Mein Rechner sendet Spam laut meinem Provider.

cosinus · 06.10.2013, 21:43

Adware/Junkware/Toolbars entfernen

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

zundanus · 07.10.2013, 20:54

AdwCleaner[S1].txt
AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.006 - Bericht erstellt am 07/10/2013 um 21:31:09
# Updated 01/10/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : sofi015 - SOFI015-PC
# Gestartet von : C:\Users\sofi015\Desktop\adwcleaner_3.0.0.6.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\Ilivid
Ordner Gelöscht : C:\Users\sofi015\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\sofi015\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\sofi015\AppData\Roaming\Mozilla\Firefox\Profiles\m7hdv2s9.default\Extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2008\Microsoft Visual Studio 2008-Dokumentation.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_hamachi_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_hamachi_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v25.0 (de)

[ Datei : C:\Users\sofi015\AppData\Roaming\Mozilla\Firefox\Profiles\m7hdv2s9.default\prefs.js ]


-\\ Google Chrome v29.0.1547.76

[ Datei : C:\Users\sofi015\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [13291 octets] - [03/10/2013 09:55:31]
AdwCleaner[R1].txt - [13087 octets] - [03/10/2013 10:06:19]
AdwCleaner[R2].txt - [12894 octets] - [07/10/2013 21:29:59]
AdwCleaner[S0].txt - [422 octets] - [03/10/2013 09:56:01]
AdwCleaner[S1].txt - [12212 octets] - [07/10/2013 21:31:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [12273 octets] ##########

--- --- ---

[/code]

JRT.txt

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Professional x64
Ran by sofi015 on 07.10.2013 at 21:35:05,48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{05634FDD-3C0F-4A59-894D-793E11DB1540}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{082AFFB9-D49E-4FEA-9136-3D4415A74B8A}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{20791B14-DAB8-405A-B649-92DFB4364EE6}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{2F2D0FC0-2CEF-400D-AFB5-60EF6A152D69}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{31B808C0-B628-4792-A16C-BEB55A4AEF1D}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{32848DE4-FF80-4E3E-A483-444E1943EE46}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{32B64C2C-38A6-476E-A00D-735F7464237D}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{3FD91820-3DE3-4A7B-9C1C-7EA4BC81CFDF}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{43C7FE17-D44E-4EB3-895D-EF63F5BF9432}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{46085397-4C57-44A0-8076-6492CCF3D212}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{4658F6B1-E285-4C60-86A4-26FE1B88ECFB}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{579BD94A-96DA-4D06-8603-7D980CA12BEC}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{5C1AB956-F992-4A90-81AE-8E1EDD17C1F6}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{5F4D5ECA-4972-455D-A048-0A6E1EB7489B}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{61C9EDE9-4651-4964-8940-E8AC669F7C64}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{7C5932F9-2A04-4439-93CE-4054EFD91976}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{87F2E705-ACC7-4955-822E-FE011984ABB1}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{900D6BF8-510D-495E-B743-9A1E5A4E97BE}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{915F97EF-3BCA-48C0-9365-C081AC17A83D}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{94221C39-B529-4A38-93B3-A89233D8F4CC}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{982560A4-F242-436B-A0D2-E06F6B437A84}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{9C67B8B8-9C86-4AE8-BC9C-155A22A26297}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{A01BF972-A4BA-4F8D-9B06-C1A3BB023C69}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{ABFA633E-CD7C-4239-A14A-730FD5DA6E9F}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{CE3DC974-BB5C-47B2-8C7C-9FFF75708645}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{CED75470-3FAA-41E8-AF70-07EF2F707483}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{D276BC20-C504-49B4-B101-5F392E389614}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{D5D1CEBD-E72F-491A-B7AF-75F78B43D966}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{D9C13936-3002-4D1E-9C99-E128CC787A88}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{EAD2874E-8C68-4DEB-9421-4EBC9EBDCE72}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{F9BC9BA6-1124-4B8A-BC95-A4568E556044}



~~~ FireFox

Emptied folder: C:\Users\sofi015\AppData\Roaming\mozilla\firefox\profiles\m7hdv2s9.default\minidumps [16 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.10.2013 at 21:41:48,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST.txt

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by sofi015 (administrator) on SOFI015-PC on 07-10-2013 21:43:20
Running from C:\Users\sofi015\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dell Inc.) c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\system32\inetsrv\inetinfo.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Microsoft Corporation) C:\Windows\system32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLR2ENT\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLR2EXP\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(O2Micro International) C:\Windows\system32\DRIVERS\o2flash.exe
() c:\Windows\SysWOW64\srvany.exe
(O2Micro.) c:\Windows\sysWOW64\SDIOAssist.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\system32\mqtgsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe
() C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
() C:\Windows\SysWOW64\atwtusb.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) D:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [608112 2011-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-07] (IDT, Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [IntelPROSet] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2010-12-23] (Intel(R) Corporation)
HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [DBRMTray] - C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [NVHotkey] - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [MsmqIntCert] - regsvr32 /s mqrt.dll
HKLM\...\RunOnce: [DBRMTray] - C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-05] (Microsoft)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKCU\...\Run: [ISUSPM] - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [222128 2007-03-29] (Macrovision Corporation)
HKCU\...\Run: [Google Update] - C:\Users\sofi015\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-09-23] (Google Inc.)
