
Schöne Grüße
Helmut


Alt 24.08.2013, 18:20   #36
Aneri
/// Malwareteam
 
Qvo6.xml ist das ein Trojaner? - Standard

Qvo6.xml ist das ein Trojaner?


Hi Helmut

warum machst du die Scannes mit FRST aus dem Safemode (Abgesicherten Modus) ?
bitte erstelle ein neues FRST Logfile aus dem normalen Modus...
dann sehen wir ob die Kiste "sauber" ist.
__________________
--> Qvo6.xml ist das ein Trojaner?

Alt 24.08.2013, 18:46   #37
HelmutS
 
Qvo6.xml ist das ein Trojaner? - Standard

Qvo6.xml ist das ein Trojaner?


Hi Heiko,
im Normalmodus bleibt der Vorgang regelmäßig hängen. War für mich immer umständlich, die Scans im abgesicherten Modus zu machen. Warum s nicht ging – keine Ahnung.

Alt 24.08.2013, 21:38   #38
Aneri
/// Malwareteam
 
Qvo6.xml ist das ein Trojaner? - Standard

Qvo6.xml ist das ein Trojaner?


ok kein Problem, ich schau mir die Logfiles nochmal an und meld mich morgen mit neuen Erkenntnissen gute Nacht
__________________
Gruß Aneri
Mitglied von UNITE

Lob oder Kritik? hier wirst du es los

Alt 25.08.2013, 11:27   #39
Aneri
/// Malwareteam
 
Qvo6.xml ist das ein Trojaner? - Standard

Qvo6.xml ist das ein Trojaner?


Hi Helmut

wer suchet der findet....

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKLM\...\Run: [mspd] - C:\WINDOWS\system32\mspd.exe [389632 2003-08-27] ()
Lsa: [Notification Packages] :\WINDOWS\system3
U3 Winsock - Google Desktop Search Backup Before First Install; No ImagePath
U3 Winsock - Google Desktop Search Backup Before Last Install; No ImagePath
C:\WINDOWS\system32\mspd.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Bitte nach dem Fix das Fixlogfile und ein neues FRST Logfile aus dem Normalmodus posten...
__________________
Gruß Aneri
Mitglied von UNITE

Lob oder Kritik? hier wirst du es los

Alt 25.08.2013, 18:25   #40
HelmutS
 
Qvo6.xml ist das ein Trojaner? - Standard

Qvo6.xml ist das ein Trojaner?


Hallo Heiko,
da bin ich schon wieder. Nach wie vor läuft FRST nicht im Normalmodus. Bereits nach 1 Sekunde bleibt der Scan stehen. Sorry

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-08-2013
Ran by Administrator at 2013-08-25 18:47:46 Run:2
Running from C:\
Boot Mode: Safe Mode (with Networking)

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [mspd] - C:\WINDOWS\system32\mspd.exe [389632 2003-08-27] ()
Lsa: [Notification Packages] :\WINDOWS\system3
U3 Winsock - Google Desktop Search Backup Before First Install; No ImagePath
U3 Winsock - Google Desktop Search Backup Before Last Install; No ImagePath
C:\WINDOWS\system32\mspd.exe
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mspd => Value deleted successfully.
HKLM\System\CurrentControlSet\Control\Lsa\\Notification Packages => Value was restored successfully.
Winsock - Google Desktop Search Backup Before First Install => Service deleted successfully.
Winsock - Google Desktop Search Backup Before Last Install => Service deleted successfully.
C:\WINDOWS\system32\mspd.exe => Moved successfully.

==== End of Fixlog ====

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-08-2013
Ran by Administrator (administrator) on 25-08-2013 19:01:20
Running from C:\
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) ===================


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - REM RTHDCPL.EXE [x]
HKLM\...\Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [CHotkey] - REM mHotkey.exe [x]
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe [1009835 2006-01-04] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe [118784 2006-01-04] (Acronis)
HKLM\...\Run: [Adobe Reader Speed Launcher] - Z:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [UpdatePDRShortCut] - z:\Programme\CyberLink\PowerDirector\PowerDirector\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [iTunesHelper] - F:\Programme\iTunes\iTunesHelper.exe [141608 2010-01-22] (Apple Inc.)
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [KiesTrayAgent] - Z:\Kies\KiesTrayAgent.exe [309688 2012-11-12] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [avgnt] - Z:\Programme\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-06] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avast] - C:\Programme\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll [X]
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKCU\...\Run: [AOLMIcon] - C:\Programme\Gemeinsame Dateien\AOLSHARE\AOLMIcon.exe [x]
HKCU\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Programme\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB [x]
HKCU\...\RunOnce: [NeroHomeFirstStart] - "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFirstStart.exe" [16680 2007-06-27] (Nero AG)
HKCU\...\Runonce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe [x]
HKU\Default User\...\Run: [AOLMIcon] - C:\Programme\Gemeinsame Dateien\AOLSHARE\AOLMIcon.exe [x]
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFirstStart.exe [ 2007-06-27] (Nero AG)
HKU\UpdatusUser\...\Run: [AOLMIcon] - C:\Programme\Gemeinsame Dateien\AOLSHARE\AOLMIcon.exe [x]
HKU\UpdatusUser\...\RunOnce: [NeroHomeFirstStart] - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFirstStart.exe [ 2007-06-27] (Nero AG)
Lsa: [Authentication Packages] msv1_0 relog_ap
BootExecute: autocheck autochk * oodbs

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.medion.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM - {074A4B8E-16EA-418f-82D3-FDF259FCC700} URL = hxxp://go.web.de/suchbox/amazon?field-keywords={searchTerms}
SearchScopes: HKLM - {5A90DDBA-05B8-4689-A5D5-F209DD8B4D62} URL = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
SearchScopes: HKLM - {96DEA305-33AB-4BFF-A2E3-3D9BD23472E0} URL = hxxp://go.web.de/suchbox/webdesuche?su={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {7980FFE6-9DFE-4d9d-920A-CEB86D279C79} URL = 
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: metaspinner GmbH - {84B94901-3645-4D80-A6B7-4D0050B19455} - F:\Programme\teXXas\IEButtonAmazonInterface.dll ()
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE.dll (AVAST Software)
BHO: ZuneIEPlugin.ZuneBHO - {A8533C62-9399-4640-B36B-D1DDE91EB8B1} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
BHO: metaspinner GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - F:\Programme\teXXas\IEButtonEbayInterface.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {15B782AF-55D8-11D1-B477-006097098764} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128778405937
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141142460296
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} hxxp://www.netnews.cc/netfoto/XUpload.ocx
Handler: ipp - No CLSID Value - 
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value - 
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: CShellExecuteHookImpl Object - {57B86673-276A-48B2-BAE7-C6DBB3020EB8} -  No File [ ]
Winsock: Catalog5 04 C:\Programme\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Programme\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Programme\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Programme\Google\Chrome\Application\29.0.1547.57\pdf.dll ()
CHR Plugin: (Microsoft\u00AE DRM) - C:\Programme\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Programme\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Programme\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - Z:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - Z:\Programme\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - Z:\Programme\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - Z:\Programme\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - Z:\Programme\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - Z:\Programme\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - Z:\Programme\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Programme\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - F:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (DivX\u00AE Content Upload Plugin) - z:\Programme\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - z:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (DivX Web Player) - z:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Picasa) - z:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - z:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - z:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - z:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Extension: (Google Docs) - C:\DOKUME~1\ADMINI~1\LOKALE~1\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\DOKUME~1\ADMINI~1\LOKALE~1\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\DOKUME~1\ADMINI~1\LOKALE~1\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\DOKUME~1\ADMINI~1\LOKALE~1\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet Service) - C:\DOKUME~1\ADMINI~1\LOKALE~1\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0
CHR Extension: (Gmail) - C:\DOKUME~1\ADMINI~1\LOKALE~1\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Dokumente und Einstellungen\Helmut\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx

