CPU läuft immer auf 100% ohne Anwendungen!

daday · 12.12.2013, 02:13

Hallo liebe Leute,

bei mir läuft der prozessor auf Hochtouren, weiss nicht warum ?
Vermute unsichtbare programme, die im Hintergrund ohne mein wissen laufen.
Ich dachte mir, ich suche im Netz und fand ich euch.
Ich hoffe ihr könnt mir ein Hinweis geben, wo das problem liegen könnte.
Herzlichen Dank.
Nun ich hoffe, ich habe richtig gelesen, ich soll die beiden tex-Dateien hier reinkopieren?!

Zitat:

OTL Extras logfile created on: 12.12.2013 01:38:59 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\INTERNET\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,61 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 67,53% Memory free
7,21 Gb Paging File | 5,87 Gb Available in Paging File | 81,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 73,38 Gb Total Space | 39,61 Gb Free Space | 53,98% Space Free | Partition Type: NTFS
Drive E: | 224,61 Gb Total Space | 178,14 Gb Free Space | 79,31% Space Free | Partition Type: NTFS

Computer Name: SYSTEM | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2415952919-342969038-3676353109-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-2415952919-342969038-3676353109-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d j && icacls "%1" /grant administratoren:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d j && icacls "%1" /grant administratoren:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B049CC-76C1-4E20-8C4F-553E1E961500}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{08F43A2C-E73B-42A8-B0A8-4DB6C855C6A9}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0C16ECA7-9910-4ED1-B2E4-A5365D0A111E}" = rport=445 | protocol=6 | dir=out | app=system |
"{0CFBCC74-5DB0-405D-BDEE-356EB512B73A}" = lport=53 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{10A1C910-739F-4459-89A7-40BAADC5963F}" = lport=67 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{1A98A97B-2340-461A-BF1A-DD1F0F694025}" = rport=1900 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{1BAE239E-A50E-4C9D-9A44-B3BBAF63E16C}" = rport=139 | protocol=6 | dir=out | app=system |
"{2361AC26-83D3-4A05-A800-36B7C826EB6A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2C6C9029-73D6-44B0-AB93-DA0D95B6A04A}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3539C46A-E60C-4AE6-BA39-74C6DF9C893F}" = lport=68 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{47D0A2A7-DFF7-4CCD-AA69-8745B1B8AAF4}" = lport=139 | protocol=6 | dir=in | app=system |
"{4995E10C-1123-4CBC-80F1-57D2D6CE47BA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{64BB2E31-D82F-4134-9DC0-81C883778C21}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6764BC05-10E2-44F3-87C9-91F511787085}" = rport=2869 | protocol=6 | dir=out | app=system |
"{7798F2E5-2EFF-464E-9278-13E78C321846}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{77CE5750-6E69-46C3-8A1F-C559E2A2A606}" = lport=445 | protocol=6 | dir=in | app=system |
"{7901DBDC-BFBC-4EDC-B05A-B515A5100B2A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7A872FFA-6179-40FA-A586-D756D868F5ED}" = lport=53 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{8F1CFDE3-744A-4D5A-8B8D-566356B51E1B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9403C308-964F-4BC8-A428-0A7EA2934AC4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{96C0DD2B-0C64-46BA-856E-B315B89D82EF}" = rport=138 | protocol=17 | dir=out | app=system |
"{A2B7DF3C-1449-4700-9776-77D6ACEA4892}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AE531112-FE28-4B09-A3C3-15F6B5278F84}" = lport=67 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{AF07D7BF-5EE5-4F84-9AFF-CC401FC751BC}" = lport=1900 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{B5F414A1-77A7-4853-AB7A-060D6A3A328E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B675C299-AF45-45A3-897C-9B18B1126735}" = rport=137 | protocol=17 | dir=out | app=system |
"{C5D495B9-7CB3-48E5-96E4-08DDE11F7CF0}" = rport=2869 | protocol=6 | dir=out | app=system |
"{CB17DF40-6D6D-4FC9-A178-AB44D4CABD53}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D9A23022-E595-4AE2-B86F-B7CA1D928E8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{E770DC9C-6A96-4747-AC75-03343BE56316}" = lport=137 | protocol=17 | dir=in | app=system |
"{E9651DFD-CC28-4818-9ADE-EFD4BBAB50DA}" = lport=547 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{EA6936AF-086A-41F3-9993-107257E1B514}" = lport=2987 | protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"{FC932F35-4430-486F-A7FD-EA4575629260}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0668B55E-CAF3-4045-A338-CD4C0FF04C3C}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"{142B2CA7-88EA-472B-83C3-EE5B54811E76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{18305B92-A332-40CA-B280-69B45A8FBD0E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2DF19D5B-EA1A-4B04-BA35-875F707F21E5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{37785594-FC31-4A69-A3B5-5E31ED8DCD97}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4A8E09D5-DB04-498F-92CD-15E324F58D4D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5D74AC98-F374-4CFD-B71A-61B559155DD3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{60A25A24-FDA8-4614-BD2C-7D276D8C54E6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{63C32785-9445-46E9-A429-C25665148FD2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6D0A25AD-16A8-4656-BF2F-2926807E97A3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6FFFDD04-3338-4E2A-B3E7-93E3F5855B7F}" = protocol=6 | dir=in | app=c:\program files (x86)\virtual wifi router\virtualwifirouterlibrary.dll |
"{72649971-87CE-43FB-B913-47333FCD807F}" = protocol=58 | dir=in | name=internet connection sharing (router solicitation-in) |
"{929B3313-490F-4476-BC85-0DE89BCD6476}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9F9301CF-EC46-46BE-ACDB-E5C0496C6147}" = dir=out | app=c:\windows\system32\svchost.exe |