HKCU\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [KPeerNexonEU] - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2013-04-19] (NEXON Inc.)
MountPoints2: F - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {969f08a9-bcda-11e0-a82a-b8ac6fcc1f9f} - F:\StartVMCLite.exe
MountPoints2: {969f08be-bcda-11e0-a82a-b8ac6fcc1f9f} - F:\StartVMCLite.exe
MountPoints2: {969f08c4-bcda-11e0-a82a-b8ac6fcc1f9f} - F:\StartVMCLite.exe
MountPoints2: {b834eb55-6f2e-11e1-b149-c0f8dae43193} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {d8bd2527-4ca3-11e1-ad75-c0f8dae43193} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {db022d49-e5ab-11e0-ae1f-c0f8dae43193} - F:\StartVMCLite.exe
MountPoints2: {db022d4b-e5ab-11e0-ae1f-c0f8dae43193} - F:\StartVMCLite.exe
MountPoints2: {dfe7cdfa-35ef-11e1-bc46-c0f8dae43193} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {dfe7ce1a-35ef-11e1-bc46-c0f8dae43193} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462993 2010-03-12] (Creative Technology Ltd)
HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DNS7reminder] - C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini [286 2011-07-15] ()
HKLM-x32\...\Run: [atwtusb] - C:\Windows\\SysWOW64\atwtusb.exe [323232 2007-05-15] ()
HKLM-x32\...\Run: [TrayServer] - D:\Program Files (x86)\MAGIX\Video_deluxe_MX\TrayServer_de.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [MobileBroadband] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [280576 2011-10-19] (Vodafone)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1960448 2013-04-05] (Dominik Reichl)
HKLM-x32\...\Run: [iTunesHelper] - D:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [226920 2011-02-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [192616 2011-02-05] (NVIDIA Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Users\sofi015\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8
SearchScopes: HKLM - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {8D0F6FEA-96F4-437E-8C02-BB87810E8B9A} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - 0AC6CAD87C4B4E9F869BE8948C3F9B11 URL = hxxp://www.google.de/search?q={searchTerms}&rlz=
SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{47EBA19C-DF75-4333-B682-3FA68A4C315A}: [NameServer]139.7.30.125 139.7.30.126
Tcpip\..\Interfaces\{52C3A40F-0D1B-4B2E-BD5E-EE1362C1419E}: [NameServer]139.7.30.125 139.7.30.126
Tcpip\..\Interfaces\{B0352D68-B0F3-45F7-B988-38E9D422CDB8}: [NameServer]139.7.30.125 139.7.30.126

FireFox:
========
FF ProfilePath: C:\Users\sofi015\AppData\Roaming\Mozilla\Firefox\Profiles\m7hdv2s9.default
FF DefaultSearchEngine: Bing 
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Bing 
FF Homepage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.2.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\sofi015\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\sofi015\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\sofi015\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\sofi015\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\sofi015\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\sofi015\AppData\Roaming\Mozilla\Firefox\Profiles\m7hdv2s9.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: firebug - C:\Users\sofi015\AppData\Roaming\Mozilla\Firefox\Profiles\m7hdv2s9.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: testpilot - C:\Users\sofi015\AppData\Roaming\Mozilla\Firefox\Profiles\m7hdv2s9.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HomePage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
CHR RestoreOnStartup: "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\sofi015\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\sofi015\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (WPI Detector 1.4) - C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (iTunes Application Detector) - D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Drive) - C:\Users\sofi015\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\sofi015\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\sofi015\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\sofi015\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\sofi015\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [622648 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-21] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsDtsServer100; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [214040 2008-07-10] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-21] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S2 MSSQL$SQLR2DEV; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLR2DEV\MSSQL\Binn\sqlservr.exe [61916000 2011-04-24] (Microsoft Corporation)
