Hallo,

Habe von meinem Provider die Warnung und eine Mail Sperre bekommen das von meiner IP Spam Mails versendet wurden. Anbei sind die Logs von dem Rechner der zu den gegebenen Zeit on war, könntet ihr mir bitte helfen das System zu Prüfen und zu bereinigen?

ein Vieren Scan hat eine EXP/CVE-2012-1723.A.4222 Virus gefunden und mit AntiVir entfernt, sonst ist mir nichts auf gefallen.

Logfils liegen bei.


schon mal danke im voraus für euer Mühe und Hilfe.

Gruß
Zundanus

Hallo und

Zitat:

Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard

Warum hast du eine Professional-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?

Dies ist mein Privater Rechner auf dem ich auch manchmal für private Projekte web Anwendungen Entwickle oder für die Arbeit Rechercheire. Primäre ist dieser Rechner aber zum spielen und private Nutzung.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

• Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
  
  
• Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
  
  
• Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
  
  
• Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
  
  
• Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
  
  
• Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.



Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

• Starte bitte die mbar.exe.
• Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
• Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
• Klicke auf den CleanUp Button und erlaube den Neustart.
• Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
• Nach dem Neustart starte die mbar.exe erneut.
• Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Danke für deine schnelle Antwort,

mbar-log-2013-10-03 (14-16-31).txt

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.10.03.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
sofi015 :: SOFI015-PC [administrator]

03.10.2013 14:16:31
mbar-log-2013-10-03 (14-16-31).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 340097
Time elapsed: 7 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\System32\drivers\HH10Help.dat (Rootkit.Agent) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

mbar-log-2013-10-03 (14-27-24).txt

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.10.03.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
sofi015 :: SOFI015-PC [administrator]

03.10.2013 14:27:24
mbar-log-2013-10-03 (14-27-24).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 339472
Time elapsed: 7 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Bitte ein Log mit CF machen_

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

• WICHTIG: Speichere Combofix auf deinem Desktop.
• Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
• Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
• Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
• Wenn Combofix fertig ist, wird es ein Logfile erstellen.
• Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Habe entsprechend der Anweisung Combofix runter geladen und vom Desktop aus gestartet (Antivir und Malware waren aus oder gestoppt).
Die Anwendung lief durch und schloss von selbst das Fenster, leider konnte ich auf meiner Platte kein Log finden weder im c:\ Root noch bei einer Datei suche. Auch bei einem neu Start wurde nicht die erwähnte Meldung angezeigt.

Wie soll ich fortfahren, soll ich die Anwendung noch mal laufen lassen oder habe ich vielleicht irgendwas vergessen zu deaktivieren?

Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.

Habe die Anwendung gelöscht und wieder gestartet.
Erst entpackt die Anwendung und dann kommen zwei Laufbalken, danach schließt sich die Anwendung. Leider kein log, weder nach dem Neustart noch davor.

Habe im Explorer auf C:\ jetzt ein neues Verzeichnis 32788r22fwjfw gefunden, in dem meine Platten nochmal angezeigt werden.

Wie soll ich weiter vorgehen?

Du solltest auch Windows neu starten

Bin mi nicht mehr sicher ob ich es so gemacht habe, daher habe ich es heute noch mal ausgeführt.

Programm gelöscht.
Rechner neu gestartet
Programm neu aus dem Internet gezogen und gestartet (danach kein log)
Rechner neu gestartet(kein log und gleiche verhalten wie oben beschrieben)

leider hat dies auch nicht gefruchtet, wie soll ich weiter machen ?

Kurze zwischen Frage, wollte mir einen neuen Virenscanner auf den Rechner einspielen. Soll ich damit warten bis wir mit der Bereinigung des Rechners durch sind oder kann ich den jetzt schon drauf tun? (wäre Bitdefender)

AdwCleaner[S1].txt
AdwCleaner Logfile:

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v3.006 - Bericht erstellt am 07/10/2013 um 21:31:09
# Updated 01/10/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : sofi015 - SOFI015-PC
# Gestartet von : C:\Users\sofi015\Desktop\adwcleaner_3.0.0.6.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\Ilivid
Ordner Gelöscht : C:\Users\sofi015\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\sofi015\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\sofi015\AppData\Roaming\Mozilla\Firefox\Profiles\m7hdv2s9.default\Extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2008\Microsoft Visual Studio 2008-Dokumentation.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_hamachi_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_hamachi_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v25.0 (de)

[ Datei : C:\Users\sofi015\AppData\Roaming\Mozilla\Firefox\Profiles\m7hdv2s9.default\prefs.js ]


-\\ Google Chrome v29.0.1547.76

[ Datei : C:\Users\sofi015\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [13291 octets] - [03/10/2013 09:55:31]
AdwCleaner[R1].txt - [13087 octets] - [03/10/2013 10:06:19]
AdwCleaner[R2].txt - [12894 octets] - [07/10/2013 21:29:59]
AdwCleaner[S0].txt - [422 octets] - [03/10/2013 09:56:01]
AdwCleaner[S1].txt - [12212 octets] - [07/10/2013 21:31:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [12273 octets] ##########
         

--- --- ---

[/code]



