Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU-Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 01.09.2013, 19:08   #1
Ciel
 
GVU-Trojaner - Standard

GVU-Trojaner



Guten Abend,

ich habe seit heute auch mit dem GVU-Trojaner zu kämpfen und hoffe, ihr könnt mir helfen.
Die FRST Logfile konnte ich schon erstellen:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-09-2013
Ran by SYSTEM on MININT-40MQ8HP on 01-09-2013 19:49:15
Running from H:\
Windows 7 Professional (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-12] (ELAN Microelectronic Corp.)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2010-09-23] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [Panda Software Controller Client] - C:\Program Files (x86)\Panda Security\WAC\PSCtrlC.exe [140096 2010-09-21] (Panda Security)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768 2011-04-20] (Avira GmbH)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\administrator\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Martin Welsch\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\Martin Welsch\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Martin Welsch\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\MARTIN~1\AppData\Local\Temp\fhgneuomrpfeddvut.exe [80896 2013-09-01] (Valve Corporation) <===== ATTENTION
HKU\Martin Welsch\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
HKU\Martin Welsch\...\Command Processor: "C:\Users\MARTIN~1\AppData\Local\Temp\fhgneuomrpfeddvut.exe" <===== ATTENTION!

==================== Services (Whitelisted) =================

S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-08] (Akamai Technologies, Inc.)
S2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [342984 2011-09-13] ()
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360 2011-04-20] (Avira GmbH)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480 2011-10-24] (Avira GmbH)
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [247608 2010-11-21] ()
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2012-01-01] ()
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S2 Panda Software Controller; C:\Program Files (x86)\Panda Security\WAC\PsCtrlS.exe [342344 2011-05-17] (Panda Security)
S2 PavAt3Scheduler; C:\Program Files (x86)\Panda Security\WaAgent\Scheduler\PavSched.exe [140544 2011-06-27] (Panda Security)
S3 PavFnSvr; C:\Program Files (x86)\Panda Security\WAC\pavFnSvr.exe [152896 2010-08-05] (Panda Security, S.L.)
S2 PavSrv; C:\Program Files (x86)\Panda Security\WAC\pavsrvx86.exe [313152 2010-07-14] (Panda Security, S.L.)
S2 PavWASLpMng; C:\Program Files (x86)\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe [314696 2011-06-10] (Panda Security)
S3 PSHost; C:\Program Files (x86)\Panda Security\WAC\PSHost.exe [226560 2009-11-26] (Panda Security International)
S2 PSImSvc; C:\Program Files (x86)\Panda Security\WAC\PSIMSVC.EXE [107328 2010-06-25] (Panda Security S.L.)
S2 PskSvc; C:\Program Files (x86)\Panda Security\WAC\psksvc.exe [27968 2010-08-16] (Panda Software International)
S2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
S2 WASAgent; C:\Program Files (x86)\Panda Security\WaAgent\WasAgent\WasAgent.exe [322376 2011-05-31] (Panda Security)
S2 WASWD; C:\Program Files (x86)\Panda Security\WaAgent\WasWD\WasWD.exe [206664 2011-05-31] (Panda Security)

==================== Drivers (Whitelisted) ====================

S2 AmFSM; C:\Windows\System32\DRIVERS\amm6460.sys [70216 2011-03-07] (Panda Security, S.L.)
S2 APPFLT; C:\Windows\system32\Drivers\APPFLT64.SYS [129096 2011-01-31] (Panda Security, S.L.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2011-10-16] ()
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-10-24] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-10-24] (Avira GmbH)
S2 DSAFLT; C:\Windows\system32\Drivers\DSAFLT64.SYS [82952 2009-09-25] (Panda Security, S.L.)
S2 FNETMON; C:\Windows\system32\Drivers\fnetm64.SYS [31752 2009-09-25] (Panda Security, S.L.)
S2 IDSFLT; C:\Windows\system32\Drivers\IDSFLT64.SYS [78920 2010-09-09] (Panda Security, S.L.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2011-10-16] ()
S2 NETFLTDI; C:\Windows\system32\Drivers\NETTDI64.SYS [170504 2009-09-25] (Panda Security, S.L.)
S3 NETIMFLT01060044; C:\Windows\System32\DRIVERS\n64i1644.sys [216648 2010-09-30] (Panda Security, S.L.)
S2 nsfim; C:\Windows\system32\Drivers\NSFIM64.SYS [74312 2010-10-19] (Panda Security, S.L.)
S3 WacomVKHid; system32\DRIVERS\WacomVKHid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-01 01:46 - 2013-09-01 01:46 - 01084749 _____ C:\Users\Martin Welsch\AppData\Local\2433f433
2013-09-01 01:46 - 2013-09-01 01:46 - 01084736 _____ C:\Users\Martin Welsch\AppData\Roaming\2433f433
2013-09-01 01:46 - 2013-09-01 01:46 - 01084708 _____ C:\ProgramData\2433f433
2013-08-27 17:21 - 2013-08-27 17:21 - 00000000 __SHD C:\found.001
2013-08-25 02:46 - 2013-08-25 06:09 - 00000000 ____D C:\Users\Martin Welsch\Documents\Schule - GSS
2013-08-17 14:04 - 2013-08-17 14:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-14 20:24 - 2013-07-25 21:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-14 20:24 - 2013-07-25 21:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-14 20:24 - 2013-07-25 21:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-08-14 20:24 - 2013-07-25 21:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-14 20:24 - 2013-07-25 21:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-14 20:24 - 2013-07-25 21:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-14 20:24 - 2013-07-25 21:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-14 20:24 - 2013-07-25 21:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-14 20:24 - 2013-07-25 21:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-14 20:24 - 2013-07-25 21:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-14 20:24 - 2013-07-25 21:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-08-14 20:24 - 2013-07-25 21:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-08-14 20:24 - 2013-07-25 21:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-14 20:24 - 2013-07-25 21:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-08-14 20:24 - 2013-07-25 19:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-14 20:24 - 2013-07-25 19:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 20:24 - 2013-07-25 19:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 20:24 - 2013-07-25 19:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 20:24 - 2013-07-25 19:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 20:24 - 2013-07-25 19:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 20:24 - 2013-07-25 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 20:24 - 2013-07-25 19:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 20:24 - 2013-07-25 19:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 20:24 - 2013-07-25 19:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 20:24 - 2013-07-25 19:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 20:24 - 2013-07-25 19:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 20:24 - 2013-07-25 19:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 20:24 - 2013-07-25 19:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 20:24 - 2013-07-25 18:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 20:24 - 2013-07-25 18:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-14 20:24 - 2013-07-25 17:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 17:20 - 2013-08-14 17:20 - 00000000 ____D C:\151dfda74b29c59ca4a56a3c9a5a
2013-08-14 12:45 - 2013-08-01 13:58 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Im Bann des Zyklopen
2013-08-14 12:45 - 2013-08-01 13:46 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Percy Jackson, Band 4_ Percy Jackson - D (66)
2013-08-14 12:45 - 2013-08-01 13:46 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Percy Jackson Bd. 5 Die letzte Gottin (67)
2013-08-14 12:45 - 2013-08-01 13:43 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Diebe im Olymp
2013-08-14 12:45 - 2013-08-01 13:43 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Der Fluch des Titanen
2013-08-14 08:45 - 2013-07-25 01:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-14 08:45 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 08:45 - 2013-07-18 17:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-14 08:45 - 2013-07-18 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 08:45 - 2013-07-08 22:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-08-14 08:45 - 2013-07-08 21:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-08-14 08:45 - 2013-07-08 21:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-08-14 08:45 - 2013-07-08 21:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-14 08:45 - 2013-07-08 21:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-14 08:45 - 2013-07-08 21:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-14 08:45 - 2013-07-08 21:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-14 08:45 - 2013-07-08 21:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-14 08:45 - 2013-07-08 21:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 08:45 - 2013-07-08 21:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 08:45 - 2013-07-08 20:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 08:45 - 2013-07-08 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 08:45 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 08:45 - 2013-07-08 20:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 08:45 - 2013-07-08 20:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 08:45 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 08:45 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 08:45 - 2013-07-08 18:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 08:45 - 2013-07-08 18:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 08:45 - 2013-07-08 18:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 08:45 - 2013-07-08 18:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 08:45 - 2013-06-14 20:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-08-14 08:44 - 2013-07-05 22:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-13 12:52 - 2013-08-13 12:57 - 15253270 _____ C:\Users\Martin Welsch\Downloads\Alles.rar
2013-08-12 14:33 - 2013-08-12 14:33 - 00800336 _____ C:\Windows\Minidump\081313-17940-01.dmp
2013-08-12 00:46 - 2013-08-14 17:19 - 00000000 ____D C:\Windows\System32\MRT
2013-08-11 13:12 - 2013-08-17 15:06 - 00232448 _____ C:\Users\Martin Welsch\Downloads\sai.ssd
2013-08-11 13:12 - 2013-08-17 14:43 - 00000320 _____ C:\Users\Martin Welsch\Downloads\sysinfo.txt
2013-08-11 13:12 - 2013-08-11 13:12 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\SYSTEMAX Software Development
2013-08-11 13:12 - 2013-08-11 13:12 - 00000000 ____D C:\ProgramData\SYSTEMAX Software Development
2013-08-11 13:12 - 2011-01-05 11:52 - 00000000 ____D C:\Users\Martin Welsch\Downloads\toolnrm
2013-08-11 13:12 - 2010-05-07 09:57 - 00000621 _____ C:\Users\Martin Welsch\Downloads\brushform.conf
2013-08-11 13:12 - 2010-05-07 09:57 - 00000103 _____ C:\Users\Martin Welsch\Downloads\papertex.conf
2013-08-11 13:12 - 2010-05-07 09:57 - 00000045 _____ C:\Users\Martin Welsch\Downloads\brushtex.conf
2013-08-11 13:12 - 2009-11-18 04:58 - 00120520 _____ C:\Users\Martin Welsch\Downloads\language_DE.conf
2013-08-11 13:12 - 2009-11-18 04:58 - 00120520 _____ C:\Users\Martin Welsch\Downloads\language.conf
2013-08-11 13:12 - 2009-04-20 02:18 - 00051597 _____ C:\Users\Martin Welsch\Downloads\uninstall.exe
2013-08-11 13:12 - 2009-04-20 02:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\toolink
2013-08-11 13:12 - 2009-04-20 02:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\papertex
2013-08-11 13:12 - 2009-04-20 02:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\elemap
2013-08-11 13:12 - 2009-04-20 02:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\do-it-yourself
2013-08-11 13:12 - 2009-04-20 02:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\brushtex
2013-08-11 13:12 - 2008-12-30 06:35 - 00111758 _____ C:\Users\Martin Welsch\Downloads\language_EN.conf
2013-08-11 13:12 - 2008-12-30 06:24 - 00001227 _____ C:\Users\Martin Welsch\Downloads\presetcvsize.conf
2013-08-11 13:12 - 2008-12-24 16:01 - 00005606 _____ C:\Users\Martin Welsch\Downloads\misc.ini
2013-08-11 13:12 - 2008-12-24 12:33 - 00008204 _____ C:\Users\Martin Welsch\Downloads\history.txt
2013-08-11 13:12 - 2008-12-24 12:29 - 00362951 _____ C:\Users\Martin Welsch\Downloads\help.chm
2013-08-11 13:12 - 2008-04-09 23:42 - 00045568 _____ C:\Users\Martin Welsch\Downloads\start-sai.exe
2013-08-11 13:12 - 2008-03-14 11:08 - 01626112 _____ C:\Users\Martin Welsch\Downloads\sai.exe
2013-08-11 13:12 - 2008-03-01 01:28 - 00622592 _____ C:\Users\Martin Welsch\Downloads\sfl.dll
2013-08-11 13:11 - 2009-04-20 02:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\blotmap
2013-08-11 13:08 - 2013-08-11 13:09 - 02633921 _____ C:\Users\Martin Welsch\Downloads\PaintToolSAI.zip
2013-08-11 03:43 - 2013-08-11 03:43 - 00754894 _____ C:\Users\Martin Welsch\Downloads\psd_10_purple_and_brown_by_seolilihyun-d6hhjp7.psd
2013-08-11 03:42 - 2013-08-11 03:42 - 00704050 _____ C:\Users\Martin Welsch\Downloads\psd_3_green_and_yellow_by_seolilihyun-d64rhse.psd
2013-08-11 03:41 - 2013-08-11 03:42 - 00772008 _____ C:\Users\Martin Welsch\Downloads\psd_8_red_and_orange_by_seolilihyun-d699jx5.psd
2013-08-11 03:41 - 2013-08-11 03:42 - 00675848 _____ C:\Users\Martin Welsch\Downloads\psd_9_brown_and_blue_by_seolilihyun-d6bwlym.psd
2013-08-09 13:05 - 2013-08-09 13:06 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Neuer Ordner
2013-08-09 12:51 - 2013-08-09 13:53 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Macklemore and Ryan Lewis - The Heist (2012)
2013-08-09 11:38 - 2009-08-14 10:59 - 00619868 _____ C:\Users\Martin Welsch\Downloads\horses.csh
2013-08-09 11:38 - 2009-08-14 10:51 - 01297909 _____ C:\Users\Martin Welsch\Downloads\vector-horses-silhouettes.ai
2013-08-09 11:38 - 2009-04-30 10:11 - 00000117 _____ C:\Users\Martin Welsch\Downloads\All-Silhouettes.com.url
2013-08-09 11:38 - 2008-07-29 00:08 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Vector - Horse Silhouettes by DragonArt
2013-08-09 11:33 - 2013-08-09 11:34 - 04529490 _____ C:\Users\Martin Welsch\Downloads\Vector_-_Horse_Silhouettes_by_DragonArt.zip
2013-08-09 11:33 - 2013-08-09 11:33 - 00956623 _____ C:\Users\Martin Welsch\Downloads\horses.zip

==================== One Month Modified Files and Folders =======

2013-09-01 01:53 - 2013-01-17 10:23 - 00196608 _____ C:\Windows\System32\Ikeext.etl
2013-09-01 01:53 - 2010-09-23 21:42 - 01371461 _____ C:\Windows\WindowsUpdate.log
2013-09-01 01:49 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-01 01:49 - 2009-07-13 20:51 - 00244431 _____ C:\Windows\setupact.log
2013-09-01 01:48 - 2011-07-26 01:53 - 00000136 _____ C:\Windows\System32\Drivers\etc\NetAdapt.cfg
2013-09-01 01:46 - 2013-09-01 01:46 - 01084749 _____ C:\Users\Martin Welsch\AppData\Local\2433f433
2013-09-01 01:46 - 2013-09-01 01:46 - 01084736 _____ C:\Users\Martin Welsch\AppData\Roaming\2433f433
2013-09-01 01:46 - 2013-09-01 01:46 - 01084708 _____ C:\ProgramData\2433f433
2013-09-01 01:25 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2013-09-01 01:15 - 2013-02-20 07:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-31 11:34 - 2012-09-23 08:52 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\Skype
2013-08-30 03:28 - 2011-08-05 08:17 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\ICQ
2013-08-30 01:26 - 2009-07-13 20:45 - 00009712 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-30 01:26 - 2009-07-13 20:45 - 00009712 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-28 21:42 - 2011-07-26 01:53 - 00000152 _____ C:\Windows\System32\Drivers\etc\NetLoc.wlt
2013-08-27 17:23 - 2009-07-13 21:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-27 17:21 - 2013-08-27 17:21 - 00000000 __SHD C:\found.001
2013-08-25 06:09 - 2013-08-25 02:46 - 00000000 ____D C:\Users\Martin Welsch\Documents\Schule - GSS
2013-08-23 14:25 - 2010-09-24 07:33 - 00656294 _____ C:\Windows\System32\perfh007.dat
2013-08-23 14:25 - 2010-09-24 07:33 - 00130894 _____ C:\Windows\System32\perfc007.dat
2013-08-23 14:25 - 2009-07-13 21:13 - 01498742 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-22 11:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-08-19 11:03 - 2012-10-17 04:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-19 11:03 - 2010-09-06 22:20 - 00010706 _____ C:\Windows\PFRO.log
2013-08-18 14:07 - 2013-07-08 04:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-08-17 15:06 - 2013-08-11 13:12 - 00232448 _____ C:\Users\Martin Welsch\Downloads\sai.ssd
2013-08-17 14:43 - 2013-08-11 13:12 - 00000320 _____ C:\Users\Martin Welsch\Downloads\sysinfo.txt
2013-08-17 14:04 - 2013-08-17 14:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-14 17:20 - 2013-08-14 17:20 - 00000000 ____D C:\151dfda74b29c59ca4a56a3c9a5a
2013-08-14 17:19 - 2013-08-12 00:46 - 00000000 ____D C:\Windows\System32\MRT
2013-08-14 17:09 - 2012-11-07 03:32 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-08-14 16:36 - 2013-08-01 06:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\tumblr
2013-08-14 12:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-08-13 12:57 - 2013-08-13 12:52 - 15253270 _____ C:\Users\Martin Welsch\Downloads\Alles.rar
2013-08-12 14:33 - 2013-08-12 14:33 - 00800336 _____ C:\Windows\Minidump\081313-17940-01.dmp
2013-08-12 14:33 - 2012-07-04 09:17 - 256433944 _____ C:\Windows\MEMORY.DMP
2013-08-12 14:33 - 2012-07-04 09:17 - 00000000 ____D C:\Windows\Minidump
2013-08-11 13:12 - 2013-08-11 13:12 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\SYSTEMAX Software Development
2013-08-11 13:12 - 2013-08-11 13:12 - 00000000 ____D C:\ProgramData\SYSTEMAX Software Development
2013-08-11 13:09 - 2013-08-11 13:08 - 02633921 _____ C:\Users\Martin Welsch\Downloads\PaintToolSAI.zip
2013-08-11 03:43 - 2013-08-11 03:43 - 00754894 _____ C:\Users\Martin Welsch\Downloads\psd_10_purple_and_brown_by_seolilihyun-d6hhjp7.psd
2013-08-11 03:42 - 2013-08-11 03:42 - 00704050 _____ C:\Users\Martin Welsch\Downloads\psd_3_green_and_yellow_by_seolilihyun-d64rhse.psd
2013-08-11 03:42 - 2013-08-11 03:41 - 00772008 _____ C:\Users\Martin Welsch\Downloads\psd_8_red_and_orange_by_seolilihyun-d699jx5.psd
2013-08-11 03:42 - 2013-08-11 03:41 - 00675848 _____ C:\Users\Martin Welsch\Downloads\psd_9_brown_and_blue_by_seolilihyun-d6bwlym.psd
2013-08-10 00:07 - 2009-07-13 20:45 - 00403696 _____ C:\Windows\System32\FNTCACHE.DAT
2013-08-09 13:53 - 2013-08-09 12:51 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Macklemore and Ryan Lewis - The Heist (2012)
2013-08-09 13:19 - 2011-07-26 07:14 - 00103808 _____ C:\Users\Martin Welsch\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-09 13:06 - 2013-08-09 13:05 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Neuer Ordner
2013-08-09 11:51 - 2013-02-25 04:34 - 00000000 ____D C:\Users\Martin Welsch\Documents\Adobe Photoshop CS6 Extended Portable
2013-08-09 11:34 - 2013-08-09 11:33 - 04529490 _____ C:\Users\Martin Welsch\Downloads\Vector_-_Horse_Silhouettes_by_DragonArt.zip
2013-08-09 11:33 - 2013-08-09 11:33 - 00956623 _____ C:\Users\Martin Welsch\Downloads\horses.zip

Files to move or delete:
====================
C:\Users\MARTIN~1\AppData\Local\Temp\fhgneuomrpfeddvut.exe
C:\Users\Martin Welsch\AppData\Local\Temp\AskSLib.dll
C:\Users\Martin Welsch\AppData\Local\Temp\comver.dll
C:\Users\Martin Welsch\AppData\Local\Temp\fhgneuomrpfeddvut.exe
C:\Users\Martin Welsch\AppData\Local\Temp\instloffer.exe
C:\Users\Martin Welsch\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Martin Welsch\AppData\Local\Temp\_isF7E5.exe
C:\Users\Martin Welsch\AppData\Local\Temp\{E401D299-E7B9-4C97-8865-672096437FB8}\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}\MoveIt.dll
C:\Users\Martin Welsch\AppData\Local\Temp\{A9941093-4132-4D19-88E2-9B8D37553F77}\ISSetup.dll
C:\Users\Martin Welsch\AppData\Local\Temp\{A9941093-4132-4D19-88E2-9B8D37553F77}\_Setup.dll
C:\Users\Martin Welsch\AppData\Local\Temp\{83B8800F-ED30-4007-BE6B-353B682CF7E6}\ICQ7.exe
C:\Users\Martin Welsch\AppData\Local\Temp\{47FE8B30-974F-4B99-B42F-914256AF4022}\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}\MoveIt.dll
C:\Users\Martin Welsch\AppData\Local\Temp\{183B734F-6DAF-404E-AFF4-F20A29CBD4F1}\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}\MoveIt.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\HttpInterface.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\libgcc_s_dw2-1.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\LiveUpd.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\mingwm10.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\ouc.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\QtCore4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\QtGui4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\QtNetwork4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\QueryStrategy.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\RunLiveUpd.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\RunOuc.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\plugins\imageformats\qgif4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\plugins\imageformats\qico4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\devsetup32.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\devsetup64.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\DriverSetup.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\DriverUninstall.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\LocateDevice.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\Driver\X86\hwgpssensor.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\Driver\X86\WdfCoInstaller01007.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\Driver\X64\hwgpssensor.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\Driver\X64\WdfCoInstaller01007.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\AutoRun\AutoRunSetup.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\AutoRun\AutoRunUninstall.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\AboutPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\AddPbk.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\AddrBookPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\AddrBookSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\AddrBookUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\AtCodec.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\ATR2SMgr.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\CallAppPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\CallLogSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\CallLogUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\CallSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\CallUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\Common.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\core.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DataServicePlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DeviceAppPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DeviceInfoExPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DeviceMgrUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DeviceSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DiagnosisPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DialUpPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DialupUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\LayoutPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\LiveUpdateInterface.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\mcciwin32.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\MenuMgrPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\mobilepartner.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\msvcp60.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\mt.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NDISAPI.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NDISPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetConnectPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetConnectSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetInfoRecordUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetInfoSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetInfoUIExPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetSettingPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NotifyServicePlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\OSAdapt.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\OSCall.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\OSDialup.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\OSNDIS.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\OSPowerMgr.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\PluginContainer.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\Proxy.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\sdk.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\SettingUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\SmsAppPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\SmsSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\SMSUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\StatusBarMgrPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\STKPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\STKSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\subinacl.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\ToolBarMgrPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\Trace.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\UnblockPin.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\USSDSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\USSDUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\Win7Support.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\XCodec.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\XFramePlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\XStartScreen.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\qtlib\libgcc_s_dw2-1.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\qtlib\mingwm10.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\qtlib\QtCore4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\qtlib\QtGui4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\qtlib\QtNetwork4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\qtlib\QtXml4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\plugins\imageformats\qgif4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\plugins\imageformats\qico4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\plugins\imageformats\qjpeg4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\plugins\imageformats\qmng4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\plugins\imageformats\qtiff4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\plugins\codecs\qcncodecs4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\atl80.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\Installer.exe
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\mfc80.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\mfc80u.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\mfcm80.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\mfcm80u.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\msvcm80.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\msvcp80.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\msvcr80.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\OSU.exe
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\OSU64.exe
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\WtgDriverInstall.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\WtgDriverInstallX.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\WTGXMLUtil.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\Drivers\OnDemand\64\Vista\Huawei.4.20.07\WdfCoInstaller01007.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\Drivers\OnDemand\32\Xp\Huawei.4.20.07\WdfCoInstaller01007.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\Drivers\OnDemand\32\Vista\Huawei.4.20.07\WdfCoInstaller01007.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\AdditionalFiles\Huaweiregcleaner.exe
C:\Users\Martin Welsch\AppData\Local\Temp\SDIAG_ee55fec6-d1fd-4f34-b136-b5c1d5258764\DiagPackage.dll
C:\Users\Martin Welsch\AppData\Local\Temp\SDIAG_4b6a1991-bc81-4b0b-9a7c-aa539bf74ea1\DiagPackage.dll
C:\Users\Martin Welsch\AppData\Local\Temp\mia20\bokeh_setup_ext.exe
C:\Users\Martin Welsch\AppData\Local\Temp\mia2\fusion2_setup_ext.exe
C:\Users\Martin Welsch\AppData\Local\Temp\mia14\remask3_setup_ext.exe
C:\Users\Martin Welsch\AppData\Local\Temp\mia10\denoise5_setup_ext.exe
C:\Users\Martin Welsch\AppData\Local\Temp\ispC229.tmp\_Setup.dll
C:\Users\Martin Welsch\AppData\Local\Temp\isp82AA.tmp\_Setup.dll
C:\Users\Martin Welsch\AppData\Local\Temp\isp1FA4.tmp\_Setup.dll
C:\Users\Martin Welsch\AppData\Local\Temp\isp1CA7.tmp\_Setup.dll

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-08-06 08:15:56
Restore point made on: 2013-08-12 00:45:45
Restore point made on: 2013-08-14 17:04:18
Restore point made on: 2013-08-14 20:16:00
Restore point made on: 2013-08-20 12:47:13
Restore point made on: 2013-08-27 01:56:26

==================== Memory info =========================== 

Percentage of memory in use: 32%
Total physical RAM: 1977.97 MB
Available physical RAM: 1341.88 MB
Total Pagefile: 1977.97 MB
Available Pagefile: 1330.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:214.38 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:13 GB) (Free:2.3 GB) NTFS
Drive h: (ALI) (Removable) (Total:1.95 GB) (Free:0.41 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: CAD78C25)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 2 GB) (Disk ID: 221E5780)
Partition 1: (Active) - (Size=2 GB) - (Type=0B)


LastRegBack: 2013-09-01 00:16

==================== End Of Log ============================
         

Ich bin für jede Hilfe dankbar!

