| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 8: TR/ATRAPS.Gen2 entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.10.2013, 21:05
| #3 |
| |  Windows 8: TR/ATRAPS.Gen2 entfernen Hi Leo,
__________________vielen Dank dass du mir hilfst ! Also das hier kam bei combofix: Code:
ATTFilter ComboFix 13-10-04.02 - Internet 07.10.2013 20:45:10.1.4 - x64
Microsoft Windows 8 6.2.9200.0.1252.49.1031.18.3796.2735 [GMT 2:00]
ausgeführt von:: c:\users\Internet\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-09-07 bis 2013-10-07 ))))))))))))))))))))))))))))))
.
.
2013-10-07 18:54 . 2013-10-07 18:54 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-10-07 18:54 . 2013-10-07 18:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-07 17:26 . 2013-10-07 17:26 -------- d-----w- C:\FRST
2013-10-07 17:14 . 2013-10-07 17:14 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-10-07 05:53 . 2013-10-07 18:15 -------- d-----w- c:\windows\Logs
2013-10-06 20:27 . 2013-09-18 23:26 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-06 20:27 . 2013-09-18 23:26 694232 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-06 20:22 . 2013-08-07 05:15 144896 ----a-w- c:\windows\system32\tssdisai.dll
2013-09-29 17:50 . 2013-09-29 19:52 -------- d-----w- c:\users\Internet\AppData\Roaming\vlc
2013-09-29 17:48 . 2013-09-29 17:48 -------- d-----w- c:\program files\VideoLAN
2013-09-28 07:37 . 2013-09-28 07:37 -------- d-----w- c:\users\Internet\AppData\Local\Macromedia
2013-09-27 19:04 . 2013-09-27 19:04 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2013-09-27 18:02 . 2013-09-27 18:02 -------- d-----w- c:\program files\WinRAR
2013-09-27 17:39 . 2013-09-27 17:39 -------- d-----w- c:\users\Internet\AppData\Local\Mozilla
2013-09-18 17:52 . 2013-08-21 04:11 19246592 ----a-w- c:\windows\system32\mshtml.dll
2013-09-18 17:50 . 2013-08-03 04:30 4038144 ----a-w- c:\windows\system32\win32k.sys
2013-09-08 19:19 . 2013-07-09 08:04 120144 ----a-w- c:\windows\system32\drivers\msgpioclx.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-23 05:52 . 2013-03-09 11:45 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-07-13 06:18 . 2013-08-29 17:13 337408 ----a-w- c:\windows\system32\wintrust.dll
2013-07-13 06:16 . 2013-08-29 17:13 1889280 ----a-w- c:\windows\system32\crypt32.dll
2013-07-13 06:16 . 2013-08-29 17:13 68096 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-13 06:15 . 2013-08-29 17:13 98304 ----a-w- c:\windows\system32\apprepsync.dll
2013-07-13 06:15 . 2013-08-29 17:13 124416 ----a-w- c:\windows\system32\apprepapi.dll
2013-07-13 04:24 . 2013-08-29 17:13 261120 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-13 04:23 . 2013-08-29 17:13 1568256 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-13 04:23 . 2013-08-29 17:13 87040 ----a-w- c:\windows\SysWow64\apprepapi.dll
2013-07-13 04:23 . 2013-08-29 17:13 74240 ----a-w- c:\windows\SysWow64\apprepsync.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-30 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-04-30 10:02 1521800 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-30 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-07-13 155488]
"CLMLServer_For_P2G8"="c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [2012-06-08 111120]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-12 491120]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-08-15 97392]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-04-30 1648264]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2013-3-2 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\System32\drivers\RTL2832U_IRHID.sys;c:\windows\SYSNATIVE\drivers\RTL2832U_IRHID.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\System32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
R3 SBIOSIO;SBIOSIO;c:\windows\Temp\SBIOSIO64.SYS;c:\windows\Temp\SBIOSIO64.SYS [x]
R3 WSDScan;WSD-Scanunterstützung;c:\windows\System32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 Easy Launcher;Easy Launcher;c:\program files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe;c:\program files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 SWUpdateService;SW Update Service;c:\program files (x86)\Samsung\SW Update\SWMAgent.exe;c:\program files (x86)\Samsung\SW Update\SWMAgent.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 ETD;Samsung PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RadioHIDMini;Radio HID Mini-driver;c:\windows\System32\drivers\RadioHIDMini.sys;c:\windows\SYSNATIVE\drivers\RadioHIDMini.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-09-05 14:04 215416 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Inhalt des "geplante Tasks" Ordners
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-07 13191312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-16 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-16 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-16 440640]
"BtTray"="c:\program files (x86)\Bluetooth Suite\BtTray.exe" [2012-09-29 765056]
"BtvStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-09-29 127616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\program files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
IE: Nach Microsoft &Excel exportieren - c:\program files (x86)\Microsoft Office\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\program files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\o958rb37.default\
FF - ExtSQL: 2013-09-27 19:44; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\o958rb37.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
.
