Windows 8: TR/ATRAPS.Gen2 entfernen

Kirschkern · 07.10.2013, 21:05

Hi Leo,

vielen Dank dass du mir hilfst !

Also das hier kam bei combofix:

Code:

ATTFilter

ComboFix 13-10-04.02 - Internet 07.10.2013  20:45:10.1.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.3796.2735 [GMT 2:00]
ausgeführt von:: c:\users\Internet\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-09-07 bis 2013-10-07  ))))))))))))))))))))))))))))))
.
.
2013-10-07 18:54 . 2013-10-07 18:54	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-10-07 18:54 . 2013-10-07 18:54	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-10-07 17:26 . 2013-10-07 17:26	--------	d-----w-	C:\FRST
2013-10-07 17:14 . 2013-10-07 17:14	17536	----a-w-	c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-10-07 05:53 . 2013-10-07 18:15	--------	d-----w-	c:\windows\Logs
2013-10-06 20:27 . 2013-09-18 23:26	78296	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-06 20:27 . 2013-09-18 23:26	694232	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-06 20:22 . 2013-08-07 05:15	144896	----a-w-	c:\windows\system32\tssdisai.dll
2013-09-29 17:50 . 2013-09-29 19:52	--------	d-----w-	c:\users\Internet\AppData\Roaming\vlc
2013-09-29 17:48 . 2013-09-29 17:48	--------	d-----w-	c:\program files\VideoLAN
2013-09-28 07:37 . 2013-09-28 07:37	--------	d-----w-	c:\users\Internet\AppData\Local\Macromedia
2013-09-27 19:04 . 2013-09-27 19:04	--------	d-----w-	c:\windows\ServiceProfiles\LocalService\winhttp
2013-09-27 18:02 . 2013-09-27 18:02	--------	d-----w-	c:\program files\WinRAR
2013-09-27 17:39 . 2013-09-27 17:39	--------	d-----w-	c:\users\Internet\AppData\Local\Mozilla
2013-09-18 17:52 . 2013-08-21 04:11	19246592	----a-w-	c:\windows\system32\mshtml.dll
2013-09-18 17:50 . 2013-08-03 04:30	4038144	----a-w-	c:\windows\system32\win32k.sys
2013-09-08 19:19 . 2013-07-09 08:04	120144	----a-w-	c:\windows\system32\drivers\msgpioclx.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-23 05:52 . 2013-03-09 11:45	79143768	----a-w-	c:\windows\system32\MRT.exe
2013-07-13 06:18 . 2013-08-29 17:13	337408	----a-w-	c:\windows\system32\wintrust.dll
2013-07-13 06:16 . 2013-08-29 17:13	1889280	----a-w-	c:\windows\system32\crypt32.dll
2013-07-13 06:16 . 2013-08-29 17:13	68096	----a-w-	c:\windows\system32\cryptsvc.dll
2013-07-13 06:15 . 2013-08-29 17:13	98304	----a-w-	c:\windows\system32\apprepsync.dll
2013-07-13 06:15 . 2013-08-29 17:13	124416	----a-w-	c:\windows\system32\apprepapi.dll
2013-07-13 04:24 . 2013-08-29 17:13	261120	----a-w-	c:\windows\SysWow64\wintrust.dll
2013-07-13 04:23 . 2013-08-29 17:13	1568256	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-07-13 04:23 . 2013-08-29 17:13	87040	----a-w-	c:\windows\SysWow64\apprepapi.dll
2013-07-13 04:23 . 2013-08-29 17:13	74240	----a-w-	c:\windows\SysWow64\apprepsync.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-30 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-04-30 10:02	1521800	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-30 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-07-13 155488]
"CLMLServer_For_P2G8"="c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [2012-06-08 111120]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-12 491120]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-08-15 97392]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-04-30 1648264]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2013-3-2 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\System32\drivers\RTL2832U_IRHID.sys;c:\windows\SYSNATIVE\drivers\RTL2832U_IRHID.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\System32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
R3 SBIOSIO;SBIOSIO;c:\windows\Temp\SBIOSIO64.SYS;c:\windows\Temp\SBIOSIO64.SYS [x]
R3 WSDScan;WSD-Scanunterstützung;c:\windows\System32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 Easy Launcher;Easy Launcher;c:\program files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe;c:\program files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 SWUpdateService;SW Update Service;c:\program files (x86)\Samsung\SW Update\SWMAgent.exe;c:\program files (x86)\Samsung\SW Update\SWMAgent.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 ETD;Samsung PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RadioHIDMini;Radio HID Mini-driver;c:\windows\System32\drivers\RadioHIDMini.sys;c:\windows\SYSNATIVE\drivers\RadioHIDMini.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-09-05 14:04	215416	----a-w-	c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Inhalt des "geplante Tasks" Ordners
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-07 13191312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-16 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-16 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-16 440640]
"BtTray"="c:\program files (x86)\Bluetooth Suite\BtTray.exe" [2012-09-29 765056]
"BtvStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-09-29 127616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\program files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
IE: Nach Microsoft &Excel exportieren - c:\program files (x86)\Microsoft Office\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\program files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\o958rb37.default\
FF - ExtSQL: 2013-09-27 19:44; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\o958rb37.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
.
------- Dateityp-Verknüpfung -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-IR_SERVER - c:\program files (x86)\Realtek\REALTEK DTV USB DEVICE\IR_SERVER.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\vpngui.exe.lnk - c:\windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe -user_logon
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_714BFB3B4B0991F6.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
c:\program files (x86)\Samsung\Settings\sSettings.exe
c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-10-07  21:04:25 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-10-07 19:04
.
Vor Suchlauf: 12 Verzeichnis(se), 190.017.466.368 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 189.480.488.960 Bytes frei
.
- - End Of File - - CF57BC3ABF6E614BE0E3100920A4532F