"{B8FF1C57-AE39-499F-AFC1-36AB5D1E5632}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C2586CB4-1B98-4722-A380-6201D529E633}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C42CDD6F-D1E0-411E-87FA-55D056931A4E}" = protocol=17 | dir=in | app=c:\program files (x86)\virtual wifi router\virtualwifirouterlibrary.dll |
"{C7B25EFE-D031-4C0C-98DC-D484D1BEB61F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{CFB30394-F953-4BDF-8EC8-A37C9F676DE1}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{D2737008-962D-4F5D-9066-5D221E65A714}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"{DAAB6229-349B-4B03-BF2D-CDDA3566CA0A}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{E91CCAFD-84D2-4B81-A3F7-B8B48EBD544C}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{F1CF75A6-7379-4292-94D7-9461AFB351DC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F1D76F13-E6F4-4DA3-ACED-52AD125428E1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{23E58B76-BA9E-4B7A-ACCB-9E23815999A1}C:\users\internet\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\internet\appdata\roaming\utorrent\utorrent.exe |
"TCP Query User{6DE4CFA4-3D4F-4BE1-8067-EA2AFE4BBDB7}C:\program files (x86)\connectify\connectify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"TCP Query User{98E08706-1121-4CBA-A758-7F5CD1216B67}C:\program files (x86)\connectify\connectify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"UDP Query User{320CBA2D-B041-4B35-84A6-4768BD25495B}C:\users\internet\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\internet\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{C199BD60-D849-4173-9454-BCAA13197619}C:\program files (x86)\connectify\connectify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"UDP Query User{DB4B7FEC-590E-42C9-8031-784CE16E0255}C:\program files (x86)\connectify\connectify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{4572399F-5B78-3C50-7281-4AB6248FC1F0}" = AMD Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E015E15-F7AD-3379-523F-AD63C0CB9E71}" = AMD Steady Video Plug-In
"{6B724485-AC7C-856B-357E-DC7E4AEE6491}" = AMD Media Foundation Decoders
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8DB5B8FE-3F8A-4D9F-911C-F85473400859}" = Studie zur Verbesserung von HP Officejet 6500 E710a-f Produkten
"{8F4884F1-488D-4738-8F71-65A378BB484C}" = HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{C513739C-5F16-37B5-9ACF-99925FF1C1F3}" = Microsoft .NET Framework 4.5.1 (DEU)
"{E9117178-6A0D-C220-E0B2-DC80168E6139}" = AMD Fuel
"{E9FF60F2-A2B0-0306-FAAE-770F01D2A719}" = ccc-utility64
"CCleaner" = CCleaner
"Connectify" = Connectify
"Elantech" = ETDWare PS/2-X64 8.0.5.1_WHQL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Hilfe
"{04BC5330-A4F6-F3B5-A503-0D17FC4DEEC3}" = CCC Help Czech
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0EDCD03D-BA65-7428-0C1C-8AFDEE962C10}" = CCC Help Finnish
"{12A0F057-9F6E-29F9-4F5D-FB6AC31E94D9}" = Catalyst Control Center Profiles Mobile
"{1795847E-83E1-E20B-35BF-248D50D94D22}" = Catalyst Control Center Graphics Previews Common
"{1ABEB415-7C33-2F4D-5BEA-2E1CBCFE6E51}" = CCC Help Korean
"{1ADB965A-F126-85EB-535B-AAC6E6616DE8}" = AMD VISION Engine Control Center
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
"{29F192A3-75A6-4733-DD08-BD0D71356B2D}" = CCC Help German
"{2A242806-A55C-C158-5350-7B843AA36383}" = Catalyst Control Center InstallProxy
"{2E61358C-8F7F-BDC7-1124-26DDFC2022F1}" = CCC Help Greek
"{32D39568-3B77-11E3-88CE-00163E98E7D0}" = Evernote v. 5.0.3
"{4662E3C5-356C-6C51-12A1-119964C3F19E}" = CCC Help Swedish
"{46F5A007-797E-456A-1C6D-2AC6851F9580}" = CCC Help French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E4497CF-8B9E-3769-8AD4-0E3565BBB93D}" = CCC Help Portuguese
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS FaceLogon
"{7132917B-2D16-7395-C4A1-1F08869BF533}" = CCC Help Italian
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
"{842311BF-3041-43AE-9AE9-E4170471F313}_is1" = MO Virtual Router version 1.0
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DEE4371-EECC-8266-160B-881BCA18C242}" = CCC Help Polish
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1" = Ashampoo Burning Studio 2013 v.11.0.6
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DFD3FE7-7378-5405-4EBA-762DF95D19EC}" = CCC Help Turkish
"{A09F1378-BD95-F125-18C7-1DF13B970C6D}" = Catalyst Control Center Localization All
"{A0C690DD-FAD2-7234-45B8-4DF7466FE93C}" = CCC Help Thai
"{A6CD541A-2A16-026B-BD94-199288B4251C}" = CCC Help Hungarian
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.05) - Deutsch
"{AE6443AB-38CA-EEB5-8168-5D3871C2D5BE}" = CCC Help Dutch
"{B0002707-4F7E-4745-88A7-852DA8A88635}" = ASUS Sonic Focus
"{B0A6D594-DAA5-87D6-2C37-2804B3A0C198}" = CCC Help Japanese
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}" = ASUS FancyStart
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CD5B7679-12CF-DD7A-9A55-7D803C90D03E}" = CCC Help Danish
"{CD70FB8F-A63C-DD46-49B8-D769754E191B}" = CCC Help Russian
"{D92302B0-F400-DCD1-B2CC-3434CD49BFE1}" = CCC Help Spanish
"{DF9ABEE2-E295-0C3F-52E7-ACDD161D4D90}" = CCC Help Norwegian
"{E7667BC5-E028-5946-2D9F-F96ED37A8EFE}" = CCC Help English
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Hama Wireless LAN Adapter
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1132A32-7F8C-C85B-4811-9D3B879468E4}" = CCC Help Chinese Traditional
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC5C4105-7B1A-3210-C11A-F522F25FDCFA}" = CCC Help Chinese Standard
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"ASUS_Screensaver" = ASUS_Screensaver
"Avira AntiVir Desktop" = Avira Free Antivirus
"Mozilla Firefox 25.0.1 (x86 de)" = Mozilla Firefox 25.0.1 (x86 de)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"tulox Freeware-Wörterbuch (Französisch)" = tulox Freeware-Wörterbuch (Französisch)
"WinRAR archiver" = WinRAR Archivierer
"WS_FTP Pro" = Ipswitch WS_FTP Pro