------- Dateityp-Verknüpfung -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-IR_SERVER - c:\program files (x86)\Realtek\REALTEK DTV USB DEVICE\IR_SERVER.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\vpngui.exe.lnk - c:\windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe -user_logon
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_714BFB3B4B0991F6.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
c:\program files (x86)\Samsung\Settings\sSettings.exe
c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-10-07 21:04:25 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-10-07 19:04
.
Vor Suchlauf: 12 Verzeichnis(se), 190.017.466.368 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 189.480.488.960 Bytes frei
.
- - End Of File - - CF57BC3ABF6E614BE0E3100920A4532F
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Internet (administrator) on NADINENOTEBOOK on 07-10-2013 21:12:00
Running from C:\Users\Internet\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2862448 2012-08-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-29] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-29] (Atheros Communications)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1648264 2013-04-30] (Ask)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [245872 2013-01-11] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [201576 2013-01-11] (NVIDIA Corporation)
Startup: C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {50952DBE-9475-4D32-B175-B9D835C33E99} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {50952DBE-9475-4D32-B175-B9D835C33E99} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - DefaultScope {50952DBE-9475-4D32-B175-B9D835C33E99} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {50952DBE-9475-4D32-B175-B9D835C33E99} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - DefaultScope {50952DBE-9475-4D32-B175-B9D835C33E99} URL =
SearchScopes: HKCU - {50952DBE-9475-4D32-B175-B9D835C33E99} URL =
SearchScopes: HKCU - {B9A4C3AA-4B74-437D-8AB7-9EFC2F61BB90} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=20f3da65-3de2-452b-a440-b86636596be9&apn_sauid=F3E91511-EA56-4A9A-AF19-605D0E205F6E
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\o958rb37.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\o958rb37.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"]},"first_run_tabs":["hxxp://www.google.com/","hxxp://welcome_page"
==================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2912304 2013-03-14] (Samsung Electronics CO., LTD.)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [x]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [x]
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [x]
==================== Drivers (Whitelisted) ====================
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-29] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [132608 2009-06-22] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\system32\DRIVERS\ewusbdev.sys [113792 2009-06-22] (Huawei Technologies Co., Ltd.)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-11-28] (Windows (R) 2003 DDK 3790 provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-11-28] (Windows (R) 2003 DDK 3790 provider)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
S3 SBIOSIO; \??\C:\Windows\Temp\SBIOSIO64.SYS [x]
S3 TVICPORT; \??\C:\windows\system32\DRIVERS\TVICPORT.SYS [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-07 21:11 - 2013-10-07 21:11 - 00015742 _____ C:\Users\Internet\Desktop\combofix.txt
2013-10-07 21:04 - 2013-10-07 21:04 - 00015742 _____ C:\ComboFix.txt
2013-10-07 20:55 - 2013-10-07 20:55 - 00000784 _____ C:\windows\PFRO.log
2013-10-07 20:38 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-10-07 20:38 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-10-07 20:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-10-07 20:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-10-07 20:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-10-07 20:38 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe
2013-10-07 20:38 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-10-07 20:38 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-10-07 20:38 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-10-07 20:36 - 2013-10-07 21:05 - 00000000 ____D C:\Qoobox
2013-10-07 20:36 - 2013-10-07 21:00 - 00000000 ____D C:\windows\erdnt