Viele Grüße
Ciel

Alt 01.09.2013, 19:40   #2
schrauber
/// the machine
/// TB-Ausbilder
 

GVU-Trojaner - Standard

GVU-Trojaner



hi,

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

HKU\Martin Welsch\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\MARTIN~1\AppData\Local\Temp\fhgneuomrpfeddvut.exe [80896 2013-09-01] (Valve Corporation) <===== ATTENTION
HKU\Martin Welsch\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Martin Welsch\...\Command Processor: "C:\Users\MARTIN~1\AppData\Local\Temp\fhgneuomrpfeddvut.exe" <===== ATTENTION!
2013-09-01 01:46 - 2013-09-01 01:46 - 01084749 _____ C:\Users\Martin Welsch\AppData\Local\2433f433
2013-09-01 01:46 - 2013-09-01 01:46 - 01084736 _____ C:\Users\Martin Welsch\AppData\Roaming\2433f433
2013-09-01 01:46 - 2013-09-01 01:46 - 01084708 _____ C:\ProgramData\2433f433
C:\Users\MARTIN~1\AppData\Local\Temp\fhgneuomrpfeddvut.exe
C:\Users\Martin Welsch\AppData\Local\Temp\AskSLib.dll
C:\Users\Martin Welsch\AppData\Local\Temp\comver.dll
C:\Users\Martin Welsch\AppData\Local\Temp\fhgneuomrpfeddvut.exe
C:\Users\Martin Welsch\AppData\Local\Temp\instloffer.exe
C:\Users\Martin Welsch\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Martin Welsch\AppData\Local\Temp\_isF7E5.exe
C:\Users\Martin Welsch\AppData\Local\Temp\{E401D299-E7B9-4C97-8865-672096437FB8}\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}\MoveIt.dll
C:\Users\Martin Welsch\AppData\Local\Temp\{A9941093-4132-4D19-88E2-9B8D37553F77}\ISSetup.dll
C:\Users\Martin Welsch\AppData\Local\Temp\{A9941093-4132-4D19-88E2-9B8D37553F77}\_Setup.dll
C:\Users\Martin Welsch\AppData\Local\Temp\{83B8800F-ED30-4007-BE6B-353B682CF7E6}\ICQ7.exe
C:\Users\Martin Welsch\AppData\Local\Temp\{47FE8B30-974F-4B99-B42F-914256AF4022}\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}\MoveIt.dll
C:\Users\Martin Welsch\AppData\Local\Temp\{183B734F-6DAF-404E-AFF4-F20A29CBD4F1}\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}\MoveIt.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\HttpInterface.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\libgcc_s_dw2-1.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\LiveUpd.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\mingwm10.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\ouc.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\QtCore4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\QtGui4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\QtNetwork4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\QueryStrategy.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\RunLiveUpd.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\RunOuc.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\plugins\imageformats\qgif4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\plugins\imageformats\qico4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\devsetup32.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\devsetup64.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\DriverSetup.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\DriverUninstall.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\LocateDevice.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\Driver\X86\hwgpssensor.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\Driver\X86\WdfCoInstaller01007.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\Driver\X64\hwgpssensor.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\Driver\X64\WdfCoInstaller01007.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\AutoRun\AutoRunSetup.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\AutoRun\AutoRunUninstall.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\AboutPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\AddPbk.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\AddrBookPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\AddrBookSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\AddrBookUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\AtCodec.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\ATR2SMgr.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\CallAppPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\CallLogSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\CallLogUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\CallSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\CallUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\Common.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\core.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DataServicePlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DeviceAppPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DeviceInfoExPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DeviceMgrUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DeviceSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DiagnosisPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DialUpPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DialupUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\LayoutPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\LiveUpdateInterface.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\mcciwin32.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\MenuMgrPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\mobilepartner.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\msvcp60.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\mt.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NDISAPI.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NDISPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetConnectPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetConnectSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetInfoRecordUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetInfoSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetInfoUIExPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetSettingPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NotifyServicePlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\OSAdapt.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\OSCall.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\OSDialup.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\OSNDIS.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\OSPowerMgr.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\PluginContainer.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\Proxy.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\sdk.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\SettingUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\SmsAppPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\SmsSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\SMSUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\StatusBarMgrPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\STKPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\STKSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\subinacl.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\ToolBarMgrPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\Trace.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\UnblockPin.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\USSDSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\USSDUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\Win7Support.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\XCodec.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\XFramePlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\XStartScreen.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\qtlib\libgcc_s_dw2-1.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\qtlib\mingwm10.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\qtlib\QtCore4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\qtlib\QtGui4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\qtlib\QtNetwork4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\qtlib\QtXml4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\plugins\imageformats\qgif4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\plugins\imageformats\qico4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\plugins\imageformats\qjpeg4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\plugins\imageformats\qmng4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\plugins\imageformats\qtiff4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\plugins\codecs\qcncodecs4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\atl80.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\Installer.exe
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\mfc80.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\mfc80u.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\mfcm80.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\mfcm80u.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\msvcm80.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\msvcp80.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\msvcr80.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\OSU.exe
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\OSU64.exe
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\WtgDriverInstall.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\WtgDriverInstallX.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\WTGXMLUtil.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\Drivers\OnDemand\64\Vista\Huawei.4.20.07\WdfCoInstaller01007.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\Drivers\OnDemand\32\Xp\Huawei.4.20.07\WdfCoInstaller01007.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\Drivers\OnDemand\32\Vista\Huawei.4.20.07\WdfCoInstaller01007.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\AdditionalFiles\Huaweiregcleaner.exe
C:\Users\Martin Welsch\AppData\Local\Temp\SDIAG_ee55fec6-d1fd-4f34-b136-b5c1d5258764\DiagPackage.dll
C:\Users\Martin Welsch\AppData\Local\Temp\SDIAG_4b6a1991-bc81-4b0b-9a7c-aa539bf74ea1\DiagPackage.dll
C:\Users\Martin Welsch\AppData\Local\Temp\mia20\bokeh_setup_ext.exe
C:\Users\Martin Welsch\AppData\Local\Temp\mia2\fusion2_setup_ext.exe
C:\Users\Martin Welsch\AppData\Local\Temp\mia14\remask3_setup_ext.exe
C:\Users\Martin Welsch\AppData\Local\Temp\mia10\denoise5_setup_ext.exe
C:\Users\Martin Welsch\AppData\Local\Temp\ispC229.tmp\_Setup.dll
C:\Users\Martin Welsch\AppData\Local\Temp\isp82AA.tmp\_Setup.dll
C:\Users\Martin Welsch\AppData\Local\Temp\isp1FA4.tmp\_Setup.dll
C:\Users\Martin Welsch\AppData\Local\Temp\isp1CA7.tmp\_Setup.dll
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Rechner normal starten
__________________

__________________

Alt 01.09.2013, 19:54   #3
Ciel
 
GVU-Trojaner - Standard

GVU-Trojaner



Wie schnell, tausend Dank!
Der GVU-Bildschirm ist weg.


Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-09-2013
Ran by SYSTEM at 2013-09-01 20:52:32 Run:1
Running from H:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKU\Martin Welsch\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\MARTIN~1\AppData\Local\Temp\fhgneuomrpfeddvut.exe [80896 2013-09-01] (Valve Corporation) <===== ATTENTION
HKU\Martin Welsch\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Martin Welsch\...\Command Processor: "C:\Users\MARTIN~1\AppData\Local\Temp\fhgneuomrpfeddvut.exe" <===== ATTENTION!
2013-09-01 01:46 - 2013-09-01 01:46 - 01084749 _____ C:\Users\Martin Welsch\AppData\Local\2433f433
2013-09-01 01:46 - 2013-09-01 01:46 - 01084736 _____ C:\Users\Martin Welsch\AppData\Roaming\2433f433
2013-09-01 01:46 - 2013-09-01 01:46 - 01084708 _____ C:\ProgramData\2433f433
C:\Users\MARTIN~1\AppData\Local\Temp\fhgneuomrpfeddvut.exe
C:\Users\Martin Welsch\AppData\Local\Temp\AskSLib.dll
C:\Users\Martin Welsch\AppData\Local\Temp\comver.dll
C:\Users\Martin Welsch\AppData\Local\Temp\fhgneuomrpfeddvut.exe
C:\Users\Martin Welsch\AppData\Local\Temp\instloffer.exe
C:\Users\Martin Welsch\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Martin Welsch\AppData\Local\Temp\_isF7E5.exe
C:\Users\Martin Welsch\AppData\Local\Temp\{E401D299-E7B9-4C97-8865-672096437FB8}\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}\MoveIt.dll
C:\Users\Martin Welsch\AppData\Local\Temp\{A9941093-4132-4D19-88E2-9B8D37553F77}\ISSetup.dll
C:\Users\Martin Welsch\AppData\Local\Temp\{A9941093-4132-4D19-88E2-9B8D37553F77}\_Setup.dll
C:\Users\Martin Welsch\AppData\Local\Temp\{83B8800F-ED30-4007-BE6B-353B682CF7E6}\ICQ7.exe
C:\Users\Martin Welsch\AppData\Local\Temp\{47FE8B30-974F-4B99-B42F-914256AF4022}\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}\MoveIt.dll
C:\Users\Martin Welsch\AppData\Local\Temp\{183B734F-6DAF-404E-AFF4-F20A29CBD4F1}\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}\MoveIt.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\HttpInterface.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\libgcc_s_dw2-1.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\LiveUpd.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\mingwm10.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\ouc.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\QtCore4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\QtGui4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\QtNetwork4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\QueryStrategy.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\RunLiveUpd.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\RunOuc.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\plugins\imageformats\qgif4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\plugins\imageformats\qico4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\devsetup32.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\devsetup64.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\DriverSetup.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\DriverUninstall.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\LocateDevice.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\Driver\X86\hwgpssensor.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\Driver\X86\WdfCoInstaller01007.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\Driver\X64\hwgpssensor.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\Driver\X64\WdfCoInstaller01007.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\AutoRun\AutoRunSetup.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\AutoRun\AutoRunUninstall.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\AboutPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\AddPbk.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\AddrBookPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\AddrBookSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\AddrBookUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\AtCodec.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\ATR2SMgr.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\CallAppPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\CallLogSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\CallLogUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\CallSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\CallUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\Common.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\core.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DataServicePlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DeviceAppPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DeviceInfoExPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DeviceMgrUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DeviceSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DiagnosisPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DialUpPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DialupUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\LayoutPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\LiveUpdateInterface.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\mcciwin32.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\MenuMgrPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\mobilepartner.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\msvcp60.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\mt.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NDISAPI.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NDISPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetConnectPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetConnectSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetInfoRecordUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetInfoSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetInfoUIExPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetSettingPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NotifyServicePlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\OSAdapt.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\OSCall.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\OSDialup.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\OSNDIS.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\OSPowerMgr.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\PluginContainer.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\Proxy.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\sdk.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\SettingUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\SmsAppPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\SmsSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\SMSUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\StatusBarMgrPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\STKPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\STKSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\subinacl.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\ToolBarMgrPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\Trace.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\UnblockPin.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\USSDSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\USSDUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\Win7Support.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\XCodec.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\XFramePlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\XStartScreen.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\qtlib\libgcc_s_dw2-1.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\qtlib\mingwm10.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\qtlib\QtCore4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\qtlib\QtGui4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\qtlib\QtNetwork4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\qtlib\QtXml4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\plugins\imageformats\qgif4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\plugins\imageformats\qico4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\plugins\imageformats\qjpeg4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\plugins\imageformats\qmng4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\plugins\imageformats\qtiff4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\plugins\codecs\qcncodecs4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\atl80.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\Installer.exe
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\mfc80.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\mfc80u.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\mfcm80.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\mfcm80u.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\msvcm80.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\msvcp80.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\msvcr80.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\OSU.exe
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\OSU64.exe
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\WtgDriverInstall.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\WtgDriverInstallX.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\WTGXMLUtil.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\Drivers\OnDemand\64\Vista\Huawei.4.20.07\WdfCoInstaller01007.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\Drivers\OnDemand\32\Xp\Huawei.4.20.07\WdfCoInstaller01007.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\Drivers\OnDemand\32\Vista\Huawei.4.20.07\WdfCoInstaller01007.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\AdditionalFiles\Huaweiregcleaner.exe
C:\Users\Martin Welsch\AppData\Local\Temp\SDIAG_ee55fec6-d1fd-4f34-b136-b5c1d5258764\DiagPackage.dll
C:\Users\Martin Welsch\AppData\Local\Temp\SDIAG_4b6a1991-bc81-4b0b-9a7c-aa539bf74ea1\DiagPackage.dll
C:\Users\Martin Welsch\AppData\Local\Temp\mia20\bokeh_setup_ext.exe
C:\Users\Martin Welsch\AppData\Local\Temp\mia2\fusion2_setup_ext.exe
C:\Users\Martin Welsch\AppData\Local\Temp\mia14\remask3_setup_ext.exe
C:\Users\Martin Welsch\AppData\Local\Temp\mia10\denoise5_setup_ext.exe
C:\Users\Martin Welsch\AppData\Local\Temp\ispC229.tmp\_Setup.dll
C:\Users\Martin Welsch\AppData\Local\Temp\isp82AA.tmp\_Setup.dll
C:\Users\Martin Welsch\AppData\Local\Temp\isp1FA4.tmp\_Setup.dll
C:\Users\Martin Welsch\AppData\Local\Temp\isp1CA7.tmp\_Setup.dll
*****************

HKU\Martin Welsch\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.
HKU\Martin Welsch\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Martin Welsch\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
C:\Users\Martin Welsch\AppData\Local\2433f433 => Moved successfully.
C:\Users\Martin Welsch\AppData\Roaming\2433f433 => Moved successfully.
C:\ProgramData\2433f433 => Moved successfully.
C:\Users\MARTIN~1\AppData\Local\Temp\fhgneuomrpfeddvut.exe => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\AskSLib.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\comver.dll => Moved successfully.
"C:\Users\Martin Welsch\AppData\Local\Temp\fhgneuomrpfeddvut.exe" => File/Directory not found.
C:\Users\Martin Welsch\AppData\Local\Temp\instloffer.exe => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\_isF7E5.exe => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\{E401D299-E7B9-4C97-8865-672096437FB8}\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}\MoveIt.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\{A9941093-4132-4D19-88E2-9B8D37553F77}\ISSetup.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\{A9941093-4132-4D19-88E2-9B8D37553F77}\_Setup.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\{83B8800F-ED30-4007-BE6B-353B682CF7E6}\ICQ7.exe => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\{47FE8B30-974F-4B99-B42F-914256AF4022}\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}\MoveIt.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\{183B734F-6DAF-404E-AFF4-F20A29CBD4F1}\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}\MoveIt.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\HttpInterface.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\libgcc_s_dw2-1.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\LiveUpd.exe => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\mingwm10.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\ouc.exe => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\QtCore4.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\QtGui4.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\QtNetwork4.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\QueryStrategy.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\RunLiveUpd.exe => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\RunOuc.exe => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\plugins\imageformats\qgif4.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\plugins\imageformats\qico4.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\devsetup32.exe => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\devsetup64.exe => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\DriverSetup.exe => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\DriverUninstall.exe => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\LocateDevice.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\Driver\X86\hwgpssensor.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\Driver\X86\WdfCoInstaller01007.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\Driver\X64\hwgpssensor.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\Driver\X64\WdfCoInstaller01007.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\AutoRun\AutoRunSetup.exe => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\AutoRun\AutoRunUninstall.exe => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\AboutPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\AddPbk.exe => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\AddrBookPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\AddrBookSrvPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\AddrBookUIPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\AtCodec.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\ATR2SMgr.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\CallAppPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\CallLogSrvPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\CallLogUIPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\CallSrvPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\CallUIPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\Common.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\core.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DataServicePlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DeviceAppPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DeviceInfoExPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DeviceMgrUIPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DeviceSrvPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DiagnosisPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DialUpPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DialupUIPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\LayoutPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\LiveUpdateInterface.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\mcciwin32.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\MenuMgrPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\mobilepartner.exe => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\msvcp60.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\mt.exe => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NDISAPI.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NDISPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetConnectPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetConnectSrvPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetInfoRecordUIPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetInfoSrvPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetInfoUIExPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetSettingPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetSrvPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NotifyServicePlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\OSAdapt.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\OSCall.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\OSDialup.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\OSNDIS.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\OSPowerMgr.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\PluginContainer.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\Proxy.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\sdk.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\SettingUIPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\SmsAppPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\SmsSrvPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\SMSUIPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\StatusBarMgrPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\STKPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\STKSrvPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\subinacl.exe => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\ToolBarMgrPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\Trace.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\UnblockPin.exe => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\USSDSrvPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\USSDUIPlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\Win7Support.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\XCodec.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\XFramePlugin.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\XStartScreen.exe => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\qtlib\libgcc_s_dw2-1.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\qtlib\mingwm10.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\qtlib\QtCore4.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\qtlib\QtGui4.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\qtlib\QtNetwork4.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\qtlib\QtXml4.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\plugins\imageformats\qgif4.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\plugins\imageformats\qico4.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\plugins\imageformats\qjpeg4.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\plugins\imageformats\qmng4.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\plugins\imageformats\qtiff4.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\plugins\codecs\qcncodecs4.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\atl80.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\Installer.exe => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\mfc80.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\mfc80u.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\mfcm80.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\mfcm80u.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\msvcm80.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\msvcp80.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\msvcr80.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\OSU.exe => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\OSU64.exe => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\WtgDriverInstall.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\WtgDriverInstallX.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\WTGXMLUtil.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\Drivers\OnDemand\64\Vista\Huawei.4.20.07\WdfCoInstaller01007.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\Drivers\OnDemand\32\Xp\Huawei.4.20.07\WdfCoInstaller01007.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\Drivers\OnDemand\32\Vista\Huawei.4.20.07\WdfCoInstaller01007.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\AdditionalFiles\Huaweiregcleaner.exe => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\SDIAG_ee55fec6-d1fd-4f34-b136-b5c1d5258764\DiagPackage.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\SDIAG_4b6a1991-bc81-4b0b-9a7c-aa539bf74ea1\DiagPackage.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\mia20\bokeh_setup_ext.exe => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\mia2\fusion2_setup_ext.exe => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\mia14\remask3_setup_ext.exe => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\mia10\denoise5_setup_ext.exe => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\ispC229.tmp\_Setup.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\isp82AA.tmp\_Setup.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\isp1FA4.tmp\_Setup.dll => Moved successfully.
C:\Users\Martin Welsch\AppData\Local\Temp\isp1CA7.tmp\_Setup.dll => Moved successfully.

==== End of Fixlog ====
         
__________________

Alt 02.09.2013, 07:47   #4
schrauber
/// the machine
/// TB-Ausbilder
 

GVU-Trojaner - Standard

GVU-Trojaner



Dann jetzt im normalen Modus:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.09.2013, 13:54   #5
Ciel
 
GVU-Trojaner - Standard

GVU-Trojaner



Malwarebytes Anti-Malware :
...ließ sich allerdings aufgrund eines "Unbekannten Fehlers" nicht aktualisieren.