========================== Services (Whitelisted) =================

S2 6to4; C:\Windows\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
S2 AcrSch2Svc; C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe [172032 2006-01-04] (Acronis)
S4 AdminSVC; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Web.de\adminsvc.exe [180224 2006-10-12] (hablamax)
S2 AntiVirSchedulerService; Z:\Programme\Avira\AntiVir Desktop\sched.exe [84024 2013-07-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; Z:\Programme\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-06] (Avira Operations GmbH & Co. KG)
S2 Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
S2 avast! Antivirus; C:\Programme\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 Bonjour Service; C:\Programme\Bonjour\mDNSResponder.exe [238888 2008-12-12] (Apple Inc.)
S4 CLCapSvc; z:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe [221257 2005-12-01] ()
S4 CLSched; z:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe [110663 2005-12-01] ()
S2 CyberLink Media Library Service; C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe [61440 2005-12-01] (Cyberlink)
S2 DBService; C:\Programme\Gemeinsame Dateien\DATA BECKER Shared\DBService.exe [189776 2010-10-28] (DATA BECKER GmbH & Co KG)
S2 FSService; z:\Programme\Folder Shield\FSService.exe [45056 2006-04-13] ()
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2009-12-28] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2009-12-28] (Google Inc.)
S2 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [194104 2011-09-13] (Google)
S4 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation)
S3 iPod Service; C:\Programme\iPod\bin\iPodService.exe [545576 2010-01-22] (Apple Inc.)
S4 LightScribeService; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [79136 2007-10-18] (Hewlett-Packard Company)
S2 MDM; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe [322120 2003-06-20] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [117656 2013-08-14] (Mozilla Foundation)
S4 NBService; C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe [800040 2007-09-17] (Nero AG)
S4 NMIndexingService; C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
S2 nvUpdatusService; C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1258856 2012-09-23] (NVIDIA Corporation)
S2 O&O Defrag; C:\WINDOWS\system32\oodag.exe [339456 2006-06-02] (O&O Software GmbH)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
S2 PSI_SVC_2; C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe [189728 2010-03-10] (Protexis Inc.)
S4 RichVideo; C:\Programme\CyberLink\Shared Files\RichVideo.exe [247152 2009-04-17] ()
S2 TuneUp.UtilitiesSvc; C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1528672 2012-05-29] (TuneUp Software)
S4 UleadBurningHelper; C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-03-13] (Ulead Systems, Inc.)
S2 vToolbarUpdater15.2.0; C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-21] (AVG Secure Search)
S4 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-10-24] (Microsoft Corporation)
S4 x10nets; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480 2001-11-12] (X10)
S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]
S4 AVG Anti-Spyware Guard; F:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe [x]
S2 FileZilla Server; "z:\Programme\FileZilla Server\FileZilla Server.exe" [x]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) ====================