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2415952919-342969038-3676353109-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10.12.2013 14:29:06 | Computer Name = system | Source = WinMgmt | ID = 10
Description =

Error - 10.12.2013 14:47:38 | Computer Name = system | Source = Application Hang | ID = 1002
Description = Programm SkypeSetup.exe, Version 6.11.0.102 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: ddc Startzeit: 01cef5d60a226316 Endzeit: 20 Anwendungspfad: C:\Users\INTERNET\Downloads\SkypeSetup.exe

Berichts-ID:

Error - 10.12.2013 15:00:54 | Computer Name = system | Source = Application Hang | ID = 1002
Description = Programm SkypeSetup.exe, Version 6.11.0.102 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: fd4 Startzeit: 01cef5d9b7434619 Endzeit: 16 Anwendungspfad: C:\Users\INTERNET\Downloads\SkypeSetup.exe

Berichts-ID:

Error - 11.12.2013 03:33:02 | Computer Name = system | Source = WinMgmt | ID = 10
Description =

Error - 11.12.2013 06:14:05 | Computer Name = system | Source = WinMgmt | ID = 10
Description =

Error - 11.12.2013 12:34:49 | Computer Name = system | Source = WinMgmt | ID = 10
Description =

Error - 11.12.2013 19:00:13 | Computer Name = system | Source = WinMgmt | ID = 10
Description =

Error - 11.12.2013 19:10:57 | Computer Name = system | Source = WinMgmt | ID = 10
Description =

Error - 11.12.2013 19:48:22 | Computer Name = system | Source = Application Hang | ID = 1002
Description = Programm otl.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 12c4 Startzeit:
01cef6ca728130d8 Endzeit: 31 Anwendungspfad: C:\Users\INTERNET\Downloads\otl.exe Berichts-ID:

Error - 11.12.2013 20:33:22 | Computer Name = system | Source = Application Hang | ID = 1002
Description = Programm otl.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 106c Startzeit:
01cef6cbfdeea187 Endzeit: 0 Anwendungspfad: C:\Users\INTERNET\Downloads\otl.exe Berichts-ID:

[ System Events ]
Error - 11.12.2013 18:16:41 | Computer Name = system | Source = ipnathlp | ID = 34001
Description =

Error - 11.12.2013 18:17:12 | Computer Name = system | Source = ipnathlp | ID = 30013
Description =

Error - 11.12.2013 18:18:48 | Computer Name = system | Source = ipnathlp | ID = 30009
Description =

Error - 11.12.2013 18:20:56 | Computer Name = system | Source = ipnathlp | ID = 34001
Description =

Error - 11.12.2013 18:40:03 | Computer Name = system | Source = ipnathlp | ID = 30013
Description =

Error - 11.12.2013 19:08:51 | Computer Name = system | Source = ipnathlp | ID = 31004
Description =