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.04.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Heidi :: MAWE-NB [Administrator]

02.09.2013 14:06:05
mbam-log-2013-09-02 (14-06-05).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 263852
Laufzeit: 9 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

AdwCleaner:

Code:
ATTFilter
# AdwCleaner v3.002 - Bericht erstellt am 02/09/2013 um 14:20:02
# Updated 01/09/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Heidi - MAWE-NB
# Gestartet von : C:\Users\Martin Welsch\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : ICQ Service

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\Users\Martin Welsch\AppData\Local\Ilivid
Ordner Gelöscht : C:\Users\Martin Welsch\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Martin Welsch\AppData\Roaming\Mozilla\Firefox\Profiles\dw5mg94u.default\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
Datei Gelöscht : C:\Users\Martin Welsch\AppData\Roaming\Mozilla\Firefox\Profiles\dw5mg94u.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Martin Welsch\AppData\Roaming\Mozilla\Firefox\Profiles\dw5mg94u.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\Martin Welsch\AppData\Roaming\Mozilla\Firefox\Profiles\dw5mg94u.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\Martin Welsch\AppData\Roaming\Mozilla\Firefox\Profiles\dw5mg94u.default\searchplugins\icqplugin-3.xml
Datei Gelöscht : C:\Users\Martin Welsch\AppData\Roaming\Mozilla\Firefox\Profiles\dw5mg94u.default\searchplugins\icqplugin-4.xml
Datei Gelöscht : C:\Users\Martin Welsch\AppData\Roaming\Mozilla\Firefox\Profiles\dw5mg94u.default\searchplugins\icqplugin-5.xml
Datei Gelöscht : C:\Users\Martin Welsch\AppData\Roaming\Mozilla\Firefox\Profiles\dw5mg94u.default\searchplugins\icqplugin-6.xml

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Schlüssel Gelöscht : HKCU\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16660

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v23.0.1 (de)

[ Datei : C:\Users\Martin Welsch\AppData\Roaming\Mozilla\Firefox\Profiles\dw5mg94u.default\prefs.js ]


[ Datei : C:\Users\Martin Welsch\AppData\Roaming\Mozilla\Firefox\Profiles\dw5mg94u.default\prefs.js ]


[ Datei : C:\Users\Martin Welsch\AppData\Roaming\Mozilla\Firefox\Profiles\dw5mg94u.default\prefs.js ]


[ Datei : C:\Users\Martin Welsch\AppData\Roaming\Mozilla\Firefox\Profiles\dw5mg94u.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [8111 octets] - [02/09/2013 14:18:19]
AdwCleaner[S0].txt - [4394 octets] - [02/09/2013 14:20:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4454 octets] ##########
         

Junkware Removal Tool:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.7 (09.01.2013:1)
OS: Windows 7 Professional x64
Ran by Heidi on 02.09.2013 at 14:32:37,65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AvTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AvTask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AvTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AvTask_RASMANCS



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Martin Welsch\AppData\Roaming\mozilla\firefox\profiles\dw5mg94u.default\minidumps [31 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.09.2013 at 14:40:17,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST:

Logfile:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-09-2013 04
Ran by Heidi (administrator) on MAWE-NB on 02-09-2013 14:47:26
Running from C:\Users\Martin Welsch\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Panda Software International) C:\Program Files (x86)\Panda Security\WAC\psksvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Panda Security) C:\Program Files (x86)\Panda Security\WAC\PsCtrlS.exe
(Panda Security) C:\Program Files (x86)\Panda Security\WaAgent\Scheduler\PavSched.exe
(Panda Security) C:\Program Files (x86)\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
(Panda Security S.L.) C:\Program Files (x86)\Panda Security\WAC\PSIMSVC.EXE
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Panda Security) C:\Program Files (x86)\Panda Security\WaAgent\WasAgent\WasAgent.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Panda Security) C:\Program Files (x86)\Panda Security\WaAgent\WasWD\WasWD.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Panda Security International) C:\Program Files (x86)\Panda Security\WAC\WebProxy.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Panda Security) C:\Program Files (x86)\Panda Security\WAC\PsCtrlC.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Panda Software International) C:\Program Files (x86)\Panda Security\WAC\Console.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2010-09-24] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
MountPoints2: {13a4b59a-c033-11e1-b53c-001e101f4da1} - E:\AutoRun.exe
MountPoints2: {3736f650-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f65c-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f66b-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f674-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f680-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f68c-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f698-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f6a4-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f6b0-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f6bf-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f6ce-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f6dd-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f6f0-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f702-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f714-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f726-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f73b-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f750-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f765-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f77d-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f799-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f7b4-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f7cf-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f7ed-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f80c-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f829-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f847-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f868-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f889-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f8aa-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f8cc-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f8d6-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3b347caa-b971-11e1-8f24-88ae1da68f51} - E:\AutoRun.exe
MountPoints2: {3b347cd2-b971-11e1-8f24-88ae1da68f51} - E:\.\Setup.exe AUTORUN=1
MountPoints2: {3b347ce1-b971-11e1-8f24-88ae1da68f51} - E:\AutoRun.exe
MountPoints2: {751b1904-bdd4-11e1-b915-001e101f1f81} - E:\AutoRun.exe
MountPoints2: {899d64c1-bab2-11e1-84f3-88ae1da68f51} - E:\AutoRun.exe
MountPoints2: {899d64ca-bab2-11e1-84f3-88ae1da68f51} - E:\AutoRun.exe
MountPoints2: {9945d440-34a5-11e1-ab75-88ae1da68f51} - E:\AutoRun.exe
MountPoints2: {9945d44f-34a5-11e1-ab75-88ae1da68f51} - E:\AutoRun.exe
MountPoints2: {a69ed11b-baf7-11e1-af5a-88ae1da68f51} - E:\AutoRun.exe
MountPoints2: {ea891407-bfa3-11e1-b5d5-001e101f4da1} - E:\AutoRun.exe
MountPoints2: {ea891413-bfa3-11e1-b5d5-001e101f4da1} - E:\AutoRun.exe
MountPoints2: {f5584791-bc37-11e1-b9f4-001e101f21c1} - E:\AutoRun.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-29] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [Panda Software Controller Client] - C:\Program Files (x86)\Panda Security\WAC\PSCtrlC.exe [140096 2010-09-21] (Panda Security)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768 2011-04-21] (Avira GmbH)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\administrator\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=travelmate_5735&r=27060711i255l0424z205z47727208
BHO-x32: ICQ Sparberater - {5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Winsock: Catalog9 01 C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll [177408] (Panda Software International)
Winsock: Catalog9 02 C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll [177408] (Panda Software International)
Winsock: Catalog9 03 C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll [177408] (Panda Software International)
Winsock: Catalog9 04 C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll [177408] (Panda Software International)
Winsock: Catalog9 05 C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll [177408] (Panda Software International)
Winsock: Catalog9 06 C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll [177408] (Panda Software International)
Winsock: Catalog9 17 C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll [177408] (Panda Software International)
Winsock: Catalog9-x64 01 C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll [214272] (Panda Software International)
Winsock: Catalog9-x64 02 C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll [214272] (Panda Software International)
Winsock: Catalog9-x64 03 C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll [214272] (Panda Software International)
Winsock: Catalog9-x64 04 C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll [214272] (Panda Software International)
Winsock: Catalog9-x64 05 C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll [214272] (Panda Software International)
Winsock: Catalog9-x64 06 C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll [214272] (Panda Software International)
Winsock: Catalog9-x64 17 C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll [214272] (Panda Software International)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3780EE48-8D8F-4C73-8B47-768A7EBC9B41}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{6A8F810A-07B3-4A3D-80F6-80A3027F388B}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{8B57599B-3E9D-478E-80F3-7EEFAA575832}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{91C82029-97EB-4AF4-9117-AF9D52E9E8F3}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{B0A07531-D666-4CC5-84E4-AF1DD9D60C68}: [NameServer]193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{BA6BFD33-DBAA-4D6F-B1B5-0F5856F99056}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{EFF27564-5BC9-4F04-87D8-35ECEC91B91A}: [NameServer]193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\Martin Welsch\AppData\Roaming\Mozilla\Firefox\Profiles\dw5mg94u.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @gametree.co.kr/GTL - C:\ProgramData\Gametree\GTL\npGTL.dll (NtreevSoft)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @spaceinter.com/EZKeytecPlugin - C:\Program Files (x86)\Space International\Easykeytec v2.0\npEZKeytecPlugin.dll (Space International, Inc. )
FF Plugin-x32: @spaceinter.com/EZKeytecPlugins - C:\Program Files (x86)\Space International\Easykeytec v2.0\npEZKeytecPlugins.dll (Space International, Inc. )
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Users\Martin Welsch\AppData\Roaming\Mozilla\Firefox\Profiles\dw5mg94u.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Martin Welsch\AppData\Roaming\Mozilla\Firefox\Profiles\dw5mg94u.default\Extensions\plugin@starstable.com
FF Extension: ciuvo-extension - C:\Users\Martin Welsch\AppData\Roaming\Mozilla\Firefox\Profiles\dw5mg94u.default\Extensions\ciuvo-extension@icq.de.xpi

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-08] (Akamai Technologies, Inc.)
R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [342984 2011-09-13] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360 2011-04-21] (Avira GmbH)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480 2011-10-24] (Avira GmbH)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2012-01-01] ()
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 Panda Software Controller; C:\Program Files (x86)\Panda Security\WAC\PsCtrlS.exe [342344 2011-05-17] (Panda Security)
R2 PavAt3Scheduler; C:\Program Files (x86)\Panda Security\WaAgent\Scheduler\PavSched.exe [140544 2011-06-27] (Panda Security)
S3 PavFnSvr; C:\Program Files (x86)\Panda Security\WAC\pavFnSvr.exe [152896 2010-08-06] (Panda Security, S.L.)
S2 PavSrv; C:\Program Files (x86)\Panda Security\WAC\pavsrvx86.exe [313152 2010-07-14] (Panda Security, S.L.)
R2 PavWASLpMng; C:\Program Files (x86)\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe [314696 2011-06-10] (Panda Security)
S3 PSHost; C:\Program Files (x86)\Panda Security\WAC\PSHost.exe [226560 2009-11-26] (Panda Security International)
R2 PSImSvc; C:\Program Files (x86)\Panda Security\WAC\PSIMSVC.EXE [107328 2010-06-25] (Panda Security S.L.)
R2 PskSvc; C:\Program Files (x86)\Panda Security\WAC\psksvc.exe [27968 2010-08-16] (Panda Software International)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 WASAgent; C:\Program Files (x86)\Panda Security\WaAgent\WasAgent\WasAgent.exe [322376 2011-05-31] (Panda Security)
R2 WASWD; C:\Program Files (x86)\Panda Security\WaAgent\WasWD\WasWD.exe [206664 2011-05-31] (Panda Security)

==================== Drivers (Whitelisted) ====================

R2 AmFSM; C:\Windows\System32\DRIVERS\amm6460.sys [70216 2011-03-07] (Panda Security, S.L.)
R2 APPFLT; C:\Windows\system32\Drivers\APPFLT64.SYS [129096 2011-01-31] (Panda Security, S.L.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2011-10-16] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-10-24] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-10-24] (Avira GmbH)
R2 DSAFLT; C:\Windows\system32\Drivers\DSAFLT64.SYS [82952 2009-09-25] (Panda Security, S.L.)
R2 FNETMON; C:\Windows\system32\Drivers\fnetm64.SYS [31752 2009-09-25] (Panda Security, S.L.)
R2 IDSFLT; C:\Windows\system32\Drivers\IDSFLT64.SYS [78920 2010-09-09] (Panda Security, S.L.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2011-10-16] ()
R2 NETFLTDI; C:\Windows\system32\Drivers\NETTDI64.SYS [170504 2009-09-25] (Panda Security, S.L.)
R3 NETIMFLT01060044; C:\Windows\System32\DRIVERS\n64i1644.sys [216648 2010-09-30] (Panda Security, S.L.)
R2 nsfim; C:\Windows\system32\Drivers\NSFIM64.SYS [74312 2010-10-19] (Panda Security, S.L.)
S3 WacomVKHid; system32\DRIVERS\WacomVKHid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-02 14:40 - 2013-09-02 14:40 - 00001191 _____ C:\Users\Martin Welsch\Desktop\JRT.txt
2013-09-02 14:33 - 2013-09-02 14:33 - 01951950 _____ (Farbar) C:\Users\Martin Welsch\Downloads\FRST64.exe
2013-09-02 14:32 - 2013-09-02 14:32 - 00000000 ____D C:\Windows\ERUNT
2013-09-02 14:31 - 2013-09-02 14:31 - 01028757 _____ (Thisisu) C:\Users\Martin Welsch\Downloads\JRT.exe
2013-09-02 14:17 - 2013-09-02 14:20 - 00000000 ____D C:\AdwCleaner
2013-09-02 14:17 - 2013-09-02 14:17 - 01037134 _____ C:\Users\Martin Welsch\Downloads\adwcleaner.exe
2013-09-02 14:03 - 2013-09-02 14:03 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\Malwarebytes
2013-09-02 14:03 - 2013-09-02 14:03 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\Malwarebytes
2013-09-02 14:02 - 2013-09-02 14:02 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-02 14:02 - 2013-09-02 14:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-02 14:02 - 2013-09-02 14:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-02 14:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-02 14:01 - 2013-09-02 14:01 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Martin Welsch\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-02 05:49 - 2013-09-02 05:49 - 00000000 ____D C:\FRST
2013-09-01 23:38 - 2013-09-02 00:19 - 63307297 _____ C:\Users\Martin Welsch\Downloads\S.B.H.N.S1.2008.ISO-TEL.rar
2013-08-28 03:21 - 2013-08-28 03:21 - 00000000 __SHD C:\found.001
2013-08-25 12:46 - 2013-08-25 16:09 - 00000000 ____D C:\Users\Martin Welsch\Documents\Schule - GSS
2013-08-25 12:46 - 2013-08-25 16:09 - 00000000 ____D C:\Users\Martin Welsch\Documents\Schule - GSS
2013-08-18 00:04 - 2013-08-18 00:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 06:24 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 06:24 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 06:24 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 06:24 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 06:24 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 06:24 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 06:24 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 06:24 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 06:24 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 06:24 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 06:24 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 06:24 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 03:20 - 2013-08-15 03:20 - 00000000 ____D C:\151dfda74b29c59ca4a56a3c9a5a
2013-08-14 22:45 - 2013-08-01 23:58 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Im Bann des Zyklopen
2013-08-14 22:45 - 2013-08-01 23:46 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Percy Jackson, Band 4_ Percy Jackson - D (66)
2013-08-14 22:45 - 2013-08-01 23:46 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Percy Jackson Bd. 5 Die letzte Gottin (67)
2013-08-14 22:45 - 2013-08-01 23:43 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Diebe im Olymp
2013-08-14 22:45 - 2013-08-01 23:43 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Der Fluch des Titanen
2013-08-14 18:45 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 18:45 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 18:45 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 18:45 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 18:45 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 18:45 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 18:45 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 18:45 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 18:45 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 18:45 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 18:45 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 18:45 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 18:45 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 18:45 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 18:45 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 18:45 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 18:45 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 18:45 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 18:45 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 18:45 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 18:45 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 18:45 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 18:45 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 18:45 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 18:45 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 18:45 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 18:44 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-13 22:52 - 2013-08-13 22:57 - 15253270 _____ C:\Users\Martin Welsch\Downloads\Alles.rar
2013-08-13 00:33 - 2013-08-13 00:33 - 00800336 _____ C:\Windows\Minidump\081313-17940-01.dmp
2013-08-12 10:46 - 2013-08-15 03:19 - 00000000 ____D C:\Windows\system32\MRT
2013-08-11 23:12 - 2013-08-18 01:06 - 00232448 _____ C:\Users\Martin Welsch\Downloads\sai.ssd
2013-08-11 23:12 - 2013-08-18 00:43 - 00000320 _____ C:\Users\Martin Welsch\Downloads\sysinfo.txt
2013-08-11 23:12 - 2013-08-11 23:12 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\SYSTEMAX Software Development
2013-08-11 23:12 - 2013-08-11 23:12 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\SYSTEMAX Software Development
2013-08-11 23:12 - 2013-08-11 23:12 - 00000000 ____D C:\ProgramData\SYSTEMAX Software Development
2013-08-11 23:12 - 2011-01-05 21:52 - 00000000 ____D C:\Users\Martin Welsch\Downloads\toolnrm
2013-08-11 23:12 - 2010-05-07 19:57 - 00000621 _____ C:\Users\Martin Welsch\Downloads\brushform.conf
2013-08-11 23:12 - 2010-05-07 19:57 - 00000103 _____ C:\Users\Martin Welsch\Downloads\papertex.conf
2013-08-11 23:12 - 2010-05-07 19:57 - 00000045 _____ C:\Users\Martin Welsch\Downloads\brushtex.conf
2013-08-11 23:12 - 2009-11-18 14:58 - 00120520 _____ C:\Users\Martin Welsch\Downloads\language_DE.conf
2013-08-11 23:12 - 2009-11-18 14:58 - 00120520 _____ C:\Users\Martin Welsch\Downloads\language.conf
2013-08-11 23:12 - 2009-04-20 12:18 - 00051597 _____ C:\Users\Martin Welsch\Downloads\uninstall.exe
2013-08-11 23:12 - 2009-04-20 12:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\toolink
2013-08-11 23:12 - 2009-04-20 12:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\papertex
2013-08-11 23:12 - 2009-04-20 12:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\elemap
2013-08-11 23:12 - 2009-04-20 12:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\do-it-yourself
2013-08-11 23:12 - 2009-04-20 12:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\brushtex
2013-08-11 23:12 - 2008-12-30 16:35 - 00111758 _____ C:\Users\Martin Welsch\Downloads\language_EN.conf
2013-08-11 23:12 - 2008-12-30 16:24 - 00001227 _____ C:\Users\Martin Welsch\Downloads\presetcvsize.conf
2013-08-11 23:12 - 2008-12-25 02:01 - 00005606 _____ C:\Users\Martin Welsch\Downloads\misc.ini
2013-08-11 23:12 - 2008-12-24 22:33 - 00008204 _____ C:\Users\Martin Welsch\Downloads\history.txt
2013-08-11 23:12 - 2008-12-24 22:29 - 00362951 _____ C:\Users\Martin Welsch\Downloads\help.chm
2013-08-11 23:12 - 2008-04-10 09:42 - 00045568 _____ C:\Users\Martin Welsch\Downloads\start-sai.exe
2013-08-11 23:12 - 2008-03-14 21:08 - 01626112 _____ C:\Users\Martin Welsch\Downloads\sai.exe
2013-08-11 23:12 - 2008-03-01 11:28 - 00622592 _____ C:\Users\Martin Welsch\Downloads\sfl.dll
2013-08-11 23:11 - 2009-04-20 12:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\blotmap
2013-08-11 23:08 - 2013-08-11 23:09 - 02633921 _____ C:\Users\Martin Welsch\Downloads\PaintToolSAI.zip
2013-08-11 13:43 - 2013-08-11 13:43 - 00754894 _____ C:\Users\Martin Welsch\Downloads\psd_10_purple_and_brown_by_seolilihyun-d6hhjp7.psd
2013-08-11 13:42 - 2013-08-11 13:42 - 00704050 _____ C:\Users\Martin Welsch\Downloads\psd_3_green_and_yellow_by_seolilihyun-d64rhse.psd
2013-08-11 13:41 - 2013-08-11 13:42 - 00772008 _____ C:\Users\Martin Welsch\Downloads\psd_8_red_and_orange_by_seolilihyun-d699jx5.psd
2013-08-11 13:41 - 2013-08-11 13:42 - 00675848 _____ C:\Users\Martin Welsch\Downloads\psd_9_brown_and_blue_by_seolilihyun-d6bwlym.psd
2013-08-09 23:05 - 2013-08-09 23:06 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Neuer Ordner
2013-08-09 22:51 - 2013-08-09 23:53 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Macklemore and Ryan Lewis - The Heist (2012)
2013-08-09 21:38 - 2009-08-14 20:59 - 00619868 _____ C:\Users\Martin Welsch\Downloads\horses.csh
2013-08-09 21:38 - 2009-08-14 20:51 - 01297909 _____ C:\Users\Martin Welsch\Downloads\vector-horses-silhouettes.ai
2013-08-09 21:38 - 2009-04-30 20:11 - 00000117 _____ C:\Users\Martin Welsch\Downloads\All-Silhouettes.com.url
2013-08-09 21:38 - 2008-07-29 10:08 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Vector - Horse Silhouettes by DragonArt
2013-08-09 21:33 - 2013-08-09 21:34 - 04529490 _____ C:\Users\Martin Welsch\Downloads\Vector_-_Horse_Silhouettes_by_DragonArt.zip
2013-08-09 21:33 - 2013-08-09 21:33 - 00956623 _____ C:\Users\Martin Welsch\Downloads\horses.zip

==================== One Month Modified Files and Folders =======

2013-09-02 14:40 - 2013-09-02 14:40 - 00001191 _____ C:\Users\Martin Welsch\Desktop\JRT.txt
2013-09-02 14:40 - 2013-09-02 14:40 - 00001191 _____ C:\Users\Martin Welsch\Desktop\JRT.txt
2013-09-02 14:33 - 2013-09-02 14:33 - 01951950 _____ (Farbar) C:\Users\Martin Welsch\Downloads\FRST64.exe
2013-09-02 14:32 - 2013-09-02 14:32 - 00000000 ____D C:\Windows\ERUNT
2013-09-02 14:31 - 2013-09-02 14:31 - 01028757 _____ (Thisisu) C:\Users\Martin Welsch\Downloads\JRT.exe
2013-09-02 14:29 - 2009-07-14 06:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-02 14:29 - 2009-07-14 06:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-02 14:25 - 2010-09-24 07:42 - 01394131 _____ C:\Windows\WindowsUpdate.log
2013-09-02 14:22 - 2013-01-17 20:23 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-09-02 14:22 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-02 14:22 - 2009-07-14 06:51 - 00244599 _____ C:\Windows\setupact.log
2013-09-02 14:20 - 2013-09-02 14:17 - 00000000 ____D C:\AdwCleaner
2013-09-02 14:20 - 2011-08-04 18:36 - 00000000 ____D C:\ProgramData\ICQ
2013-09-02 14:17 - 2013-09-02 14:17 - 01037134 _____ C:\Users\Martin Welsch\Downloads\adwcleaner.exe
2013-09-02 14:15 - 2013-02-20 17:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-02 14:03 - 2013-09-02 14:03 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\Malwarebytes
2013-09-02 14:03 - 2013-09-02 14:03 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\Malwarebytes
2013-09-02 14:02 - 2013-09-02 14:02 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-02 14:02 - 2013-09-02 14:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-02 14:02 - 2013-09-02 14:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-02 14:01 - 2013-09-02 14:01 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Martin Welsch\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-02 13:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2013-09-02 07:38 - 2012-09-23 18:52 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\Skype
2013-09-02 07:38 - 2012-09-23 18:52 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\Skype
2013-09-02 07:20 - 2011-07-26 11:53 - 00000152 _____ C:\Windows\system32\Drivers\etc\NetLoc.wlt
2013-09-02 05:49 - 2013-09-02 05:49 - 00000000 ____D C:\FRST
2013-09-02 00:19 - 2013-09-01 23:38 - 63307297 _____ C:\Users\Martin Welsch\Downloads\S.B.H.N.S1.2008.ISO-TEL.rar
2013-09-01 11:48 - 2011-07-26 11:53 - 00000136 _____ C:\Windows\system32\Drivers\etc\NetAdapt.cfg
2013-08-30 13:28 - 2011-08-05 18:17 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\ICQ
2013-08-30 13:28 - 2011-08-05 18:17 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\ICQ
2013-08-28 03:23 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-28 03:21 - 2013-08-28 03:21 - 00000000 __SHD C:\found.001
2013-08-25 16:09 - 2013-08-25 12:46 - 00000000 ____D C:\Users\Martin Welsch\Documents\Schule - GSS
2013-08-25 16:09 - 2013-08-25 12:46 - 00000000 ____D C:\Users\Martin Welsch\Documents\Schule - GSS
2013-08-24 00:25 - 2010-09-24 17:33 - 00656294 _____ C:\Windows\system32\perfh007.dat
2013-08-24 00:25 - 2010-09-24 17:33 - 00130894 _____ C:\Windows\system32\perfc007.dat
2013-08-24 00:25 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-22 21:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-19 21:03 - 2012-10-17 14:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-19 21:03 - 2010-09-07 08:20 - 00010706 _____ C:\Windows\PFRO.log
2013-08-19 00:07 - 2013-07-08 14:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-08-18 01:06 - 2013-08-11 23:12 - 00232448 _____ C:\Users\Martin Welsch\Downloads\sai.ssd
2013-08-18 00:43 - 2013-08-11 23:12 - 00000320 _____ C:\Users\Martin Welsch\Downloads\sysinfo.txt
2013-08-18 00:04 - 2013-08-18 00:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 03:20 - 2013-08-15 03:20 - 00000000 ____D C:\151dfda74b29c59ca4a56a3c9a5a
2013-08-15 03:19 - 2013-08-12 10:46 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 03:09 - 2012-11-07 13:32 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 02:36 - 2013-08-01 16:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\tumblr
2013-08-14 22:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-13 22:57 - 2013-08-13 22:52 - 15253270 _____ C:\Users\Martin Welsch\Downloads\Alles.rar
2013-08-13 00:33 - 2013-08-13 00:33 - 00800336 _____ C:\Windows\Minidump\081313-17940-01.dmp
2013-08-13 00:33 - 2012-07-04 19:17 - 256433944 _____ C:\Windows\MEMORY.DMP
2013-08-13 00:33 - 2012-07-04 19:17 - 00000000 ____D C:\Windows\Minidump
2013-08-11 23:12 - 2013-08-11 23:12 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\SYSTEMAX Software Development
2013-08-11 23:12 - 2013-08-11 23:12 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\SYSTEMAX Software Development
2013-08-11 23:12 - 2013-08-11 23:12 - 00000000 ____D C:\ProgramData\SYSTEMAX Software Development
2013-08-11 23:09 - 2013-08-11 23:08 - 02633921 _____ C:\Users\Martin Welsch\Downloads\PaintToolSAI.zip
2013-08-11 13:43 - 2013-08-11 13:43 - 00754894 _____ C:\Users\Martin Welsch\Downloads\psd_10_purple_and_brown_by_seolilihyun-d6hhjp7.psd
2013-08-11 13:42 - 2013-08-11 13:42 - 00704050 _____ C:\Users\Martin Welsch\Downloads\psd_3_green_and_yellow_by_seolilihyun-d64rhse.psd
2013-08-11 13:42 - 2013-08-11 13:41 - 00772008 _____ C:\Users\Martin Welsch\Downloads\psd_8_red_and_orange_by_seolilihyun-d699jx5.psd
2013-08-11 13:42 - 2013-08-11 13:41 - 00675848 _____ C:\Users\Martin Welsch\Downloads\psd_9_brown_and_blue_by_seolilihyun-d6bwlym.psd
2013-08-10 10:07 - 2009-07-14 06:45 - 00403696 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-09 23:53 - 2013-08-09 22:51 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Macklemore and Ryan Lewis - The Heist (2012)
2013-08-09 23:19 - 2011-07-26 17:14 - 00103808 _____ C:\Users\MARTIN~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-09 23:19 - 2011-07-26 17:14 - 00103808 _____ C:\Users\Martin Welsch\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-09 23:06 - 2013-08-09 23:05 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Neuer Ordner
2013-08-09 21:51 - 2013-02-25 14:34 - 00000000 ____D C:\Users\Martin Welsch\Documents\Adobe Photoshop CS6 Extended Portable
2013-08-09 21:51 - 2013-02-25 14:34 - 00000000 ____D C:\Users\Martin Welsch\Documents\Adobe Photoshop CS6 Extended Portable
2013-08-09 21:34 - 2013-08-09 21:33 - 04529490 _____ C:\Users\Martin Welsch\Downloads\Vector_-_Horse_Silhouettes_by_DragonArt.zip
2013-08-09 21:33 - 2013-08-09 21:33 - 00956623 _____ C:\Users\Martin Welsch\Downloads\horses.zip