R2 MSSQL$SQLR2ENT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLR2ENT\MSSQL\Binn\sqlservr.exe [61916000 2011-04-24] (Microsoft Corporation)
R2 MSSQL$SQLR2EXP; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLR2EXP\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [57820696 2008-07-10] (Microsoft Corporation)
S3 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe [43709464 2008-07-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-19] ()
S3 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2045464 2008-07-10] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S4 SQLAgent$SQLR2DEV; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLR2DEV\MSSQL\Binn\SQLAGENT.EXE [428384 2011-04-24] (Microsoft Corporation)
S4 SQLAgent$SQLR2ENT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLR2ENT\MSSQL\Binn\SQLAGENT.EXE [428384 2011-04-24] (Microsoft Corporation)
S2 SQLAgent$SQLR2EXP; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLR2EXP\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [430616 2008-07-10] (Microsoft Corporation)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2010-12-23] (Intel(R) Corporation)
R3 MSSQLFDLauncher; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe" -s MSSQL10.MSSQLSERVER [x]

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
S1 aiptektp; C:\Windows\System32\DRIVERS\aiptektp.sys [29184 2006-12-27] (WALTOP International Corp.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-27] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [415232 2011-10-18] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-07 21:41 - 2013-10-07 21:41 - 00004281 _____ C:\Users\sofi015\Desktop\JRT.txt
2013-10-07 21:35 - 2013-10-07 21:35 - 00000000 ____D C:\Windows\ERUNT
2013-10-07 21:34 - 2013-10-07 21:34 - 01032220 _____ (Thisisu) C:\Users\sofi015\Desktop\JRT.exe
2013-10-07 21:33 - 2013-10-07 21:33 - 00012526 _____ C:\Users\sofi015\Desktop\AdwCleaner[S1].txt
2013-10-07 21:28 - 2013-10-07 21:28 - 01045226 _____ C:\Users\sofi015\Desktop\adwcleaner_3.0.0.6.exe
2013-10-07 15:11 - 2013-10-07 15:11 - 00028160 _____ C:\Users\sofi015\Downloads\Hersteller_Marken_Warengruppe.xls
2013-10-07 10:10 - 2013-09-24 03:27 - 12093440 _____ C:\Users\sofi015\Downloads\MX2_Techno_B2B_backup_2013_09_24_022014_9492749.bak
2013-10-06 01:20 - 2013-10-06 01:20 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\sofi015\Desktop\tdsskiller.exe
2013-10-04 19:05 - 2013-10-04 19:05 - 00000585 _____ C:\Users\sofi015\Downloads\Mein Rechner sendet Spam laut meinem Provider. - Trojaner-Board.website
2013-10-04 15:12 - 2013-10-04 15:12 - 00478720 _____ C:\Users\sofi015\Downloads\WG EKP! (2).msg
2013-10-04 14:38 - 2013-10-04 14:38 - 00289792 _____ C:\Users\sofi015\Downloads\Fehlendes Bild Alufelge.msg
2013-10-04 10:51 - 2013-10-04 10:51 - 00003235 _____ C:\Users\sofi015\Desktop\20130705.log
2013-10-04 10:51 - 2013-10-04 10:51 - 00002884 _____ C:\Users\sofi015\Downloads\20131001.log
2013-10-04 10:51 - 2013-10-04 10:51 - 00001436 _____ C:\Users\sofi015\Downloads\20131004.log
2013-10-04 10:21 - 2013-10-04 10:21 - 00478720 _____ C:\Users\sofi015\Downloads\WG EKP! (1).msg
2013-10-04 09:59 - 2013-10-04 09:59 - 00478720 _____ C:\Users\sofi015\Downloads\WG EKP!.msg
2013-10-03 17:25 - 2013-10-04 19:17 - 00000000 ___SD C:\32788R22FWJFW
2013-10-03 17:25 - 2013-10-03 17:25 - 00000000 ____D C:\Windows\erdnt
2013-10-03 17:25 - 2013-10-03 17:25 - 00000000 ____D C:\Qoobox
2013-10-03 17:24 - 2013-10-07 21:42 - 00000585 _____ C:\Users\sofi015\Desktop\Mein Rechner sendet Spam laut meinem Provider. - Trojaner-Board.website
2013-10-03 14:13 - 2013-10-03 14:35 - 00000000 ____D C:\Users\sofi015\Desktop\mbar
2013-10-03 10:06 - 2013-10-03 10:06 - 01045226 _____ C:\Users\sofi015\Downloads\adwcleaner.exe
2013-10-03 09:55 - 2013-10-07 21:31 - 00000000 ____D C:\AdwCleaner
2013-10-03 09:28 - 2013-10-03 09:28 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-03 09:28 - 2013-10-03 09:28 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-03 09:28 - 2013-10-03 09:28 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-03 09:28 - 2013-10-03 09:28 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-03 09:28 - 2013-10-03 09:28 - 00000000 ____D C:\ProgramData\Oracle
2013-10-03 09:28 - 2013-10-03 09:28 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-03 09:23 - 2013-10-03 09:23 - 00913832 _____ (Oracle Corporation) C:\Users\sofi015\Downloads\chromeinstall-7u40.exe