Error - 11.12.2013 19:13:06 | Computer Name = system | Source = ipnathlp | ID = 31004
Description =

Error - 11.12.2013 19:13:22 | Computer Name = system | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147014847

Error - 11.12.2013 19:13:22 | Computer Name = system | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147014847

Error - 11.12.2013 19:18:32 | Computer Name = system | Source = ipnathlp | ID = 31004
Description =

< End of report >

Zitat:

OTL logfile created on: 12.12.2013 01:38:59 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\INTERNET\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,61 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 67,53% Memory free
7,21 Gb Paging File | 5,87 Gb Available in Paging File | 81,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 73,38 Gb Total Space | 39,61 Gb Free Space | 53,98% Space Free | Partition Type: NTFS
Drive E: | 224,61 Gb Total Space | 178,14 Gb Free Space | 79,31% Space Free | Partition Type: NTFS

Computer Name: SYSTEM | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\INTERNET\Downloads\otl.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Connectify\ConnectifyD.exe (Connectify)
PRC - C:\Program Files (x86)\Connectify\ConnectifyService.exe (Connectify)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Connectify) -- C:\Program Files (x86)\Connectify\ConnectifyService.exe (Connectify)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (cnnctfy3) -- C:\Windows\SysNative\drivers\cnnctfy3.sys (Connectify)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avnetflt) -- C:\Windows\SysNative\drivers\avnetflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2415952919-342969038-3676353109-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/androidnews/ [binary data]
IE - HKU\S-1-5-21-2415952919-342969038-3676353109-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2415952919-342969038-3676353109-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2415952919-342969038-3676353109-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E 67 EE 5B 2B 96 CE 01 [binary data]
IE - HKU\S-1-5-21-2415952919-342969038-3676353109-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2415952919-342969038-3676353109-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2415952919-342969038-3676353109-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2415952919-342969038-3676353109-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2415952919-342969038-3676353109-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2415952919-342969038-3676353109-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 E2 2E 4C D4 C5 CE 01 [binary data]
IE - HKU\S-1-5-21-2415952919-342969038-3676353109-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2415952919-342969038-3676353109-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2415952919-342969038-3676353109-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2415952919-342969038-3676353109-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.de|hxxp://www.giga.de/androidnews/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013.08.08 22:06:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions
[2013.10.06 22:52:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.10.06 22:52:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.11.17 09:11:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (WsftpBrowserHelper Class) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files (x86)\WS_FTP Pro\wsbho2k0.dll (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Connectify Dispatch] C:\Program Files (x86)\Connectify\DispatchUI.exe (Connectify)
O4:64bit: - HKLM..\Run: [Connectify Hotspot] C:\Program Files (x86)\Connectify\Connectify.exe (Connectify)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2415952919-342969038-3676353109-1000..\Run: [Virtual WiFi Router] "C:\Program Files (x86)\Virtual WiFi Router\Virtual WiFi Router.exe" File not found
O4 - HKU\S-1-5-21-2415952919-342969038-3676353109-1000..\Run: [winhotspot] C:\Program Files (x86)\winhotspot\winhotspot_version_1.2.42_dot_net_3.5.exe ()
O4:64bit: - HKLM..\RunOnce: [ConnecitfyTemp 5] cmd /Q /C "rmdir /S /Q C:\Users\admin\AppData\Local\Temp\Connectify\5" File not found
O4:64bit: - HKLM..\RunOnce: [ConnecitfyTemp 6] cmd /Q /C "rmdir /S /Q C:\Users\admin\AppData\Local\Temp\Connectify\6" File not found
O4:64bit: - HKLM..\RunOnce: [ConnecitfyTemp d] cmd /Q /C "rmdir /S /Q C:\Users\admin\AppData\Local\Temp\Connectify\d" File not found
O4:64bit: - HKLM..\RunOnce: [ConnecitfyTemp e] cmd /Q /C "rmdir /S /Q C:\Users\admin\AppData\Local\Temp\Connectify\e" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0A4026B-6CA5-4E86-A1BF-7F35E33F9200}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E11E18F6-FA54-4C14-BCAC-7C73107031C3}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b41d684f-021d-11e3-8007-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b41d684f-021d-11e3-8007-806e6f6e6963}\Shell\AutoRun\command - "" = F:\GSLoader.exe
O33 - MountPoints2\{bb50d35a-0087-11e3-a5db-bcf271c359f8}\Shell - "" = AutoRun
O33 - MountPoints2\{bb50d35a-0087-11e3-a5db-bcf271c359f8}\Shell\AutoRun\command - "" = F:\GSLoader.exe
O33 - MountPoints2\{f4663852-0086-11e3-946d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f4663852-0086-11e3-946d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\InstAll.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.12.12 00:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connectify
[2013.12.12 00:07:30 | 000,035,352 | ---- | C] (Connectify) -- C:\Windows\SysNative\drivers\cnnctfy3.sys
[2013.12.11 23:56:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Connectify
[2013.12.11 23:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Connectify
[2013.12.11 23:34:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MO Virtual Router
[2013.12.11 23:34:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MO Virtual Router
[2013.12.10 20:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.12.10 20:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.12.10 20:01:33 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.12.09 11:23:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtual Router
[2013.12.08 18:31:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtual Router0
[2013.12.08 12:55:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.12.07 13:00:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\winhotspot
[2013.12.07 12:40:37 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Apple Computer
[2013.11.26 18:12:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.11.26 18:12:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013.11.26 18:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.11.26 18:11:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013.11.26 18:10:58 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Apple
[2013.11.26 18:10:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.11.26 18:10:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013.11.23 08:37:02 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Avira
[2013.11.23 01:16:17 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\uTorrent
[2013.11.21 23:14:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2013.11.21 22:59:38 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.11.21 22:59:38 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.11.21 17:17:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.11.21 17:17:16 | 000,132,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.11.21 17:17:16 | 000,083,160 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.11.21 17:17:16 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.11.21 17:17:15 | 000,107,416 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.11.21 17:17:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.11.17 22:13:24 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.11.15 23:20:27 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013.11.14 09:22:13 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2013.11.14 00:36:20 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013.11.14 00:36:20 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013.11.14 00:36:20 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2013.11.13 17:46:14 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2013.11.13 17:46:14 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2013.11.12 16:27:18 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Macromedia
[2013.11.12 16:27:18 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Macromedia
[2013.11.12 16:27:18 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Adobe