Files to move or delete:
====================
C:\Users\MARTIN~1\AppData\Local\Temp\Quarantine.exe
C:\Users\MARTIN~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\Martin Welsch\AppData\Local\Temp\Quarantine.exe
C:\Users\Martin Welsch\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-01 10:16

==================== End Of Log ============================
         
Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-09-2013 04
Ran by Heidi at 2013-09-02 14:49:34
Running from C:\Users\Martin Welsch\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Abenteuer auf dem Reiterhof 6 (x32 Version: 1.00)
Acer Backup Manager (x32 Version: 2.0.1.68)
Acer Crystal Eye webcam Ver:1.1.192.810 (x32 Version: 1.1.192.810)
Acer ePower Management (x32 Version: 5.00.3005)
Acer eRecovery Management (x32 Version: 4.05.3013)
Acer Registration (x32 Version: 1.03.3003)
Acer ScreenSaver (x32 Version: 1.1.0826.2010)
Acer Updater (x32 Version: 1.02.3001)
Acer VCM (x32 Version: 4.05.3002)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 1.5.0.7220)
Adobe Flash Player 10 ActiveX (x32 Version: 10.1.82.76)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Akamai NetSession Interface (x32)
ALDI TALK Verbindungsassistent (x32 Version: ALDI TALK 4.0)
Amazon Kindle (HKCU)
Amazon MP3-Downloader 1.0.17 (x32 Version: 1.0.17)
Anno 1701 (x32 Version: 1.00)
Apple Application Support (x32 Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (x32 Version: 2.1.3.127)
Avira AntiVir Personal - Free Antivirus (x32 Version: 10.2.0.2100)
Backup Manager Advance (x32 Version: 2.0.1.68)
Bamboo (Version: 5.2.5-5)
Bonjour (Version: 3.0.0.10)
Broadcom Gigabit NetLink Controller (Version: 14.0.2.3)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6514.5001)
EasyKeytec (Å°º¸µå º¸¾È ÇÁ·Î±×·¥) (x32)
eSobi v2 (x32 Version: 2.0.4.000274)
GameSpy Arcade (x32)
Gametree Launcher (x32 Version: 3.0.9.0)
ICQ Sparberater (x32 Version: 1.0.601)
ICQ7.5 (x32 Version: 7.5)
Identity Card (x32 Version: 1.00.3003)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1892)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.2.1001)
InterVideo WinDVD 8 (x32 Version: 8.5.10.76)
iTunes (Version: 11.0.1.12)
Java Auto Updater (x32 Version: 2.0.5.1)
Java(TM) 6 Update 26 (x32 Version: 6.0.260)
Junk Mail filter update (x32 Version: 14.0.8117.416)
Launch Manager (x32 Version: 4.0.14)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office Small Business Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Silverlight (x32 Version: 4.0.50401.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mission Schatztaucher deinstallieren (x32 Version: Mission Schatztaucher)
Mobile Partner (x32 Version: 21.005.15.00.705)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Norton Online Backup (x32 Version: 2.1.17869)
NTI Media Maker 9 (x32 Version: 9.0.2.8928)
Panda Endpoint Agent (x32 Version: 5.50.00.0001)
Panda Endpoint Protection (x32 Version: 5.50.00.0000)
Pferdesport Manager (x32)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6151)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30121)
Skype™ 5.10 (x32 Version: 5.10.116)
Topaz Adjust 5 (64-bit) (x32 Version: 5.0.0)
Topaz Adjust 5 (x32 Version: 5.0.0)
Topaz B&W Effects (64-bit) (Version: 1.1.0)
Topaz B&W Effects (64-bit) (x32 Version: 1.1.0)
Topaz B&W Effects (x32 Version: 1.1.0)
Topaz Clean 3 (64-bit) (Version: 3.0.2)
Topaz Clean 3 (64-bit) (x32 Version: 3.0.2)
Topaz Clean 3 (x32 Version: 3.0.2)
Topaz DeJpeg 4 (64-bit) (Version: 4.0.2)
Topaz DeJpeg 4 (64-bit) (x32 Version: 4.0.2)
Topaz DeJpeg 4 (x32 Version: 4.0.2)
Topaz DeNoise 5 (64-bit) (Version: 5.0.1)
Topaz DeNoise 5 (64-bit) (x32 Version: 5.0.1)
Topaz DeNoise 5 (x32 Version: 5.0.1)
Topaz Detail 2 (64-bit) (Version: 2.0.5)
Topaz Detail 2 (64-bit) (x32 Version: 2.0.5)
Topaz Detail 2 (x32 Version: 2.0.5)
Topaz Fusion Express 2 (64-bit) (Version: 2.1.1)
Topaz Fusion Express 2 (64-bit) (x32 Version: 2.1.1)
Topaz Fusion Express 2 (x32 Version: 2.1.1)
Topaz InFocus (64-bit) (Version: 1.0.0)
Topaz InFocus (64-bit) (x32 Version: 1.0.0)
Topaz InFocus (x32 Version: 1.0.0)
Topaz Lens Effects (64-bit) (Version: 1.1.0)
Topaz Lens Effects (64-bit) (x32 Version: 1.1.0)
Topaz Lens Effects (x32 Version: 1.1.0)
Topaz ReMask 3 (64-bit) (Version: 3.2.1)
Topaz ReMask 3 (64-bit) (x32 Version: 3.2.1)
Topaz ReMask 3 (x32 Version: 3.2.1)
Topaz Simplify 3 (64-bit) (Version: 3.0.2)
Topaz Simplify 3 (64-bit) (x32 Version: 3.0.2)
Topaz Simplify 3 (x32 Version: 3.0.2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
VLC media player 1.1.11 (x32 Version: 1.1.11)
Ware PS/2-x64 7.0.6.5_WHQL (Version: 7.0.6.5)
WebTablet FB Plugin (x32 Version: 2.0.0.1)
WebTablet IE Plugin (x32 Version: 1.1.0.12)
WebTablet Netscape Plugin (x32 Version: 1.1.0.10)
Welcome Center (x32 Version: 1.02.3004)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8117.0416)
Windows Live Communications Platform (x32 Version: 14.0.8117.416)
Windows Live Essentials (x32 Version: 14.0.8117.0416)
Windows Live Essentials (x32 Version: 14.0.8117.416)
Windows Live Fotogalerie (x32 Version: 14.0.8117.416)
Windows Live Mail (x32 Version: 14.0.8117.0416)
Windows Live Messenger (x32 Version: 14.0.8117.0416)
Windows Live Movie Maker (x32 Version: 14.0.8117.0416)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live Writer (x32 Version: 14.0.8117.0416)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
WinRAR 4.01 (32-Bit) (x32 Version: 4.01.0)
Zoo Tycoon 2 - Ultimate Collection (x32 Version: 1.00.0000)

==================== Restore Points  =========================

06-08-2013 16:15:15 Windows Update
12-08-2013 08:45:19 Windows Update
15-08-2013 01:01:20 Windows Update
15-08-2013 04:15:34 Windows Update
20-08-2013 20:46:34 Windows Update
27-08-2013 09:55:52 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => start w32time task_started
Task: {073D4106-495A-445E-B755-97ED4C4FA26C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0C5D7B0B-B77F-4443-9AE0-76A84C71245B} - System32\Tasks\{437EE0F2-31D3-424E-96E5-408DE048720E} => C:\Program Files (x86)\Pferdesport Manager\GameHR.exe [2005-02-25] ()
Task: {2EAFA540-A3E8-4B2B-BFC9-49EF2DCA102C} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {37830AEE-B386-4DBF-8AFE-CD48966425F8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {611EC358-F416-49F7-B168-E1F0492B0648} - System32\Tasks\{BF374098-9A93-40E4-9A33-172CD897607B} => C:\Program Files (x86)\Anno 1701\Anno1701.exe [2006-10-05] (Related Designs Software GmbH)
Task: {635C1F0F-1F0B-46EF-95A0-03A1B45A8826} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {95730BC3-79A0-493C-9351-ADDF98439D61} - System32\Tasks\{3EE1580F-7C22-4E7B-90E5-A0035DB6F70B} => D:\Support\DrvSetup.exe No File
Task: {9D1E4D9B-3A03-4514-B0EB-D004C92131F9} - System32\Tasks\{DA0E3DC4-C2AE-4ECA-8A45-4093DA63ED2B} => c:\program files (x86)\mozilla firefox\firefox.exe [2013-08-18] (Mozilla Corporation)
Task: {9F361BD6-1E3B-40D1-B73A-7E81C1E0BCEF} - System32\Tasks\{FB644C01-26BD-44D8-B04E-517C3F66A62A} => C:\Users\Martin Welsch\AppData\Local\Amazon\Kindle\application\Kindle.exe [2012-09-24] (Amazon.com)
Task: {A05EF9E0-357E-46FA-99B2-2E5B5ACB09D0} - System32\Tasks\{B7D48EC3-E1F4-4152-8BF2-5CBC94C4460E} => C:\Program Files (x86)\Anno 1701\Anno1701.exe [2006-10-05] (Related Designs Software GmbH)
Task: {BAF3399D-8BF5-478D-86B6-35DAFA9C7E31} - System32\Tasks\{6A59E5D4-2292-4383-8FCC-177E79736611} => C:\Users\Martin Welsch\AppData\Local\Amazon\Kindle\application\Kindle.exe [2012-09-24] (Amazon.com)
Task: {C294F736-195D-49A9-859C-3AAC75C34A2F} - System32\Tasks\{44115DE8-04A9-4BBA-8189-934AF24B04FE} => D:\Support\DrvSetup.exe No File
Task: {C94B76BE-5E18-495F-9D0A-0E3EC7115485} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-14] (Adobe Systems Incorporated)
Task: {DED239F8-05F3-46C0-8D9B-C5BBC6AA924C} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2010-06-24] (Acer)
Task: {EE1E0E03-7381-418A-964A-077E4F5EBB50} - System32\Tasks\{BE7402C2-AE02-458B-B8FF-014CE22CF8F2} => c:\program files (x86)\mozilla firefox\firefox.exe [2013-08-18] (Mozilla Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2010-09-24 07:52 - 2010-06-11 14:28 - 00271904 _____ (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\SysHook.dll
2010-09-07 08:51 - 2009-09-02 05:42 - 03799040 _____ (Intel Corporation) C:\Windows\system32\igd10umd64.dll
2012-10-15 15:17 - 2011-09-08 17:48 - 01183096 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2012-10-14 21:48 - 2011-09-08 17:48 - 01665400 _____ (Wacom Technology, Corp.) C:\Windows\system32\Pen_Tablet.dll
2009-07-14 01:40 - 2009-07-14 03:41 - 00048128 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\MAGNIFICATION.dll
2009-07-14 02:01 - 2009-07-14 03:41 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\tabbtn.dll
2009-07-14 02:01 - 2009-07-14 03:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\TabBtnEx.dll
2009-07-14 02:01 - 2009-07-14 03:41 - 03047424 _____ (Microsoft Corporation) C:\Windows\system32\uihub.dll
2012-10-13 12:33 - 2010-11-20 15:27 - 00101376 _____ (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\tpcps.dll
2012-10-13 12:35 - 2010-11-20 15:27 - 01246720 _____ (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll
2009-07-14 02:02 - 2009-07-14 03:33 - 00544768 _____ (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll
2009-07-14 02:02 - 2009-07-14 03:41 - 02103296 _____ (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InkObj.dll
2009-07-14 02:01 - 2009-07-14 03:41 - 00169984 _____ (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\rtscom.dll
2009-07-14 02:02 - 2009-07-14 03:41 - 00049664 _____ (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\mshwgst.dll
2010-09-07 08:51 - 2009-09-02 05:21 - 00108544 _____ (Intel Corporation) C:\Windows\System32\hccutils.DLL
2010-09-07 08:51 - 2009-09-02 05:22 - 00055808 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2010-09-07 08:51 - 2009-09-02 05:24 - 00305664 _____ (Intel Corporation) C:\Windows\system32\igfxrDEU.lrc
2010-09-07 08:51 - 2009-09-02 05:21 - 05694976 _____ (Intel Corporation) C:\Windows\System32\igfxress.dll
2010-09-07 08:51 - 2009-09-02 05:21 - 00259584 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2010-09-07 08:51 - 2010-02-03 08:02 - 00353672 _____ (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDFavorite.dll
2010-09-07 08:51 - 2010-04-13 09:35 - 00390536 _____ (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDApix.dll
2010-09-07 08:51 - 2010-04-13 09:30 - 00310664 _____ (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCmds.dll
2010-09-24 07:52 - 2010-06-11 14:28 - 00219168 _____ (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\BrightnessControl.dll
2010-09-24 07:52 - 2010-06-11 14:28 - 00218144 _____ (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\PowerSettingControl.dll
2010-09-24 07:52 - 2010-06-11 14:28 - 00218144 _____ (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\NetAdapterControl.dll
2010-09-24 07:52 - 2010-06-11 14:28 - 00217120 _____ (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\CommonControl.dll
2010-09-07 08:51 - 2009-09-02 05:22 - 00027648 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2010-09-07 08:51 - 2010-08-10 10:39 - 00460368 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDUtl.dll
2009-07-14 02:03 - 2009-07-14 03:41 - 01071616 _____ (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\mshwLatin.dll
2012-10-13 12:34 - 2010-11-20 15:27 - 01435648 _____ (Microsoft Corporation) C:\Windows\System32\Speech\Common\sapi.dll
2010-04-30 08:55 - 2010-04-30 08:55 - 00214272 _____ (Panda Software International) C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll
2011-01-28 12:03 - 2011-01-28 12:03 - 00194880 _____ (Panda Security International) C:\Program Files (x86)\Panda Security\WAC\PavTrc64.dll
2011-08-31 00:05 - 2011-08-31 00:05 - 00132968 _____ (Apple Inc.) C:\Program Files\Bonjour\mdnsNSP.dll

==================== Alternate Data Streams (whitelisted) ==========



==================== Faulty Device Manager Devices =============

Name: HUAWEI Mobile Connect - Bus Enumerate Device
Description: HUAWEI Mobile Connect - Bus Enumerate Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: HUAWEI Technologies CO.,LTD
Service: huawei_enumerator
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2011-10-16 18:28:32.474
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-10-16 18:28:32.459
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-10-16 18:28:32.443
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-10-16 18:28:32.428
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-10-16 18:26:14.964
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-10-16 18:26:14.964
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-10-16 18:26:14.932
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-10-16 18:26:14.917
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-10-16 18:25:59.227
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-10-16 18:25:59.211
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 75%
Total physical RAM: 1977.97 MB
Available physical RAM: 490.37 MB
Total Pagefile: 3955.95 MB
Available Pagefile: 1948.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:214.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: CAD78C25)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         


Alt 02.09.2013, 18:38   #6
schrauber
/// the machine
/// TB-Ausbilder
 

GVU-Trojaner - Standard

GVU-Trojaner




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> GVU-Trojaner

Alt 04.09.2013, 13:27   #7
Ciel
 
GVU-Trojaner - Standard

GVU-Trojaner



ESET lässt sich nicht starten: "Can't get update, proxy configured?"


Security Check:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.72  
 Windows 7 Service Pack 1 x64   
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
AntiVir Desktop             
Panda Endpoint Protection   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java(TM) 6 Update 26  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 11.8.800.94  
 Adobe Reader XI  
 Mozilla Firefox (23.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Martin Welsch Downloads esetsmartinstaller_enu.exe  
 Mobile Partner OnlineUpdate ouc.exe  
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-09-2013 04
Ran by Heidi (administrator) on MAWE-NB on 04-09-2013 14:18:56
Running from C:\Users\Martin Welsch\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Panda Software International) C:\Program Files (x86)\Panda Security\WAC\psksvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Panda Security) C:\Program Files (x86)\Panda Security\WAC\PsCtrlS.exe
(Panda Security) C:\Program Files (x86)\Panda Security\WaAgent\Scheduler\PavSched.exe
(Panda Security) C:\Program Files (x86)\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
(Panda Security S.L.) C:\Program Files (x86)\Panda Security\WAC\PSIMSVC.EXE
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Panda Security International) C:\Program Files (x86)\Panda Security\WAC\WebProxy.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Panda Security) C:\Program Files (x86)\Panda Security\WaAgent\WasAgent\WasAgent.exe
(Panda Security) C:\Program Files (x86)\Panda Security\WaAgent\WasWD\WasWD.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Panda Security) C:\Program Files (x86)\Panda Security\WAC\PsCtrlC.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(ESET) C:\Users\Martin Welsch\Downloads\esetsmartinstaller_enu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Martin Welsch\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2010-09-24] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
MountPoints2: {13a4b59a-c033-11e1-b53c-001e101f4da1} - E:\AutoRun.exe
MountPoints2: {3736f650-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f65c-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f66b-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f674-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f680-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f68c-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f698-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f6a4-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f6b0-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f6bf-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f6ce-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f6dd-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f6f0-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f702-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f714-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f726-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f73b-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f750-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f765-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f77d-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f799-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f7b4-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f7cf-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f7ed-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f80c-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f829-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f847-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f868-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f889-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f8aa-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f8cc-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f8d6-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3b347caa-b971-11e1-8f24-88ae1da68f51} - E:\AutoRun.exe
MountPoints2: {3b347cd2-b971-11e1-8f24-88ae1da68f51} - E:\.\Setup.exe AUTORUN=1
MountPoints2: {3b347ce1-b971-11e1-8f24-88ae1da68f51} - E:\AutoRun.exe
MountPoints2: {751b1904-bdd4-11e1-b915-001e101f1f81} - E:\AutoRun.exe
MountPoints2: {899d64c1-bab2-11e1-84f3-88ae1da68f51} - E:\AutoRun.exe
MountPoints2: {899d64ca-bab2-11e1-84f3-88ae1da68f51} - E:\AutoRun.exe
MountPoints2: {9945d440-34a5-11e1-ab75-88ae1da68f51} - E:\AutoRun.exe
MountPoints2: {9945d44f-34a5-11e1-ab75-88ae1da68f51} - E:\AutoRun.exe
MountPoints2: {a69ed11b-baf7-11e1-af5a-88ae1da68f51} - E:\AutoRun.exe
MountPoints2: {ea891407-bfa3-11e1-b5d5-001e101f4da1} - E:\AutoRun.exe
MountPoints2: {ea891413-bfa3-11e1-b5d5-001e101f4da1} - E:\AutoRun.exe
MountPoints2: {f5584791-bc37-11e1-b9f4-001e101f21c1} - E:\AutoRun.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-29] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [Panda Software Controller Client] - C:\Program Files (x86)\Panda Security\WAC\PSCtrlC.exe [140096 2010-09-21] (Panda Security)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768 2011-04-21] (Avira GmbH)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\administrator\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=travelmate_5735&r=27060711i255l0424z205z47727208
BHO-x32: ICQ Sparberater - {5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Winsock: Catalog9 01 C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll [177408] (Panda Software International)
Winsock: Catalog9 02 C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll [177408] (Panda Software International)
Winsock: Catalog9 03 C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll [177408] (Panda Software International)
Winsock: Catalog9 04 C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll [177408] (Panda Software International)
Winsock: Catalog9 05 C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll [177408] (Panda Software International)
Winsock: Catalog9 06 C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll [177408] (Panda Software International)
Winsock: Catalog9 17 C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll [177408] (Panda Software International)
Winsock: Catalog9-x64 01 C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll [214272] (Panda Software International)
Winsock: Catalog9-x64 02 C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll [214272] (Panda Software International)
Winsock: Catalog9-x64 03 C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll [214272] (Panda Software International)
Winsock: Catalog9-x64 04 C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll [214272] (Panda Software International)
Winsock: Catalog9-x64 05 C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll [214272] (Panda Software International)
Winsock: Catalog9-x64 06 C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll [214272] (Panda Software International)
Winsock: Catalog9-x64 17 C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll [214272] (Panda Software International)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3780EE48-8D8F-4C73-8B47-768A7EBC9B41}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{6A8F810A-07B3-4A3D-80F6-80A3027F388B}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{8B57599B-3E9D-478E-80F3-7EEFAA575832}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{91C82029-97EB-4AF4-9117-AF9D52E9E8F3}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{B0A07531-D666-4CC5-84E4-AF1DD9D60C68}: [NameServer]193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{BA6BFD33-DBAA-4D6F-B1B5-0F5856F99056}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{EFF27564-5BC9-4F04-87D8-35ECEC91B91A}: [NameServer]193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\Martin Welsch\AppData\Roaming\Mozilla\Firefox\Profiles\dw5mg94u.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @gametree.co.kr/GTL - C:\ProgramData\Gametree\GTL\npGTL.dll (NtreevSoft)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @spaceinter.com/EZKeytecPlugin - C:\Program Files (x86)\Space International\Easykeytec v2.0\npEZKeytecPlugin.dll (Space International, Inc. )
FF Plugin-x32: @spaceinter.com/EZKeytecPlugins - C:\Program Files (x86)\Space International\Easykeytec v2.0\npEZKeytecPlugins.dll (Space International, Inc. )
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Users\Martin Welsch\AppData\Roaming\Mozilla\Firefox\Profiles\dw5mg94u.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Martin Welsch\AppData\Roaming\Mozilla\Firefox\Profiles\dw5mg94u.default\Extensions\plugin@starstable.com
FF Extension: ciuvo-extension - C:\Users\Martin Welsch\AppData\Roaming\Mozilla\Firefox\Profiles\dw5mg94u.default\Extensions\ciuvo-extension@icq.de.xpi