und FRST-Scan ergab:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Internet (administrator) on NADINENOTEBOOK on 07-10-2013 21:12:00
Running from C:\Users\Internet\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2862448 2012-08-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-29] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-29] (Atheros Communications)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1648264 2013-04-30] (Ask)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [245872 2013-01-11] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [201576 2013-01-11] (NVIDIA Corporation)
Startup: C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {50952DBE-9475-4D32-B175-B9D835C33E99} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {50952DBE-9475-4D32-B175-B9D835C33E99} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - DefaultScope {50952DBE-9475-4D32-B175-B9D835C33E99} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {50952DBE-9475-4D32-B175-B9D835C33E99} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - DefaultScope {50952DBE-9475-4D32-B175-B9D835C33E99} URL = 
SearchScopes: HKCU - {50952DBE-9475-4D32-B175-B9D835C33E99} URL = 
SearchScopes: HKCU - {B9A4C3AA-4B74-437D-8AB7-9EFC2F61BB90} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=20f3da65-3de2-452b-a440-b86636596be9&apn_sauid=F3E91511-EA56-4A9A-AF19-605D0E205F6E
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\o958rb37.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\o958rb37.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"]},"first_run_tabs":["hxxp://www.google.com/","hxxp://welcome_page"

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2912304 2013-03-14] (Samsung Electronics CO., LTD.)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [x]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [x]
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-29] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [132608 2009-06-22] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\system32\DRIVERS\ewusbdev.sys [113792 2009-06-22] (Huawei Technologies Co., Ltd.)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-11-28] (Windows (R) 2003 DDK 3790 provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-11-28] (Windows (R) 2003 DDK 3790 provider)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
S3 SBIOSIO; \??\C:\Windows\Temp\SBIOSIO64.SYS [x]
S3 TVICPORT; \??\C:\windows\system32\DRIVERS\TVICPORT.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-07 21:11 - 2013-10-07 21:11 - 00015742 _____ C:\Users\Internet\Desktop\combofix.txt
2013-10-07 21:04 - 2013-10-07 21:04 - 00015742 _____ C:\ComboFix.txt
2013-10-07 20:55 - 2013-10-07 20:55 - 00000784 _____ C:\windows\PFRO.log
2013-10-07 20:38 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-10-07 20:38 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-10-07 20:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-10-07 20:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-10-07 20:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-10-07 20:38 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe
2013-10-07 20:38 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-10-07 20:38 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-10-07 20:38 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-10-07 20:36 - 2013-10-07 21:05 - 00000000 ____D C:\Qoobox
2013-10-07 20:36 - 2013-10-07 21:00 - 00000000 ____D C:\windows\erdnt
2013-10-07 20:26 - 2013-10-07 20:28 - 05130782 ____R (Swearware) C:\Users\Internet\Desktop\ComboFix.exe
2013-10-07 19:36 - 2013-10-07 19:36 - 00037911 _____ C:\Users\Internet\Desktop\FRST.txt
2013-10-07 19:36 - 2013-10-07 19:36 - 00027899 _____ C:\Users\Internet\Desktop\Addition.txt
2013-10-07 19:34 - 2013-10-07 19:36 - 00027899 _____ C:\Users\Internet\Downloads\Addition.txt
2013-10-07 19:26 - 2013-10-07 19:26 - 01954124 _____ (Farbar) C:\Users\Internet\Downloads\FRST64.exe
2013-10-07 19:26 - 2013-10-07 19:26 - 00000000 ____D C:\FRST
2013-10-06 23:44 - 2013-10-07 20:56 - 00029959 _____ C:\windows\WindowsUpdate.log
2013-10-06 22:27 - 2013-09-19 01:26 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-10-06 22:27 - 2013-09-19 01:26 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-06 22:22 - 2013-08-07 07:15 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\tssdisai.dll
2013-09-29 19:50 - 2013-09-29 21:52 - 00000000 ____D C:\Users\Internet\AppData\Roaming\vlc
2013-09-29 19:49 - 2013-09-29 19:49 - 00000875 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-29 19:48 - 2013-09-29 19:48 - 00000000 ____D C:\Program Files\VideoLAN
2013-09-28 09:37 - 2013-09-28 09:37 - 00000000 ____D C:\Users\Internet\AppData\Local\Macromedia
2013-09-27 20:05 - 2013-09-27 20:10 - 23280480 _____ C:\Users\Internet\Downloads\vlc-2.1.0-win64.exe
2013-09-27 20:03 - 2013-09-27 20:03 - 00000000 ____D C:\Users\Internet\AppData\Roaming\WinRAR
2013-09-27 20:03 - 2011-11-09 23:18 - 00000291 _____ C:\Users\Internet\Downloads\Charts.to - Die ultimative Seite fuer Charts als Direkt-Download.url
2013-09-27 20:02 - 2013-09-27 20:02 - 02074056 _____ C:\Users\Internet\Downloads\winrar-x64-500d.exe