========== Files - Modified Within 30 Days ==========

[2013.12.12 01:04:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.12.12 00:19:16 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.12.12 00:19:16 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.12.12 00:10:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.12.12 00:10:16 | 2903,269,376 | -HS- | M] () -- C:\hiberfil.sys
[2013.12.12 00:08:56 | 000,000,374 | ---- | M] () -- C:\Users\Public\Desktop\Connectify Dispatch.lnk
[2013.12.12 00:08:56 | 000,000,358 | ---- | M] () -- C:\Users\Public\Desktop\Connectify Hotspot.lnk
[2013.12.12 00:07:30 | 000,035,352 | ---- | M] (Connectify) -- C:\Windows\SysNative\drivers\cnnctfy3.sys
[2013.12.11 22:12:38 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.12.11 22:12:38 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.12.11 11:17:17 | 000,698,926 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.12.11 11:17:17 | 000,653,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.12.11 11:17:17 | 000,149,034 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.12.11 11:17:17 | 000,121,596 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.12.11 11:17:16 | 001,618,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.12.10 20:01:34 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.12.08 23:11:00 | 000,000,380 | ---- | M] () -- C:\Users\admin\AppData\Roaming\sp_data.sys
[2013.12.03 14:07:13 | 000,107,416 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.11.21 17:17:37 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.11.15 23:36:26 | 001,592,784 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2013.12.12 00:08:56 | 000,000,374 | ---- | C] () -- C:\Users\Public\Desktop\Connectify Dispatch.lnk
[2013.12.12 00:08:56 | 000,000,358 | ---- | C] () -- C:\Users\Public\Desktop\Connectify Hotspot.lnk
[2013.12.10 20:01:34 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.11.26 18:10:56 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013.11.21 22:59:39 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.11.21 17:17:37 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.11.15 23:23:35 | 001,592,784 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.10.08 18:38:13 | 000,007,599 | ---- | C] () -- C:\Users\admin\AppData\Local\Resmon.ResmonCfg
[2013.08.11 01:46:15 | 000,000,380 | ---- | C] () -- C:\Users\admin\AppData\Roaming\sp_data.sys
[2013.08.11 01:34:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.08.11 01:31:14 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013.08.11 01:31:14 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013.08.11 01:31:13 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.03.21 21:54:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2012.03.21 21:54:22 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010.11.21 04:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.11.21 04:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.08.08 21:31:54 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Ashampoo
[2013.10.17 21:44:59 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\MP3SkypeRecorder
[2013.08.11 01:18:04 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\OTi
[2013.11.23 01:16:19 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\uTorrent
[2013.11.23 08:42:58 | 000,000,000 | ---D | M] -- C:\Users\INTERNET\AppData\Roaming\uTorrent

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2013.11.17 19:13:06 | 104,695,876 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\䴇춧ᵌ
[2013.11.17 19:13:06 | 104,695,876 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\䴇춧ᵌ
[2013.10.09 14:01:52 | 100,146,679 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\�⓿ᵌ”
[2013.10.09 14:01:52 | 100,146,679 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\�⓿ᵌ”
[2013.10.08 16:43:41 | 099,859,239 | ---- | M] ()(C:\Windows\SysWow64\???ª) -- C:\Windows\SysWow64\莙ᵌª
[2013.10.08 16:43:41 | 099,859,239 | ---- | C] ()(C:\Windows\SysWow64\???ª) -- C:\Windows\SysWow64\莙ᵌª