S3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [826752 2005-12-06] (Philips Semiconductors GmbH)
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [48128 2008-04-14] (Microsoft Corporation)
S2 A4SII300; C:\Windows\System32\drivers\A4SII300.SYS [25632 1998-02-26] (Microsoft Corporation)
S2 acedrv11; C:\WINDOWS\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [19915 2005-10-09] (Meetinghouse Data Communications)
R3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [327168 2006-11-22] (Aladdin Knowledge Systems Ltd.)
R3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [100096 2006-11-22] (Aladdin Knowledge Systems Ltd.)
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
S2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-22] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-22] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-08-22] ()
S3 AVCSTRM; C:\Windows\System32\DRIVERS\avcstrm.sys [13696 2008-04-14] (Microsoft Corporation)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-05-21] (AVG Technologies)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-29] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-29] (Avira Operations GmbH & Co. KG)
R0 bxShield; C:\Windows\System32\Drivers\bxShield.sys [45056 2006-04-13] (Alfa Corporation)
R1 cdrblock; C:\Windows\System32\DRIVERS\cdrblock.sys [27704 2008-05-30] (Canopus Co,. Ltd.)
S1 cdrport; C:\Windows\System32\DRIVERS\cdrport.sys [4608 2005-03-11] (Canopus Co,. Ltd.)
R3 CMISTOR; C:\Windows\System32\DRIVERS\cmiucr.SYS [72320 2005-10-04] (C-Media Corporation)
R3 dtscsi; C:\Windows\System32\Drivers\dtscsi.sys [223128 2008-09-17] ()
S3 GT680x; C:\Windows\System32\Drivers\Gt680x.sys [17504 2003-02-19] (   )
S2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.)
S3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
S3 MSTAPE; C:\Windows\System32\DRIVERS\mstape.sys [49024 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [34064 2007-11-06] (CACE Technologies)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.)
S1 PQNTDrv; C:\Windows\System32\Drivers\PQNTDrv.sys [4228 2002-09-16] (PowerQuest Corporation)
R3 RT2500USB; C:\Windows\System32\DRIVERS\rt2500usb.sys [241536 2005-07-14] (Ralink Technology Inc.)
R3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [642560 2008-09-16] ()
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39016 2012-07-20] (RapidSolution Software AG)
R1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [30688 2008-10-09] (Acronis)
S3 TuneUpUtilitiesDrv; C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2012-05-08] (TuneUp Software)
S3 usbsermptxp; C:\Windows\System32\DRIVERS\usbsermptxp.sys [25600 2007-12-22] (Microsoft Corporation)
R0 viamraid; C:\Windows\System32\DRIVERS\viamraid.sys [117248 2008-01-22] (VIA Technologies inc,.ltd)
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [17792 2005-05-19] (X10 Wireless Technology, Inc.)
S3 akshhl; system32\DRIVERS\akshhl.sys [x]
S1 AVG Anti-Spyware Driver; \??\F:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.sys [x]
S1 AvgAsCln; System32\DRIVERS\AvgAsCln.sys [x]
S4 IntelIde; No ImagePath
S0 rseb; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-24 14:25 - 2013-08-22 18:36 - 00018776 _____ (Systweak Inc., (www.systweak.com)) C:\WINDOWS\system32\roboot.exe
2013-08-24 11:39 - 2013-08-23 18:34 - 01070315 _____ (Farbar) C:\FRST.exe
2013-08-24 11:22 - 2013-08-25 18:06 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-08-24 11:22 - 2013-08-24 11:22 - 00692104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-08-24 11:22 - 2013-08-24 11:22 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-08-24 11:03 - 2013-08-24 10:11 - 00448512 _____ (OldTimer Tools) C:\TFC.exe
2013-08-23 17:28 - 2013-08-23 17:28 - 00001891 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
2013-08-22 20:36 - 2013-08-22 20:36 - 00000700 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
2013-08-22 20:36 - 2013-08-22 20:36 - 00000000 ____D C:\Programme\Mozilla Maintenance Service
2013-08-22 19:51 - 2013-08-25 18:50 - 00001086 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1ce9f604adfe6ec.job
2013-08-22 19:51 - 2013-08-22 19:51 - 00001781 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
2013-08-22 19:49 - 2013-08-25 18:56 - 00000370 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-08-22 19:49 - 2013-08-22 19:49 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-08-22 19:49 - 2013-08-22 19:49 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-08-22 19:49 - 2013-08-22 19:49 - 00175176 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-08-22 19:49 - 2013-08-22 19:49 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys.sum
2013-08-22 19:49 - 2013-08-22 19:49 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2013-08-22 19:49 - 2013-08-22 19:49 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSnx.sys.sum
2013-08-22 19:49 - 2013-05-09 10:59 - 00066336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-08-22 19:49 - 2013-05-09 10:59 - 00056080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-08-22 19:49 - 2013-05-09 10:59 - 00049760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2013-08-22 19:49 - 2013-05-09 10:59 - 00049376 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-08-22 19:49 - 2013-05-09 10:59 - 00029816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-08-22 19:49 - 2013-05-09 10:58 - 00229648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-08-22 19:29 - 2013-08-22 19:29 - 00000000 ____D C:\Programme\AVAST Software
2013-08-22 19:29 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-08-22 17:28 - 2013-08-22 17:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-08-19 18:00 - 2013-08-19 18:00 - 00000000 ____D C:\Programme\ESET
2013-08-19 17:47 - 2013-08-19 17:47 - 00000000 __SHD C:\Dokumente und Einstellungen\Administrator\PrivacIE
2013-08-15 07:09 - 2013-08-15 07:09 - 00006154 _____ C:\WINDOWS\KB2863058.log
2013-08-15 07:09 - 2013-08-15 07:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-08-15 07:09 - 2013-08-15 07:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-08-15 07:09 - 2013-08-15 07:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-08-14 09:01 - 2013-08-14 09:01 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2013-08-14 07:17 - 2013-08-22 17:29 - 00014930 _____ C:\WINDOWS\KB2850869.log
2013-08-14 07:17 - 2013-08-15 07:09 - 00012682 _____ C:\WINDOWS\KB2859537.log
2013-08-13 20:57 - 2013-08-13 20:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\mbam-setup-1.75.0.1300.exe
2013-08-13 09:41 - 2013-08-13 09:41 - 00000000 ____D C:\WINDOWS\ERUNT
2013-08-12 11:59 - 2013-08-12 11:59 - 00000000 __SHD C:\Dokumente und Einstellungen\Administrator\IETldCache
2013-08-12 09:28 - 2013-08-19 17:03 - 00000000 ____D C:\FRST
2013-08-11 08:38 - 2013-08-11 19:55 - 00000000 ____D C:\Programme\WinZipper
2013-08-09 22:01 - 2013-08-10 21:02 - 00000000 ____D C:\Programme\Check Point Software Technologies LTD
2013-08-09 22:00 - 2013-08-10 21:02 - 00000000 ____D C:\Programme\East Imperial Soft
2013-08-08 16:34 - 2013-08-08 16:34 - 00000000 ____H C:\WINDOWS\system32\config\SYSTEM_tureg_new.LOG
2013-08-08 16:34 - 2013-08-08 16:34 - 00000000 ____H C:\WINDOWS\system32\config\SOFTWARE_tureg_new.LOG
2013-08-08 16:34 - 2013-08-08 16:34 - 00000000 ____H C:\WINDOWS\system32\config\SAM_tureg_new.LOG
2013-08-08 16:34 - 2013-08-08 16:34 - 00000000 ____H C:\WINDOWS\system32\config\DEFAULT_tureg_new.LOG
2013-08-08 16:29 - 2013-08-08 16:29 - 00000000 ____H C:\WINDOWS\system32\config\SECURITY_tureg_new.LOG
2013-08-06 11:02 - 2013-08-10 19:03 - 00000000 ____D C:\Programme\MSECache
2013-07-30 05:27 - 2013-07-30 05:32 - 00000000 ____D C:\WINDOWS\system32\MRT