2013-09-27 20:02 - 2013-09-27 20:02 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-09-27 20:02 - 2013-09-27 20:02 - 00000000 ____D C:\Program Files\WinRAR
2013-09-27 19:39 - 2013-09-27 19:39 - 00000000 ____D C:\Users\Internet\AppData\Local\Mozilla
2013-09-27 19:38 - 2013-09-27 19:38 - 00001159 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-27 19:38 - 2013-09-27 19:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-22 20:10 - 2013-09-22 20:11 - 00356616 _____ C:\windows\system32\FNTCACHE.DAT
2013-09-18 19:53 - 2013-08-16 07:41 - 00058200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dam.sys
2013-09-18 19:53 - 2013-08-16 07:39 - 02371728 _____ (Microsoft Corporation) C:\windows\system32\WSService.dll
2013-09-18 19:53 - 2013-08-16 07:39 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2013-09-18 19:53 - 2013-08-16 07:32 - 00209200 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2013-09-18 19:53 - 2013-08-16 07:22 - 04917760 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe
2013-09-18 19:53 - 2013-08-16 07:22 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2013-09-18 19:53 - 2013-08-16 07:21 - 03275776 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 01621504 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 01164288 _____ (Microsoft Corporation) C:\windows\system32\sppobjs.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 00773120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 00368640 _____ (Microsoft Corporation) C:\windows\system32\sppwinob.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 00252416 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 00204800 _____ (Microsoft Corporation) C:\windows\system32\WSClient.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 00183808 _____ (Microsoft Corporation) C:\windows\system32\WSSync.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 00174592 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 00120320 _____ (Microsoft Corporation) C:\windows\system32\sppc.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\setupcln.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 00049664 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2013-09-18 19:53 - 2013-08-16 07:20 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2013-09-18 19:53 - 2013-08-16 00:43 - 00628736 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2013-09-18 19:53 - 2013-08-16 00:43 - 00562688 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2013-09-18 19:53 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSClient.dll
2013-09-18 19:53 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSSync.dll
2013-09-18 19:53 - 2013-08-16 00:43 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.dll
2013-09-18 19:53 - 2013-08-16 00:43 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2013-09-18 19:53 - 2013-08-16 00:43 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-18 19:53 - 2013-08-16 00:43 - 00084992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2013-09-18 19:53 - 2013-08-16 00:43 - 00083968 _____ C:\windows\SysWOW64\OEMLicense.dll
2013-09-18 19:53 - 2013-08-16 00:43 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2013-09-18 19:53 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2013-09-18 19:53 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\windows\SysWOW64\sppc.dll
2013-09-18 19:53 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\setupcln.dll
2013-09-18 19:52 - 2013-08-21 06:12 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-09-18 19:52 - 2013-08-21 06:12 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-09-18 19:52 - 2013-08-21 06:11 - 19246592 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-09-18 19:52 - 2013-08-21 06:11 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-09-18 19:52 - 2013-08-21 06:11 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-09-18 19:52 - 2013-08-21 06:11 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-09-18 19:52 - 2013-08-21 06:11 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-09-18 19:52 - 2013-08-21 06:11 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2013-09-18 19:52 - 2013-08-21 06:11 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-09-18 19:52 - 2013-08-21 06:11 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-09-18 19:52 - 2013-08-21 06:11 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-09-18 19:52 - 2013-08-21 06:11 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-09-18 19:52 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2013-09-18 19:52 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-09-18 19:52 - 2013-08-21 06:11 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-09-18 19:52 - 2013-08-21 04:34 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-09-18 19:52 - 2013-08-21 04:06 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-09-18 19:52 - 2013-08-21 04:06 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-09-18 19:52 - 2013-08-21 04:06 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2013-09-18 19:52 - 2013-08-21 04:05 - 14332928 