< End of report >

schrauber · 12.12.2013, 06:51

hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

daday · 12.12.2013, 10:34

Hallo und vielen Dank für die schnelle Antwort.
Hier nochmal die Dateien:
Gruß
daday
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-12-2013
Ran by admin (administrator) on SYSTEM on 12-12-2013 10:28:28
Running from C:\Users\INTERNET\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Connectify) C:\Program Files (x86)\Connectify\ConnectifyService.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectifyd.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectify.exe
(Connectify) C:\Program Files (x86)\Connectify\DispatchUI.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Windows\AsScrPro.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [Connectify Hotspot] - C:\Program Files (x86)\Connectify\Connectify.exe [3727648 2013-11-05] (Connectify)
HKLM\...\Run: [Connectify Dispatch] - C:\Program Files (x86)\Connectify\DispatchUI.exe [1656608 2013-11-05] (Connectify)
HKLM\...\Runonce: [ConnecitfyTemp d] - cmd /Q /C "rmdir /S /Q C:\Users\admin\AppData\Local\Temp\Connectify\d"
HKLM\...\Runonce: [ConnecitfyTemp e] - cmd /Q /C "rmdir /S /Q C:\Users\admin\AppData\Local\Temp\Connectify\e"
HKLM\...\Runonce: [ConnecitfyTemp 5] - cmd /Q /C "rmdir /S /Q C:\Users\admin\AppData\Local\Temp\Connectify\5"
HKLM\...\Runonce: [ConnecitfyTemp 6] - cmd /Q /C "rmdir /S /Q C:\Users\admin\AppData\Local\Temp\Connectify\6"
HKCU\...\Run: [Virtual WiFi Router] - "C:\Program Files (x86)\Virtual WiFi Router\Virtual WiFi Router.exe"
HKCU\...\Run: [winhotspot] - C:\Program Files (x86)\winhotspot\winhotspot_version_1.2.42_dot_net_3.5.exe [158208 2013-12-07] ()
MountPoints2: {b41d684f-021d-11e3-8007-806e6f6e6963} - F:\GSLoader.exe
MountPoints2: {bb50d35a-0087-11e3-a5db-bcf271c359f8} - F:\GSLoader.exe
MountPoints2: {f4663852-0086-11e3-946d-806e6f6e6963} - D:\InstAll.exe
HKLM-x32\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-21] (ASUS)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] - C:\Windows\AsScrPro.exe [3058304 2013-08-11] (ASUS)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-10-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4E67EE5B2B96CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/androidnews/
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files (x86)\WS_FTP Pro\wsbho2k0.dll (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\xpfivy7u.default
FF Homepage: google.de|hxxp://www.giga.de/androidnews/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-03-21] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-10-31] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1164360 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [487936 2013-11-05] (Connectify)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-31] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [83160 2013-10-31] (Avira Operations GmbH & Co. KG)
R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [35352 2013-12-12] (Connectify)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 ASUSProcObsrv; \??\D:\I386\AsPrOb64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-12 10:24 - 2013-12-12 10:28 - 00009371 _____ C:\Users\INTERNET\Desktop\FRST.txt
2013-12-12 10:24 - 2013-12-12 10:24 - 00000000 ____D C:\FRST
2013-12-12 10:23 - 2013-12-12 10:23 - 01927106 _____ (Farbar) C:\Users\INTERNET\Desktop\FRST64.exe
2013-12-12 01:01 - 2013-12-12 02:24 - 00053738 _____ C:\Users\INTERNET\Downloads\Extras.Txt
2013-12-12 00:58 - 2013-12-12 02:24 - 00063444 _____ C:\Users\INTERNET\Downloads\OTL.Txt
2013-12-12 00:40 - 2013-12-12 00:40 - 00602112 _____ (OldTimer Tools) C:\Users\INTERNET\Downloads\otl.exe
2013-12-12 00:08 - 2013-12-12 00:08 - 00000374 _____ C:\Users\Public\Desktop\Connectify Dispatch.lnk
2013-12-12 00:08 - 2013-12-12 00:08 - 00000358 _____ C:\Users\Public\Desktop\Connectify Hotspot.lnk
2013-12-12 00:07 - 2013-12-12 00:07 - 00035352 _____ (Connectify) C:\Windows\system32\Drivers\cnnctfy3.sys
2013-12-12 00:03 - 2013-12-12 00:06 - 07709312 _____ C:\Users\INTERNET\Downloads\ConnectifyInstaller.exe
2013-12-11 23:56 - 2013-12-12 00:13 - 00000000 ____D C:\Program Files (x86)\Connectify
2013-12-11 23:56 - 2013-12-12 00:02 - 00000000 ____D C:\ProgramData\Connectify
2013-12-11 23:34 - 2013-12-11 23:34 - 00000000 ____D C:\Program Files (x86)\MO Virtual Router