==================== One Month Modified Files and Folders =======

2013-08-25 19:00 - 2007-01-27 10:54 - 00927126 _____ C:\WINDOWS\system32\OODBS.lor
2013-08-25 19:00 - 2005-10-09 07:46 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-08-25 18:59 - 2011-02-18 20:03 - 00327680 _____ C:\WINDOWS\system32\config\TuneUp.evt
2013-08-25 18:59 - 2006-06-06 20:48 - 00000275 _____ C:\WINDOWS\wiadebug.log
2013-08-25 18:59 - 2006-06-06 20:48 - 00000052 _____ C:\WINDOWS\wiaservc.log
2013-08-25 18:59 - 2006-06-06 17:54 - 00032128 _____ C:\WINDOWS\SchedLgU.Txt
2013-08-25 18:59 - 2006-06-06 17:53 - 01050209 _____ C:\WINDOWS\WindowsUpdate.log
2013-08-25 18:59 - 2005-10-08 23:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-08-25 18:58 - 2006-06-06 18:02 - 00000000 ____D C:\Dokumente und Einstellungen\Helmut
2013-08-25 18:56 - 2013-08-22 19:49 - 00000370 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-08-25 18:50 - 2013-08-22 19:51 - 00001086 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1ce9f604adfe6ec.job
2013-08-25 18:48 - 2010-11-05 19:18 - 00000190 ___SH C:\Dokumente und Einstellungen\Administrator\ntuser.ini
2013-08-25 18:06 - 2013-08-24 11:22 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-08-25 18:05 - 2009-12-28 08:49 - 00001090 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-24 20:29 - 2007-02-06 20:52 - 00000276 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-08-24 16:52 - 2007-01-27 10:57 - 00000000 ____D C:\WINDOWS\system32\oodag
2013-08-24 16:12 - 2005-10-08 23:52 - 00000000 ___RD C:\Programme
2013-08-24 11:40 - 2012-04-12 17:37 - 00008071 _____ C:\WINDOWS\setupact.log
2013-08-24 11:22 - 2013-08-24 11:22 - 00692104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-08-24 11:22 - 2013-08-24 11:22 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-08-24 10:11 - 2013-08-24 11:03 - 00448512 _____ (OldTimer Tools) C:\TFC.exe
2013-08-23 18:34 - 2013-08-24 11:39 - 01070315 _____ (Farbar) C:\FRST.exe
2013-08-23 17:28 - 2013-08-23 17:28 - 00001891 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
2013-08-23 17:28 - 2005-10-09 12:25 - 00000000 ____D C:\Programme\Google
2013-08-22 20:36 - 2013-08-22 20:36 - 00000700 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
2013-08-22 20:36 - 2013-08-22 20:36 - 00000000 ____D C:\Programme\Mozilla Maintenance Service
2013-08-22 20:35 - 2009-03-22 12:16 - 00000000 ____D C:\Programme\Mozilla Firefox
2013-08-22 19:51 - 2013-08-22 19:51 - 00001781 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
2013-08-22 19:49 - 2013-08-22 19:49 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-08-22 19:49 - 2013-08-22 19:49 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-08-22 19:49 - 2013-08-22 19:49 - 00175176 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-08-22 19:49 - 2013-08-22 19:49 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys.sum
2013-08-22 19:49 - 2013-08-22 19:49 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2013-08-22 19:49 - 2013-08-22 19:49 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSnx.sys.sum
2013-08-22 19:49 - 2005-10-08 22:57 - 00003000 _____ C:\WINDOWS\system32\config.nt
2013-08-22 19:29 - 2013-08-22 19:29 - 00000000 ____D C:\Programme\AVAST Software
2013-08-22 18:36 - 2013-08-24 14:25 - 00018776 _____ (Systweak Inc., (www.systweak.com)) C:\WINDOWS\system32\roboot.exe
2013-08-22 17:47 - 2005-10-08 15:17 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-08-22 17:35 - 2012-06-07 13:32 - 75778376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-08-22 17:32 - 2005-10-08 23:52 - 01166212 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-08-22 17:29 - 2013-08-22 17:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-08-22 17:29 - 2013-08-14 07:17 - 00014930 _____ C:\WINDOWS\KB2850869.log
2013-08-22 17:29 - 2012-04-12 17:37 - 00756252 _____ C:\WINDOWS\setupapi.log
2013-08-22 17:29 - 2012-04-12 17:37 - 00517343 _____ C:\WINDOWS\FaxSetup.log
2013-08-22 17:29 - 2012-04-12 17:37 - 00248304 _____ C:\WINDOWS\ocgen.log
2013-08-22 17:29 - 2012-04-12 17:37 - 00198156 _____ C:\WINDOWS\tsoc.log
2013-08-22 17:29 - 2012-04-12 17:37 - 00172496 _____ C:\WINDOWS\comsetup.log
2013-08-22 17:29 - 2012-04-12 17:37 - 00104470 _____ C:\WINDOWS\ntdtcsetup.log
2013-08-22 17:29 - 2012-04-12 17:37 - 00082802 _____ C:\WINDOWS\iis6.log
2013-08-22 17:29 - 2012-04-12 17:37 - 00028728 _____ C:\WINDOWS\ocmsn.log
2013-08-22 17:29 - 2012-04-12 17:37 - 00025956 _____ C:\WINDOWS\msgsocm.log
2013-08-22 17:29 - 2012-04-12 17:37 - 00001374 _____ C:\WINDOWS\imsins.log
2013-08-22 17:29 - 2012-04-12 17:36 - 00084745 _____ C:\WINDOWS\updspapi.log
2013-08-20 20:24 - 2013-06-20 18:30 - 00000000 ____D C:\Magazin-1
2013-08-20 19:54 - 2006-06-07 19:57 - 00000116 _____ C:\WINDOWS\NeroDigital.ini
2013-08-20 18:30 - 2005-10-09 14:27 - 00000400 _____ C:\WINDOWS\ODBC.INI
2013-08-19 18:00 - 2013-08-19 18:00 - 00000000 ____D C:\Programme\ESET
2013-08-19 17:47 - 2013-08-19 17:47 - 00000000 __SHD C:\Dokumente und Einstellungen\Administrator\PrivacIE
2013-08-19 17:47 - 2010-11-05 19:18 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe
2013-08-19 17:47 - 2010-11-05 19:18 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator
2013-08-19 17:03 - 2013-08-12 09:28 - 00000000 ____D C:\FRST
2013-08-18 15:30 - 2013-06-22 08:58 - 00007680 ___SH C:\WINDOWS\Thumbs.db
2013-08-18 12:58 - 2012-04-01 10:57 - 00023405 _____ C:\WINDOWS\wmsetup.log
2013-08-18 09:47 - 2006-06-16 12:16 - 00005134 _____ C:\WINDOWS\xnview.ini
2013-08-17 17:41 - 2013-06-20 16:56 - 00000000 ____D C:\Programme\Hybrid
2013-08-17 17:41 - 2012-07-19 19:14 - 00000000 ____D C:\Programme\TuneUp Utilities 2012
2013-08-17 12:24 - 2006-06-11 09:50 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2013-08-17 11:22 - 2005-10-08 22:56 - 00000000 ____D C:\WINDOWS\Registration
2013-08-15 07:09 - 2013-08-15 07:09 - 00006154 _____ C:\WINDOWS\KB2863058.log
2013-08-15 07:09 - 2013-08-15 07:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-08-15 07:09 - 2013-08-15 07:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-08-15 07:09 - 2013-08-15 07:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-08-15 07:09 - 2013-08-14 07:17 - 00012682 _____ C:\WINDOWS\KB2859537.log
2013-08-15 07:09 - 2012-04-12 17:37 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-08-15 07:09 - 2007-02-18 04:01 - 00883452 _____ C:\WINDOWS\system32\TZLog.log
2013-08-14 09:28 - 2012-12-27 10:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2753842-v2$
2013-08-14 09:28 - 2009-03-11 22:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB959772_WM11$
2013-08-14 09:01 - 2013-08-14 09:01 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2013-08-13 20:57 - 2013-08-13 20:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\mbam-setup-1.75.0.1300.exe
2013-08-13 20:48 - 2006-06-17 09:33 - 00001966 _____ C:\WINDOWS\Ulead32.ini
2013-08-13 18:48 - 2005-10-08 23:52 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Dokumente
2013-08-13 09:41 - 2013-08-13 09:41 - 00000000 ____D C:\WINDOWS\ERUNT
2013-08-13 09:35 - 2012-04-09 10:41 - 00000000 ____D C:\Programme\Gemeinsame Dateien\AVG Secure Search
2013-08-12 11:59 - 2013-08-12 11:59 - 00000000 __SHD C:\Dokumente und Einstellungen\Administrator\IETldCache