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-09-18 19:52 - 2013-08-21 04:05 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-09-18 19:52 - 2013-08-21 04:05 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-09-18 19:52 - 2013-08-21 04:05 - 02048000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-09-18 19:52 - 2013-08-21 04:05 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-09-18 19:52 - 2013-08-21 04:05 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-09-18 19:52 - 2013-08-21 04:05 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-09-18 19:52 - 2013-08-21 04:05 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-09-18 19:52 - 2013-08-21 04:05 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-09-18 19:52 - 2013-08-21 04:05 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-09-18 19:52 - 2013-08-21 03:43 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-09-18 19:52 - 2013-08-21 01:52 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2013-09-18 19:50 - 2013-08-03 06:30 - 04038144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-09-08 21:20 - 2013-07-09 08:18 - 00439488 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe
2013-09-08 21:20 - 2013-07-09 00:46 - 00414208 _____ (Microsoft Corporation) C:\windows\system32\wwanconn.dll
2013-09-08 21:20 - 2013-07-06 02:16 - 01025024 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2013-09-08 21:20 - 2013-07-03 02:23 - 00778752 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2013-09-08 21:20 - 2013-07-03 02:22 - 02839552 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll
2013-09-08 21:20 - 2013-07-03 02:22 - 01300480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-09-08 21:20 - 2013-07-03 02:11 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2013-09-08 21:20 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\windows\SysWOW64\msftedit.dll
2013-09-08 21:20 - 2013-06-29 07:43 - 00327512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
2013-09-08 21:20 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\windows\system32\winmmbase.dll
2013-09-08 21:20 - 2013-06-19 07:36 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\winmm.dll
2013-09-08 21:20 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmm.dll
2013-09-08 21:20 - 2013-06-10 21:15 - 01156096 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-09-08 21:20 - 2013-06-10 21:15 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2013-09-08 21:20 - 2013-06-10 21:15 - 00381952 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2013-09-08 21:19 - 2013-07-09 10:04 - 00120144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msgpioclx.sys
2013-09-08 21:19 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe
2013-09-08 21:19 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\windows\SysWOW64\LocationApi.dll
2013-09-08 21:19 - 2013-07-09 00:46 - 00543744 _____ (Microsoft Corporation) C:\windows\system32\wwanmm.dll
2013-09-08 21:19 - 2013-07-09 00:46 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Wwanadvui.dll
2013-09-08 21:19 - 2013-07-09 00:45 - 00312832 _____ (Microsoft Corporation) C:\windows\system32\LocationApi.dll
2013-09-08 21:19 - 2013-07-03 02:23 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-09-08 21:19 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-09-08 21:19 - 2013-07-02 00:08 - 00387583 _____ C:\windows\system32\ApnDatabase.xml
2013-09-08 21:19 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\openfiles.exe
2013-09-08 21:19 - 2013-07-01 00:29 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\openfiles.exe
2013-09-08 21:19 - 2013-06-29 08:15 - 00195416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys
2013-09-08 21:19 - 2013-06-29 08:15 - 00125784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys
2013-09-08 21:19 - 2013-06-29 03:12 - 01022464 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2013-09-08 21:19 - 2013-06-26 05:01 - 00321536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\udfs.sys
2013-09-08 21:19 - 2013-06-26 04:59 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\HdAudio.sys
2013-09-08 21:19 - 2013-06-25 00:54 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2013-09-08 21:19 - 2013-06-25 00:54 - 00263680 _____ (Microsoft Corporation) C:\windows\system32\wcmsvc.dll
2013-09-08 21:19 - 2013-06-25 00:54 - 00074240 _____ (Microsoft Corporation) C:\windows\system32\wcmcsp.dll
2013-09-08 21:19 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmmbase.dll
2013-09-08 21:19 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\WinSCard.dll
2013-09-08 21:19 - 2013-06-12 01:26 - 00230912 _____ (Microsoft Corporation) C:\windows\system32\WinSCard.dll
2013-09-08 21:19 - 2013-06-10 23:17 - 00096512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys
2013-09-08 21:19 - 2013-06-10 21:16 - 00888832 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2013-09-08 21:19 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2013-09-08 21:19 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2013-09-08 21:19 - 2013-06-06 10:03 - 00119040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS

==================== One Month Modified Files and Folders =======

2013-10-07 21:11 - 2013-10-07 21:11 - 00015742 _____ C:\Users\Internet\Desktop\combofix.txt
2013-10-07 21:10 - 2013-02-26 21:58 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-927294191-717072922-153577076-1002
2013-10-07 21:05 - 2013-10-07 20:36 - 00000000 ____D C:\Qoobox
2013-10-07 21:05 - 2012-10-20 07:57 - 00000000 ____D C:\Users\EasySurvey
2013-10-07 21:05 - 2012-07-26 07:37 - 00000000 __RHD C:\Users\Default
2013-10-07 21:04 - 2013-10-07 21:04 - 00015742 _____ C:\ComboFix.txt
2013-10-07 21:03 - 2012-10-20 22:21 - 00753134 _____ C:\windows\system32\perfh007.dat
2013-10-07 21:03 - 2012-10-20 22:21 - 00155826 _____ C:\windows\system32\perfc007.dat
2013-10-07 21:03 - 2012-07-26 09:28 - 01745226 _____ C:\windows\system32\PerfStringBackup.INI
2013-10-07 21:02 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru
2013-10-07 21:00 - 2013-10-07 20:36 - 00000000 ____D C:\windows\erdnt
2013-10-07 20:56 - 2013-10-06 23:44 - 00029959 _____ C:\windows\WindowsUpdate.log
2013-10-07 20:56 - 2012-07-26 07:26 - 00000215 _____ C:\windows\system.ini
2013-10-07 20:55 - 2013-10-07 20:55 - 00000784 _____ C:\windows\PFRO.log
2013-10-07 20:55 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-07 20:54 - 2012-07-26 07:26 - 00262144 ___SH C:\windows\system32\config\BBI
2013-10-07 20:40 - 2013-02-26 22:32 - 00000000 ____D C:\ProgramData\Avira
2013-10-07 20:28 - 2013-10-07 20:26 - 05130782 ____R (Swearware) C:\Users\Internet\Desktop\ComboFix.exe
2013-10-07 19:36 - 2013-10-07 19:36 - 00037911 _____ C:\Users\Internet\Desktop\FRST.txt
2013-10-07 19:36 - 2013-10-07 19:36 - 00027899 _____ C:\Users\Internet\Desktop\Addition.txt
2013-10-07 19:36 - 2013-10-07 19:34 - 00027899 _____ C:\Users\Internet\Downloads\Addition.txt
2013-10-07 19:26 - 2013-10-07 19:26 - 01954124 _____ (Farbar) C:\Users\Internet\Downloads\FRST64.exe
2013-10-07 19:26 - 2013-10-07 19:26 - 00000000 ____D C:\FRST
2013-10-07 19:09 - 2012-10-20 07:47 - 00000000 ____D C:\ProgramData\WinClon
2013-10-07 08:02 - 2013-03-12 22:39 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-07 00:07 - 2013-02-28 13:32 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Zumea
2013-10-06 22:32 - 2013-02-26 22:33 - 00000000 ____D C:\Users\Internet\AppData\Local\CrashDumps
2013-10-06 21:59 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-10-06 21:57 - 2013-03-02 12:38 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Xoizg
2013-10-01 18:13 - 2013-04-26 15:28 - 00000000 ____D C:\Users\Internet\Documents\Verträge
2013-09-29 21:52 - 2013-09-29 19:50 - 00000000 ____D C:\Users\Internet\AppData\Roaming\vlc
2013-09-29 19:49 - 2013-09-29 19:49 - 00000875 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-29 19:48 - 2013-09-29 19:48 - 00000000 ____D C:\Program Files\VideoLAN