2013-10-03 00:22 - 2013-10-03 00:22 - 00031357 _____ C:\Users\sofi015\Desktop\log.zip
2013-10-03 00:04 - 2013-10-03 00:04 - 00005761 _____ C:\Users\sofi015\Desktop\gem2.log
2013-10-02 23:46 - 2013-10-02 23:46 - 00047674 _____ C:\Users\sofi015\Desktop\Addition.txt
2013-10-02 23:44 - 2013-10-02 23:44 - 00000000 ____D C:\FRST
2013-10-02 23:43 - 2013-10-02 23:43 - 01954124 _____ (Farbar) C:\Users\sofi015\Desktop\FRST64.exe
2013-10-02 23:42 - 2013-10-02 23:43 - 01954124 _____ (Farbar) C:\Users\sofi015\Downloads\FRST64.exe
2013-10-02 23:42 - 2013-10-02 23:42 - 00377856 _____ C:\Users\sofi015\Downloads\gmer_2.1.19163.exe
2013-10-02 23:42 - 2013-10-02 23:42 - 00377856 _____ C:\Users\sofi015\Desktop\gmer_2.1.19163.exe
2013-10-02 23:41 - 2013-10-02 23:41 - 00000476 _____ C:\Users\sofi015\Desktop\defogger_disable.log
2013-10-02 23:41 - 2013-10-02 23:41 - 00000000 _____ C:\Users\sofi015\defogger_reenable
2013-10-02 23:37 - 2013-10-02 23:37 - 00050477 _____ C:\Users\sofi015\Downloads\Defogger.exe
2013-10-02 23:37 - 2013-10-02 23:37 - 00050477 _____ C:\Users\sofi015\Desktop\Defogger.exe
2013-10-02 23:30 - 2013-10-02 23:31 - 00000000 ____D C:\Windows\system32\MRT
2013-10-02 23:20 - 2013-10-02 23:20 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-02 23:20 - 2013-10-02 23:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-02 23:20 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-02 23:19 - 2013-10-02 23:20 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\sofi015\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-02 23:10 - 2013-10-03 00:06 - 00038542 _____ C:\Users\sofi015\Desktop\AVSCAN-20131002-212934-71E06830.LOG
2013-10-02 22:50 - 2013-10-02 22:51 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\sofi015\Downloads\spybotsd-2.1.21-SR2.exe
2013-10-02 10:29 - 2013-10-02 10:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-01 13:30 - 2013-10-01 13:30 - 00027821 _____ C:\Users\sofi015\Downloads\2013-08-22, Euromaster Bestellungen.xlsx
2013-09-30 14:45 - 2013-09-30 14:45 - 00250849 _____ C:\Users\sofi015\Downloads\dotless-v1.3.1.0.zip
2013-09-26 16:34 - 2013-09-26 16:34 - 03615137 _____ C:\Users\sofi015\Downloads\dotless-master.zip
2013-09-26 10:02 - 2013-09-25 02:50 - 553637376 _____ C:\Users\sofi015\Downloads\mx2_ekp_backup.bak
2013-09-26 09:57 - 2013-09-26 10:02 - 548932294 _____ C:\Users\sofi015\Downloads\mx2_ekp_backup.rar
2013-09-24 17:11 - 2013-09-24 17:13 - 00000000 ____D C:\Users\sofi015\Documents\My Kindle Content
2013-09-24 17:11 - 2013-09-24 17:11 - 00002243 _____ C:\Users\sofi015\Desktop\Kindle.lnk
2013-09-24 17:11 - 2013-09-24 17:11 - 00000000 ____D C:\Users\sofi015\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2013-09-24 17:11 - 2013-09-24 17:11 - 00000000 ____D C:\Users\sofi015\AppData\Local\Amazon
2013-09-24 08:20 - 2013-09-24 08:20 - 00001577 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-24 08:20 - 2013-09-24 08:20 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-24 08:20 - 2013-09-24 08:20 - 00000000 ____D C:\Program Files\iTunes
2013-09-24 08:20 - 2013-09-24 08:20 - 00000000 ____D C:\Program Files\iPod
2013-09-19 15:24 - 2013-09-19 15:24 - 00002558 _____ C:\Users\sofi015\Downloads\Alter_T_Tire_Surcharge (2).sql
2013-09-19 15:23 - 2013-09-19 15:23 - 00002558 _____ C:\Users\sofi015\Downloads\Alter_T_Tire_Surcharge (1).sql
2013-09-19 15:23 - 2013-09-19 15:23 - 00002400 _____ C:\Users\sofi015\Downloads\Alter_Select_TireSurchargeByMandant.sql
2013-09-19 15:22 - 2013-09-19 15:22 - 00002567 _____ C:\Users\sofi015\Downloads\Create_T_Tire_Surcharge (1).sql
2013-09-19 15:22 - 2013-09-19 15:22 - 00002558 _____ C:\Users\sofi015\Downloads\Alter_T_Tire_Surcharge.sql
2013-09-18 08:03 - 2013-09-18 08:03 - 00014239 _____ C:\Users\sofi015\Downloads\Create_T_Tire_Surcharge Stored Procedures.sql
2013-09-18 08:03 - 2013-09-18 08:03 - 00002567 _____ C:\Users\sofi015\Downloads\Create_T_Tire_Surcharge.sql
2013-09-17 09:24 - 2013-09-17 09:24 - 00002962 _____ C:\Windows\System32\Tasks\iSCSIAgentAutoStartup
2013-09-17 09:24 - 2013-09-17 09:24 - 00001092 _____ C:\Users\Public\Desktop\Qfinder.lnk
2013-09-17 09:24 - 2013-09-17 09:24 - 00000000 ____D C:\Program Files (x86)\QNAP
2013-09-13 13:37 - 2013-09-13 13:37 - 00111104 _____ C:\Users\sofi015\Downloads\Email Stirnimann (1).msg
2013-09-13 08:52 - 2013-09-13 08:52 - 00111104 _____ C:\Users\sofi015\Downloads\Email Stirnimann.msg