2013-10-07 20:26 - 2013-10-07 20:28 - 05130782 ____R (Swearware) C:\Users\Internet\Desktop\ComboFix.exe
2013-10-07 19:36 - 2013-10-07 19:36 - 00037911 _____ C:\Users\Internet\Desktop\FRST.txt
2013-10-07 19:36 - 2013-10-07 19:36 - 00027899 _____ C:\Users\Internet\Desktop\Addition.txt
2013-10-07 19:34 - 2013-10-07 19:36 - 00027899 _____ C:\Users\Internet\Downloads\Addition.txt
2013-10-07 19:26 - 2013-10-07 19:26 - 01954124 _____ (Farbar) C:\Users\Internet\Downloads\FRST64.exe
2013-10-07 19:26 - 2013-10-07 19:26 - 00000000 ____D C:\FRST
2013-10-06 23:44 - 2013-10-07 20:56 - 00029959 _____ C:\windows\WindowsUpdate.log
2013-10-06 22:27 - 2013-09-19 01:26 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-10-06 22:27 - 2013-09-19 01:26 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-06 22:22 - 2013-08-07 07:15 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\tssdisai.dll
2013-09-29 19:50 - 2013-09-29 21:52 - 00000000 ____D C:\Users\Internet\AppData\Roaming\vlc
2013-09-29 19:49 - 2013-09-29 19:49 - 00000875 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-29 19:48 - 2013-09-29 19:48 - 00000000 ____D C:\Program Files\VideoLAN
2013-09-28 09:37 - 2013-09-28 09:37 - 00000000 ____D C:\Users\Internet\AppData\Local\Macromedia
2013-09-27 20:05 - 2013-09-27 20:10 - 23280480 _____ C:\Users\Internet\Downloads\vlc-2.1.0-win64.exe
2013-09-27 20:03 - 2013-09-27 20:03 - 00000000 ____D C:\Users\Internet\AppData\Roaming\WinRAR
2013-09-27 20:03 - 2011-11-09 23:18 - 00000291 _____ C:\Users\Internet\Downloads\Charts.to - Die ultimative Seite fuer Charts als Direkt-Download.url
2013-09-27 20:02 - 2013-09-27 20:02 - 02074056 _____ C:\Users\Internet\Downloads\winrar-x64-500d.exe
2013-09-27 20:02 - 2013-09-27 20:02 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-09-27 20:02 - 2013-09-27 20:02 - 00000000 ____D C:\Program Files\WinRAR
2013-09-27 19:39 - 2013-09-27 19:39 - 00000000 ____D C:\Users\Internet\AppData\Local\Mozilla
2013-09-27 19:38 - 2013-09-27 19:38 - 00001159 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-27 19:38 - 2013-09-27 19:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-22 20:10 - 2013-09-22 20:11 - 00356616 _____ C:\windows\system32\FNTCACHE.DAT
2013-09-18 19:53 - 2013-08-16 07:41 - 00058200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dam.sys
2013-09-18 19:53 - 2013-08-16 07:39 - 02371728 _____ (Microsoft Corporation) C:\windows\system32\WSService.dll
2013-09-18 19:53 - 2013-08-16 07:39 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2013-09-18 19:53 - 2013-08-16 07:32 - 00209200 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2013-09-18 19:53 - 2013-08-16 07:22 - 04917760 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe
2013-09-18 19:53 - 2013-08-16 07:22 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2013-09-18 19:53 - 2013-08-16 07:21 - 03275776 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 01621504 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 01164288 _____ (Microsoft Corporation) C:\windows\system32\sppobjs.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 00773120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 00368640 _____ (Microsoft Corporation) C:\windows\system32\sppwinob.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 00252416 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 00204800 _____ (Microsoft Corporation) C:\windows\system32\WSClient.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 00183808 _____ (Microsoft Corporation) C:\windows\system32\WSSync.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 00174592 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 00120320 _____ (Microsoft Corporation) C:\windows\system32\sppc.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\setupcln.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 00049664 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2013-09-18 19:53 - 2013-08-16 07:21 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2013-09-18 19:53 - 2013-08-16 07:20 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2013-09-18 19:53 - 2013-08-16 00:43 - 00628736 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2013-09-18 19:53 - 2013-08-16 00:43 - 00562688 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2013-09-18 19:53 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSClient.dll
2013-09-18 19:53 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSSync.dll