2013-08-11 19:55 - 2013-08-11 08:38 - 00000000 ____D C:\Programme\WinZipper
2013-08-11 19:55 - 2005-10-08 23:51 - 00430984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-08-11 19:54 - 2005-10-08 23:00 - 00000000 __SHD C:\Dokumente und Einstellungen\NetworkService
2013-08-11 19:54 - 2005-10-08 23:00 - 00000000 __SHD C:\Dokumente und Einstellungen\LocalService
2013-08-10 21:03 - 2005-10-08 23:52 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü
2013-08-10 21:02 - 2013-08-09 22:01 - 00000000 ____D C:\Programme\Check Point Software Technologies LTD
2013-08-10 21:02 - 2013-08-09 22:00 - 00000000 ____D C:\Programme\East Imperial Soft
2013-08-10 21:02 - 2013-07-17 21:20 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Uniblue
2013-08-10 21:02 - 2013-07-17 21:00 - 00000000 ____D C:\Programme\DVDVideoSoft
2013-08-10 21:02 - 2013-07-09 17:07 - 00000000 ____D C:\Programme\DsNET Corp
2013-08-10 21:02 - 2013-06-27 16:03 - 00000000 ___SD C:\Dokumente und Einstellungen\UpdatusUser\UserData
2013-08-10 21:02 - 2013-06-27 16:03 - 00000000 ___RD C:\Dokumente und Einstellungen\UpdatusUser\Startmenü
2013-08-10 21:02 - 2013-06-27 16:03 - 00000000 ____D C:\Dokumente und Einstellungen\UpdatusUser\WINDOWS
2013-08-10 21:02 - 2013-06-27 14:52 - 00000000 ____D C:\NVIDIA
2013-08-10 21:02 - 2013-06-20 18:15 - 00000000 ____D C:\Programme\Greenshot
2013-08-10 21:02 - 2013-06-19 16:52 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Skype
2013-08-10 21:02 - 2013-05-23 17:22 - 00000000 ____D C:\Programme\Gemeinsame Dateien\DVDVideoSoft
2013-08-10 21:02 - 2013-03-09 21:46 - 00000000 ____D C:\Programme\CheckPoint
2013-08-10 21:02 - 2012-12-12 19:21 - 00000000 ____D C:\Programme\Dropbox
2013-08-10 21:02 - 2012-03-04 20:51 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Spigot(3)
2013-08-10 21:02 - 2012-03-04 20:51 - 00000000 ____D C:\Programme\Application Updater(3)
2013-08-10 21:02 - 2011-09-20 14:59 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Protexis
2013-08-10 21:02 - 2011-09-11 14:36 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Corel
2013-08-10 21:02 - 2011-09-10 20:45 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Spigot(2)
2013-08-10 21:02 - 2011-09-10 20:45 - 00000000 ____D C:\Programme\Application Updater(2)
2013-08-10 21:02 - 2011-02-26 17:45 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Aladdin Shared
2013-08-10 21:02 - 2011-02-26 14:19 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Aladdin Shared(2)
2013-08-10 21:02 - 2011-02-19 14:38 - 00000000 ____D C:\Programme\CodecOption
2013-08-10 21:02 - 2010-11-27 16:32 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Snell & Wilcox Shared
2013-08-10 21:02 - 2010-11-27 16:32 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Grass Valley
2013-08-10 21:02 - 2010-11-24 21:37 - 00000000 ____D C:\Programme\directx
2013-08-10 21:02 - 2010-11-23 20:14 - 00000000 ____D C:\MappedFiles
2013-08-10 21:02 - 2010-11-05 19:18 - 00000000 ___SD C:\Dokumente und Einstellungen\Administrator\UserData
2013-08-10 21:02 - 2010-11-05 19:18 - 00000000 ___RD C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme
2013-08-10 21:02 - 2010-11-05 19:18 - 00000000 ___RD C:\Dokumente und Einstellungen\Administrator\Startmenü
2013-08-10 21:02 - 2010-11-05 19:18 - 00000000 ___RD C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Musik
2013-08-10 21:02 - 2010-11-05 19:18 - 00000000 ___RD C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Dokumente
2013-08-10 21:02 - 2010-11-05 19:18 - 00000000 ___RD C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Bilder
2013-08-10 21:02 - 2010-11-05 19:18 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\WINDOWS
2013-08-10 21:02 - 2010-11-05 19:18 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Mein Geld
2013-08-10 21:02 - 2009-11-27 20:26 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\CyberLink
2013-08-10 21:02 - 2009-11-27 20:23 - 00000000 ____D C:\Dokumente und Einstellungen\Besitzer\Startmenü
2013-08-10 21:02 - 2009-11-21 22:16 - 00000000 ____D C:\Programme\Bonjour
2013-08-10 21:02 - 2009-11-11 20:38 - 00000000 ____D C:\Programme\AVS4YOU
2013-08-10 21:02 - 2009-11-01 14:52 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Apple
2013-08-10 21:02 - 2009-07-05 12:11 - 00000000 ____D C:\Programme\Gemeinsame Dateien\SWF Studio
2013-08-10 21:02 - 2008-12-19 20:32 - 00000000 ____D C:\Programme\DATA BECKER
2013-08-10 21:02 - 2008-12-16 19:43 - 00000000 ____D C:\Programme\Gemeinsame Dateien\DATA BECKER Shared
2013-08-10 21:02 - 2008-10-29 19:59 - 00000000 ____D C:\Intel
2013-08-10 21:02 - 2008-10-27 18:37 - 00000000 ____D C:\Programme\BearPaw 2448TA Plus
2013-08-10 21:02 - 2008-10-21 21:12 - 00000000 ____D C:\Programme\Gemeinsame Dateien\TechSmith Shared
2013-08-10 21:02 - 2008-10-09 19:03 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Acronis
2013-08-10 21:02 - 2008-10-09 19:03 - 00000000 ____D C:\Programme\Acronis
2013-08-10 21:02 - 2008-10-09 17:42 - 00000000 ____D C:\Programme\Canon
2013-08-10 21:02 - 2008-10-09 17:36 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Canon
2013-08-10 21:02 - 2008-09-16 20:58 - 00000000 ____D C:\Programme\Gemeinsame Dateien\xing shared
2013-08-10 21:02 - 2007-12-22 18:20 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Motorola Shared
2013-08-10 21:02 - 2007-06-18 20:16 - 00000000 ____D C:\Programme\Gemeinsame Dateien\SONY Digital Images
2013-08-10 21:02 - 2007-06-10 12:27 - 00000000 ____D C:\Programme\Gemeinsame Dateien\AVSMedia
2013-08-10 21:02 - 2007-02-07 19:28 - 00000000 ____D C:\Programme\Codec Pack - All In 1
2013-08-10 21:02 - 2007-02-06 20:52 - 00000000 ____D C:\Programme\Apple Software Update
2013-08-10 21:02 - 2007-01-21 22:50 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Adobe
2013-08-10 21:02 - 2007-01-10 14:32 - 00000000 ____D C:\Dokumente und Einstellungen\Besitzer
2013-08-10 21:02 - 2006-10-08 15:03 - 00000000 ____D C:\Programme\Canopus
2013-08-10 21:02 - 2006-08-03 08:39 - 00000000 ____D C:\Programme\Gemeinsame Dateien\ODBC
2013-08-10 21:02 - 2006-07-01 09:43 - 00000000 ____D C:\Programme\AOL
2013-08-10 21:02 - 2006-06-16 11:29 - 00000000 ____D C:\Programme\Digitale Telefonauskunft
2013-08-10 21:02 - 2006-06-07 19:00 - 00000000 ____D C:\Programme\Gemeinsame Dateien\InterVideo
2013-08-10 21:02 - 2006-06-07 19:00 - 00000000 ____D C:\Programme\Creative
2013-08-10 21:02 - 2006-06-07 18:38 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Canopus Shared
2013-08-10 21:02 - 2006-06-07 18:04 - 00000000 ____D C:\MSCAN
2013-08-10 21:02 - 2006-06-06 20:58 - 00000000 ____D C:\Programme\Dornier GmbH
2013-08-10 21:02 - 2006-06-06 20:07 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Ulead Systems
2013-08-10 21:02 - 2006-06-06 19:18 - 00000000 ____D C:\Programme\Gemeinsame Dateien\DESIGNER
2013-08-10 21:02 - 2006-02-28 16:57 - 00000000 ____D C:\Programme\Gemeinsame Dateien\aol
2013-08-10 21:02 - 2006-02-28 16:07 - 00000000 ____D C:\Programme\Home Cinema
2013-08-10 21:02 - 2006-02-28 16:07 - 00000000 ____D C:\Programme\CyberLink
2013-08-10 21:02 - 2006-02-28 16:03 - 00000000 ____D C:\Programme\Gemeinsame Dateien\LightScribe
2013-08-10 21:02 - 2006-02-28 16:02 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Ahead
2013-08-10 21:02 - 2006-02-28 16:02 - 00000000 ____D C:\Programme\Ahead