JRT.txt

Code: Alles auswählenAufklappen

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Professional x64
Ran by sofi015 on 07.10.2013 at 21:35:05,48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{05634FDD-3C0F-4A59-894D-793E11DB1540}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{082AFFB9-D49E-4FEA-9136-3D4415A74B8A}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{20791B14-DAB8-405A-B649-92DFB4364EE6}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{2F2D0FC0-2CEF-400D-AFB5-60EF6A152D69}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{31B808C0-B628-4792-A16C-BEB55A4AEF1D}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{32848DE4-FF80-4E3E-A483-444E1943EE46}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{32B64C2C-38A6-476E-A00D-735F7464237D}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{3FD91820-3DE3-4A7B-9C1C-7EA4BC81CFDF}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{43C7FE17-D44E-4EB3-895D-EF63F5BF9432}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{46085397-4C57-44A0-8076-6492CCF3D212}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{4658F6B1-E285-4C60-86A4-26FE1B88ECFB}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{579BD94A-96DA-4D06-8603-7D980CA12BEC}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{5C1AB956-F992-4A90-81AE-8E1EDD17C1F6}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{5F4D5ECA-4972-455D-A048-0A6E1EB7489B}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{61C9EDE9-4651-4964-8940-E8AC669F7C64}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{7C5932F9-2A04-4439-93CE-4054EFD91976}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{87F2E705-ACC7-4955-822E-FE011984ABB1}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{900D6BF8-510D-495E-B743-9A1E5A4E97BE}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{915F97EF-3BCA-48C0-9365-C081AC17A83D}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{94221C39-B529-4A38-93B3-A89233D8F4CC}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{982560A4-F242-436B-A0D2-E06F6B437A84}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{9C67B8B8-9C86-4AE8-BC9C-155A22A26297}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{A01BF972-A4BA-4F8D-9B06-C1A3BB023C69}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{ABFA633E-CD7C-4239-A14A-730FD5DA6E9F}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{CE3DC974-BB5C-47B2-8C7C-9FFF75708645}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{CED75470-3FAA-41E8-AF70-07EF2F707483}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{D276BC20-C504-49B4-B101-5F392E389614}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{D5D1CEBD-E72F-491A-B7AF-75F78B43D966}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{D9C13936-3002-4D1E-9C99-E128CC787A88}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{EAD2874E-8C68-4DEB-9421-4EBC9EBDCE72}
Successfully deleted: [Empty Folder] C:\Users\sofi015\appdata\local\{F9BC9BA6-1124-4B8A-BC95-A4568E556044}



~~~ FireFox

Emptied folder: C:\Users\sofi015\AppData\Roaming\mozilla\firefox\profiles\m7hdv2s9.default\minidumps [16 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.10.2013 at 21:41:48,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST.txt

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by sofi015 (administrator) on SOFI015-PC on 07-10-2013 21:43:20
Running from C:\Users\sofi015\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dell Inc.) c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\system32\inetsrv\inetinfo.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Microsoft Corporation) C:\Windows\system32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLR2ENT\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLR2EXP\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(O2Micro International) C:\Windows\system32\DRIVERS\o2flash.exe
() c:\Windows\SysWOW64\srvany.exe
(O2Micro.) c:\Windows\sysWOW64\SDIOAssist.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\system32\mqtgsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe
() C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
() C:\Windows\SysWOW64\atwtusb.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) D:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [608112 2011-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-07] (IDT, Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [IntelPROSet] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2010-12-23] (Intel(R) Corporation)
HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [DBRMTray] - C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [NVHotkey] - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [MsmqIntCert] - regsvr32 /s mqrt.dll
HKLM\...\RunOnce: [DBRMTray] - C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-05] (Microsoft)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKCU\...\Run: [ISUSPM] - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [222128 2007-03-29] (Macrovision Corporation)
HKCU\...\Run: [Google Update] - C:\Users\sofi015\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-09-23] (Google Inc.)