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-08] (Akamai Technologies, Inc.)
R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [342984 2011-09-13] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360 2011-04-21] (Avira GmbH)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480 2011-10-24] (Avira GmbH)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2012-01-01] ()
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 Panda Software Controller; C:\Program Files (x86)\Panda Security\WAC\PsCtrlS.exe [342344 2011-05-17] (Panda Security)
R2 PavAt3Scheduler; C:\Program Files (x86)\Panda Security\WaAgent\Scheduler\PavSched.exe [140544 2011-06-27] (Panda Security)
S3 PavFnSvr; C:\Program Files (x86)\Panda Security\WAC\pavFnSvr.exe [152896 2010-08-06] (Panda Security, S.L.)
S2 PavSrv; C:\Program Files (x86)\Panda Security\WAC\pavsrvx86.exe [313152 2010-07-14] (Panda Security, S.L.)
R2 PavWASLpMng; C:\Program Files (x86)\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe [314696 2011-06-10] (Panda Security)
S3 PSHost; C:\Program Files (x86)\Panda Security\WAC\PSHost.exe [226560 2009-11-26] (Panda Security International)
R2 PSImSvc; C:\Program Files (x86)\Panda Security\WAC\PSIMSVC.EXE [107328 2010-06-25] (Panda Security S.L.)
R2 PskSvc; C:\Program Files (x86)\Panda Security\WAC\psksvc.exe [27968 2010-08-16] (Panda Software International)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 WASAgent; C:\Program Files (x86)\Panda Security\WaAgent\WasAgent\WasAgent.exe [322376 2011-05-31] (Panda Security)
R2 WASWD; C:\Program Files (x86)\Panda Security\WaAgent\WasWD\WasWD.exe [206664 2011-05-31] (Panda Security)

==================== Drivers (Whitelisted) ====================

R2 AmFSM; C:\Windows\System32\DRIVERS\amm6460.sys [70216 2011-03-07] (Panda Security, S.L.)
R2 APPFLT; C:\Windows\system32\Drivers\APPFLT64.SYS [129096 2011-01-31] (Panda Security, S.L.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2011-10-16] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-10-24] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-10-24] (Avira GmbH)
R2 DSAFLT; C:\Windows\system32\Drivers\DSAFLT64.SYS [82952 2009-09-25] (Panda Security, S.L.)
R2 FNETMON; C:\Windows\system32\Drivers\fnetm64.SYS [31752 2009-09-25] (Panda Security, S.L.)
R2 IDSFLT; C:\Windows\system32\Drivers\IDSFLT64.SYS [78920 2010-09-09] (Panda Security, S.L.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2011-10-16] ()
R2 NETFLTDI; C:\Windows\system32\Drivers\NETTDI64.SYS [170504 2009-09-25] (Panda Security, S.L.)
R3 NETIMFLT01060044; C:\Windows\System32\DRIVERS\n64i1644.sys [216648 2010-09-30] (Panda Security, S.L.)
R2 nsfim; C:\Windows\system32\Drivers\NSFIM64.SYS [74312 2010-10-19] (Panda Security, S.L.)
S3 WacomVKHid; system32\DRIVERS\WacomVKHid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-04 14:09 - 2013-09-04 14:09 - 02347384 _____ (ESET) C:\Users\Martin Welsch\Downloads\esetsmartinstaller_enu.exe
2013-09-04 14:09 - 2013-09-04 14:09 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-03 00:40 - 2013-09-03 00:41 - 09605522 _____ C:\Users\Martin Welsch\Downloads\Die fünziger Jahre- Die Halbstarken- Zusammenfassung (WDR).avi
2013-09-03 00:20 - 2013-09-03 00:20 - 10802302 _____ C:\Users\Martin Welsch\Downloads\Bill Haley & His Comets - Rock Around The Clock 1950.avi
2013-09-02 14:49 - 2013-09-02 14:49 - 00020806 _____ C:\Users\Martin Welsch\Downloads\Addition.txt
2013-09-02 14:40 - 2013-09-02 14:40 - 00001191 _____ C:\Users\Martin Welsch\Desktop\JRT.txt
2013-09-02 14:40 - 2013-09-02 14:40 - 00001191 _____ C:\Users\Martin Welsch\Desktop\JRT.txt
2013-09-02 14:33 - 2013-09-02 14:33 - 01951950 _____ (Farbar) C:\Users\Martin Welsch\Downloads\FRST64.exe
2013-09-02 14:32 - 2013-09-02 14:32 - 00000000 ____D C:\Windows\ERUNT
2013-09-02 14:31 - 2013-09-02 14:31 - 01028757 _____ (Thisisu) C:\Users\Martin Welsch\Downloads\JRT.exe
2013-09-02 14:17 - 2013-09-02 14:20 - 00000000 ____D C:\AdwCleaner
2013-09-02 14:17 - 2013-09-02 14:17 - 01037134 _____ C:\Users\Martin Welsch\Downloads\adwcleaner.exe
2013-09-02 14:03 - 2013-09-02 14:03 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\Malwarebytes
2013-09-02 14:03 - 2013-09-02 14:03 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\Malwarebytes
2013-09-02 14:02 - 2013-09-02 14:02 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-02 14:02 - 2013-09-02 14:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-02 14:02 - 2013-09-02 14:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-02 14:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-02 14:01 - 2013-09-02 14:01 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Martin Welsch\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-02 05:49 - 2013-09-02 05:49 - 00000000 ____D C:\FRST
2013-09-01 23:38 - 2013-09-02 00:19 - 63307297 _____ C:\Users\Martin Welsch\Downloads\S.B.H.N.S1.2008.ISO-TEL.rar
2013-08-28 03:21 - 2013-08-28 03:21 - 00000000 __SHD C:\found.001
2013-08-25 12:46 - 2013-08-25 16:09 - 00000000 ____D C:\Users\Martin Welsch\Documents\Schule - GSS
2013-08-25 12:46 - 2013-08-25 16:09 - 00000000 ____D C:\Users\Martin Welsch\Documents\Schule - GSS
2013-08-18 00:04 - 2013-08-18 00:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 06:24 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 06:24 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 06:24 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 06:24 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 06:24 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 06:24 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 06:24 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 06:24 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 06:24 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 06:24 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 06:24 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 06:24 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 03:20 - 2013-08-15 03:20 - 00000000 ____D C:\151dfda74b29c59ca4a56a3c9a5a
2013-08-14 22:45 - 2013-08-01 23:58 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Im Bann des Zyklopen
2013-08-14 22:45 - 2013-08-01 23:46 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Percy Jackson, Band 4_ Percy Jackson - D (66)
2013-08-14 22:45 - 2013-08-01 23:46 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Percy Jackson Bd. 5 Die letzte Gottin (67)
2013-08-14 22:45 - 2013-08-01 23:43 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Diebe im Olymp
2013-08-14 22:45 - 2013-08-01 23:43 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Der Fluch des Titanen
2013-08-14 18:45 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 18:45 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 18:45 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 18:45 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 18:45 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 18:45 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 18:45 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 18:45 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 18:45 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 18:45 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 18:45 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 18:45 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 18:45 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 18:45 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 18:45 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 18:45 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 18:45 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 18:45 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 18:45 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 18:45 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 18:45 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 18:45 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 18:45 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 18:45 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 18:45 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 18:45 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 18:44 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-13 22:52 - 2013-08-13 22:57 - 15253270 _____ C:\Users\Martin Welsch\Downloads\Alles.rar
2013-08-13 00:33 - 2013-08-13 00:33 - 00800336 _____ C:\Windows\Minidump\081313-17940-01.dmp
2013-08-12 10:46 - 2013-08-15 03:19 - 00000000 ____D C:\Windows\system32\MRT
2013-08-11 23:12 - 2013-08-18 01:06 - 00232448 _____ C:\Users\Martin Welsch\Downloads\sai.ssd
2013-08-11 23:12 - 2013-08-18 00:43 - 00000320 _____ C:\Users\Martin Welsch\Downloads\sysinfo.txt
2013-08-11 23:12 - 2013-08-11 23:12 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\SYSTEMAX Software Development
2013-08-11 23:12 - 2013-08-11 23:12 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\SYSTEMAX Software Development
2013-08-11 23:12 - 2013-08-11 23:12 - 00000000 ____D C:\ProgramData\SYSTEMAX Software Development
2013-08-11 23:12 - 2011-01-05 21:52 - 00000000 ____D C:\Users\Martin Welsch\Downloads\toolnrm
2013-08-11 23:12 - 2010-05-07 19:57 - 00000621 _____ C:\Users\Martin Welsch\Downloads\brushform.conf
2013-08-11 23:12 - 2010-05-07 19:57 - 00000103 _____ C:\Users\Martin Welsch\Downloads\papertex.conf
2013-08-11 23:12 - 2010-05-07 19:57 - 00000045 _____ C:\Users\Martin Welsch\Downloads\brushtex.conf
2013-08-11 23:12 - 2009-11-18 14:58 - 00120520 _____ C:\Users\Martin Welsch\Downloads\language_DE.conf
2013-08-11 23:12 - 2009-11-18 14:58 - 00120520 _____ C:\Users\Martin Welsch\Downloads\language.conf
2013-08-11 23:12 - 2009-04-20 12:18 - 00051597 _____ C:\Users\Martin Welsch\Downloads\uninstall.exe
2013-08-11 23:12 - 2009-04-20 12:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\toolink
2013-08-11 23:12 - 2009-04-20 12:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\papertex
2013-08-11 23:12 - 2009-04-20 12:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\elemap
2013-08-11 23:12 - 2009-04-20 12:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\do-it-yourself
2013-08-11 23:12 - 2009-04-20 12:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\brushtex
2013-08-11 23:12 - 2008-12-30 16:35 - 00111758 _____ C:\Users\Martin Welsch\Downloads\language_EN.conf
2013-08-11 23:12 - 2008-12-30 16:24 - 00001227 _____ C:\Users\Martin Welsch\Downloads\presetcvsize.conf
2013-08-11 23:12 - 2008-12-25 02:01 - 00005606 _____ C:\Users\Martin Welsch\Downloads\misc.ini
2013-08-11 23:12 - 2008-12-24 22:33 - 00008204 _____ C:\Users\Martin Welsch\Downloads\history.txt
2013-08-11 23:12 - 2008-12-24 22:29 - 00362951 _____ C:\Users\Martin Welsch\Downloads\help.chm
2013-08-11 23:12 - 2008-04-10 09:42 - 00045568 _____ C:\Users\Martin Welsch\Downloads\start-sai.exe
2013-08-11 23:12 - 2008-03-14 21:08 - 01626112 _____ C:\Users\Martin Welsch\Downloads\sai.exe
2013-08-11 23:12 - 2008-03-01 11:28 - 00622592 _____ C:\Users\Martin Welsch\Downloads\sfl.dll
2013-08-11 23:11 - 2009-04-20 12:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\blotmap
2013-08-11 23:08 - 2013-08-11 23:09 - 02633921 _____ C:\Users\Martin Welsch\Downloads\PaintToolSAI.zip
2013-08-11 13:43 - 2013-08-11 13:43 - 00754894 _____ C:\Users\Martin Welsch\Downloads\psd_10_purple_and_brown_by_seolilihyun-d6hhjp7.psd
2013-08-11 13:42 - 2013-08-11 13:42 - 00704050 _____ C:\Users\Martin Welsch\Downloads\psd_3_green_and_yellow_by_seolilihyun-d64rhse.psd
2013-08-11 13:41 - 2013-08-11 13:42 - 00772008 _____ C:\Users\Martin Welsch\Downloads\psd_8_red_and_orange_by_seolilihyun-d699jx5.psd
2013-08-11 13:41 - 2013-08-11 13:42 - 00675848 _____ C:\Users\Martin Welsch\Downloads\psd_9_brown_and_blue_by_seolilihyun-d6bwlym.psd
2013-08-09 23:05 - 2013-08-09 23:06 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Neuer Ordner
2013-08-09 22:51 - 2013-08-09 23:53 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Macklemore and Ryan Lewis - The Heist (2012)
2013-08-09 21:38 - 2009-08-14 20:59 - 00619868 _____ C:\Users\Martin Welsch\Downloads\horses.csh
2013-08-09 21:38 - 2009-08-14 20:51 - 01297909 _____ C:\Users\Martin Welsch\Downloads\vector-horses-silhouettes.ai
2013-08-09 21:38 - 2009-04-30 20:11 - 00000117 _____ C:\Users\Martin Welsch\Downloads\All-Silhouettes.com.url
2013-08-09 21:38 - 2008-07-29 10:08 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Vector - Horse Silhouettes by DragonArt
2013-08-09 21:33 - 2013-08-09 21:34 - 04529490 _____ C:\Users\Martin Welsch\Downloads\Vector_-_Horse_Silhouettes_by_DragonArt.zip
2013-08-09 21:33 - 2013-08-09 21:33 - 00956623 _____ C:\Users\Martin Welsch\Downloads\horses.zip

==================== One Month Modified Files and Folders =======

2013-09-04 14:15 - 2013-02-20 17:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-04 14:14 - 2013-09-04 14:14 - 00891115 _____ C:\Users\Martin Welsch\Downloads\SecurityCheck.exe
2013-09-04 14:12 - 2010-09-24 17:33 - 00656294 _____ C:\Windows\system32\perfh007.dat
2013-09-04 14:12 - 2010-09-24 17:33 - 00130894 _____ C:\Windows\system32\perfc007.dat
2013-09-04 14:12 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-04 14:09 - 2013-09-04 14:09 - 02347384 _____ (ESET) C:\Users\Martin Welsch\Downloads\esetsmartinstaller_enu.exe
2013-09-04 14:09 - 2013-09-04 14:09 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-04 11:46 - 2009-07-14 06:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-04 11:46 - 2009-07-14 06:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-04 11:42 - 2010-09-24 07:42 - 01419247 _____ C:\Windows\WindowsUpdate.log
2013-09-04 11:39 - 2013-01-17 20:23 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-09-04 11:39 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-04 11:39 - 2009-07-14 06:51 - 00244711 _____ C:\Windows\setupact.log
2013-09-04 11:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2013-09-04 07:21 - 2012-09-23 18:52 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\Skype
2013-09-04 07:21 - 2012-09-23 18:52 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\Skype
2013-09-03 00:41 - 2013-09-03 00:40 - 09605522 _____ C:\Users\Martin Welsch\Downloads\Die fünziger Jahre- Die Halbstarken- Zusammenfassung (WDR).avi
2013-09-03 00:20 - 2013-09-03 00:20 - 10802302 _____ C:\Users\Martin Welsch\Downloads\Bill Haley & His Comets - Rock Around The Clock 1950.avi
2013-09-02 14:49 - 2013-09-02 14:49 - 00020806 _____ C:\Users\Martin Welsch\Downloads\Addition.txt
2013-09-02 14:40 - 2013-09-02 14:40 - 00001191 _____ C:\Users\Martin Welsch\Desktop\JRT.txt
2013-09-02 14:40 - 2013-09-02 14:40 - 00001191 _____ C:\Users\Martin Welsch\Desktop\JRT.txt
2013-09-02 14:33 - 2013-09-02 14:33 - 01951950 _____ (Farbar) C:\Users\Martin Welsch\Downloads\FRST64.exe
2013-09-02 14:32 - 2013-09-02 14:32 - 00000000 ____D C:\Windows\ERUNT
2013-09-02 14:31 - 2013-09-02 14:31 - 01028757 _____ (Thisisu) C:\Users\Martin Welsch\Downloads\JRT.exe
2013-09-02 14:20 - 2013-09-02 14:17 - 00000000 ____D C:\AdwCleaner
2013-09-02 14:20 - 2011-08-04 18:36 - 00000000 ____D C:\ProgramData\ICQ
2013-09-02 14:17 - 2013-09-02 14:17 - 01037134 _____ C:\Users\Martin Welsch\Downloads\adwcleaner.exe
2013-09-02 14:03 - 2013-09-02 14:03 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\Malwarebytes
2013-09-02 14:03 - 2013-09-02 14:03 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\Malwarebytes
2013-09-02 14:02 - 2013-09-02 14:02 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-02 14:02 - 2013-09-02 14:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-02 14:02 - 2013-09-02 14:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-02 14:01 - 2013-09-02 14:01 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Martin Welsch\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-02 07:20 - 2011-07-26 11:53 - 00000152 _____ C:\Windows\system32\Drivers\etc\NetLoc.wlt
2013-09-02 05:49 - 2013-09-02 05:49 - 00000000 ____D C:\FRST
2013-09-02 00:19 - 2013-09-01 23:38 - 63307297 _____ C:\Users\Martin Welsch\Downloads\S.B.H.N.S1.2008.ISO-TEL.rar
2013-09-01 11:48 - 2011-07-26 11:53 - 00000136 _____ C:\Windows\system32\Drivers\etc\NetAdapt.cfg
2013-08-30 13:28 - 2011-08-05 18:17 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\ICQ
2013-08-30 13:28 - 2011-08-05 18:17 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\ICQ
2013-08-28 03:23 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-28 03:21 - 2013-08-28 03:21 - 00000000 __SHD C:\found.001
2013-08-25 16:09 - 2013-08-25 12:46 - 00000000 ____D C:\Users\Martin Welsch\Documents\Schule - GSS
2013-08-25 16:09 - 2013-08-25 12:46 - 00000000 ____D C:\Users\Martin Welsch\Documents\Schule - GSS
2013-08-22 21:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-19 21:03 - 2012-10-17 14:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-19 21:03 - 2010-09-07 08:20 - 00010706 _____ C:\Windows\PFRO.log
2013-08-19 00:07 - 2013-07-08 14:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-08-18 01:06 - 2013-08-11 23:12 - 00232448 _____ C:\Users\Martin Welsch\Downloads\sai.ssd
2013-08-18 00:43 - 2013-08-11 23:12 - 00000320 _____ C:\Users\Martin Welsch\Downloads\sysinfo.txt
2013-08-18 00:04 - 2013-08-18 00:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 03:20 - 2013-08-15 03:20 - 00000000 ____D C:\151dfda74b29c59ca4a56a3c9a5a
2013-08-15 03:19 - 2013-08-12 10:46 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 03:09 - 2012-11-07 13:32 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 02:36 - 2013-08-01 16:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\tumblr
2013-08-14 22:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-13 22:57 - 2013-08-13 22:52 - 15253270 _____ C:\Users\Martin Welsch\Downloads\Alles.rar
2013-08-13 00:33 - 2013-08-13 00:33 - 00800336 _____ C:\Windows\Minidump\081313-17940-01.dmp
2013-08-13 00:33 - 2012-07-04 19:17 - 256433944 _____ C:\Windows\MEMORY.DMP
2013-08-13 00:33 - 2012-07-04 19:17 - 00000000 ____D C:\Windows\Minidump
2013-08-11 23:12 - 2013-08-11 23:12 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\SYSTEMAX Software Development
2013-08-11 23:12 - 2013-08-11 23:12 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\SYSTEMAX Software Development
2013-08-11 23:12 - 2013-08-11 23:12 - 00000000 ____D C:\ProgramData\SYSTEMAX Software Development
2013-08-11 23:09 - 2013-08-11 23:08 - 02633921 _____ C:\Users\Martin Welsch\Downloads\PaintToolSAI.zip
2013-08-11 13:43 - 2013-08-11 13:43 - 00754894 _____ C:\Users\Martin Welsch\Downloads\psd_10_purple_and_brown_by_seolilihyun-d6hhjp7.psd
2013-08-11 13:42 - 2013-08-11 13:42 - 00704050 _____ C:\Users\Martin Welsch\Downloads\psd_3_green_and_yellow_by_seolilihyun-d64rhse.psd
2013-08-11 13:42 - 2013-08-11 13:41 - 00772008 _____ C:\Users\Martin Welsch\Downloads\psd_8_red_and_orange_by_seolilihyun-d699jx5.psd
2013-08-11 13:42 - 2013-08-11 13:41 - 00675848 _____ C:\Users\Martin Welsch\Downloads\psd_9_brown_and_blue_by_seolilihyun-d6bwlym.psd
2013-08-10 10:07 - 2009-07-14 06:45 - 00403696 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-09 23:53 - 2013-08-09 22:51 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Macklemore and Ryan Lewis - The Heist (2012)
2013-08-09 23:19 - 2011-07-26 17:14 - 00103808 _____ C:\Users\MARTIN~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-09 23:19 - 2011-07-26 17:14 - 00103808 _____ C:\Users\Martin Welsch\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-09 23:06 - 2013-08-09 23:05 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Neuer Ordner
2013-08-09 21:51 - 2013-02-25 14:34 - 00000000 ____D C:\Users\Martin Welsch\Documents\Adobe Photoshop CS6 Extended Portable
2013-08-09 21:51 - 2013-02-25 14:34 - 00000000 ____D C:\Users\Martin Welsch\Documents\Adobe Photoshop CS6 Extended Portable
2013-08-09 21:34 - 2013-08-09 21:33 - 04529490 _____ C:\Users\Martin Welsch\Downloads\Vector_-_Horse_Silhouettes_by_DragonArt.zip
2013-08-09 21:33 - 2013-08-09 21:33 - 00956623 _____ C:\Users\Martin Welsch\Downloads\horses.zip

Files to move or delete:
====================
C:\Users\MARTIN~1\AppData\Local\Temp\Quarantine.exe
C:\Users\MARTIN~1\AppData\Local\Temp\RarSFX0\SecurityCheck\Objlist.exe
C:\Users\MARTIN~1\AppData\Local\Temp\RarSFX0\SecurityCheck\runprocesses.exe
C:\Users\MARTIN~1\AppData\Local\Temp\RarSFX0\SecurityCheck\uninstalllist.exe
C:\Users\MARTIN~1\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\cmdinfo.exe
C:\Users\MARTIN~1\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\nircmdc.exe
C:\Users\MARTIN~1\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\sed.exe
C:\Users\MARTIN~1\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\swreg.exe
C:\Users\MARTIN~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\Martin Welsch\AppData\Local\Temp\Quarantine.exe
C:\Users\Martin Welsch\AppData\Local\Temp\RarSFX0\SecurityCheck\Objlist.exe
C:\Users\Martin Welsch\AppData\Local\Temp\RarSFX0\SecurityCheck\runprocesses.exe
C:\Users\Martin Welsch\AppData\Local\Temp\RarSFX0\SecurityCheck\uninstalllist.exe
C:\Users\Martin Welsch\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\cmdinfo.exe
C:\Users\Martin Welsch\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\nircmdc.exe
C:\Users\Martin Welsch\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\sed.exe
C:\Users\Martin Welsch\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\swreg.exe
C:\Users\Martin Welsch\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-01 10:16

==================== End Of Log ============================
         

Er hängt sich seitdem des öfteren mal für einige Sekunden auf, aber ansonsten läuft alles wieder.
Also vielen, vielen Dank! Du bist meine Rettung

Alt 04.09.2013, 16:13   #8
schrauber
/// the machine
/// TB-Ausbilder
 

GVU-Trojaner - Standard

GVU-Trojaner



Java und Flash updaten. Vollscan mit deinem AV PRogramm machen.

Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.


__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.09.2013, 11:03   #9
Ciel
 
GVU-Trojaner - Standard

GVU-Trojaner



Code:
ATTFilter
Farbar Service Scanner Version: 05-09-2013
Ran by Heidi (administrator) on 08-09-2013 at 12:04:47
Running from "C:\Users\Martin Welsch\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
         

Alt 09.09.2013, 05:47   #10
schrauber
/// the machine
/// TB-Ausbilder
 

GVU-Trojaner - Standard

GVU-Trojaner



vollscan mit deinem AV??

Downloade dir bitte Windows Repair (All In One) von hier.
  • Installiere das Programm. Starte es, nachdem die Installation abgeschlossen wurde.
  • Klicke auf Step 2 und drücke unter Check Disk auf Do It.

  • Wenn der Vorgang abgeschlossen ist, klicke auf Step 3 und drücke unter System File Check auf Do It.

  • Nachdem der Vorgang abgeschlossen ist, klicke auf Start Repairs, wähle den Advanced Mode und drücke Start.

  • Gehe bitte sicher, dass die Kästchen wie unten zu sehen angehakt sind. Bitte hake zusätzlich noch Set Windows Services to Default Startup an.
  • Hake Restart System when Finished an.
  • Drücke Start.



Frisches FSS und FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.09.2013, 20:31   #11
Ciel
 
GVU-Trojaner - Standard

GVU-Trojaner



Panda Antivirus sagt, es hätte nichts gefunden.

FSS:

Code:
ATTFilter
Farbar Service Scanner Version: 05-09-2013
Ran by Heidi (administrator) on 10-09-2013 at 21:26:17
Running from "C:\Users\Martin Welsch\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
         

FRST:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013 01
Ran by Heidi (administrator) on MAWE-NB on 10-09-2013 21:29:16
Running from C:\Users\Martin Welsch\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Panda Software International) C:\Program Files (x86)\Panda Security\WAC\psksvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Panda Security) C:\Program Files (x86)\Panda Security\WAC\PsCtrlS.exe
(Panda Security) C:\Program Files (x86)\Panda Security\WaAgent\Scheduler\PavSched.exe
(Panda Security) C:\Program Files (x86)\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
(Panda Security S.L.) C:\Program Files (x86)\Panda Security\WAC\PSIMSVC.EXE
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Panda Security) C:\Program Files (x86)\Panda Security\WaAgent\WasAgent\WasAgent.exe
(Panda Security) C:\Program Files (x86)\Panda Security\WaAgent\WasWD\WasWD.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Panda Security) C:\Program Files (x86)\Panda Security\WAC\PsCtrlC.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Panda Security International) C:\Program Files (x86)\Panda Security\WAC\WebProxy.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Farbar) C:\Users\Martin Welsch\Downloads\FSS(1).exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Farbar) C:\Users\Martin Welsch\Downloads\FRST64(1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2010-09-24] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
MountPoints2: {13a4b59a-c033-11e1-b53c-001e101f4da1} - E:\AutoRun.exe
MountPoints2: {3736f650-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f65c-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f66b-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f674-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f680-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f68c-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f698-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f6a4-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f6b0-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f6bf-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f6ce-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f6dd-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f6f0-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f702-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f714-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f726-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f73b-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f750-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f765-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f77d-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f799-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f7b4-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f7cf-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f7ed-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f80c-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f829-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f847-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f868-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f889-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f8aa-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f8cc-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f8d6-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3b347caa-b971-11e1-8f24-88ae1da68f51} - E:\AutoRun.exe
MountPoints2: {3b347cd2-b971-11e1-8f24-88ae1da68f51} - E:\.\Setup.exe AUTORUN=1
MountPoints2: {3b347ce1-b971-11e1-8f24-88ae1da68f51} - E:\AutoRun.exe
MountPoints2: {751b1904-bdd4-11e1-b915-001e101f1f81} - E:\AutoRun.exe
MountPoints2: {899d64c1-bab2-11e1-84f3-88ae1da68f51} - E:\AutoRun.exe
MountPoints2: {899d64ca-bab2-11e1-84f3-88ae1da68f51} - E:\AutoRun.exe
MountPoints2: {9945d440-34a5-11e1-ab75-88ae1da68f51} - E:\AutoRun.exe
MountPoints2: {9945d44f-34a5-11e1-ab75-88ae1da68f51} - E:\AutoRun.exe
MountPoints2: {a69ed11b-baf7-11e1-af5a-88ae1da68f51} - E:\AutoRun.exe
MountPoints2: {ea891407-bfa3-11e1-b5d5-001e101f4da1} - E:\AutoRun.exe
MountPoints2: {ea891413-bfa3-11e1-b5d5-001e101f4da1} - E:\AutoRun.exe
MountPoints2: {f5584791-bc37-11e1-b9f4-001e101f21c1} - E:\AutoRun.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-29] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [Panda Software Controller Client] - C:\Program Files (x86)\Panda Security\WAC\PSCtrlC.exe [140096 2010-09-21] (Panda Security)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768 2011-04-21] (Avira GmbH)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\administrator\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=travelmate_5735&r=27060711i255l0424z205z47727208
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ICQ Sparberater - {5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Winsock: Catalog9 01 C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll [177408] (Panda Software International)
Winsock: Catalog9 02 C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll [177408] (Panda Software International)
Winsock: Catalog9 03 C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll [177408] (Panda Software International)
Winsock: Catalog9 04 C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll [177408] (Panda Software International)
Winsock: Catalog9 05 C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll [177408] (Panda Software International)
Winsock: Catalog9 06 C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll [177408] (Panda Software International)
Winsock: Catalog9 17 C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll [177408] (Panda Software International)
Winsock: Catalog9-x64 01 C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll [214272] (Panda Software International)
Winsock: Catalog9-x64 02 C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll [214272] (Panda Software International)
Winsock: Catalog9-x64 03 C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll [214272] (Panda Software International)
Winsock: Catalog9-x64 04 C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll [214272] (Panda Software International)
Winsock: Catalog9-x64 05 C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll [214272] (Panda Software International)
Winsock: Catalog9-x64 06 C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll [214272] (Panda Software International)
Winsock: Catalog9-x64 17 C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll [214272] (Panda Software International)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3780EE48-8D8F-4C73-8B47-768A7EBC9B41}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{6A8F810A-07B3-4A3D-80F6-80A3027F388B}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{8B57599B-3E9D-478E-80F3-7EEFAA575832}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{91C82029-97EB-4AF4-9117-AF9D52E9E8F3}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{B0A07531-D666-4CC5-84E4-AF1DD9D60C68}: [NameServer]193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{BA6BFD33-DBAA-4D6F-B1B5-0F5856F99056}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{EFF27564-5BC9-4F04-87D8-35ECEC91B91A}: [NameServer]193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\Martin Welsch\AppData\Roaming\Mozilla\Firefox\Profiles\dw5mg94u.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @gametree.co.kr/GTL - C:\ProgramData\Gametree\GTL\npGTL.dll (NtreevSoft)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @spaceinter.com/EZKeytecPlugin - C:\Program Files (x86)\Space International\Easykeytec v2.0\npEZKeytecPlugin.dll (Space International, Inc. )
FF Plugin-x32: @spaceinter.com/EZKeytecPlugins - C:\Program Files (x86)\Space International\Easykeytec v2.0\npEZKeytecPlugins.dll (Space International, Inc. )
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Users\Martin Welsch\AppData\Roaming\Mozilla\Firefox\Profiles\dw5mg94u.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Martin Welsch\AppData\Roaming\Mozilla\Firefox\Profiles\dw5mg94u.default\Extensions\plugin@starstable.com
FF Extension: ciuvo-extension - C:\Users\Martin Welsch\AppData\Roaming\Mozilla\Firefox\Profiles\dw5mg94u.default\Extensions\ciuvo-extension@icq.de.xpi

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-08] (Akamai Technologies, Inc.)
R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [342984 2011-09-13] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360 2011-04-21] (Avira GmbH)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480 2011-10-24] (Avira GmbH)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2012-01-01] ()
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 Panda Software Controller; C:\Program Files (x86)\Panda Security\WAC\PsCtrlS.exe [342344 2011-05-17] (Panda Security)
R2 PavAt3Scheduler; C:\Program Files (x86)\Panda Security\WaAgent\Scheduler\PavSched.exe [140544 2011-06-27] (Panda Security)
S3 PavFnSvr; C:\Program Files (x86)\Panda Security\WAC\pavFnSvr.exe [152896 2010-08-06] (Panda Security, S.L.)
S2 PavSrv; C:\Program Files (x86)\Panda Security\WAC\pavsrvx86.exe [313152 2010-07-14] (Panda Security, S.L.)
R2 PavWASLpMng; C:\Program Files (x86)\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe [314696 2011-06-10] (Panda Security)
S3 PSHost; C:\Program Files (x86)\Panda Security\WAC\PSHost.exe [226560 2009-11-26] (Panda Security International)
R2 PSImSvc; C:\Program Files (x86)\Panda Security\WAC\PSIMSVC.EXE [107328 2010-06-25] (Panda Security S.L.)
R2 PskSvc; C:\Program Files (x86)\Panda Security\WAC\psksvc.exe [27968 2010-08-16] (Panda Software International)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 WASAgent; C:\Program Files (x86)\Panda Security\WaAgent\WasAgent\WasAgent.exe [322376 2011-05-31] (Panda Security)
R2 WASWD; C:\Program Files (x86)\Panda Security\WaAgent\WasWD\WasWD.exe [206664 2011-05-31] (Panda Security)

==================== Drivers (Whitelisted) ====================

R2 AmFSM; C:\Windows\System32\DRIVERS\amm6460.sys [70216 2011-03-07] (Panda Security, S.L.)
R2 APPFLT; C:\Windows\system32\Drivers\APPFLT64.SYS [129096 2011-01-31] (Panda Security, S.L.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2011-10-16] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-10-24] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-10-24] (Avira GmbH)
R2 DSAFLT; C:\Windows\system32\Drivers\DSAFLT64.SYS [82952 2009-09-25] (Panda Security, S.L.)
R2 FNETMON; C:\Windows\system32\Drivers\fnetm64.SYS [31752 2009-09-25] (Panda Security, S.L.)
R2 IDSFLT; C:\Windows\system32\Drivers\IDSFLT64.SYS [78920 2010-09-09] (Panda Security, S.L.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2011-10-16] ()
R2 NETFLTDI; C:\Windows\system32\Drivers\NETTDI64.SYS [170504 2009-09-25] (Panda Security, S.L.)
R3 NETIMFLT01060044; C:\Windows\System32\DRIVERS\n64i1644.sys [216648 2010-09-30] (Panda Security, S.L.)
R2 nsfim; C:\Windows\system32\Drivers\NSFIM64.SYS [74312 2010-10-19] (Panda Security, S.L.)
S3 WacomVKHid; system32\DRIVERS\WacomVKHid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-10 21:17 - 2013-09-10 21:17 - 00358609 _____ (Farbar) C:\Users\Martin Welsch\Downloads\FSS(1).exe
2013-09-10 20:33 - 2013-09-10 20:33 - 00000000 ____D C:\RegBackup
2013-09-10 19:56 - 2013-09-10 21:16 - 00013644 _____ C:\Users\Martin Welsch\Downloads\la320.rar
2013-09-10 19:35 - 2013-09-10 19:35 - 00003288 ____N C:\bootsqm.dat
2013-09-10 19:29 - 2013-09-10 21:07 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-09-10 19:26 - 2013-09-10 19:28 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Tweaking.com - Windows Repair
2013-09-10 19:25 - 2013-09-10 19:25 - 03268369 _____ C:\Users\Martin Welsch\Downloads\tweaking.com_windows_repair_aio.zip
2013-09-10 19:24 - 2013-09-10 19:24 - 00000949 _____ C:\Users\Martin Welsch\Documents\panda.txt
2013-09-10 19:24 - 2013-09-10 19:24 - 00000949 _____ C:\Users\Martin Welsch\Documents\panda.txt
2013-09-08 22:26 - 2013-09-08 22:26 - 00027609 _____ C:\Users\Martin Welsch\Downloads\GetFile(6).aspx
2013-09-08 22:23 - 2013-09-08 22:23 - 00027609 _____ C:\Users\Martin Welsch\Downloads\GetFile(5).aspx
2013-09-08 22:20 - 2013-09-08 22:21 - 25755856 _____ (Microsoft Corporation) C:\Users\Martin Welsch\Downloads\wordview_de-de.exe
2013-09-08 22:19 - 2013-09-08 22:19 - 00021927 _____ C:\Users\Martin Welsch\Downloads\GetFile(3).aspx
2013-09-08 22:19 - 2013-09-08 22:19 - 00021927 _____ C:\Users\Martin Welsch\Downloads\GetFile(2).aspx
2013-09-08 22:19 - 2013-09-08 22:19 - 00015755 _____ C:\Users\Martin Welsch\Downloads\GetFile(4).aspx
2013-09-08 22:18 - 2013-09-08 22:18 - 00021927 _____ C:\Users\Martin Welsch\Downloads\GetFile.aspx
2013-09-08 22:18 - 2013-09-08 22:18 - 00021927 _____ C:\Users\Martin Welsch\Downloads\GetFile(1).aspx
2013-09-08 20:56 - 2013-09-08 20:59 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Deutschland von oben [Original Soundtrack] [feat. Neue Philharmonie Westfalen]
2013-09-08 12:03 - 2013-09-10 21:26 - 00002490 _____ C:\Users\Martin Welsch\Downloads\FSS.txt
2013-09-08 12:02 - 2013-09-08 12:02 - 00358609 _____ (Farbar) C:\Users\Martin Welsch\Downloads\FSS.exe
2013-09-07 17:33 - 2011-09-22 15:03 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Schroedel.BIOLOGIE.HEUTE.Neurobiologie.S1.2008.ISO-TEL
2013-09-05 22:13 - 2013-09-05 22:55 - 126025094 _____ C:\Users\Martin Welsch\Downloads\AL-Boy-MutFriLimEdi.rar.part
2013-09-05 22:13 - 2013-09-05 22:13 - 00000000 _____ C:\Users\Martin Welsch\Downloads\AL-Boy-MutFriLimEdi.rar
2013-09-05 12:30 - 2013-09-10 21:25 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-05 12:30 - 2013-09-05 12:30 - 17737608 _____ (Adobe Systems Incorporated) C:\Users\Martin Welsch\Downloads\install_flash_player.exe
2013-09-05 12:30 - 2013-09-05 12:30 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-05 12:13 - 2013-09-05 12:13 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-09-05 12:13 - 2013-09-05 12:13 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-09-05 12:13 - 2013-09-05 12:13 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-05 12:13 - 2013-09-05 12:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-05 12:13 - 2013-09-05 12:13 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-05 12:13 - 2013-09-05 12:13 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-09-05 12:12 - 2013-09-05 12:12 - 00000000 ____D C:\Program Files\Java
2013-09-05 12:10 - 2013-09-05 12:11 - 33150376 _____ (Oracle Corporation) C:\Users\Martin Welsch\Downloads\jre-7u25-windows-x64.exe
2013-09-05 11:57 - 2013-09-05 11:57 - 00903080 _____ (Oracle Corporation) C:\Users\Martin Welsch\Downloads\jxpiinstall.exe
2013-09-05 11:54 - 2013-09-05 12:11 - 101444724 _____ C:\Users\Martin Welsch\Downloads\ac-df.part2.rar
2013-09-04 14:14 - 2013-09-04 14:14 - 00891115 _____ C:\Users\Martin Welsch\Downloads\SecurityCheck.exe
2013-09-04 14:09 - 2013-09-04 14:09 - 02347384 _____ (ESET) C:\Users\Martin Welsch\Downloads\esetsmartinstaller_enu.exe
2013-09-04 14:09 - 2013-09-04 14:09 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-03 00:40 - 2013-09-03 00:41 - 09605522 _____ C:\Users\Martin Welsch\Downloads\Die fünziger Jahre- Die Halbstarken- Zusammenfassung (WDR).avi
2013-09-03 00:20 - 2013-09-03 00:20 - 10802302 _____ C:\Users\Martin Welsch\Downloads\Bill Haley & His Comets - Rock Around The Clock 1950.avi
2013-09-02 14:49 - 2013-09-02 14:49 - 00020806 _____ C:\Users\Martin Welsch\Downloads\Addition.txt
2013-09-02 14:40 - 2013-09-02 14:40 - 00001191 _____ C:\Users\Martin Welsch\Desktop\JRT.txt
2013-09-02 14:40 - 2013-09-02 14:40 - 00001191 _____ C:\Users\Martin Welsch\Desktop\JRT.txt
2013-09-02 14:33 - 2013-09-02 14:33 - 01951950 _____ (Farbar) C:\Users\Martin Welsch\Downloads\FRST64.exe
2013-09-02 14:32 - 2013-09-02 14:32 - 00000000 ____D C:\Windows\ERUNT
2013-09-02 14:31 - 2013-09-02 14:31 - 01028757 _____ (Thisisu) C:\Users\Martin Welsch\Downloads\JRT.exe
2013-09-02 14:17 - 2013-09-02 14:20 - 00000000 ____D C:\AdwCleaner
2013-09-02 14:17 - 2013-09-02 14:17 - 01037134 _____ C:\Users\Martin Welsch\Downloads\adwcleaner.exe
2013-09-02 14:03 - 2013-09-02 14:03 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\Malwarebytes
2013-09-02 14:03 - 2013-09-02 14:03 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\Malwarebytes
2013-09-02 14:02 - 2013-09-02 14:02 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-02 14:02 - 2013-09-02 14:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-02 14:02 - 2013-09-02 14:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-02 14:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-02 14:01 - 2013-09-02 14:01 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Martin Welsch\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-02 05:49 - 2013-09-02 05:49 - 00000000 ____D C:\FRST
2013-08-28 03:21 - 2013-08-28 03:21 - 00000000 __SHD C:\found.001
2013-08-25 12:46 - 2013-08-25 16:09 - 00000000 ____D C:\Users\Martin Welsch\Documents\Schule - GSS
2013-08-25 12:46 - 2013-08-25 16:09 - 00000000 ____D C:\Users\Martin Welsch\Documents\Schule - GSS
2013-08-18 00:04 - 2013-08-18 00:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 06:24 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 06:24 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 06:24 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 06:24 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 06:24 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 06:24 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 06:24 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 06:24 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 06:24 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 06:24 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 06:24 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 06:24 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 03:20 - 2013-08-15 03:20 - 00000000 ____D C:\151dfda74b29c59ca4a56a3c9a5a
2013-08-14 22:45 - 2013-08-01 23:58 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Im Bann des Zyklopen
2013-08-14 22:45 - 2013-08-01 23:46 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Percy Jackson, Band 4_ Percy Jackson - D (66)
2013-08-14 22:45 - 2013-08-01 23:46 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Percy Jackson Bd. 5 Die letzte Gottin (67)
2013-08-14 22:45 - 2013-08-01 23:43 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Diebe im Olymp
2013-08-14 22:45 - 2013-08-01 23:43 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Der Fluch des Titanen
2013-08-14 18:45 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 18:45 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 18:45 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 18:45 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 18:45 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 18:45 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 18:45 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 18:45 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 18:45 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 18:45 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 18:45 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 18:45 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 18:45 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 18:45 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 18:45 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 18:45 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 18:45 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 18:45 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 18:45 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 18:45 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 18:45 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 18:45 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 18:45 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 18:45 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 18:45 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 18:45 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 18:44 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-13 22:52 - 2013-08-13 22:57 - 15253270 _____ C:\Users\Martin Welsch\Downloads\Alles.rar
2013-08-13 00:33 - 2013-08-13 00:33 - 00800336 _____ C:\Windows\Minidump\081313-17940-01.dmp
2013-08-12 10:46 - 2013-08-15 03:19 - 00000000 ____D C:\Windows\system32\MRT
2013-08-11 23:12 - 2013-08-18 01:06 - 00232448 _____ C:\Users\Martin Welsch\Downloads\sai.ssd
2013-08-11 23:12 - 2013-08-18 00:43 - 00000320 _____ C:\Users\Martin Welsch\Downloads\sysinfo.txt
2013-08-11 23:12 - 2013-08-11 23:12 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\SYSTEMAX Software Development
2013-08-11 23:12 - 2013-08-11 23:12 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\SYSTEMAX Software Development
2013-08-11 23:12 - 2013-08-11 23:12 - 00000000 ____D C:\ProgramData\SYSTEMAX Software Development
2013-08-11 23:12 - 2011-01-05 21:52 - 00000000 ____D C:\Users\Martin Welsch\Downloads\toolnrm
2013-08-11 23:12 - 2010-05-07 19:57 - 00000621 _____ C:\Users\Martin Welsch\Downloads\brushform.conf
2013-08-11 23:12 - 2010-05-07 19:57 - 00000103 _____ C:\Users\Martin Welsch\Downloads\papertex.conf
2013-08-11 23:12 - 2010-05-07 19:57 - 00000045 _____ C:\Users\Martin Welsch\Downloads\brushtex.conf
2013-08-11 23:12 - 2009-11-18 14:58 - 00120520 _____ C:\Users\Martin Welsch\Downloads\language_DE.conf
2013-08-11 23:12 - 2009-11-18 14:58 - 00120520 _____ C:\Users\Martin Welsch\Downloads\language.conf
2013-08-11 23:12 - 2009-04-20 12:18 - 00051597 _____ C:\Users\Martin Welsch\Downloads\uninstall.exe
2013-08-11 23:12 - 2009-04-20 12:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\toolink
2013-08-11 23:12 - 2009-04-20 12:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\papertex
2013-08-11 23:12 - 2009-04-20 12:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\elemap
2013-08-11 23:12 - 2009-04-20 12:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\do-it-yourself
2013-08-11 23:12 - 2009-04-20 12:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\brushtex
2013-08-11 23:12 - 2008-12-30 16:35 - 00111758 _____ C:\Users\Martin Welsch\Downloads\language_EN.conf
2013-08-11 23:12 - 2008-12-30 16:24 - 00001227 _____ C:\Users\Martin Welsch\Downloads\presetcvsize.conf
2013-08-11 23:12 - 2008-12-25 02:01 - 00005606 _____ C:\Users\Martin Welsch\Downloads\misc.ini
2013-08-11 23:12 - 2008-12-24 22:33 - 00008204 _____ C:\Users\Martin Welsch\Downloads\history.txt
2013-08-11 23:12 - 2008-12-24 22:29 - 00362951 _____ C:\Users\Martin Welsch\Downloads\help.chm
2013-08-11 23:12 - 2008-04-10 09:42 - 00045568 _____ C:\Users\Martin Welsch\Downloads\start-sai.exe
2013-08-11 23:12 - 2008-03-14 21:08 - 01626112 _____ C:\Users\Martin Welsch\Downloads\sai.exe
2013-08-11 23:12 - 2008-03-01 11:28 - 00622592 _____ C:\Users\Martin Welsch\Downloads\sfl.dll
2013-08-11 23:11 - 2009-04-20 12:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\blotmap
2013-08-11 23:08 - 2013-08-11 23:09 - 02633921 _____ C:\Users\Martin Welsch\Downloads\PaintToolSAI.zip
2013-08-11 13:43 - 2013-08-11 13:43 - 00754894 _____ C:\Users\Martin Welsch\Downloads\psd_10_purple_and_brown_by_seolilihyun-d6hhjp7.psd
2013-08-11 13:42 - 2013-08-11 13:42 - 00704050 _____ C:\Users\Martin Welsch\Downloads\psd_3_green_and_yellow_by_seolilihyun-d64rhse.psd
2013-08-11 13:41 - 2013-08-11 13:42 - 00772008 _____ C:\Users\Martin Welsch\Downloads\psd_8_red_and_orange_by_seolilihyun-d699jx5.psd
2013-08-11 13:41 - 2013-08-11 13:42 - 00675848 _____ C:\Users\Martin Welsch\Downloads\psd_9_brown_and_blue_by_seolilihyun-d6bwlym.psd