2013-08-10 21:02 - 2006-02-28 16:01 - 00000000 ____D C:\PCM
2013-08-10 21:02 - 2006-02-28 15:56 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Java
2013-08-10 21:02 - 2006-02-28 15:56 - 00000000 ____D C:\Programme\Adobe
2013-08-10 21:02 - 2006-02-28 15:51 - 00000000 ____D C:\Programme\C-Media USB2.0 Card Reader
2013-08-10 21:02 - 2005-10-09 14:56 - 00000000 ____D C:\Programme\Gemeinsame Dateien\MAGIX Shared
2013-08-10 21:02 - 2005-10-09 14:55 - 00000000 ____D C:\Programme\ALDI Sued Foto Service
2013-08-10 21:02 - 2005-10-09 14:49 - 00000000 ____D C:\Programme\Gemeinsame Dateien\DataDesign
2013-08-10 21:02 - 2005-10-09 14:46 - 00000000 ____D C:\Programme\Gemeinsame Dateien\muvee Technologies
2013-08-10 21:02 - 2005-10-09 14:33 - 00000000 ____D C:\Programme\Encarta
2013-08-10 21:02 - 2005-10-09 12:28 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Nullsoft
2013-08-10 21:02 - 2005-10-09 12:25 - 00000000 ____D C:\Programme\DivX
2013-08-10 21:02 - 2005-10-09 11:25 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Real
2013-08-10 21:02 - 2005-10-08 23:52 - 00000000 ____D C:\Programme\Gemeinsame Dateien\SpeechEngines
2013-08-10 21:02 - 2005-10-08 23:52 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Microsoft Shared
2013-08-10 21:02 - 2005-10-08 22:56 - 00000000 ____D C:\Programme\Gemeinsame Dateien\System
2013-08-10 21:02 - 2005-10-08 22:56 - 00000000 ____D C:\Programme\Gemeinsame Dateien\MSSoap
2013-08-10 21:02 - 2005-10-08 22:56 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Dienste
2013-08-10 21:02 - 2005-10-08 15:59 - 00000000 ____D C:\Programme\HighMAT CD Writing Wizard
2013-08-10 21:02 - 2005-10-08 15:28 - 00000000 ____D C:\Programme\Gemeinsame Dateien\InstallShield
2013-08-10 19:03 - 2013-08-06 11:02 - 00000000 ____D C:\Programme\MSECache
2013-08-10 19:03 - 2013-07-07 20:43 - 00000000 ____D C:\Programme\Ontrack
2013-08-10 19:03 - 2013-06-20 18:06 - 00000000 ____D C:\Programme\MediaInfo
2013-08-10 19:03 - 2013-04-13 18:52 - 00000000 ____D C:\Programme\NVIDIA Corporation
2013-08-10 19:03 - 2013-04-05 19:07 - 00000000 ____D C:\Programme\NCH Software
2013-08-10 19:03 - 2013-03-29 17:06 - 00000000 ____D C:\Programme\SIW
2013-08-10 19:03 - 2012-07-05 20:03 - 00000000 ____D C:\Programme\MarkAny
2013-08-10 19:03 - 2012-06-26 20:29 - 00000000 ____D C:\Programme\Office 2007
2013-08-10 19:03 - 2011-09-20 15:00 - 00000000 ____D C:\Programme\Microsoft SDKs
2013-08-10 19:03 - 2011-09-10 22:26 - 00000000 ____D C:\Programme\Microsoft Visual Studio 9.0
2013-08-10 19:03 - 2011-03-10 21:05 - 00000000 ____D C:\Programme\Microsoft Silverlight
2013-08-10 19:03 - 2010-02-13 22:01 - 00000000 ____D C:\Programme\iPod
2013-08-10 19:03 - 2009-11-27 20:23 - 00000000 ____D C:\Programme\SmartSound Software
2013-08-10 19:03 - 2009-08-15 14:40 - 00000000 ____D C:\Programme\Reference Assemblies
2013-08-10 19:03 - 2009-08-15 14:40 - 00000000 ____D C:\Programme\MSBuild
2013-08-10 19:03 - 2009-08-15 14:37 - 00000000 ____D C:\Programme\MSXML 6.0
2013-08-10 19:03 - 2009-07-30 09:56 - 00000000 ____D C:\Programme\Sony
2013-08-10 19:03 - 2008-10-28 21:59 - 00000000 ____D C:\Programme\Trend Micro
2013-08-10 19:03 - 2008-10-09 20:59 - 00000000 ____D C:\Programme\Kaspersky Lab
2013-08-10 19:03 - 2007-12-22 16:53 - 00000000 ____D C:\Programme\Motorola Phone Tools
2013-08-10 19:03 - 2007-02-25 18:27 - 00000000 ____D C:\Programme\Multi_Media_Germany
2013-08-10 19:03 - 2007-02-11 18:49 - 00000000 ____D C:\Programme\Nero
2013-08-10 19:03 - 2006-11-19 21:11 - 00000000 ____D C:\Programme\MSXML 4.0
2013-08-10 19:03 - 2006-06-06 19:18 - 00000000 ____D C:\Programme\Microsoft.NET
2013-08-10 19:03 - 2006-06-06 19:18 - 00000000 ____D C:\Programme\Microsoft Visual Studio
2013-08-10 19:03 - 2006-02-28 18:22 - 00000000 ____D C:\Programme\MSN Messenger
2013-08-10 19:03 - 2006-02-28 16:57 - 00000000 ____D C:\Programme\Learn2.com
2013-08-10 19:03 - 2006-02-28 15:56 - 00000000 ____D C:\Programme\Java
2013-08-10 19:03 - 2006-02-28 15:52 - 00000000 ____D C:\Programme\Medion Info Display
2013-08-10 19:03 - 2006-01-30 12:25 - 00000000 ____D C:\Programme\Realtek
2013-08-10 19:03 - 2005-10-09 19:13 - 00000000 ____D C:\Programme\NVIDIA Demo Kiosk
2013-08-10 19:03 - 2005-10-09 14:46 - 00000000 ____D C:\Programme\muvee Technologies
2013-08-10 19:03 - 2005-10-09 14:36 - 00000000 ____D C:\Programme\Microsoft AutoRoute
2013-08-10 19:03 - 2005-10-09 14:26 - 00000000 ____D C:\Programme\Microsoft Office
2013-08-10 19:03 - 2005-10-09 14:23 - 00000000 ____D C:\Programme\Microsoft Works Suite 2006
2013-08-10 19:03 - 2005-10-09 14:23 - 00000000 ____D C:\Programme\Microsoft Works
2013-08-10 19:03 - 2005-10-09 11:53 - 00000000 ____D C:\Programme\RALINK
2013-08-10 19:03 - 2005-10-09 11:25 - 00000000 ____D C:\Programme\Real
2013-08-10 19:03 - 2005-10-08 22:58 - 00000000 ____D C:\Programme\microsoft frontpage
2013-08-10 19:03 - 2005-10-08 22:56 - 00000000 ____D C:\Programme\Outlook Express
2013-08-10 19:03 - 2005-10-08 22:56 - 00000000 ____D C:\Programme\Online-Dienste
2013-08-10 19:03 - 2005-10-08 22:56 - 00000000 ____D C:\Programme\NetMeeting
2013-08-10 19:03 - 2005-10-08 22:56 - 00000000 ____D C:\Programme\Movie Maker
2013-08-10 19:03 - 2005-10-08 22:55 - 00000000 ____D C:\Programme\Online Services
2013-08-10 19:03 - 2005-10-08 22:55 - 00000000 ____D C:\Programme\MSN Gaming Zone
2013-08-10 19:03 - 2005-10-08 22:55 - 00000000 ____D C:\Programme\MSN
2013-08-10 19:03 - 2005-10-08 22:55 - 00000000 ____D C:\Programme\Messenger
2013-08-10 19:03 - 2005-10-08 15:24 - 00000000 ____D C:\Programme\Intel
2013-08-10 19:03 - 2003-01-01 11:14 - 00000000 ____D C:\Programme\StreamTransport
2013-08-09 22:03 - 2005-10-09 11:11 - 00001479 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2013-08-08 17:20 - 2009-03-21 12:16 - 00002259 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Jaksta Streaming Media Recorder and Converter.lnk
2013-08-08 16:34 - 2013-08-08 16:34 - 00000000 ____H C:\WINDOWS\system32\config\SYSTEM_tureg_new.LOG
2013-08-08 16:34 - 2013-08-08 16:34 - 00000000 ____H C:\WINDOWS\system32\config\SOFTWARE_tureg_new.LOG
2013-08-08 16:34 - 2013-08-08 16:34 - 00000000 ____H C:\WINDOWS\system32\config\SAM_tureg_new.LOG
2013-08-08 16:34 - 2013-08-08 16:34 - 00000000 ____H C:\WINDOWS\system32\config\DEFAULT_tureg_new.LOG
2013-08-08 16:34 - 2005-10-09 00:51 - 58982400 _____ C:\WINDOWS\system32\config\SOFTWARE_tureg_old
2013-08-08 16:34 - 2005-10-09 00:51 - 10485760 _____ C:\WINDOWS\system32\config\SYSTEM_tureg_old
2013-08-08 16:34 - 2005-10-08 23:51 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY_tureg_old
2013-08-08 16:29 - 2013-08-08 16:29 - 00000000 ____H C:\WINDOWS\system32\config\SECURITY_tureg_new.LOG
2013-08-08 16:27 - 2005-10-09 00:51 - 00786432 _____ C:\WINDOWS\system32\config\DEFAULT_tureg_old
2013-08-08 16:27 - 2005-10-08 23:51 - 00024576 _____ C:\WINDOWS\system32\config\SAM_tureg_old
2013-08-03 13:05 - 2009-03-22 22:18 - 00001044 _____ C:\WINDOWS\Tasks\Google Software Updater.job
2013-07-30 05:34 - 2013-07-25 19:03 - 00011489 _____ C:\WINDOWS\KB2834886.log
2013-07-30 05:34 - 2013-07-25 19:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2013-07-30 05:32 - 2013-07-30 05:27 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-07-27 11:08 - 2006-04-13 15:02 - 00000174 _____ C:\WINDOWS\system32\fsbx.ini