2013-09-12 18:16 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 18:16 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 18:16 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 18:16 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 18:16 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 18:16 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 18:16 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 18:16 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 18:16 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 18:16 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 18:16 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 18:16 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 18:16 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 18:16 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 18:16 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 18:16 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 18:16 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 18:16 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 18:16 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 18:16 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 18:16 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 18:16 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 18:16 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 18:16 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 18:16 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 18:16 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 18:16 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 18:16 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 18:16 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 18:16 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 18:16 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 15:35 - 2013-09-12 15:35 - 00040448 _____ C:\Users\sofi015\Downloads\Fwd  Shop  Bestellung 1000010 vom 05 09 2013 06 58 07.msg
2013-09-12 08:00 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 08:00 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 08:00 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 08:00 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 08:00 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 08:00 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 08:00 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 08:00 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 08:00 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 08:00 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 08:00 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 08:00 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 08:00 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 08:00 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 08:00 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 08:00 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 08:00 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 08:00 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 08:00 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 08:00 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 08:00 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 08:00 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 08:00 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 08:00 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 08:00 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 08:00 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-11 15:29 - 2013-09-11 15:29 - 00022461 _____ C:\Users\sofi015\Downloads\2013-08-26, Ronal B2B CH ASA.xlsx
2013-09-10 12:55 - 2013-09-10 12:54 - 00574386 _____ C:\Users\sofi015\Documents\UserArming.xml
2013-09-10 09:21 - 2013-09-10 08:38 - 02545106 _____ C:\Users\sofi015\Documents\oser.xml

==================== One Month Modified Files and Folders =======

2013-10-07 21:42 - 2013-10-03 17:24 - 00000585 _____ C:\Users\sofi015\Desktop\Mein Rechner sendet Spam laut meinem Provider. - Trojaner-Board.website
2013-10-07 21:41 - 2013-10-07 21:41 - 00004281 _____ C:\Users\sofi015\Desktop\JRT.txt
2013-10-07 21:41 - 2011-07-05 22:58 - 00000000 ____D C:\Users\sofi015\AppData\Roaming\Skype
2013-10-07 21:39 - 2009-07-14 06:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-07 21:39 - 2009-07-14 06:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-07 21:37 - 2010-11-21 08:50 - 01178456 _____ C:\Windows\system32\perfh007.dat
2013-10-07 21:37 - 2010-11-21 08:50 - 00331334 _____ C:\Windows\system32\perfc007.dat