2013-09-18 19:53 - 2013-08-16 00:43 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.dll
2013-09-18 19:53 - 2013-08-16 00:43 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2013-09-18 19:53 - 2013-08-16 00:43 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-18 19:53 - 2013-08-16 00:43 - 00084992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2013-09-18 19:53 - 2013-08-16 00:43 - 00083968 _____ C:\windows\SysWOW64\OEMLicense.dll
2013-09-18 19:53 - 2013-08-16 00:43 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2013-09-18 19:53 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2013-09-18 19:53 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\windows\SysWOW64\sppc.dll
2013-09-18 19:53 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\setupcln.dll
2013-09-18 19:52 - 2013-08-21 06:12 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-09-18 19:52 - 2013-08-21 06:12 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-09-18 19:52 - 2013-08-21 06:11 - 19246592 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-09-18 19:52 - 2013-08-21 06:11 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-09-18 19:52 - 2013-08-21 06:11 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-09-18 19:52 - 2013-08-21 06:11 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-09-18 19:52 - 2013-08-21 06:11 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-09-18 19:52 - 2013-08-21 06:11 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2013-09-18 19:52 - 2013-08-21 06:11 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-09-18 19:52 - 2013-08-21 06:11 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-09-18 19:52 - 2013-08-21 06:11 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-09-18 19:52 - 2013-08-21 06:11 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-09-18 19:52 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2013-09-18 19:52 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-09-18 19:52 - 2013-08-21 06:11 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-09-18 19:52 - 2013-08-21 04:34 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-09-18 19:52 - 2013-08-21 04:06 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-09-18 19:52 - 2013-08-21 04:06 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-09-18 19:52 - 2013-08-21 04:06 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2013-09-18 19:52 - 2013-08-21 04:05 - 14332928 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-09-18 19:52 - 2013-08-21 04:05 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-09-18 19:52 - 2013-08-21 04:05 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-09-18 19:52 - 2013-08-21 04:05 - 02048000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-09-18 19:52 - 2013-08-21 04:05 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-09-18 19:52 - 2013-08-21 04:05 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-09-18 19:52 - 2013-08-21 04:05 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-09-18 19:52 - 2013-08-21 04:05 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-09-18 19:52 - 2013-08-21 04:05 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-09-18 19:52 - 2013-08-21 04:05 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-09-18 19:52 - 2013-08-21 03:43 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-09-18 19:52 - 2013-08-21 01:52 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2013-09-18 19:50 - 2013-08-03 06:30 - 04038144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-09-08 21:20 - 2013-07-09 08:18 - 00439488 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe
2013-09-08 21:20 - 2013-07-09 00:46 - 00414208 _____ (Microsoft Corporation) C:\windows\system32\wwanconn.dll
2013-09-08 21:20 - 2013-07-06 02:16 - 01025024 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2013-09-08 21:20 - 2013-07-03 02:23 - 00778752 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2013-09-08 21:20 - 2013-07-03 02:22 - 02839552 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll
2013-09-08 21:20 - 2013-07-03 02:22 - 01300480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-09-08 21:20 - 2013-07-03 02:11 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2013-09-08 21:20 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\windows\SysWOW64\msftedit.dll
2013-09-08 21:20 - 2013-06-29 07:43 - 00327512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