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2005-10-09 07:46] - [2008-04-14 08:52] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e 

C:\Windows\System32\winlogon.exe
[2005-10-09 07:46] - [2008-04-14 08:53] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a 

C:\Windows\System32\svchost.exe
[2005-10-09 07:46] - [2008-04-14 08:53] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366 

C:\Windows\System32\services.exe
[2008-09-18 20:21] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc 

C:\Windows\System32\User32.dll
[2005-10-09 07:46] - [2008-04-14 08:52] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd 

C:\Windows\System32\userinit.exe
[2008-09-18 20:21] - [2008-04-14 08:53] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106 

C:\Windows\System32\Drivers\volsnap.sys
[2008-09-18 20:21] - [2008-04-14 08:22] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d 


==================== End Of Log ============================
--- --- ---

--- --- ---

Alt 25.08.2013, 21:14   #41
Aneri
/// Malwareteam
 
Qvo6.xml ist das ein Trojaner? - Standard

Qvo6.xml ist das ein Trojaner?


ok dann suchen wir tiefer im System ...

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

__________________
Gruß Aneri
Mitglied von UNITE

Lob oder Kritik? hier wirst du es los

Alt 26.08.2013, 15:56   #42
HelmutS
 
Qvo6.xml ist das ein Trojaner? - Standard

Qvo6.xml ist das ein Trojaner?


Ich weiß nicht, Heiko, ob der Scan komplett ist. Ich hatte zum Schluß zwar keine Anzeige "Scan finished successfully" im DOS-Fenster, glaube aber der Scan war durch.