HKCU\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [KPeerNexonEU] - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2013-04-19] (NEXON Inc.)
MountPoints2: F - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {969f08a9-bcda-11e0-a82a-b8ac6fcc1f9f} - F:\StartVMCLite.exe
MountPoints2: {969f08be-bcda-11e0-a82a-b8ac6fcc1f9f} - F:\StartVMCLite.exe
MountPoints2: {969f08c4-bcda-11e0-a82a-b8ac6fcc1f9f} - F:\StartVMCLite.exe
MountPoints2: {b834eb55-6f2e-11e1-b149-c0f8dae43193} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {d8bd2527-4ca3-11e1-ad75-c0f8dae43193} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {db022d49-e5ab-11e0-ae1f-c0f8dae43193} - F:\StartVMCLite.exe
MountPoints2: {db022d4b-e5ab-11e0-ae1f-c0f8dae43193} - F:\StartVMCLite.exe
MountPoints2: {dfe7cdfa-35ef-11e1-bc46-c0f8dae43193} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {dfe7ce1a-35ef-11e1-bc46-c0f8dae43193} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462993 2010-03-12] (Creative Technology Ltd)
HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DNS7reminder] - C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini [286 2011-07-15] ()
HKLM-x32\...\Run: [atwtusb] - C:\Windows\\SysWOW64\atwtusb.exe [323232 2007-05-15] ()
HKLM-x32\...\Run: [TrayServer] - D:\Program Files (x86)\MAGIX\Video_deluxe_MX\TrayServer_de.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [MobileBroadband] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [280576 2011-10-19] (Vodafone)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1960448 2013-04-05] (Dominik Reichl)
HKLM-x32\...\Run: [iTunesHelper] - D:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [226920 2011-02-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [192616 2011-02-05] (NVIDIA Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Users\sofi015\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8
SearchScopes: HKLM - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {8D0F6FEA-96F4-437E-8C02-BB87810E8B9A} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - 0AC6CAD87C4B4E9F869BE8948C3F9B11 URL = hxxp://www.google.de/search?q={searchTerms}&rlz=
SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{47EBA19C-DF75-4333-B682-3FA68A4C315A}: [NameServer]139.7.30.125 139.7.30.126
Tcpip\..\Interfaces\{52C3A40F-0D1B-4B2E-BD5E-EE1362C1419E}: [NameServer]139.7.30.125 139.7.30.126
Tcpip\..\Interfaces\{B0352D68-B0F3-45F7-B988-38E9D422CDB8}: [NameServer]139.7.30.125 139.7.30.126

FireFox:
========
FF ProfilePath: C:\Users\sofi015\AppData\Roaming\Mozilla\Firefox\Profiles\m7hdv2s9.default
FF DefaultSearchEngine: Bing 
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Bing 
FF Homepage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.2.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\sofi015\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\sofi015\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\sofi015\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\sofi015\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\sofi015\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\sofi015\AppData\Roaming\Mozilla\Firefox\Profiles\m7hdv2s9.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: firebug - C:\Users\sofi015\AppData\Roaming\Mozilla\Firefox\Profiles\m7hdv2s9.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: testpilot - C:\Users\sofi015\AppData\Roaming\Mozilla\Firefox\Profiles\m7hdv2s9.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HomePage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
CHR RestoreOnStartup: "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\sofi015\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\sofi015\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (WPI Detector 1.4) - C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (iTunes Application Detector) - D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Drive) - C:\Users\sofi015\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\sofi015\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\sofi015\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\sofi015\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\sofi015\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [622648 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-21] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsDtsServer100; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [214040 2008-07-10] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-21] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S2 MSSQL$SQLR2DEV; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLR2DEV\MSSQL\Binn\sqlservr.exe [61916000 2011-04-24] (Microsoft Corporation)
R2 MSSQL$SQLR2ENT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLR2ENT\MSSQL\Binn\sqlservr.exe [61916000 2011-04-24] (Microsoft Corporation)
R2 MSSQL$SQLR2EXP; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLR2EXP\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [57820696 2008-07-10] (Microsoft Corporation)
S3 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe [43709464 2008-07-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-19] ()