2013-09-08 21:20 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\windows\system32\winmmbase.dll
2013-09-08 21:20 - 2013-06-19 07:36 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\winmm.dll
2013-09-08 21:20 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmm.dll
2013-09-08 21:20 - 2013-06-10 21:15 - 01156096 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-09-08 21:20 - 2013-06-10 21:15 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2013-09-08 21:20 - 2013-06-10 21:15 - 00381952 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2013-09-08 21:19 - 2013-07-09 10:04 - 00120144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msgpioclx.sys
2013-09-08 21:19 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe
2013-09-08 21:19 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\windows\SysWOW64\LocationApi.dll
2013-09-08 21:19 - 2013-07-09 00:46 - 00543744 _____ (Microsoft Corporation) C:\windows\system32\wwanmm.dll
2013-09-08 21:19 - 2013-07-09 00:46 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Wwanadvui.dll
2013-09-08 21:19 - 2013-07-09 00:45 - 00312832 _____ (Microsoft Corporation) C:\windows\system32\LocationApi.dll
2013-09-08 21:19 - 2013-07-03 02:23 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-09-08 21:19 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-09-08 21:19 - 2013-07-02 00:08 - 00387583 _____ C:\windows\system32\ApnDatabase.xml
2013-09-08 21:19 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\openfiles.exe
2013-09-08 21:19 - 2013-07-01 00:29 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\openfiles.exe
2013-09-08 21:19 - 2013-06-29 08:15 - 00195416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys
2013-09-08 21:19 - 2013-06-29 08:15 - 00125784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys
2013-09-08 21:19 - 2013-06-29 03:12 - 01022464 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2013-09-08 21:19 - 2013-06-26 05:01 - 00321536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\udfs.sys
2013-09-08 21:19 - 2013-06-26 04:59 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\HdAudio.sys
2013-09-08 21:19 - 2013-06-25 00:54 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2013-09-08 21:19 - 2013-06-25 00:54 - 00263680 _____ (Microsoft Corporation) C:\windows\system32\wcmsvc.dll
2013-09-08 21:19 - 2013-06-25 00:54 - 00074240 _____ (Microsoft Corporation) C:\windows\system32\wcmcsp.dll
2013-09-08 21:19 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmmbase.dll
2013-09-08 21:19 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\WinSCard.dll
2013-09-08 21:19 - 2013-06-12 01:26 - 00230912 _____ (Microsoft Corporation) C:\windows\system32\WinSCard.dll
2013-09-08 21:19 - 2013-06-10 23:17 - 00096512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys
2013-09-08 21:19 - 2013-06-10 21:16 - 00888832 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2013-09-08 21:19 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2013-09-08 21:19 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2013-09-08 21:19 - 2013-06-06 10:03 - 00119040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
==================== One Month Modified Files and Folders =======
2013-10-07 21:11 - 2013-10-07 21:11 - 00015742 _____ C:\Users\Internet\Desktop\combofix.txt
2013-10-07 21:10 - 2013-02-26 21:58 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-927294191-717072922-153577076-1002
2013-10-07 21:05 - 2013-10-07 20:36 - 00000000 ____D C:\Qoobox
2013-10-07 21:05 - 2012-10-20 07:57 - 00000000 ____D C:\Users\EasySurvey
2013-10-07 21:05 - 2012-07-26 07:37 - 00000000 __RHD C:\Users\Default
2013-10-07 21:04 - 2013-10-07 21:04 - 00015742 _____ C:\ComboFix.txt
2013-10-07 21:03 - 2012-10-20 22:21 - 00753134 _____ C:\windows\system32\perfh007.dat
2013-10-07 21:03 - 2012-10-20 22:21 - 00155826 _____ C:\windows\system32\perfc007.dat
2013-10-07 21:03 - 2012-07-26 09:28 - 01745226 _____ C:\windows\system32\PerfStringBackup.INI
2013-10-07 21:02 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru
2013-10-07 21:00 - 2013-10-07 20:36 - 00000000 ____D C:\windows\erdnt
2013-10-07 20:56 - 2013-10-06 23:44 - 00029959 _____ C:\windows\WindowsUpdate.log
2013-10-07 20:56 - 2012-07-26 07:26 - 00000215 _____ C:\windows\system.ini
2013-10-07 20:55 - 2013-10-07 20:55 - 00000784 _____ C:\windows\PFRO.log
2013-10-07 20:55 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-07 20:54 - 2012-07-26 07:26 - 00262144 ___SH C:\windows\system32\config\BBI