2013-10-07 21:37 - 2009-07-14 07:13 - 02939184 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-07 21:35 - 2013-10-07 21:35 - 00000000 ____D C:\Windows\ERUNT
2013-10-07 21:34 - 2013-10-07 21:34 - 01032220 _____ (Thisisu) C:\Users\sofi015\Desktop\JRT.exe
2013-10-07 21:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\inetsrv
2013-10-07 21:33 - 2013-10-07 21:33 - 00012526 _____ C:\Users\sofi015\Desktop\AdwCleaner[S1].txt
2013-10-07 21:32 - 2013-04-03 07:57 - 00018229 _____ C:\Windows\setupact.log
2013-10-07 21:32 - 2012-07-24 17:41 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-07 21:32 - 2011-07-01 13:47 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-07 21:32 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-07 21:31 - 2013-10-03 09:55 - 00000000 ____D C:\AdwCleaner
2013-10-07 21:31 - 2011-07-01 20:54 - 01386009 _____ C:\Windows\WindowsUpdate.log
2013-10-07 21:28 - 2013-10-07 21:28 - 01045226 _____ C:\Users\sofi015\Desktop\adwcleaner_3.0.0.6.exe
2013-10-07 21:25 - 2011-09-23 10:57 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789878892-2167670896-1103566597-1002UA.job
2013-10-07 21:24 - 2012-07-24 17:41 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-07 21:24 - 2011-07-05 19:08 - 00000000 ____D C:\Users\sofi015\AppData\Local\TSVNCache
2013-10-07 21:21 - 2011-07-05 22:44 - 00000000 ____D C:\Users\sofi015\Documents\Outlook-Dateien
2013-10-07 21:02 - 2012-10-10 08:00 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-07 17:30 - 2011-07-08 09:47 - 00002016 ____H C:\Users\sofi015\Documents\Default.rdp
2013-10-07 16:17 - 2011-07-05 12:01 - 00000000 ____D C:\Users\sofi015\Documents\SQL Server Management Studio
2013-10-07 15:11 - 2013-10-07 15:11 - 00028160 _____ C:\Users\sofi015\Downloads\Hersteller_Marken_Warengruppe.xls
2013-10-07 08:37 - 2011-07-07 13:39 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{728671C4-94D3-4A89-A002-C15D34D7EC66}
2013-10-06 01:20 - 2013-10-06 01:20 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\sofi015\Desktop\tdsskiller.exe
2013-10-05 14:26 - 2013-04-11 11:47 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-05 14:12 - 2012-02-01 22:40 - 00000000 ____D C:\Users\sofi015\AppData\Roaming\.minecraft
2013-10-04 19:17 - 2013-10-03 17:25 - 00000000 ___SD C:\32788R22FWJFW
2013-10-04 19:05 - 2013-10-04 19:05 - 00000585 _____ C:\Users\sofi015\Downloads\Mein Rechner sendet Spam laut meinem Provider. - Trojaner-Board.website
2013-10-04 16:16 - 2013-07-05 15:52 - 00000000 ____D C:\Users\sofi015\AppData\Roaming\KeePass
2013-10-04 15:12 - 2013-10-04 15:12 - 00478720 _____ C:\Users\sofi015\Downloads\WG EKP! (2).msg
2013-10-04 14:38 - 2013-10-04 14:38 - 00289792 _____ C:\Users\sofi015\Downloads\Fehlendes Bild Alufelge.msg
2013-10-04 10:51 - 2013-10-04 10:51 - 00003235 _____ C:\Users\sofi015\Desktop\20130705.log
2013-10-04 10:51 - 2013-10-04 10:51 - 00002884 _____ C:\Users\sofi015\Downloads\20131001.log
2013-10-04 10:51 - 2013-10-04 10:51 - 00001436 _____ C:\Users\sofi015\Downloads\20131004.log
2013-10-04 10:21 - 2013-10-04 10:21 - 00478720 _____ C:\Users\sofi015\Downloads\WG EKP! (1).msg
2013-10-04 09:59 - 2013-10-04 09:59 - 00478720 _____ C:\Users\sofi015\Downloads\WG EKP!.msg
2013-10-04 08:25 - 2011-09-23 10:57 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789878892-2167670896-1103566597-1002Core.job
2013-10-03 17:25 - 2013-10-03 17:25 - 00000000 ____D C:\Windows\erdnt
2013-10-03 17:25 - 2013-10-03 17:25 - 00000000 ____D C:\Qoobox
2013-10-03 14:35 - 2013-10-03 14:13 - 00000000 ____D C:\Users\sofi015\Desktop\mbar
2013-10-03 14:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Speech
2013-10-03 10:06 - 2013-10-03 10:06 - 01045226 _____ C:\Users\sofi015\Downloads\adwcleaner.exe
2013-10-03 09:28 - 2013-10-03 09:28 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-03 09:28 - 2013-10-03 09:28 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-03 09:28 - 2013-10-03 09:28 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-03 09:28 - 2013-10-03 09:28 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-03 09:28 - 2013-10-03 09:28 - 00000000 ____D C:\ProgramData\Oracle
2013-10-03 09:28 - 2013-10-03 09:28 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-03 09:28 - 2013-01-15 13:39 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-10-03 09:28 - 2011-07-01 20:54 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-10-03 09:24 - 2011-07-01 20:54 - 00000000 ____D C:\Program Files\Java
2013-10-03 09:23 - 2013-10-03 09:23 - 00913832 _____ (Oracle Corporation) C:\Users\sofi015\Downloads\chromeinstall-7u40.exe