2013-12-11 23:32 - 2013-12-11 23:32 - 00342135 _____ (Murat ÖZKUL                                                 ) C:\Users\INTERNET\Downloads\MOVirtualRouter_Setup.exe
2013-12-11 11:52 - 2013-12-11 11:54 - 00000176 _____ C:\Users\INTERNET\Desktop\français avec victor.txt
2013-12-10 20:01 - 2013-12-11 19:35 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-10 20:01 - 2013-12-10 20:01 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-12-10 20:00 - 2013-12-10 20:00 - 00003142 _____ C:\Windows\System32\Tasks\{E4F887D6-46D4-4F49-8F4A-CF9104970836}
2013-12-10 19:46 - 2013-12-10 19:46 - 00003142 _____ C:\Windows\System32\Tasks\{EE2D957F-3AB5-4238-9BA8-1DB3CC57897B}
2013-12-10 19:24 - 2013-12-10 19:24 - 01551008 _____ (Skype Technologies S.A.) C:\Users\INTERNET\Downloads\SkypeSetup.exe
2013-12-10 10:22 - 2013-12-10 10:22 - 00180638 _____ C:\Users\INTERNET\Desktop\e-verbe.apk
2013-12-09 16:39 - 2013-12-09 16:39 - 00000010 _____ C:\Users\INTERNET\Desktop\kennwort-home.txt
2013-12-09 11:23 - 2013-12-11 23:47 - 00000000 ____D C:\Program Files (x86)\Virtual Router
2013-12-08 19:45 - 2013-12-08 19:45 - 01373696 _____ C:\Users\INTERNET\Downloads\VirtualRouterInstaller10.msi
2013-12-08 19:38 - 2013-12-08 19:45 - 01373696 _____ C:\Users\INTERNET\Downloads\VirtualRouterInstallerneu.msi
2013-12-08 18:41 - 2013-12-08 18:41 - 00000000 ____D C:\Users\INTERNET\AppData\Local\Chris_Pietschmann_(http__
2013-12-08 18:31 - 2013-12-09 11:22 - 00000000 ____D C:\Program Files (x86)\Virtual Router0
2013-12-08 15:31 - 2013-12-08 15:31 - 04734018 _____ C:\Users\INTERNET\Downloads\nat32v2.zip
2013-12-08 15:27 - 2013-12-08 15:58 - 226582528 _____ C:\Users\INTERNET\Downloads\Express-3.1-rc3-x86_64.iso
2013-12-08 15:24 - 2013-12-08 15:24 - 00000000 ____D C:\Users\INTERNET\Downloads\opt
2013-12-08 14:09 - 2013-12-08 14:18 - 00000000 ____D C:\Users\Administrator
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Vorlagen
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Startmenü
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Netzwerkumgebung
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Lokale Einstellungen
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Eigene Dateien
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Druckumgebung
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Musik
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Bilder
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Verlauf
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Anwendungsdaten
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Anwendungsdaten
2013-12-07 19:54 - 2013-12-07 22:25 - 85067689 _____ C:\Users\INTERNET\Downloads\Vocabulaire en dialogues debutant.rar.part
2013-12-07 19:54 - 2013-12-07 19:54 - 00000000 _____ C:\Users\INTERNET\Downloads\Vocabulaire en dialogues debutant.rar
2013-12-07 13:23 - 2013-12-07 13:23 - 01757632 _____ C:\Users\INTERNET\Downloads\openvpn-install-2.3.2-I003-x86_64.exe
2013-12-07 13:04 - 2013-12-07 13:09 - 00013824 _____ C:\Users\admin\AppData\Roaming\Winhotspot.log
2013-12-07 13:00 - 2013-12-08 18:13 - 00000000 ____D C:\Program Files (x86)\winhotspot
2013-12-07 12:56 - 2013-12-08 18:13 - 00000000 ____D C:\Users\INTERNET\Downloads\VirtualRouterPlus
2013-12-07 12:40 - 2013-12-07 12:40 - 00000000 ____D C:\Users\admin\AppData\Roaming\Apple Computer
2013-12-05 19:31 - 2013-12-05 19:31 - 00000051 _____ C:\Users\INTERNET\Desktop\home.txt
2013-11-28 18:06 - 2013-11-28 18:06 - 00000000 ____D C:\Users\INTERNET\AppData\Local\Evernote
2013-11-28 18:05 - 2013-12-08 18:13 - 00000000 ____D C:\Users\INTERNET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evernote
2013-11-28 18:05 - 2013-12-08 18:12 - 00000000 ____D C:\Users\INTERNET\AppData\Local\Apps\Evernote
2013-11-28 18:05 - 2013-11-28 18:05 - 00001222 _____ C:\Users\INTERNET\Desktop\Evernote.lnk
2013-11-28 17:45 - 2013-11-28 18:03 - 58823520 _____ (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\INTERNET\Downloads\Evernote_5.0.3.1614.exe
2013-11-27 10:28 - 2013-11-25 21:00 - 1891539492 _____ C:\Users\INTERNET\Desktop\Ronja_roh_Ausspielung.mov
2013-11-26 18:22 - 2013-11-26 18:22 - 00000000 ____D C:\Users\INTERNET\AppData\Local\Apple Computer
2013-11-26 18:20 - 2013-11-27 08:30 - 00000000 ____D C:\Users\INTERNET\AppData\Roaming\Apple Computer
2013-11-26 18:12 - 2013-11-26 18:12 - 00000000 ____D C:\ProgramData\Apple Computer