S3 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2045464 2008-07-10] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S4 SQLAgent$SQLR2DEV; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLR2DEV\MSSQL\Binn\SQLAGENT.EXE [428384 2011-04-24] (Microsoft Corporation)
S4 SQLAgent$SQLR2ENT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLR2ENT\MSSQL\Binn\SQLAGENT.EXE [428384 2011-04-24] (Microsoft Corporation)
S2 SQLAgent$SQLR2EXP; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLR2EXP\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [430616 2008-07-10] (Microsoft Corporation)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2010-12-23] (Intel(R) Corporation)
R3 MSSQLFDLauncher; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe" -s MSSQL10.MSSQLSERVER [x]

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
S1 aiptektp; C:\Windows\System32\DRIVERS\aiptektp.sys [29184 2006-12-27] (WALTOP International Corp.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-27] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [415232 2011-10-18] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-07 21:41 - 2013-10-07 21:41 - 00004281 _____ C:\Users\sofi015\Desktop\JRT.txt
2013-10-07 21:35 - 2013-10-07 21:35 - 00000000 ____D C:\Windows\ERUNT
2013-10-07 21:34 - 2013-10-07 21:34 - 01032220 _____ (Thisisu) C:\Users\sofi015\Desktop\JRT.exe
2013-10-07 21:33 - 2013-10-07 21:33 - 00012526 _____ C:\Users\sofi015\Desktop\AdwCleaner[S1].txt
2013-10-07 21:28 - 2013-10-07 21:28 - 01045226 _____ C:\Users\sofi015\Desktop\adwcleaner_3.0.0.6.exe
2013-10-07 15:11 - 2013-10-07 15:11 - 00028160 _____ C:\Users\sofi015\Downloads\Hersteller_Marken_Warengruppe.xls
2013-10-07 10:10 - 2013-09-24 03:27 - 12093440 _____ C:\Users\sofi015\Downloads\MX2_Techno_B2B_backup_2013_09_24_022014_9492749.bak
2013-10-06 01:20 - 2013-10-06 01:20 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\sofi015\Desktop\tdsskiller.exe
2013-10-04 19:05 - 2013-10-04 19:05 - 00000585 _____ C:\Users\sofi015\Downloads\Mein Rechner sendet Spam laut meinem Provider. - Trojaner-Board.website
2013-10-04 15:12 - 2013-10-04 15:12 - 00478720 _____ C:\Users\sofi015\Downloads\WG EKP! (2).msg
2013-10-04 14:38 - 2013-10-04 14:38 - 00289792 _____ C:\Users\sofi015\Downloads\Fehlendes Bild Alufelge.msg
2013-10-04 10:51 - 2013-10-04 10:51 - 00003235 _____ C:\Users\sofi015\Desktop\20130705.log
2013-10-04 10:51 - 2013-10-04 10:51 - 00002884 _____ C:\Users\sofi015\Downloads\20131001.log
2013-10-04 10:51 - 2013-10-04 10:51 - 00001436 _____ C:\Users\sofi015\Downloads\20131004.log
2013-10-04 10:21 - 2013-10-04 10:21 - 00478720 _____ C:\Users\sofi015\Downloads\WG EKP! (1).msg
2013-10-04 09:59 - 2013-10-04 09:59 - 00478720 _____ C:\Users\sofi015\Downloads\WG EKP!.msg
2013-10-03 17:25 - 2013-10-04 19:17 - 00000000 ___SD C:\32788R22FWJFW
2013-10-03 17:25 - 2013-10-03 17:25 - 00000000 ____D C:\Windows\erdnt
2013-10-03 17:25 - 2013-10-03 17:25 - 00000000 ____D C:\Qoobox
2013-10-03 17:24 - 2013-10-07 21:42 - 00000585 _____ C:\Users\sofi015\Desktop\Mein Rechner sendet Spam laut meinem Provider. - Trojaner-Board.website
2013-10-03 14:13 - 2013-10-03 14:35 - 00000000 ____D C:\Users\sofi015\Desktop\mbar
2013-10-03 10:06 - 2013-10-03 10:06 - 01045226 _____ C:\Users\sofi015\Downloads\adwcleaner.exe
2013-10-03 09:55 - 2013-10-07 21:31 - 00000000 ____D C:\AdwCleaner
2013-10-03 09:28 - 2013-10-03 09:28 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-03 09:28 - 2013-10-03 09:28 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-03 09:28 - 2013-10-03 09:28 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-03 09:28 - 2013-10-03 09:28 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-03 09:28 - 2013-10-03 09:28 - 00000000 ____D C:\ProgramData\Oracle
2013-10-03 09:28 - 2013-10-03 09:28 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-03 09:23 - 2013-10-03 09:23 - 00913832 _____ (Oracle Corporation) C:\Users\sofi015\Downloads\chromeinstall-7u40.exe
2013-10-03 00:22 - 2013-10-03 00:22 - 00031357 _____ C:\Users\sofi015\Desktop\log.zip
2013-10-03 00:04 - 2013-10-03 00:04 - 00005761 _____ C:\Users\sofi015\Desktop\gem2.log
2013-10-02 23:46 - 2013-10-02 23:46 - 00047674 _____ C:\Users\sofi015\Desktop\Addition.txt
2013-10-02 23:44 - 2013-10-02 23:44 - 00000000 ____D C:\FRST
2013-10-02 23:43 - 2013-10-02 23:43 - 01954124 _____ (Farbar) C:\Users\sofi015\Desktop\FRST64.exe
2013-10-02 23:42 - 2013-10-02 23:43 - 01954124 _____ (Farbar) C:\Users\sofi015\Downloads\FRST64.exe
2013-10-02 23:42 - 2013-10-02 23:42 - 00377856 _____ C:\Users\sofi015\Downloads\gmer_2.1.19163.exe
2013-10-02 23:42 - 2013-10-02 23:42 - 00377856 _____ C:\Users\sofi015\Desktop\gmer_2.1.19163.exe
2013-10-02 23:41 - 2013-10-02 23:41 - 00000476 _____ C:\Users\sofi015\Desktop\defogger_disable.log
2013-10-02 23:41 - 2013-10-02 23:41 - 00000000 _____ C:\Users\sofi015\defogger_reenable
2013-10-02 23:37 - 2013-10-02 23:37 - 00050477 _____ C:\Users\sofi015\Downloads\Defogger.exe
2013-10-02 23:37 - 2013-10-02 23:37 - 00050477 _____ C:\Users\sofi015\Desktop\Defogger.exe