2013-10-07 20:40 - 2013-02-26 22:32 - 00000000 ____D C:\ProgramData\Avira
2013-10-07 20:28 - 2013-10-07 20:26 - 05130782 ____R (Swearware) C:\Users\Internet\Desktop\ComboFix.exe
2013-10-07 19:36 - 2013-10-07 19:36 - 00037911 _____ C:\Users\Internet\Desktop\FRST.txt
2013-10-07 19:36 - 2013-10-07 19:36 - 00027899 _____ C:\Users\Internet\Desktop\Addition.txt
2013-10-07 19:36 - 2013-10-07 19:34 - 00027899 _____ C:\Users\Internet\Downloads\Addition.txt
2013-10-07 19:26 - 2013-10-07 19:26 - 01954124 _____ (Farbar) C:\Users\Internet\Downloads\FRST64.exe
2013-10-07 19:26 - 2013-10-07 19:26 - 00000000 ____D C:\FRST
2013-10-07 19:09 - 2012-10-20 07:47 - 00000000 ____D C:\ProgramData\WinClon
2013-10-07 08:02 - 2013-03-12 22:39 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-07 00:07 - 2013-02-28 13:32 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Zumea
2013-10-06 22:32 - 2013-02-26 22:33 - 00000000 ____D C:\Users\Internet\AppData\Local\CrashDumps
2013-10-06 21:59 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-10-06 21:57 - 2013-03-02 12:38 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Xoizg
2013-10-01 18:13 - 2013-04-26 15:28 - 00000000 ____D C:\Users\Internet\Documents\Verträge
2013-09-29 21:52 - 2013-09-29 19:50 - 00000000 ____D C:\Users\Internet\AppData\Roaming\vlc
2013-09-29 19:49 - 2013-09-29 19:49 - 00000875 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-29 19:48 - 2013-09-29 19:48 - 00000000 ____D C:\Program Files\VideoLAN
2013-09-28 09:37 - 2013-09-28 09:37 - 00000000 ____D C:\Users\Internet\AppData\Local\Macromedia
2013-09-28 09:36 - 2013-03-02 15:37 - 00000000 ____D C:\Users\Internet\AppData\Local\Adobe
2013-09-28 09:08 - 2013-05-07 20:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-27 20:10 - 2013-09-27 20:05 - 23280480 _____ C:\Users\Internet\Downloads\vlc-2.1.0-win64.exe
2013-09-27 20:03 - 2013-09-27 20:03 - 00000000 ____D C:\Users\Internet\AppData\Roaming\WinRAR
2013-09-27 20:02 - 2013-09-27 20:02 - 02074056 _____ C:\Users\Internet\Downloads\winrar-x64-500d.exe
2013-09-27 20:02 - 2013-09-27 20:02 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-09-27 20:02 - 2013-09-27 20:02 - 00000000 ____D C:\Program Files\WinRAR
2013-09-27 19:39 - 2013-09-27 19:39 - 00000000 ____D C:\Users\Internet\AppData\Local\Mozilla
2013-09-27 19:39 - 2013-05-07 20:31 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Mozilla
2013-09-27 19:38 - 2013-09-27 19:38 - 00001159 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-27 19:38 - 2013-09-27 19:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-27 18:48 - 2013-03-12 22:39 - 00000000 ____D C:\Users\Internet\AppData\Local\Google
2013-09-27 18:44 - 2013-03-03 19:12 - 00000000 ____D C:\Users\Internet\AppData\Local\DoNotTrackPlus
2013-09-23 20:52 - 2012-07-26 10:12 - 00000000 ____D C:\windows\rescache
2013-09-23 18:33 - 2013-04-26 15:31 - 00000000 ____D C:\Users\Internet\Documents\Zeugnisse & Bescheinigungen
2013-09-23 07:54 - 2013-07-28 19:51 - 00000000 ____D C:\windows\system32\MRT
2013-09-23 07:52 - 2013-03-09 13:45 - 79143768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-09-22 20:11 - 2013-09-22 20:10 - 00356616 _____ C:\windows\system32\FNTCACHE.DAT
2013-09-19 01:26 - 2013-10-06 22:27 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 01:26 - 2013-10-06 22:27 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-18 22:01 - 2012-07-26 10:12 - 00000000 ____D C:\windows\WinStore
2013-09-18 22:01 - 2012-07-26 10:12 - 00000000 ____D C:\windows\PolicyDefinitions
2013-09-17 21:01 - 2013-05-05 23:13 - 00000000 ____D C:\Users\Internet\Documents\OneNote-Notizbücher
2013-09-11 20:49 - 2011-10-09 16:06 - 00000000 ____D C:\Users\Public\Documents\Wohnung
2013-09-08 22:28 - 2012-07-26 07:38 - 00000000 ____D C:\windows\system32\oobe
Files to move or delete:
====================
ZeroAccess:
C:\Users\Internet\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-29 16:25
==================== End Of Log ============================
|
| Themen zu Windows 8: TR/ATRAPS.Gen2 entfernen |
| 4d36e972-e325-11ce-bfc1-08002be10318, antivir, antivirus, avira, browser, desktop, dllhost.exe, entfernen, error, excel, farbar, farbar recovery scan tool, firefox, flash player, google, homepage, installation, internet, mozilla, ntdll.dll, plug-in, problem, realtek, registry, rootkit, security, software, svchost.exe, trojaner, usb, windows, windowsapps |
Baum-Darstellung