==================== One Month Modified Files and Folders =======

2013-09-10 21:27 - 2013-09-10 21:27 - 01949196 _____ (Farbar) C:\Users\Martin Welsch\Downloads\FRST64(1).exe
2013-09-10 21:26 - 2013-09-08 12:03 - 00002490 _____ C:\Users\Martin Welsch\Downloads\FSS.txt
2013-09-10 21:25 - 2013-09-05 12:30 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-10 21:18 - 2010-09-24 17:33 - 00656294 _____ C:\Windows\system32\perfh007.dat
2013-09-10 21:18 - 2010-09-24 17:33 - 00130894 _____ C:\Windows\system32\perfc007.dat
2013-09-10 21:18 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-10 21:18 - 2009-07-14 06:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-10 21:18 - 2009-07-14 06:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-10 21:17 - 2013-09-10 21:17 - 00358609 _____ (Farbar) C:\Users\Martin Welsch\Downloads\FSS(1).exe
2013-09-10 21:16 - 2013-09-10 19:56 - 00013644 _____ C:\Users\Martin Welsch\Downloads\la320.rar
2013-09-10 21:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2013-09-10 21:11 - 2013-01-17 20:23 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-09-10 21:11 - 2011-07-26 17:14 - 00103808 _____ C:\Users\MARTIN~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-10 21:11 - 2011-07-26 17:14 - 00103808 _____ C:\Users\Martin Welsch\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-10 21:11 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-10 21:11 - 2009-07-14 06:51 - 00244991 _____ C:\Windows\setupact.log
2013-09-10 21:10 - 2010-09-07 08:20 - 00011058 _____ C:\Windows\PFRO.log
2013-09-10 21:10 - 2009-07-14 06:45 - 00403696 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-10 21:07 - 2013-09-10 19:29 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-09-10 21:06 - 2010-09-24 07:42 - 01557919 _____ C:\Windows\WindowsUpdate.log
2013-09-10 21:06 - 2009-07-14 04:34 - 00000535 _____ C:\Windows\win.ini
2013-09-10 20:33 - 2013-09-10 20:33 - 00000000 ____D C:\RegBackup
2013-09-10 19:35 - 2013-09-10 19:35 - 00003288 ____N C:\bootsqm.dat
2013-09-10 19:35 - 2011-07-26 11:53 - 00000152 _____ C:\Windows\system32\Drivers\etc\NetLoc.wlt
2013-09-10 19:31 - 2011-07-26 11:53 - 00000136 _____ C:\Windows\system32\Drivers\etc\NetAdapt.cfg
2013-09-10 19:28 - 2013-09-10 19:26 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Tweaking.com - Windows Repair
2013-09-10 19:25 - 2013-09-10 19:25 - 03268369 _____ C:\Users\Martin Welsch\Downloads\tweaking.com_windows_repair_aio.zip
2013-09-10 19:24 - 2013-09-10 19:24 - 00000949 _____ C:\Users\Martin Welsch\Documents\panda.txt
2013-09-10 19:24 - 2013-09-10 19:24 - 00000949 _____ C:\Users\Martin Welsch\Documents\panda.txt
2013-09-09 22:39 - 2012-09-23 18:52 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\Skype
2013-09-09 22:39 - 2012-09-23 18:52 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\Skype
2013-09-08 22:26 - 2013-09-08 22:26 - 00027609 _____ C:\Users\Martin Welsch\Downloads\GetFile(6).aspx
2013-09-08 22:23 - 2013-09-08 22:23 - 00027609 _____ C:\Users\Martin Welsch\Downloads\GetFile(5).aspx
2013-09-08 22:21 - 2013-09-08 22:20 - 25755856 _____ (Microsoft Corporation) C:\Users\Martin Welsch\Downloads\wordview_de-de.exe
2013-09-08 22:21 - 2011-07-26 13:03 - 00000000 ____D C:\Program Files (x86)\MSECache
2013-09-08 22:19 - 2013-09-08 22:19 - 00021927 _____ C:\Users\Martin Welsch\Downloads\GetFile(3).aspx
2013-09-08 22:19 - 2013-09-08 22:19 - 00021927 _____ C:\Users\Martin Welsch\Downloads\GetFile(2).aspx
2013-09-08 22:19 - 2013-09-08 22:19 - 00015755 _____ C:\Users\Martin Welsch\Downloads\GetFile(4).aspx
2013-09-08 22:18 - 2013-09-08 22:18 - 00021927 _____ C:\Users\Martin Welsch\Downloads\GetFile.aspx
2013-09-08 22:18 - 2013-09-08 22:18 - 00021927 _____ C:\Users\Martin Welsch\Downloads\GetFile(1).aspx
2013-09-08 20:59 - 2013-09-08 20:56 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Deutschland von oben [Original Soundtrack] [feat. Neue Philharmonie Westfalen]
2013-09-08 12:02 - 2013-09-08 12:02 - 00358609 _____ (Farbar) C:\Users\Martin Welsch\Downloads\FSS.exe
2013-09-05 22:55 - 2013-09-05 22:13 - 126025094 _____ C:\Users\Martin Welsch\Downloads\AL-Boy-MutFriLimEdi.rar.part
2013-09-05 22:13 - 2013-09-05 22:13 - 00000000 _____ C:\Users\Martin Welsch\Downloads\AL-Boy-MutFriLimEdi.rar
2013-09-05 12:30 - 2013-09-05 12:30 - 17737608 _____ (Adobe Systems Incorporated) C:\Users\Martin Welsch\Downloads\install_flash_player.exe
2013-09-05 12:30 - 2013-09-05 12:30 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-05 12:30 - 2013-02-20 17:21 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-05 12:30 - 2011-08-05 20:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-05 12:30 - 2011-08-05 19:42 - 00000000 ____D C:\Users\MARTIN~1\AppData\Local\Adobe
2013-09-05 12:30 - 2011-08-05 19:42 - 00000000 ____D C:\Users\Martin Welsch\AppData\Local\Adobe
2013-09-05 12:13 - 2013-09-05 12:13 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-09-05 12:13 - 2013-09-05 12:13 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-09-05 12:13 - 2013-09-05 12:13 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-05 12:13 - 2013-09-05 12:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-05 12:13 - 2013-09-05 12:13 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-05 12:13 - 2013-09-05 12:13 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-09-05 12:12 - 2013-09-05 12:12 - 00000000 ____D C:\Program Files\Java
2013-09-05 12:11 - 2013-09-05 12:10 - 33150376 _____ (Oracle Corporation) C:\Users\Martin Welsch\Downloads\jre-7u25-windows-x64.exe
2013-09-05 12:11 - 2013-09-05 11:54 - 101444724 _____ C:\Users\Martin Welsch\Downloads\ac-df.part2.rar
2013-09-05 11:58 - 2011-07-26 17:34 - 00000000 ____D C:\Windows\system32\appmgmt
2013-09-05 11:57 - 2013-09-05 11:57 - 00903080 _____ (Oracle Corporation) C:\Users\Martin Welsch\Downloads\jxpiinstall.exe
2013-09-04 14:14 - 2013-09-04 14:14 - 00891115 _____ C:\Users\Martin Welsch\Downloads\SecurityCheck.exe
2013-09-04 14:09 - 2013-09-04 14:09 - 02347384 _____ (ESET) C:\Users\Martin Welsch\Downloads\esetsmartinstaller_enu.exe
2013-09-04 14:09 - 2013-09-04 14:09 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-03 00:41 - 2013-09-03 00:40 - 09605522 _____ C:\Users\Martin Welsch\Downloads\Die fünziger Jahre- Die Halbstarken- Zusammenfassung (WDR).avi
2013-09-03 00:20 - 2013-09-03 00:20 - 10802302 _____ C:\Users\Martin Welsch\Downloads\Bill Haley & His Comets - Rock Around The Clock 1950.avi
2013-09-02 14:49 - 2013-09-02 14:49 - 00020806 _____ C:\Users\Martin Welsch\Downloads\Addition.txt
2013-09-02 14:40 - 2013-09-02 14:40 - 00001191 _____ C:\Users\Martin Welsch\Desktop\JRT.txt
2013-09-02 14:40 - 2013-09-02 14:40 - 00001191 _____ C:\Users\Martin Welsch\Desktop\JRT.txt
2013-09-02 14:33 - 2013-09-02 14:33 - 01951950 _____ (Farbar) C:\Users\Martin Welsch\Downloads\FRST64.exe
2013-09-02 14:32 - 2013-09-02 14:32 - 00000000 ____D C:\Windows\ERUNT
2013-09-02 14:31 - 2013-09-02 14:31 - 01028757 _____ (Thisisu) C:\Users\Martin Welsch\Downloads\JRT.exe
2013-09-02 14:20 - 2013-09-02 14:17 - 00000000 ____D C:\AdwCleaner
2013-09-02 14:20 - 2011-08-04 18:36 - 00000000 ____D C:\ProgramData\ICQ
2013-09-02 14:17 - 2013-09-02 14:17 - 01037134 _____ C:\Users\Martin Welsch\Downloads\adwcleaner.exe
2013-09-02 14:03 - 2013-09-02 14:03 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\Malwarebytes
2013-09-02 14:03 - 2013-09-02 14:03 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\Malwarebytes
2013-09-02 14:02 - 2013-09-02 14:02 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-02 14:02 - 2013-09-02 14:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-02 14:02 - 2013-09-02 14:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-02 14:01 - 2013-09-02 14:01 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Martin Welsch\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-02 05:49 - 2013-09-02 05:49 - 00000000 ____D C:\FRST
2013-08-30 13:28 - 2011-08-05 18:17 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\ICQ
2013-08-30 13:28 - 2011-08-05 18:17 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\ICQ
2013-08-28 03:23 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-28 03:21 - 2013-08-28 03:21 - 00000000 __SHD C:\found.001
2013-08-25 16:09 - 2013-08-25 12:46 - 00000000 ____D C:\Users\Martin Welsch\Documents\Schule - GSS
2013-08-25 16:09 - 2013-08-25 12:46 - 00000000 ____D C:\Users\Martin Welsch\Documents\Schule - GSS
2013-08-22 21:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-19 21:03 - 2012-10-17 14:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-19 00:07 - 2013-07-08 14:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-08-18 01:06 - 2013-08-11 23:12 - 00232448 _____ C:\Users\Martin Welsch\Downloads\sai.ssd
2013-08-18 00:43 - 2013-08-11 23:12 - 00000320 _____ C:\Users\Martin Welsch\Downloads\sysinfo.txt
2013-08-18 00:04 - 2013-08-18 00:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 03:20 - 2013-08-15 03:20 - 00000000 ____D C:\151dfda74b29c59ca4a56a3c9a5a
2013-08-15 03:19 - 2013-08-12 10:46 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 03:09 - 2012-11-07 13:32 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 02:36 - 2013-08-01 16:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\tumblr
2013-08-14 22:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-13 22:57 - 2013-08-13 22:52 - 15253270 _____ C:\Users\Martin Welsch\Downloads\Alles.rar
2013-08-13 00:33 - 2013-08-13 00:33 - 00800336 _____ C:\Windows\Minidump\081313-17940-01.dmp
2013-08-13 00:33 - 2012-07-04 19:17 - 256433944 _____ C:\Windows\MEMORY.DMP
2013-08-13 00:33 - 2012-07-04 19:17 - 00000000 ____D C:\Windows\Minidump
2013-08-11 23:12 - 2013-08-11 23:12 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\SYSTEMAX Software Development
2013-08-11 23:12 - 2013-08-11 23:12 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\SYSTEMAX Software Development
2013-08-11 23:12 - 2013-08-11 23:12 - 00000000 ____D C:\ProgramData\SYSTEMAX Software Development
2013-08-11 23:09 - 2013-08-11 23:08 - 02633921 _____ C:\Users\Martin Welsch\Downloads\PaintToolSAI.zip
2013-08-11 13:43 - 2013-08-11 13:43 - 00754894 _____ C:\Users\Martin Welsch\Downloads\psd_10_purple_and_brown_by_seolilihyun-d6hhjp7.psd
2013-08-11 13:42 - 2013-08-11 13:42 - 00704050 _____ C:\Users\Martin Welsch\Downloads\psd_3_green_and_yellow_by_seolilihyun-d64rhse.psd
2013-08-11 13:42 - 2013-08-11 13:41 - 00772008 _____ C:\Users\Martin Welsch\Downloads\psd_8_red_and_orange_by_seolilihyun-d699jx5.psd
2013-08-11 13:42 - 2013-08-11 13:41 - 00675848 _____ C:\Users\Martin Welsch\Downloads\psd_9_brown_and_blue_by_seolilihyun-d6bwlym.psd

Files to move or delete:
====================
C:\Users\MARTIN~1\AppData\Local\Temp\Quarantine.exe
C:\Users\Martin Welsch\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-01 10:16

==================== End Of Log ============================
         

Alt 11.09.2013, 08:08   #12
schrauber
/// the machine
/// TB-Ausbilder
 

GVU-Trojaner - Standard

GVU-Trojaner



http://download.bleepingcomputer.com.../WinDefend.reg

laden und ausführen, erlaubeb. Reboot, frisches FSS und FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.09.2013, 00:47   #13
Ciel
 
GVU-Trojaner - Standard

GVU-Trojaner



FSS:

Code:
ATTFilter
Farbar Service Scanner Version: 05-09-2013
Ran by Heidi (administrator) on 12-09-2013 at 01:42:23
Running from "C:\Users\Martin Welsch\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
         

FRST:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013 01
Ran by Heidi (administrator) on MAWE-NB on 12-09-2013 01:43:20
Running from C:\Users\Martin Welsch\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Panda Software International) C:\Program Files (x86)\Panda Security\WAC\psksvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Panda Security) C:\Program Files (x86)\Panda Security\WAC\PsCtrlS.exe
(Panda Security) C:\Program Files (x86)\Panda Security\WaAgent\Scheduler\PavSched.exe
(Panda Security) C:\Program Files (x86)\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
(Panda Security S.L.) C:\Program Files (x86)\Panda Security\WAC\PSIMSVC.EXE
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Panda Security International) C:\Program Files (x86)\Panda Security\WAC\WebProxy.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Panda Security) C:\Program Files (x86)\Panda Security\WaAgent\WasAgent\WasAgent.exe
(Panda Security) C:\Program Files (x86)\Panda Security\WaAgent\WasWD\WasWD.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Panda Security) C:\Program Files (x86)\Panda Security\WAC\PsCtrlC.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Microsoft Corporation) C:\Windows\system32\calc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Farbar) C:\Users\Martin Welsch\Downloads\FSS(1).exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Farbar) C:\Users\Martin Welsch\Downloads\FRST64(1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2010-09-24] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
MountPoints2: {13a4b59a-c033-11e1-b53c-001e101f4da1} - E:\AutoRun.exe
MountPoints2: {3736f650-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f65c-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f66b-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f674-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f680-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f68c-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f698-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f6a4-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f6b0-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f6bf-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f6ce-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f6dd-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f6f0-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f702-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f714-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f726-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f73b-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f750-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f765-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f77d-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f799-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f7b4-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f7cf-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f7ed-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f80c-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f829-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f847-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f868-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f889-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f8aa-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f8cc-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3736f8d6-c0f9-11e1-98bf-001e101fb681} - E:\AutoRun.exe
MountPoints2: {3b347caa-b971-11e1-8f24-88ae1da68f51} - E:\AutoRun.exe
MountPoints2: {3b347cd2-b971-11e1-8f24-88ae1da68f51} - E:\.\Setup.exe AUTORUN=1
MountPoints2: {3b347ce1-b971-11e1-8f24-88ae1da68f51} - E:\AutoRun.exe
MountPoints2: {751b1904-bdd4-11e1-b915-001e101f1f81} - E:\AutoRun.exe
MountPoints2: {899d64c1-bab2-11e1-84f3-88ae1da68f51} - E:\AutoRun.exe
MountPoints2: {899d64ca-bab2-11e1-84f3-88ae1da68f51} - E:\AutoRun.exe
MountPoints2: {9945d440-34a5-11e1-ab75-88ae1da68f51} - E:\AutoRun.exe
MountPoints2: {9945d44f-34a5-11e1-ab75-88ae1da68f51} - E:\AutoRun.exe
MountPoints2: {a69ed11b-baf7-11e1-af5a-88ae1da68f51} - E:\AutoRun.exe
MountPoints2: {ea891407-bfa3-11e1-b5d5-001e101f4da1} - E:\AutoRun.exe
MountPoints2: {ea891413-bfa3-11e1-b5d5-001e101f4da1} - E:\AutoRun.exe
MountPoints2: {f5584791-bc37-11e1-b9f4-001e101f21c1} - E:\AutoRun.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-29] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [Panda Software Controller Client] - C:\Program Files (x86)\Panda Security\WAC\PSCtrlC.exe [140096 2010-09-21] (Panda Security)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768 2011-04-21] (Avira GmbH)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\administrator\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=travelmate_5735&r=27060711i255l0424z205z47727208
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ICQ Sparberater - {5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Winsock: Catalog9 01 C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll [177408] (Panda Software International)
Winsock: Catalog9 02 C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll [177408] (Panda Software International)
Winsock: Catalog9 03 C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll [177408] (Panda Software International)
Winsock: Catalog9 04 C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll [177408] (Panda Software International)
Winsock: Catalog9 05 C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll [177408] (Panda Software International)
Winsock: Catalog9 06 C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll [177408] (Panda Software International)
Winsock: Catalog9 17 C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll [177408] (Panda Software International)
Winsock: Catalog9-x64 01 C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll [214272] (Panda Software International)
Winsock: Catalog9-x64 02 C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll [214272] (Panda Software International)
Winsock: Catalog9-x64 03 C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll [214272] (Panda Software International)
Winsock: Catalog9-x64 04 C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll [214272] (Panda Software International)
Winsock: Catalog9-x64 05 C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll [214272] (Panda Software International)
Winsock: Catalog9-x64 06 C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll [214272] (Panda Software International)
Winsock: Catalog9-x64 17 C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll [214272] (Panda Software International)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3780EE48-8D8F-4C73-8B47-768A7EBC9B41}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{6A8F810A-07B3-4A3D-80F6-80A3027F388B}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{8B57599B-3E9D-478E-80F3-7EEFAA575832}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{91C82029-97EB-4AF4-9117-AF9D52E9E8F3}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{B0A07531-D666-4CC5-84E4-AF1DD9D60C68}: [NameServer]193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{BA6BFD33-DBAA-4D6F-B1B5-0F5856F99056}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{EFF27564-5BC9-4F04-87D8-35ECEC91B91A}: [NameServer]193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\Martin Welsch\AppData\Roaming\Mozilla\Firefox\Profiles\dw5mg94u.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @gametree.co.kr/GTL - C:\ProgramData\Gametree\GTL\npGTL.dll (NtreevSoft)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @spaceinter.com/EZKeytecPlugin - C:\Program Files (x86)\Space International\Easykeytec v2.0\npEZKeytecPlugin.dll (Space International, Inc. )
FF Plugin-x32: @spaceinter.com/EZKeytecPlugins - C:\Program Files (x86)\Space International\Easykeytec v2.0\npEZKeytecPlugins.dll (Space International, Inc. )
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Users\Martin Welsch\AppData\Roaming\Mozilla\Firefox\Profiles\dw5mg94u.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Martin Welsch\AppData\Roaming\Mozilla\Firefox\Profiles\dw5mg94u.default\Extensions\plugin@starstable.com
FF Extension: ciuvo-extension - C:\Users\Martin Welsch\AppData\Roaming\Mozilla\Firefox\Profiles\dw5mg94u.default\Extensions\ciuvo-extension@icq.de.xpi

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-08] (Akamai Technologies, Inc.)
R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [342984 2011-09-13] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360 2011-04-21] (Avira GmbH)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480 2011-10-24] (Avira GmbH)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2012-01-01] ()
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 Panda Software Controller; C:\Program Files (x86)\Panda Security\WAC\PsCtrlS.exe [342344 2011-05-17] (Panda Security)
R2 PavAt3Scheduler; C:\Program Files (x86)\Panda Security\WaAgent\Scheduler\PavSched.exe [140544 2011-06-27] (Panda Security)
S3 PavFnSvr; C:\Program Files (x86)\Panda Security\WAC\pavFnSvr.exe [152896 2010-08-06] (Panda Security, S.L.)
S2 PavSrv; C:\Program Files (x86)\Panda Security\WAC\pavsrvx86.exe [313152 2010-07-14] (Panda Security, S.L.)
R2 PavWASLpMng; C:\Program Files (x86)\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe [314696 2011-06-10] (Panda Security)
S3 PSHost; C:\Program Files (x86)\Panda Security\WAC\PSHost.exe [226560 2009-11-26] (Panda Security International)
R2 PSImSvc; C:\Program Files (x86)\Panda Security\WAC\PSIMSVC.EXE [107328 2010-06-25] (Panda Security S.L.)
R2 PskSvc; C:\Program Files (x86)\Panda Security\WAC\psksvc.exe [27968 2010-08-16] (Panda Software International)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 WASAgent; C:\Program Files (x86)\Panda Security\WaAgent\WasAgent\WasAgent.exe [322376 2011-05-31] (Panda Security)
R2 WASWD; C:\Program Files (x86)\Panda Security\WaAgent\WasWD\WasWD.exe [206664 2011-05-31] (Panda Security)
U2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [x]