2013-10-02 23:30 - 2013-10-02 23:31 - 00000000 ____D C:\Windows\system32\MRT
2013-10-02 23:20 - 2013-10-02 23:20 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-02 23:20 - 2013-10-02 23:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-02 23:20 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-02 23:19 - 2013-10-02 23:20 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\sofi015\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-02 23:10 - 2013-10-03 00:06 - 00038542 _____ C:\Users\sofi015\Desktop\AVSCAN-20131002-212934-71E06830.LOG
2013-10-02 22:50 - 2013-10-02 22:51 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\sofi015\Downloads\spybotsd-2.1.21-SR2.exe
2013-10-02 10:29 - 2013-10-02 10:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-01 13:30 - 2013-10-01 13:30 - 00027821 _____ C:\Users\sofi015\Downloads\2013-08-22, Euromaster Bestellungen.xlsx
2013-09-30 14:45 - 2013-09-30 14:45 - 00250849 _____ C:\Users\sofi015\Downloads\dotless-v1.3.1.0.zip
2013-09-26 16:34 - 2013-09-26 16:34 - 03615137 _____ C:\Users\sofi015\Downloads\dotless-master.zip
2013-09-26 10:02 - 2013-09-25 02:50 - 553637376 _____ C:\Users\sofi015\Downloads\mx2_ekp_backup.bak
2013-09-26 09:57 - 2013-09-26 10:02 - 548932294 _____ C:\Users\sofi015\Downloads\mx2_ekp_backup.rar
2013-09-24 17:11 - 2013-09-24 17:13 - 00000000 ____D C:\Users\sofi015\Documents\My Kindle Content
2013-09-24 17:11 - 2013-09-24 17:11 - 00002243 _____ C:\Users\sofi015\Desktop\Kindle.lnk
2013-09-24 17:11 - 2013-09-24 17:11 - 00000000 ____D C:\Users\sofi015\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2013-09-24 17:11 - 2013-09-24 17:11 - 00000000 ____D C:\Users\sofi015\AppData\Local\Amazon
2013-09-24 08:20 - 2013-09-24 08:20 - 00001577 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-24 08:20 - 2013-09-24 08:20 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-24 08:20 - 2013-09-24 08:20 - 00000000 ____D C:\Program Files\iTunes
2013-09-24 08:20 - 2013-09-24 08:20 - 00000000 ____D C:\Program Files\iPod
2013-09-19 15:24 - 2013-09-19 15:24 - 00002558 _____ C:\Users\sofi015\Downloads\Alter_T_Tire_Surcharge (2).sql
2013-09-19 15:23 - 2013-09-19 15:23 - 00002558 _____ C:\Users\sofi015\Downloads\Alter_T_Tire_Surcharge (1).sql
2013-09-19 15:23 - 2013-09-19 15:23 - 00002400 _____ C:\Users\sofi015\Downloads\Alter_Select_TireSurchargeByMandant.sql
2013-09-19 15:22 - 2013-09-19 15:22 - 00002567 _____ C:\Users\sofi015\Downloads\Create_T_Tire_Surcharge (1).sql
2013-09-19 15:22 - 2013-09-19 15:22 - 00002558 _____ C:\Users\sofi015\Downloads\Alter_T_Tire_Surcharge.sql
2013-09-18 08:03 - 2013-09-18 08:03 - 00014239 _____ C:\Users\sofi015\Downloads\Create_T_Tire_Surcharge Stored Procedures.sql
2013-09-18 08:03 - 2013-09-18 08:03 - 00002567 _____ C:\Users\sofi015\Downloads\Create_T_Tire_Surcharge.sql
2013-09-17 09:24 - 2013-09-17 09:24 - 00002962 _____ C:\Windows\System32\Tasks\iSCSIAgentAutoStartup
2013-09-17 09:24 - 2013-09-17 09:24 - 00001092 _____ C:\Users\Public\Desktop\Qfinder.lnk
2013-09-17 09:24 - 2013-09-17 09:24 - 00000000 ____D C:\Program Files (x86)\QNAP
2013-09-13 13:37 - 2013-09-13 13:37 - 00111104 _____ C:\Users\sofi015\Downloads\Email Stirnimann (1).msg
2013-09-13 08:52 - 2013-09-13 08:52 - 00111104 _____ C:\Users\sofi015\Downloads\Email Stirnimann.msg
2013-09-12 18:16 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 18:16 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 18:16 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 18:16 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 18:16 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 18:16 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 18:16 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 18:16 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 18:16 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 18:16 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 18:16 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 18:16 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 18:16 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 18:16 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 18:16 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 18:16 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 18:16 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 18:16 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 18:16 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 18:16 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 18:16 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 18:16 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 18:16 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 18:16 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 18:16 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 18:16 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 18:16 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 18:16 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 18:16 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 18:16 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 18:16 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 15:35 - 2013-09-12 15:35 - 00040448 _____ C:\Users\sofi015\Downloads\Fwd  Shop  Bestellung 1000010 vom 05 09 2013 06 58 07.msg