2013-09-28 09:37 - 2013-09-28 09:37 - 00000000 ____D C:\Users\Internet\AppData\Local\Macromedia
2013-09-28 09:36 - 2013-03-02 15:37 - 00000000 ____D C:\Users\Internet\AppData\Local\Adobe
2013-09-28 09:08 - 2013-05-07 20:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-27 20:10 - 2013-09-27 20:05 - 23280480 _____ C:\Users\Internet\Downloads\vlc-2.1.0-win64.exe
2013-09-27 20:03 - 2013-09-27 20:03 - 00000000 ____D C:\Users\Internet\AppData\Roaming\WinRAR
2013-09-27 20:02 - 2013-09-27 20:02 - 02074056 _____ C:\Users\Internet\Downloads\winrar-x64-500d.exe
2013-09-27 20:02 - 2013-09-27 20:02 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-09-27 20:02 - 2013-09-27 20:02 - 00000000 ____D C:\Program Files\WinRAR
2013-09-27 19:39 - 2013-09-27 19:39 - 00000000 ____D C:\Users\Internet\AppData\Local\Mozilla
2013-09-27 19:39 - 2013-05-07 20:31 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Mozilla
2013-09-27 19:38 - 2013-09-27 19:38 - 00001159 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-27 19:38 - 2013-09-27 19:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-27 18:48 - 2013-03-12 22:39 - 00000000 ____D C:\Users\Internet\AppData\Local\Google
2013-09-27 18:44 - 2013-03-03 19:12 - 00000000 ____D C:\Users\Internet\AppData\Local\DoNotTrackPlus
2013-09-23 20:52 - 2012-07-26 10:12 - 00000000 ____D C:\windows\rescache
2013-09-23 18:33 - 2013-04-26 15:31 - 00000000 ____D C:\Users\Internet\Documents\Zeugnisse & Bescheinigungen
2013-09-23 07:54 - 2013-07-28 19:51 - 00000000 ____D C:\windows\system32\MRT
2013-09-23 07:52 - 2013-03-09 13:45 - 79143768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-09-22 20:11 - 2013-09-22 20:10 - 00356616 _____ C:\windows\system32\FNTCACHE.DAT
2013-09-19 01:26 - 2013-10-06 22:27 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 01:26 - 2013-10-06 22:27 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-18 22:01 - 2012-07-26 10:12 - 00000000 ____D C:\windows\WinStore
2013-09-18 22:01 - 2012-07-26 10:12 - 00000000 ____D C:\windows\PolicyDefinitions
2013-09-17 21:01 - 2013-05-05 23:13 - 00000000 ____D C:\Users\Internet\Documents\OneNote-Notizbücher
2013-09-11 20:49 - 2011-10-09 16:06 - 00000000 ____D C:\Users\Public\Documents\Wohnung
2013-09-08 22:28 - 2012-07-26 07:38 - 00000000 ____D C:\windows\system32\oobe

Files to move or delete:
====================
ZeroAccess:
C:\Users\Internet\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-29 16:25

==================== End Of Log ============================

--- --- ---

Windows 8: TR/ATRAPS.Gen2 entfernen

Plagegeister aller Art und deren Bekämpfung: Windows 8: TR/ATRAPS.Gen2 entfernen

Windows 8: TR/ATRAPS.Gen2 entfernen

Ähnliche Themen: Windows 8: TR/ATRAPS.Gen2 entfernen