==================== Drivers (Whitelisted) ====================

R2 AmFSM; C:\Windows\System32\DRIVERS\amm6460.sys [70216 2011-03-07] (Panda Security, S.L.)
R2 APPFLT; C:\Windows\system32\Drivers\APPFLT64.SYS [129096 2011-01-31] (Panda Security, S.L.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2011-10-16] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-10-24] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-10-24] (Avira GmbH)
R2 DSAFLT; C:\Windows\system32\Drivers\DSAFLT64.SYS [82952 2009-09-25] (Panda Security, S.L.)
R2 FNETMON; C:\Windows\system32\Drivers\fnetm64.SYS [31752 2009-09-25] (Panda Security, S.L.)
R2 IDSFLT; C:\Windows\system32\Drivers\IDSFLT64.SYS [78920 2010-09-09] (Panda Security, S.L.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2011-10-16] ()
R2 NETFLTDI; C:\Windows\system32\Drivers\NETTDI64.SYS [170504 2009-09-25] (Panda Security, S.L.)
R3 NETIMFLT01060044; C:\Windows\System32\DRIVERS\n64i1644.sys [216648 2010-09-30] (Panda Security, S.L.)
R2 nsfim; C:\Windows\system32\Drivers\NSFIM64.SYS [74312 2010-10-19] (Panda Security, S.L.)
S3 WacomVKHid; system32\DRIVERS\WacomVKHid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-11 13:53 - 2013-09-11 13:53 - 00007586 _____ C:\Users\Martin Welsch\Downloads\WinDefend.reg
2013-09-10 21:27 - 2013-09-10 21:27 - 01949196 _____ (Farbar) C:\Users\Martin Welsch\Downloads\FRST64(1).exe
2013-09-10 21:17 - 2013-09-10 21:17 - 00358609 _____ (Farbar) C:\Users\Martin Welsch\Downloads\FSS(1).exe
2013-09-10 20:33 - 2013-09-10 20:33 - 00000000 ____D C:\RegBackup
2013-09-10 19:56 - 2013-09-10 21:16 - 00013644 _____ C:\Users\Martin Welsch\Downloads\la320.rar
2013-09-10 19:35 - 2013-09-10 19:35 - 00003288 ____N C:\bootsqm.dat
2013-09-10 19:29 - 2013-09-10 21:07 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-09-10 19:26 - 2013-09-10 19:28 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Tweaking.com - Windows Repair
2013-09-10 19:25 - 2013-09-10 19:25 - 03268369 _____ C:\Users\Martin Welsch\Downloads\tweaking.com_windows_repair_aio.zip
2013-09-10 19:24 - 2013-09-10 19:24 - 00000949 _____ C:\Users\Martin Welsch\Documents\panda.txt
2013-09-10 19:24 - 2013-09-10 19:24 - 00000949 _____ C:\Users\Martin Welsch\Documents\panda.txt
2013-09-08 22:26 - 2013-09-08 22:26 - 00027609 _____ C:\Users\Martin Welsch\Downloads\GetFile(6).aspx
2013-09-08 22:23 - 2013-09-08 22:23 - 00027609 _____ C:\Users\Martin Welsch\Downloads\GetFile(5).aspx
2013-09-08 22:20 - 2013-09-08 22:21 - 25755856 _____ (Microsoft Corporation) C:\Users\Martin Welsch\Downloads\wordview_de-de.exe
2013-09-08 22:19 - 2013-09-08 22:19 - 00021927 _____ C:\Users\Martin Welsch\Downloads\GetFile(3).aspx
2013-09-08 22:19 - 2013-09-08 22:19 - 00021927 _____ C:\Users\Martin Welsch\Downloads\GetFile(2).aspx
2013-09-08 22:19 - 2013-09-08 22:19 - 00015755 _____ C:\Users\Martin Welsch\Downloads\GetFile(4).aspx
2013-09-08 22:18 - 2013-09-08 22:18 - 00021927 _____ C:\Users\Martin Welsch\Downloads\GetFile.aspx
2013-09-08 22:18 - 2013-09-08 22:18 - 00021927 _____ C:\Users\Martin Welsch\Downloads\GetFile(1).aspx
2013-09-08 20:56 - 2013-09-08 20:59 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Deutschland von oben [Original Soundtrack] [feat. Neue Philharmonie Westfalen]
2013-09-08 12:03 - 2013-09-12 01:43 - 00002328 _____ C:\Users\Martin Welsch\Downloads\FSS.txt
2013-09-08 12:02 - 2013-09-08 12:02 - 00358609 _____ (Farbar) C:\Users\Martin Welsch\Downloads\FSS.exe
2013-09-07 17:33 - 2011-09-22 15:03 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Schroedel.BIOLOGIE.HEUTE.Neurobiologie.S1.2008.ISO-TEL
2013-09-05 22:13 - 2013-09-05 22:55 - 126025094 _____ C:\Users\Martin Welsch\Downloads\AL-Boy-MutFriLimEdi.rar.part
2013-09-05 22:13 - 2013-09-05 22:13 - 00000000 _____ C:\Users\Martin Welsch\Downloads\AL-Boy-MutFriLimEdi.rar
2013-09-05 12:30 - 2013-09-12 01:25 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-05 12:30 - 2013-09-05 12:30 - 17737608 _____ (Adobe Systems Incorporated) C:\Users\Martin Welsch\Downloads\install_flash_player.exe
2013-09-05 12:30 - 2013-09-05 12:30 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-05 12:13 - 2013-09-05 12:13 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-09-05 12:13 - 2013-09-05 12:13 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-09-05 12:13 - 2013-09-05 12:13 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-05 12:13 - 2013-09-05 12:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-05 12:13 - 2013-09-05 12:13 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-05 12:13 - 2013-09-05 12:13 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-09-05 12:12 - 2013-09-05 12:12 - 00000000 ____D C:\Program Files\Java
2013-09-05 12:10 - 2013-09-05 12:11 - 33150376 _____ (Oracle Corporation) C:\Users\Martin Welsch\Downloads\jre-7u25-windows-x64.exe
2013-09-05 11:57 - 2013-09-05 11:57 - 00903080 _____ (Oracle Corporation) C:\Users\Martin Welsch\Downloads\jxpiinstall.exe
2013-09-05 11:54 - 2013-09-05 12:11 - 101444724 _____ C:\Users\Martin Welsch\Downloads\ac-df.part2.rar
2013-09-04 14:14 - 2013-09-04 14:14 - 00891115 _____ C:\Users\Martin Welsch\Downloads\SecurityCheck.exe
2013-09-04 14:09 - 2013-09-04 14:09 - 02347384 _____ (ESET) C:\Users\Martin Welsch\Downloads\esetsmartinstaller_enu.exe
2013-09-04 14:09 - 2013-09-04 14:09 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-03 00:40 - 2013-09-03 00:41 - 09605522 _____ C:\Users\Martin Welsch\Downloads\Die fünziger Jahre- Die Halbstarken- Zusammenfassung (WDR).avi
2013-09-03 00:20 - 2013-09-03 00:20 - 10802302 _____ C:\Users\Martin Welsch\Downloads\Bill Haley & His Comets - Rock Around The Clock 1950.avi
2013-09-02 14:49 - 2013-09-02 14:49 - 00020806 _____ C:\Users\Martin Welsch\Downloads\Addition.txt
2013-09-02 14:40 - 2013-09-02 14:40 - 00001191 _____ C:\Users\Martin Welsch\Desktop\JRT.txt
2013-09-02 14:40 - 2013-09-02 14:40 - 00001191 _____ C:\Users\Martin Welsch\Desktop\JRT.txt
2013-09-02 14:33 - 2013-09-02 14:33 - 01951950 _____ (Farbar) C:\Users\Martin Welsch\Downloads\FRST64.exe
2013-09-02 14:32 - 2013-09-02 14:32 - 00000000 ____D C:\Windows\ERUNT
2013-09-02 14:31 - 2013-09-02 14:31 - 01028757 _____ (Thisisu) C:\Users\Martin Welsch\Downloads\JRT.exe
2013-09-02 14:17 - 2013-09-02 14:20 - 00000000 ____D C:\AdwCleaner
2013-09-02 14:17 - 2013-09-02 14:17 - 01037134 _____ C:\Users\Martin Welsch\Downloads\adwcleaner.exe
2013-09-02 14:03 - 2013-09-02 14:03 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\Malwarebytes
2013-09-02 14:03 - 2013-09-02 14:03 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\Malwarebytes
2013-09-02 14:02 - 2013-09-02 14:02 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-02 14:02 - 2013-09-02 14:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-02 14:02 - 2013-09-02 14:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-02 14:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-02 14:01 - 2013-09-02 14:01 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Martin Welsch\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-02 05:49 - 2013-09-02 05:49 - 00000000 ____D C:\FRST
2013-08-28 03:21 - 2013-08-28 03:21 - 00000000 __SHD C:\found.001
2013-08-25 12:46 - 2013-08-25 16:09 - 00000000 ____D C:\Users\Martin Welsch\Documents\Schule - GSS
2013-08-25 12:46 - 2013-08-25 16:09 - 00000000 ____D C:\Users\Martin Welsch\Documents\Schule - GSS
2013-08-18 00:04 - 2013-08-18 00:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 06:24 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 06:24 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 06:24 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 06:24 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 06:24 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 06:24 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 06:24 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 06:24 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 06:24 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 06:24 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 06:24 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 06:24 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 06:24 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 06:24 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 03:20 - 2013-08-15 03:20 - 00000000 ____D C:\151dfda74b29c59ca4a56a3c9a5a
2013-08-14 22:45 - 2013-08-01 23:58 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Im Bann des Zyklopen
2013-08-14 22:45 - 2013-08-01 23:46 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Percy Jackson, Band 4_ Percy Jackson - D (66)
2013-08-14 22:45 - 2013-08-01 23:46 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Percy Jackson Bd. 5 Die letzte Gottin (67)
2013-08-14 22:45 - 2013-08-01 23:43 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Diebe im Olymp
2013-08-14 22:45 - 2013-08-01 23:43 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Der Fluch des Titanen
2013-08-14 18:45 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 18:45 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 18:45 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 18:45 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 18:45 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 18:45 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 18:45 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 18:45 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 18:45 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 18:45 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 18:45 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 18:45 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 18:45 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 18:45 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 18:45 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 18:45 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 18:45 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 18:45 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 18:45 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 18:45 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 18:45 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 18:45 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 18:45 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 18:45 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 18:45 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 18:45 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 18:44 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-13 22:52 - 2013-08-13 22:57 - 15253270 _____ C:\Users\Martin Welsch\Downloads\Alles.rar
2013-08-13 00:33 - 2013-08-13 00:33 - 00800336 _____ C:\Windows\Minidump\081313-17940-01.dmp

==================== One Month Modified Files and Folders =======

2013-09-12 01:43 - 2013-09-08 12:03 - 00002328 _____ C:\Users\Martin Welsch\Downloads\FSS.txt
2013-09-12 01:40 - 2013-09-12 01:39 - 00007586 _____ C:\Users\Martin Welsch\Downloads\WinDefend(1).reg
2013-09-12 01:40 - 2010-09-24 07:42 - 01733232 _____ C:\Windows\WindowsUpdate.log
2013-09-12 01:37 - 2009-07-14 06:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-12 01:37 - 2009-07-14 06:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-12 01:25 - 2013-09-05 12:30 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-12 01:25 - 2010-09-24 17:33 - 00656294 _____ C:\Windows\system32\perfh007.dat
2013-09-12 01:25 - 2010-09-24 17:33 - 00130894 _____ C:\Windows\system32\perfc007.dat
2013-09-12 01:25 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-12 01:22 - 2012-09-23 18:52 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\Skype
2013-09-12 01:22 - 2012-09-23 18:52 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\Skype
2013-09-12 01:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2013-09-11 13:53 - 2013-09-11 13:53 - 00007586 _____ C:\Users\Martin Welsch\Downloads\WinDefend.reg
2013-09-11 13:50 - 2013-01-17 20:23 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-09-11 13:50 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-11 13:50 - 2009-07-14 06:51 - 00245047 _____ C:\Windows\setupact.log
2013-09-10 21:27 - 2013-09-10 21:27 - 01949196 _____ (Farbar) C:\Users\Martin Welsch\Downloads\FRST64(1).exe
2013-09-10 21:17 - 2013-09-10 21:17 - 00358609 _____ (Farbar) C:\Users\Martin Welsch\Downloads\FSS(1).exe
2013-09-10 21:16 - 2013-09-10 19:56 - 00013644 _____ C:\Users\Martin Welsch\Downloads\la320.rar
2013-09-10 21:11 - 2011-07-26 17:14 - 00103808 _____ C:\Users\MARTIN~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-10 21:11 - 2011-07-26 17:14 - 00103808 _____ C:\Users\Martin Welsch\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-10 21:10 - 2010-09-07 08:20 - 00011058 _____ C:\Windows\PFRO.log
2013-09-10 21:10 - 2009-07-14 06:45 - 00403696 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-10 21:07 - 2013-09-10 19:29 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-09-10 21:06 - 2009-07-14 04:34 - 00000535 _____ C:\Windows\win.ini
2013-09-10 20:33 - 2013-09-10 20:33 - 00000000 ____D C:\RegBackup
2013-09-10 19:35 - 2013-09-10 19:35 - 00003288 ____N C:\bootsqm.dat
2013-09-10 19:35 - 2011-07-26 11:53 - 00000152 _____ C:\Windows\system32\Drivers\etc\NetLoc.wlt
2013-09-10 19:31 - 2011-07-26 11:53 - 00000136 _____ C:\Windows\system32\Drivers\etc\NetAdapt.cfg
2013-09-10 19:28 - 2013-09-10 19:26 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Tweaking.com - Windows Repair
2013-09-10 19:25 - 2013-09-10 19:25 - 03268369 _____ C:\Users\Martin Welsch\Downloads\tweaking.com_windows_repair_aio.zip
2013-09-10 19:24 - 2013-09-10 19:24 - 00000949 _____ C:\Users\Martin Welsch\Documents\panda.txt
2013-09-10 19:24 - 2013-09-10 19:24 - 00000949 _____ C:\Users\Martin Welsch\Documents\panda.txt
2013-09-08 22:26 - 2013-09-08 22:26 - 00027609 _____ C:\Users\Martin Welsch\Downloads\GetFile(6).aspx
2013-09-08 22:23 - 2013-09-08 22:23 - 00027609 _____ C:\Users\Martin Welsch\Downloads\GetFile(5).aspx
2013-09-08 22:21 - 2013-09-08 22:20 - 25755856 _____ (Microsoft Corporation) C:\Users\Martin Welsch\Downloads\wordview_de-de.exe
2013-09-08 22:21 - 2011-07-26 13:03 - 00000000 ____D C:\Program Files (x86)\MSECache
2013-09-08 22:19 - 2013-09-08 22:19 - 00021927 _____ C:\Users\Martin Welsch\Downloads\GetFile(3).aspx
2013-09-08 22:19 - 2013-09-08 22:19 - 00021927 _____ C:\Users\Martin Welsch\Downloads\GetFile(2).aspx
2013-09-08 22:19 - 2013-09-08 22:19 - 00015755 _____ C:\Users\Martin Welsch\Downloads\GetFile(4).aspx
2013-09-08 22:18 - 2013-09-08 22:18 - 00021927 _____ C:\Users\Martin Welsch\Downloads\GetFile.aspx
2013-09-08 22:18 - 2013-09-08 22:18 - 00021927 _____ C:\Users\Martin Welsch\Downloads\GetFile(1).aspx
2013-09-08 20:59 - 2013-09-08 20:56 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Deutschland von oben [Original Soundtrack] [feat. Neue Philharmonie Westfalen]
2013-09-08 12:02 - 2013-09-08 12:02 - 00358609 _____ (Farbar) C:\Users\Martin Welsch\Downloads\FSS.exe
2013-09-05 22:55 - 2013-09-05 22:13 - 126025094 _____ C:\Users\Martin Welsch\Downloads\AL-Boy-MutFriLimEdi.rar.part
2013-09-05 22:13 - 2013-09-05 22:13 - 00000000 _____ C:\Users\Martin Welsch\Downloads\AL-Boy-MutFriLimEdi.rar
2013-09-05 12:30 - 2013-09-05 12:30 - 17737608 _____ (Adobe Systems Incorporated) C:\Users\Martin Welsch\Downloads\install_flash_player.exe
2013-09-05 12:30 - 2013-09-05 12:30 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-05 12:30 - 2013-02-20 17:21 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-05 12:30 - 2011-08-05 20:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-05 12:30 - 2011-08-05 19:42 - 00000000 ____D C:\Users\MARTIN~1\AppData\Local\Adobe
2013-09-05 12:30 - 2011-08-05 19:42 - 00000000 ____D C:\Users\Martin Welsch\AppData\Local\Adobe
2013-09-05 12:13 - 2013-09-05 12:13 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-09-05 12:13 - 2013-09-05 12:13 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-09-05 12:13 - 2013-09-05 12:13 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-05 12:13 - 2013-09-05 12:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-05 12:13 - 2013-09-05 12:13 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-05 12:13 - 2013-09-05 12:13 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-09-05 12:12 - 2013-09-05 12:12 - 00000000 ____D C:\Program Files\Java
2013-09-05 12:11 - 2013-09-05 12:10 - 33150376 _____ (Oracle Corporation) C:\Users\Martin Welsch\Downloads\jre-7u25-windows-x64.exe
2013-09-05 12:11 - 2013-09-05 11:54 - 101444724 _____ C:\Users\Martin Welsch\Downloads\ac-df.part2.rar
2013-09-05 11:58 - 2011-07-26 17:34 - 00000000 ____D C:\Windows\system32\appmgmt
2013-09-05 11:57 - 2013-09-05 11:57 - 00903080 _____ (Oracle Corporation) C:\Users\Martin Welsch\Downloads\jxpiinstall.exe
2013-09-04 14:14 - 2013-09-04 14:14 - 00891115 _____ C:\Users\Martin Welsch\Downloads\SecurityCheck.exe
2013-09-04 14:09 - 2013-09-04 14:09 - 02347384 _____ (ESET) C:\Users\Martin Welsch\Downloads\esetsmartinstaller_enu.exe
2013-09-04 14:09 - 2013-09-04 14:09 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-03 00:41 - 2013-09-03 00:40 - 09605522 _____ C:\Users\Martin Welsch\Downloads\Die fünziger Jahre- Die Halbstarken- Zusammenfassung (WDR).avi
2013-09-03 00:20 - 2013-09-03 00:20 - 10802302 _____ C:\Users\Martin Welsch\Downloads\Bill Haley & His Comets - Rock Around The Clock 1950.avi
2013-09-02 14:49 - 2013-09-02 14:49 - 00020806 _____ C:\Users\Martin Welsch\Downloads\Addition.txt
2013-09-02 14:40 - 2013-09-02 14:40 - 00001191 _____ C:\Users\Martin Welsch\Desktop\JRT.txt
2013-09-02 14:40 - 2013-09-02 14:40 - 00001191 _____ C:\Users\Martin Welsch\Desktop\JRT.txt
2013-09-02 14:33 - 2013-09-02 14:33 - 01951950 _____ (Farbar) C:\Users\Martin Welsch\Downloads\FRST64.exe
2013-09-02 14:32 - 2013-09-02 14:32 - 00000000 ____D C:\Windows\ERUNT
2013-09-02 14:31 - 2013-09-02 14:31 - 01028757 _____ (Thisisu) C:\Users\Martin Welsch\Downloads\JRT.exe
2013-09-02 14:20 - 2013-09-02 14:17 - 00000000 ____D C:\AdwCleaner
2013-09-02 14:20 - 2011-08-04 18:36 - 00000000 ____D C:\ProgramData\ICQ
2013-09-02 14:17 - 2013-09-02 14:17 - 01037134 _____ C:\Users\Martin Welsch\Downloads\adwcleaner.exe
2013-09-02 14:03 - 2013-09-02 14:03 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\Malwarebytes
2013-09-02 14:03 - 2013-09-02 14:03 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\Malwarebytes
2013-09-02 14:02 - 2013-09-02 14:02 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-02 14:02 - 2013-09-02 14:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-02 14:02 - 2013-09-02 14:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-02 14:01 - 2013-09-02 14:01 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Martin Welsch\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-02 05:49 - 2013-09-02 05:49 - 00000000 ____D C:\FRST
2013-08-30 13:28 - 2011-08-05 18:17 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\ICQ
2013-08-30 13:28 - 2011-08-05 18:17 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\ICQ
2013-08-28 03:23 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-28 03:21 - 2013-08-28 03:21 - 00000000 __SHD C:\found.001
2013-08-25 16:09 - 2013-08-25 12:46 - 00000000 ____D C:\Users\Martin Welsch\Documents\Schule - GSS
2013-08-25 16:09 - 2013-08-25 12:46 - 00000000 ____D C:\Users\Martin Welsch\Documents\Schule - GSS
2013-08-22 21:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-19 21:03 - 2012-10-17 14:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-19 00:07 - 2013-07-08 14:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-08-18 01:06 - 2013-08-11 23:12 - 00232448 _____ C:\Users\Martin Welsch\Downloads\sai.ssd
2013-08-18 00:43 - 2013-08-11 23:12 - 00000320 _____ C:\Users\Martin Welsch\Downloads\sysinfo.txt
2013-08-18 00:04 - 2013-08-18 00:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 03:20 - 2013-08-15 03:20 - 00000000 ____D C:\151dfda74b29c59ca4a56a3c9a5a
2013-08-15 03:19 - 2013-08-12 10:46 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 03:09 - 2012-11-07 13:32 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 02:36 - 2013-08-01 16:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\tumblr
2013-08-14 22:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-13 22:57 - 2013-08-13 22:52 - 15253270 _____ C:\Users\Martin Welsch\Downloads\Alles.rar
2013-08-13 00:33 - 2013-08-13 00:33 - 00800336 _____ C:\Windows\Minidump\081313-17940-01.dmp
2013-08-13 00:33 - 2012-07-04 19:17 - 256433944 _____ C:\Windows\MEMORY.DMP
2013-08-13 00:33 - 2012-07-04 19:17 - 00000000 ____D C:\Windows\Minidump

Files to move or delete:
====================
C:\Users\MARTIN~1\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\MARTIN~1\AppData\Local\Temp\Quarantine.exe
C:\Users\Martin Welsch\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Martin Welsch\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 14:26

==================== End Of Log ============================
         

Alt 12.09.2013, 09:58   #14
schrauber
/// the machine
/// TB-Ausbilder
 

GVU-Trojaner - Standard

GVU-Trojaner



Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.09.2013, 19:52   #15
Ciel
 
GVU-Trojaner - Standard

GVU-Trojaner



Nein, keine mehr!
Und noch einmal ein ganz großes Dankeschön an Dich!

Antwort

Themen zu GVU-Trojaner
.dll, adobe, akamai, antivir, association, autorun, avg, avira, desktop, explorer, farbar, farbar recovery scan tool, flash player, launch, logfile, minidump, mozilla, photoshop, realtek, registry, scan, security, services.exe, software, svchost.exe, symantec, system, temp, vista, winlogon.exe




Zum Thema GVU-Trojaner - Guten Abend, ich habe seit heute auch mit dem GVU-Trojaner zu kämpfen und hoffe, ihr könnt mir helfen. Die FRST Logfile konnte ich schon erstellen: Code: Alles auswählen Aufklappen ATTFilter - GVU-Trojaner...
Archiv
Du betrachtest: GVU-Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.