2013-09-12 08:00 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 08:00 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 08:00 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 08:00 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 08:00 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 08:00 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 08:00 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 08:00 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 08:00 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 08:00 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 08:00 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 08:00 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 08:00 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 08:00 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 08:00 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 08:00 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 08:00 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 08:00 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 08:00 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 08:00 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 08:00 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 08:00 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 08:00 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 08:00 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 08:00 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 08:00 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 08:00 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-11 15:29 - 2013-09-11 15:29 - 00022461 _____ C:\Users\sofi015\Downloads\2013-08-26, Ronal B2B CH ASA.xlsx
2013-09-10 12:55 - 2013-09-10 12:54 - 00574386 _____ C:\Users\sofi015\Documents\UserArming.xml
2013-09-10 09:21 - 2013-09-10 08:38 - 02545106 _____ C:\Users\sofi015\Documents\oser.xml

==================== One Month Modified Files and Folders =======

2013-10-07 21:42 - 2013-10-03 17:24 - 00000585 _____ C:\Users\sofi015\Desktop\Mein Rechner sendet Spam laut meinem Provider. - Trojaner-Board.website
2013-10-07 21:41 - 2013-10-07 21:41 - 00004281 _____ C:\Users\sofi015\Desktop\JRT.txt
2013-10-07 21:41 - 2011-07-05 22:58 - 00000000 ____D C:\Users\sofi015\AppData\Roaming\Skype
2013-10-07 21:39 - 2009-07-14 06:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-07 21:39 - 2009-07-14 06:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-07 21:37 - 2010-11-21 08:50 - 01178456 _____ C:\Windows\system32\perfh007.dat
2013-10-07 21:37 - 2010-11-21 08:50 - 00331334 _____ C:\Windows\system32\perfc007.dat
2013-10-07 21:37 - 2009-07-14 07:13 - 02939184 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-07 21:35 - 2013-10-07 21:35 - 00000000 ____D C:\Windows\ERUNT
2013-10-07 21:34 - 2013-10-07 21:34 - 01032220 _____ (Thisisu) C:\Users\sofi015\Desktop\JRT.exe
2013-10-07 21:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\inetsrv
2013-10-07 21:33 - 2013-10-07 21:33 - 00012526 _____ C:\Users\sofi015\Desktop\AdwCleaner[S1].txt
2013-10-07 21:32 - 2013-04-03 07:57 - 00018229 _____ C:\Windows\setupact.log
2013-10-07 21:32 - 2012-07-24 17:41 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-07 21:32 - 2011-07-01 13:47 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-07 21:32 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-07 21:31 - 2013-10-03 09:55 - 00000000 ____D C:\AdwCleaner
2013-10-07 21:31 - 2011-07-01 20:54 - 01386009 _____ C:\Windows\WindowsUpdate.log
2013-10-07 21:28 - 2013-10-07 21:28 - 01045226 _____ C:\Users\sofi015\Desktop\adwcleaner_3.0.0.6.exe
2013-10-07 21:25 - 2011-09-23 10:57 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789878892-2167670896-1103566597-1002UA.job
2013-10-07 21:24 - 2012-07-24 17:41 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-07 21:24 - 2011-07-05 19:08 - 00000000 ____D C:\Users\sofi015\AppData\Local\TSVNCache
2013-10-07 21:21 - 2011-07-05 22:44 - 00000000 ____D C:\Users\sofi015\Documents\Outlook-Dateien
2013-10-07 21:02 - 2012-10-10 08:00 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-07 17:30 - 2011-07-08 09:47 - 00002016 ____H C:\Users\sofi015\Documents\Default.rdp
2013-10-07 16:17 - 2011-07-05 12:01 - 00000000 ____D C:\Users\sofi015\Documents\SQL Server Management Studio
2013-10-07 15:11 - 2013-10-07 15:11 - 00028160 _____ C:\Users\sofi015\Downloads\Hersteller_Marken_Warengruppe.xls
2013-10-07 08:37 - 2011-07-07 13:39 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{728671C4-94D3-4A89-A002-C15D34D7EC66}
2013-10-06 01:20 - 2013-10-06 01:20 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\sofi015\Desktop\tdsskiller.exe
2013-10-05 14:26 - 2013-04-11 11:47 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-05 14:12 - 2012-02-01 22:40 - 00000000 ____D C:\Users\sofi015\AppData\Roaming\.minecraft
2013-10-04 19:17 - 2013-10-03 17:25 - 00000000 ___SD C:\32788R22FWJFW