2013-10-03 00:22 - 2013-10-03 00:22 - 00031357 _____ C:\Users\sofi015\Desktop\log.zip
2013-10-03 00:06 - 2013-10-02 23:10 - 00038542 _____ C:\Users\sofi015\Desktop\AVSCAN-20131002-212934-71E06830.LOG
2013-10-03 00:04 - 2013-10-03 00:04 - 00005761 _____ C:\Users\sofi015\Desktop\gem2.log
2013-10-02 23:46 - 2013-10-02 23:46 - 00047674 _____ C:\Users\sofi015\Desktop\Addition.txt
2013-10-02 23:44 - 2013-10-02 23:44 - 00000000 ____D C:\FRST
2013-10-02 23:43 - 2013-10-02 23:43 - 01954124 _____ (Farbar) C:\Users\sofi015\Desktop\FRST64.exe
2013-10-02 23:43 - 2013-10-02 23:42 - 01954124 _____ (Farbar) C:\Users\sofi015\Downloads\FRST64.exe
2013-10-02 23:42 - 2013-10-02 23:42 - 00377856 _____ C:\Users\sofi015\Downloads\gmer_2.1.19163.exe
2013-10-02 23:42 - 2013-10-02 23:42 - 00377856 _____ C:\Users\sofi015\Desktop\gmer_2.1.19163.exe
2013-10-02 23:41 - 2013-10-02 23:41 - 00000476 _____ C:\Users\sofi015\Desktop\defogger_disable.log
2013-10-02 23:41 - 2013-10-02 23:41 - 00000000 _____ C:\Users\sofi015\defogger_reenable
2013-10-02 23:41 - 2011-07-05 11:21 - 00000000 ____D C:\Users\sofi015
2013-10-02 23:37 - 2013-10-02 23:37 - 00050477 _____ C:\Users\sofi015\Downloads\Defogger.exe
2013-10-02 23:37 - 2013-10-02 23:37 - 00050477 _____ C:\Users\sofi015\Desktop\Defogger.exe
2013-10-02 23:34 - 2012-12-12 09:00 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-10-02 23:34 - 2012-07-25 07:17 - 00130188 _____ C:\Windows\PFRO.log
2013-10-02 23:34 - 2011-07-01 21:18 - 00000000 ____D C:\ProgramData\Sonic
2013-10-02 23:31 - 2013-10-02 23:30 - 00000000 ____D C:\Windows\system32\MRT
2013-10-02 23:20 - 2013-10-02 23:20 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-02 23:20 - 2013-10-02 23:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-02 23:20 - 2013-10-02 23:19 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\sofi015\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-02 22:51 - 2013-10-02 22:50 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\sofi015\Downloads\spybotsd-2.1.21-SR2.exe
2013-10-02 22:45 - 2012-06-26 08:46 - 00000000 ____D C:\Program Files (x86)\RabbitMQ Server
2013-10-02 22:23 - 2013-07-05 15:52 - 00003582 _____ C:\Users\sofi015\Documents\NewDatabase.kdbx
2013-10-02 21:46 - 2011-07-08 12:40 - 00007611 _____ C:\Users\sofi015\AppData\Local\Resmon.ResmonCfg
2013-10-02 21:31 - 2012-12-12 09:00 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-02 18:27 - 2012-05-08 10:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-02 10:29 - 2013-10-02 10:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-02 09:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-01 16:24 - 2011-07-05 14:01 - 00000000 ____D C:\Users\sofi015\Documents\Visual Studio 2010
2013-10-01 13:30 - 2013-10-01 13:30 - 00027821 _____ C:\Users\sofi015\Downloads\2013-08-22, Euromaster Bestellungen.xlsx
2013-09-30 14:45 - 2013-09-30 14:45 - 00250849 _____ C:\Users\sofi015\Downloads\dotless-v1.3.1.0.zip
2013-09-30 12:58 - 2013-01-24 10:55 - 00001092 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-09-29 13:11 - 2011-08-04 11:03 - 00000000 ____D C:\Users\sofi015\AppData\Local\Paint.NET
2013-09-28 09:15 - 2013-07-05 15:46 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2013-09-27 07:57 - 2011-07-19 15:08 - 00000000 ____D C:\Entwicklung_support
2013-09-26 16:34 - 2013-09-26 16:34 - 03615137 _____ C:\Users\sofi015\Downloads\dotless-master.zip
2013-09-26 10:02 - 2013-09-26 09:57 - 548932294 _____ C:\Users\sofi015\Downloads\mx2_ekp_backup.rar
2013-09-26 08:25 - 2011-07-19 15:41 - 00000000 ____D C:\Users\sofi015\AppData\Roaming\Mozilla
2013-09-25 02:50 - 2013-09-26 10:02 - 553637376 _____ C:\Users\sofi015\Downloads\mx2_ekp_backup.bak
2013-09-24 17:13 - 2013-09-24 17:11 - 00000000 ____D C:\Users\sofi015\Documents\My Kindle Content
2013-09-24 17:11 - 2013-09-24 17:11 - 00002243 _____ C:\Users\sofi015\Desktop\Kindle.lnk
2013-09-24 17:11 - 2013-09-24 17:11 - 00000000 ____D C:\Users\sofi015\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2013-09-24 17:11 - 2013-09-24 17:11 - 00000000 ____D C:\Users\sofi015\AppData\Local\Amazon
2013-09-24 15:55 - 2011-10-24 09:24 - 00000000 ____D C:\Program Files (x86)\Fiddler2
2013-09-24 09:26 - 2011-12-30 18:08 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-09-24 08:20 - 2013-09-24 08:20 - 00001577 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-24 08:20 - 2013-09-24 08:20 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-24 08:20 - 2013-09-24 08:20 - 00000000 ____D C:\Program Files\iTunes