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-08-26 16:41:17
-----------------------------
16:41:17.687    OS Version: Windows 5.1.2600 Service Pack 3
16:41:17.687    Number of processors: 2 586 0x407
16:41:17.687    ComputerName: FUCHS  UserName: 
16:41:18.093    Initialize success
16:41:18.437    AVAST engine defs: 13082600
16:41:41.968    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c
16:41:41.968    Disk 0 Vendor: Maxtor_6B200P0 BAH41B10 Size: 194481MB BusType: 3
16:41:41.984    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-17
16:41:41.984    Disk 1 Vendor: ST3250824AS 3.AAE Size: 238475MB BusType: 3
16:41:42.000    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-22
16:41:42.015    Disk 2 Vendor: SAMSUNG_HD753LJ 1AA01118 Size: 715404MB BusType: 3
16:41:42.109    Disk 1 MBR read successfully
16:41:42.109    Disk 1 MBR scan
16:41:42.125    Disk 1 Windows XP default MBR code
16:41:42.140    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS        78999 MB offset 63
16:41:42.156    Disk 1 Partition - 00     0F Extended LBA            148475 MB offset 161790615
16:41:42.187    Disk 1 Partition 2 00     07    HPFS/NTFS NTFS         4000 MB offset 465868935
16:41:42.218    Disk 1 Partition 3 00     07    HPFS/NTFS NTFS         6997 MB offset 474062085
16:41:42.250    Disk 1 Partition 4 00     07    HPFS/NTFS NTFS        36005 MB offset 161790678
16:41:42.265    Disk 1 Partition - 00     05     Extended              6502 MB offset 235528965
16:41:42.296    Disk 1 Partition 5 00     07    HPFS/NTFS NTFS         6502 MB offset 235529028
16:41:42.328    Disk 1 Partition - 00     05     Extended            105967 MB offset 322585200
16:41:42.343    Disk 1 Partition 6 00     07    HPFS/NTFS NTFS       105967 MB offset 248846913
16:41:42.375    Disk 1 scanning sectors +488392065
16:41:42.500    Disk 1 scanning C:\WINDOWS\system32\drivers
16:41:52.671    File: C:\WINDOWS\system32\drivers\bxShield.sys **HIDDEN**
16:41:52.703    Service scanning
16:41:55.250    Service bxShield C:\WINDOWS\System32\Drivers\bxShield.sys **LOCKED** 5
16:41:56.578    Service dtscsi C:\WINDOWS\System32\Drivers\dtscsi.sys **LOCKED** 32
16:42:03.250    Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
16:42:06.468    Modules scanning
16:42:13.546    Disk 1 trace - called modules:
16:42:13.593    ntkrnlpa.exe >>UNKNOWN [0x8b0c5708]<<
16:42:13.609    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8b078ab8]
16:42:13.625    \Driver\Disk[0x8b07a940] -> IRP_MJ_CREATE -> 0x8b0c5708
16:42:14.031    AVAST engine scan C:\WINDOWS
16:42:23.312    AVAST engine scan C:\WINDOWS\system32
16:50:48.937    Disk 1 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Helmut\Desktop\MBR.dat"
16:50:48.968    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Helmut\Desktop\aswMBR.txt"

Alt 26.08.2013, 18:11   #43
Aneri
/// Malwareteam
 
Qvo6.xml ist das ein Trojaner? - Standard

Qvo6.xml ist das ein Trojaner?


Hallo Helmut,

macht das System noch Probleme? Wenn ja sag mir bitte wo diese liegen...
an Malware finde ich nichts mehr.
__________________
Gruß Aneri
Mitglied von UNITE

Lob oder Kritik? hier wirst du es los

Alt 26.08.2013, 18:32   #44
HelmutS
 
Qvo6.xml ist das ein Trojaner? - Standard

Qvo6.xml ist das ein Trojaner?


Nee, Heiko. Scheint alles in Ordnung zu sein. Nochmals allerbesten Dank für deine liebe Hilfe. Gibt es hier im Forum einen Tipp, wie ich mich jetzt in Zukunft verhalte. Den avast! zum Beispiel einmal die Woche – oder einmal im Monat eine schnelle Überprüfung vornehmen zu lassen oder dergleichen?
Beste Grüße
Helmut

Alt 26.08.2013, 18:42   #45
Aneri
/// Malwareteam
 
Qvo6.xml ist das ein Trojaner? - Standard

Qvo6.xml ist das ein Trojaner?


ich brauch noch ein letztes FRST Logfile von dir, dann kommen die Tips
__________________
Gruß Aneri
Mitglied von UNITE

Lob oder Kritik? hier wirst du es los

Antwort
Seite 3 von 4 12 3 4

Themen zu Qvo6.xml ist das ein Trojaner?
firefox, hallo zusammen, ist das ein trojaner?, mozilla, mozilla firefox, programme, searchplugins, troja, trojaner, trojaner?, zusammen


« GVU Trojaner Problem | malwarebytes findet immer was ! »


Ähnliche Themen: Qvo6.xml ist das ein Trojaner?


  1. qvo6 virus
    Plagegeister aller Art und deren Bekämpfung - 26.11.2013 (1)
  2. Wie entferne ich Qvo6
    Plagegeister aller Art und deren Bekämpfung - 20.11.2013 (11)
  3. qvo6.com entfernen
    Anleitungen, FAQs & Links - 27.10.2013 (2)
  4. Probleme mit Qvo6
    Plagegeister aller Art und deren Bekämpfung - 23.10.2013 (4)
  5. Iminent, qvo6 &...,
    Plagegeister aller Art und deren Bekämpfung - 14.10.2013 (5)
  6. Windows XP , Trojaner eingefangen ( QVO6 )
    Log-Analyse und Auswertung - 13.10.2013 (31)
  7. Hatte Qvo6 was nun
    Log-Analyse und Auswertung - 05.09.2013 (11)
  8. QVO6 Meldung
    Plagegeister aller Art und deren Bekämpfung - 31.08.2013 (9)
  9. QVO6 Befall
    Log-Analyse und Auswertung - 22.08.2013 (5)
  10. Virus/Trojaner Qvo6
    Plagegeister aller Art und deren Bekämpfung - 04.08.2013 (9)
  11. Qvo6: Ich hab mir wohl einen Trojaner gefangen
    Plagegeister aller Art und deren Bekämpfung - 21.07.2013 (11)
  12. Problem mit qvo6.com
    Plagegeister aller Art und deren Bekämpfung - 01.07.2013 (15)
  13. Befall vom GVU-Trojaner und QVO6
    Plagegeister aller Art und deren Bekämpfung - 16.06.2013 (21)
  14. Qvo6.com eingefangen
    Plagegeister aller Art und deren Bekämpfung - 20.05.2013 (13)
  15. das böse qvo6
    Plagegeister aller Art und deren Bekämpfung - 09.05.2013 (7)
  16. qvo6 problem
    Plagegeister aller Art und deren Bekämpfung - 03.05.2013 (23)
  17. Qvo6-Virus
    Plagegeister aller Art und deren Bekämpfung - 25.04.2013 (11)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Qvo6.xml ist das ein Trojaner? - Hallo Heiko, danke, habe ich soweit alles gemacht. Muß heute Abend nochmal schauen. Der Rechner ist plötzlich ganz langsam und die CPU-Auslastung steht auf 100 %. Ich melde mich wieder. - Qvo6.xml ist das ein Trojaner?...
Archiv
Du betrachtest: Qvo6.xml ist das ein Trojaner? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55