2013-10-04 19:05 - 2013-10-04 19:05 - 00000585 _____ C:\Users\sofi015\Downloads\Mein Rechner sendet Spam laut meinem Provider. - Trojaner-Board.website
2013-10-04 16:16 - 2013-07-05 15:52 - 00000000 ____D C:\Users\sofi015\AppData\Roaming\KeePass
2013-10-04 15:12 - 2013-10-04 15:12 - 00478720 _____ C:\Users\sofi015\Downloads\WG EKP! (2).msg
2013-10-04 14:38 - 2013-10-04 14:38 - 00289792 _____ C:\Users\sofi015\Downloads\Fehlendes Bild Alufelge.msg
2013-10-04 10:51 - 2013-10-04 10:51 - 00003235 _____ C:\Users\sofi015\Desktop\20130705.log
2013-10-04 10:51 - 2013-10-04 10:51 - 00002884 _____ C:\Users\sofi015\Downloads\20131001.log
2013-10-04 10:51 - 2013-10-04 10:51 - 00001436 _____ C:\Users\sofi015\Downloads\20131004.log
2013-10-04 10:21 - 2013-10-04 10:21 - 00478720 _____ C:\Users\sofi015\Downloads\WG EKP! (1).msg
2013-10-04 09:59 - 2013-10-04 09:59 - 00478720 _____ C:\Users\sofi015\Downloads\WG EKP!.msg
2013-10-04 08:25 - 2011-09-23 10:57 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789878892-2167670896-1103566597-1002Core.job
2013-10-03 17:25 - 2013-10-03 17:25 - 00000000 ____D C:\Windows\erdnt
2013-10-03 17:25 - 2013-10-03 17:25 - 00000000 ____D C:\Qoobox
2013-10-03 14:35 - 2013-10-03 14:13 - 00000000 ____D C:\Users\sofi015\Desktop\mbar
2013-10-03 14:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Speech
2013-10-03 10:06 - 2013-10-03 10:06 - 01045226 _____ C:\Users\sofi015\Downloads\adwcleaner.exe
2013-10-03 09:28 - 2013-10-03 09:28 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-03 09:28 - 2013-10-03 09:28 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-03 09:28 - 2013-10-03 09:28 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-03 09:28 - 2013-10-03 09:28 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-03 09:28 - 2013-10-03 09:28 - 00000000 ____D C:\ProgramData\Oracle
2013-10-03 09:28 - 2013-10-03 09:28 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-03 09:28 - 2013-01-15 13:39 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-10-03 09:28 - 2011-07-01 20:54 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-10-03 09:24 - 2011-07-01 20:54 - 00000000 ____D C:\Program Files\Java
2013-10-03 09:23 - 2013-10-03 09:23 - 00913832 _____ (Oracle Corporation) C:\Users\sofi015\Downloads\chromeinstall-7u40.exe
2013-10-03 00:22 - 2013-10-03 00:22 - 00031357 _____ C:\Users\sofi015\Desktop\log.zip
2013-10-03 00:06 - 2013-10-02 23:10 - 00038542 _____ C:\Users\sofi015\Desktop\AVSCAN-20131002-212934-71E06830.LOG
2013-10-03 00:04 - 2013-10-03 00:04 - 00005761 _____ C:\Users\sofi015\Desktop\gem2.log
2013-10-02 23:46 - 2013-10-02 23:46 - 00047674 _____ C:\Users\sofi015\Desktop\Addition.txt
2013-10-02 23:44 - 2013-10-02 23:44 - 00000000 ____D C:\FRST
2013-10-02 23:43 - 2013-10-02 23:43 - 01954124 _____ (Farbar) C:\Users\sofi015\Desktop\FRST64.exe
2013-10-02 23:43 - 2013-10-02 23:42 - 01954124 _____ (Farbar) C:\Users\sofi015\Downloads\FRST64.exe
2013-10-02 23:42 - 2013-10-02 23:42 - 00377856 _____ C:\Users\sofi015\Downloads\gmer_2.1.19163.exe
2013-10-02 23:42 - 2013-10-02 23:42 - 00377856 _____ C:\Users\sofi015\Desktop\gmer_2.1.19163.exe
2013-10-02 23:41 - 2013-10-02 23:41 - 00000476 _____ C:\Users\sofi015\Desktop\defogger_disable.log
2013-10-02 23:41 - 2013-10-02 23:41 - 00000000 _____ C:\Users\sofi015\defogger_reenable
2013-10-02 23:41 - 2011-07-05 11:21 - 00000000 ____D C:\Users\sofi015
2013-10-02 23:37 - 2013-10-02 23:37 - 00050477 _____ C:\Users\sofi015\Downloads\Defogger.exe
2013-10-02 23:37 - 2013-10-02 23:37 - 00050477 _____ C:\Users\sofi015\Desktop\Defogger.exe
2013-10-02 23:34 - 2012-12-12 09:00 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-10-02 23:34 - 2012-07-25 07:17 - 00130188 _____ C:\Windows\PFRO.log
2013-10-02 23:34 - 2011-07-01 21:18 - 00000000 ____D C:\ProgramData\Sonic
2013-10-02 23:31 - 2013-10-02 23:30 - 00000000 ____D C:\Windows\system32\MRT
2013-10-02 23:20 - 2013-10-02 23:20 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-02 23:20 - 2013-10-02 23:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-02 23:20 - 2013-10-02 23:19 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\sofi015\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-02 22:51 - 2013-10-02 22:50 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\sofi015\Downloads\spybotsd-2.1.21-SR2.exe
2013-10-02 22:45 - 2012-06-26 08:46 - 00000000 ____D C:\Program Files (x86)\RabbitMQ Server
2013-10-02 22:23 - 2013-07-05 15:52 - 00003582 _____ C:\Users\sofi015\Documents\NewDatabase.kdbx
2013-10-02 21:46 - 2011-07-08 12:40 - 00007611 _____ C:\Users\sofi015\AppData\Local\Resmon.ResmonCfg
2013-10-02 21:31 - 2012-12-12 09:00 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-02 18:27 - 2012-05-08 10:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-02 10:29 - 2013-10-02 10:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-02 09:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-01 16:24 - 2011-07-05 14:01 - 00000000 ____D C:\Users\sofi015\Documents\Visual Studio 2010
2013-10-01 13:30 - 2013-10-01 13:30 - 00027821 _____ C:\Users\sofi015\Downloads\2013-08-22, Euromaster Bestellungen.xlsx
2013-09-30 14:45 - 2013-09-30 14:45 - 00250849 _____ C:\Users\sofi015\Downloads\dotless-v1.3.1.0.zip