2013-09-24 08:20 - 2013-09-24 08:20 - 00000000 ____D C:\Program Files\iPod
2013-09-24 03:27 - 2013-10-07 10:10 - 12093440 _____ C:\Users\sofi015\Downloads\MX2_Techno_B2B_backup_2013_09_24_022014_9492749.bak
2013-09-20 12:02 - 2012-10-10 08:00 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-20 12:02 - 2012-03-30 07:31 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-20 12:02 - 2011-07-19 15:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-19 15:24 - 2013-09-19 15:24 - 00002558 _____ C:\Users\sofi015\Downloads\Alter_T_Tire_Surcharge (2).sql
2013-09-19 15:23 - 2013-09-19 15:23 - 00002558 _____ C:\Users\sofi015\Downloads\Alter_T_Tire_Surcharge (1).sql
2013-09-19 15:23 - 2013-09-19 15:23 - 00002400 _____ C:\Users\sofi015\Downloads\Alter_Select_TireSurchargeByMandant.sql
2013-09-19 15:22 - 2013-09-19 15:22 - 00002567 _____ C:\Users\sofi015\Downloads\Create_T_Tire_Surcharge (1).sql
2013-09-19 15:22 - 2013-09-19 15:22 - 00002558 _____ C:\Users\sofi015\Downloads\Alter_T_Tire_Surcharge.sql
2013-09-18 08:03 - 2013-09-18 08:03 - 00014239 _____ C:\Users\sofi015\Downloads\Create_T_Tire_Surcharge Stored Procedures.sql
2013-09-18 08:03 - 2013-09-18 08:03 - 00002567 _____ C:\Users\sofi015\Downloads\Create_T_Tire_Surcharge.sql
2013-09-17 09:24 - 2013-09-17 09:24 - 00002962 _____ C:\Windows\System32\Tasks\iSCSIAgentAutoStartup
2013-09-17 09:24 - 2013-09-17 09:24 - 00001092 _____ C:\Users\Public\Desktop\Qfinder.lnk
2013-09-17 09:24 - 2013-09-17 09:24 - 00000000 ____D C:\Program Files (x86)\QNAP
2013-09-13 13:37 - 2013-09-13 13:37 - 00111104 _____ C:\Users\sofi015\Downloads\Email Stirnimann (1).msg
2013-09-13 12:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-13 08:52 - 2013-09-13 08:52 - 00111104 _____ C:\Users\sofi015\Downloads\Email Stirnimann.msg
2013-09-13 07:37 - 2011-07-05 11:22 - 00000000 ___RD C:\Users\sofi015\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-13 07:37 - 2011-07-05 11:22 - 00000000 ___RD C:\Users\sofi015\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-13 07:35 - 2009-07-14 06:45 - 00589400 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 18:16 - 2011-07-05 11:55 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 15:35 - 2013-09-12 15:35 - 00040448 _____ C:\Users\sofi015\Downloads\Fwd  Shop  Bestellung 1000010 vom 05 09 2013 06 58 07.msg
2013-09-11 15:29 - 2013-09-11 15:29 - 00022461 _____ C:\Users\sofi015\Downloads\2013-08-26, Ronal B2B CH ASA.xlsx
2013-09-11 09:37 - 2011-07-19 15:41 - 00000000 ____D C:\Users\sofi015\AppData\Local\Mozilla
2013-09-10 12:54 - 2013-09-10 12:55 - 00574386 _____ C:\Users\sofi015\Documents\UserArming.xml
2013-09-10 08:38 - 2013-09-10 09:21 - 02545106 _____ C:\Users\sofi015\Documents\oser.xml

Files to move or delete:
====================
C:\ProgramData\z7_0ytr.pad


Some content of TEMP:
====================
C:\Users\sofi015\AppData\Local\Temp\Quarantine.exe
C:\Users\sofi015\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-01 13:04

==================== End Of Log ============================

--- --- ---

--- --- ---

cosinus · 07.10.2013, 22:21

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

zundanus · 10.10.2013, 06:46

Sorry das ich so lange gebraucht habe.

mbar-log

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.10.09.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
sofi015 :: SOFI015-PC [administrator]

09.10.2013 22:09:57
mbar-log-2013-10-09 (22-09-57).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 341820
Time elapsed: 7 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Eset log.text

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=dcd1f68beaa8934b9d24430b942af130
# engine=15422
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-09 10:24:01
# local_time=2013-10-10 12:24:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 7590 132987291 0 0
# scanned=1074823
# found=0
# cleaned=0
# scan_time=6941

cosinus · 10.10.2013, 09:12

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

zundanus · 11.10.2013, 16:16

Von meiner Seite sieht alles auch Super aus.

ich danke herzlich für deine Hilfe und Zeit.

cosinus · 12.10.2013, 20:16

Dann wären wir durch!

Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board

Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. (Tools wie zB FRST einfach per Rechtsklick vom Desktop löschen)

Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Mein Rechner sendet Spam laut meinem Provider.

Log-Analyse und Auswertung: Mein Rechner sendet Spam laut meinem Provider.