2013-09-30 12:58 - 2013-01-24 10:55 - 00001092 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-09-29 13:11 - 2011-08-04 11:03 - 00000000 ____D C:\Users\sofi015\AppData\Local\Paint.NET
2013-09-28 09:15 - 2013-07-05 15:46 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2013-09-27 07:57 - 2011-07-19 15:08 - 00000000 ____D C:\Entwicklung_support
2013-09-26 16:34 - 2013-09-26 16:34 - 03615137 _____ C:\Users\sofi015\Downloads\dotless-master.zip
2013-09-26 10:02 - 2013-09-26 09:57 - 548932294 _____ C:\Users\sofi015\Downloads\mx2_ekp_backup.rar
2013-09-26 08:25 - 2011-07-19 15:41 - 00000000 ____D C:\Users\sofi015\AppData\Roaming\Mozilla
2013-09-25 02:50 - 2013-09-26 10:02 - 553637376 _____ C:\Users\sofi015\Downloads\mx2_ekp_backup.bak
2013-09-24 17:13 - 2013-09-24 17:11 - 00000000 ____D C:\Users\sofi015\Documents\My Kindle Content
2013-09-24 17:11 - 2013-09-24 17:11 - 00002243 _____ C:\Users\sofi015\Desktop\Kindle.lnk
2013-09-24 17:11 - 2013-09-24 17:11 - 00000000 ____D C:\Users\sofi015\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2013-09-24 17:11 - 2013-09-24 17:11 - 00000000 ____D C:\Users\sofi015\AppData\Local\Amazon
2013-09-24 15:55 - 2011-10-24 09:24 - 00000000 ____D C:\Program Files (x86)\Fiddler2
2013-09-24 09:26 - 2011-12-30 18:08 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-09-24 08:20 - 2013-09-24 08:20 - 00001577 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-24 08:20 - 2013-09-24 08:20 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-24 08:20 - 2013-09-24 08:20 - 00000000 ____D C:\Program Files\iTunes
2013-09-24 08:20 - 2013-09-24 08:20 - 00000000 ____D C:\Program Files\iPod
2013-09-24 03:27 - 2013-10-07 10:10 - 12093440 _____ C:\Users\sofi015\Downloads\MX2_Techno_B2B_backup_2013_09_24_022014_9492749.bak
2013-09-20 12:02 - 2012-10-10 08:00 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-20 12:02 - 2012-03-30 07:31 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-20 12:02 - 2011-07-19 15:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-19 15:24 - 2013-09-19 15:24 - 00002558 _____ C:\Users\sofi015\Downloads\Alter_T_Tire_Surcharge (2).sql
2013-09-19 15:23 - 2013-09-19 15:23 - 00002558 _____ C:\Users\sofi015\Downloads\Alter_T_Tire_Surcharge (1).sql
2013-09-19 15:23 - 2013-09-19 15:23 - 00002400 _____ C:\Users\sofi015\Downloads\Alter_Select_TireSurchargeByMandant.sql
2013-09-19 15:22 - 2013-09-19 15:22 - 00002567 _____ C:\Users\sofi015\Downloads\Create_T_Tire_Surcharge (1).sql
2013-09-19 15:22 - 2013-09-19 15:22 - 00002558 _____ C:\Users\sofi015\Downloads\Alter_T_Tire_Surcharge.sql
2013-09-18 08:03 - 2013-09-18 08:03 - 00014239 _____ C:\Users\sofi015\Downloads\Create_T_Tire_Surcharge Stored Procedures.sql
2013-09-18 08:03 - 2013-09-18 08:03 - 00002567 _____ C:\Users\sofi015\Downloads\Create_T_Tire_Surcharge.sql
2013-09-17 09:24 - 2013-09-17 09:24 - 00002962 _____ C:\Windows\System32\Tasks\iSCSIAgentAutoStartup
2013-09-17 09:24 - 2013-09-17 09:24 - 00001092 _____ C:\Users\Public\Desktop\Qfinder.lnk
2013-09-17 09:24 - 2013-09-17 09:24 - 00000000 ____D C:\Program Files (x86)\QNAP
2013-09-13 13:37 - 2013-09-13 13:37 - 00111104 _____ C:\Users\sofi015\Downloads\Email Stirnimann (1).msg
2013-09-13 12:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-13 08:52 - 2013-09-13 08:52 - 00111104 _____ C:\Users\sofi015\Downloads\Email Stirnimann.msg
2013-09-13 07:37 - 2011-07-05 11:22 - 00000000 ___RD C:\Users\sofi015\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-13 07:37 - 2011-07-05 11:22 - 00000000 ___RD C:\Users\sofi015\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-13 07:35 - 2009-07-14 06:45 - 00589400 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 18:16 - 2011-07-05 11:55 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 15:35 - 2013-09-12 15:35 - 00040448 _____ C:\Users\sofi015\Downloads\Fwd  Shop  Bestellung 1000010 vom 05 09 2013 06 58 07.msg
2013-09-11 15:29 - 2013-09-11 15:29 - 00022461 _____ C:\Users\sofi015\Downloads\2013-08-26, Ronal B2B CH ASA.xlsx
2013-09-11 09:37 - 2011-07-19 15:41 - 00000000 ____D C:\Users\sofi015\AppData\Local\Mozilla
2013-09-10 12:54 - 2013-09-10 12:55 - 00574386 _____ C:\Users\sofi015\Documents\UserArming.xml
2013-09-10 08:38 - 2013-09-10 09:21 - 02545106 _____ C:\Users\sofi015\Documents\oser.xml

Files to move or delete:
====================
C:\ProgramData\z7_0ytr.pad


Some content of TEMP:
====================
C:\Users\sofi015\AppData\Local\Temp\Quarantine.exe
C:\Users\sofi015\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-01 13:04

==================== End Of Log ============================
         

--- --- ---

--- --- ---

Probier es bitte nochmal im abgesicherten Modus mit Netzwerktreibern aus.
Wenn CF da auch nicht geht machen wir was anderes.

TDSS-Killer

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

• Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
• Drücke Start Scan
  
• Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
  TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
  Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.