2013-11-26 18:12 - 2013-11-26 18:12 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-11-26 18:10 - 2013-11-26 18:10 - 00000000 ____D C:\Users\admin\AppData\Local\Apple
2013-11-26 18:10 - 2013-11-26 18:10 - 00000000 ____D C:\ProgramData\Apple
2013-11-26 18:10 - 2013-11-26 18:10 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-11-26 17:58 - 2013-11-26 18:08 - 41404760 _____ (Apple Inc.) C:\Users\INTERNET\Downloads\QuickTimeInstaller.exe
2013-11-26 10:08 - 2013-11-26 10:08 - 00000207 _____ C:\Users\INTERNET\Desktop\Termin-plan-theater.txt
2013-11-23 09:06 - 2013-11-23 09:08 - 07709312 _____ C:\Users\INTERNET\Downloads\Connectify71Installer.exe
2013-11-23 08:37 - 2013-11-23 08:37 - 00000000 ____D C:\Users\admin\AppData\Roaming\Avira
2013-11-23 01:16 - 2013-11-23 01:16 - 00000000 ____D C:\Users\admin\AppData\Roaming\uTorrent
2013-11-23 01:15 - 2013-11-23 08:42 - 00000000 ____D C:\Users\INTERNET\AppData\Roaming\uTorrent
2013-11-23 01:14 - 2013-11-23 01:14 - 01142864 _____ (BitTorrent Inc.) C:\Users\INTERNET\Downloads\uTorrent-30303.exe
2013-11-22 16:29 - 2013-11-22 16:29 - 00000000 ____D C:\Users\INTERNET\Downloads\ProcessMonitor
2013-11-22 16:24 - 2013-11-22 16:24 - 01110478 _____ C:\Users\INTERNET\Downloads\ProcessMonitor.zip
2013-11-21 23:14 - 2013-11-21 23:14 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-11-21 22:59 - 2013-12-12 02:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-21 22:59 - 2013-12-11 22:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-21 22:59 - 2013-12-11 22:12 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-21 22:59 - 2013-12-11 22:12 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-21 18:25 - 2013-11-21 18:25 - 00000000 ____D C:\Users\INTERNET\AppData\Roaming\Avira
2013-11-21 17:17 - 2013-12-03 14:07 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-21 17:17 - 2013-11-21 17:17 - 00002066 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-11-21 17:17 - 2013-11-21 17:17 - 00000000 ____D C:\Program Files (x86)\Avira
2013-11-21 17:17 - 2013-10-31 19:25 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-21 17:17 - 2013-10-31 19:25 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-21 17:17 - 2013-10-31 19:25 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-21 16:28 - 2013-11-21 17:14 - 126764512 _____ C:\Users\INTERNET\Downloads\avira_free_antivirus_de.exe
2013-11-21 16:23 - 2013-12-11 23:59 - 00101852 _____ C:\Windows\PFRO.log
2013-11-21 11:10 - 2013-12-12 10:15 - 01383284 _____ C:\Windows\WindowsUpdate.log
2013-11-21 11:05 - 2013-12-12 10:10 - 00004256 _____ C:\Windows\setupact.log
2013-11-21 11:05 - 2013-11-21 11:05 - 00000000 _____ C:\Windows\setuperr.log
2013-11-18 18:03 - 2013-11-18 18:05 - 06199091 _____ C:\Users\INTERNET\Downloads\NexusLouderV8B1-Final.zip
2013-11-18 18:03 - 2013-11-18 18:03 - 00162620 _____ C:\Users\INTERNET\Downloads\NexusLouderV8B1-Revert.zip
2013-11-17 22:13 - 2013-11-21 10:38 - 00000000 ____D C:\Windows\Minidump
2013-11-17 19:13 - 2013-11-17 19:13 - 104695876 _____ C:\Windows\SysWOW64\䴇춧ᵌ
2013-11-16 14:12 - 2013-11-16 14:12 - 00004096 ____H C:\Users\INTERNET\AppData\Local\keyfile3.drm
2013-11-15 23:23 - 2013-11-15 23:36 - 01592784 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-14 09:22 - 2010-02-23 09:16 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2013-11-14 00:36 - 2012-03-01 07:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2013-11-14 00:36 - 2012-03-01 07:38 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-11-14 00:36 - 2012-03-01 07:33 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-11-14 00:36 - 2012-03-01 07:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2013-11-14 00:36 - 2012-03-01 06:37 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-11-14 00:36 - 2012-03-01 06:33 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-11-14 00:36 - 2012-03-01 06:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2013-11-13 17:46 - 2012-02-17 07:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2013-11-13 17:46 - 2012-02-17 06:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2013-11-13 17:46 - 2012-02-17 05:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2013-11-13 17:46 - 2012-02-17 05:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2013-11-12 16:46 - 2008-01-21 10:21 - 00397312 _____ (Microsoft Corporation) C:\Users\INTERNET\Desktop\WinMail.exe
2013-11-12 16:27 - 2013-11-12 16:27 - 00000000 ____D C:\Users\admin\AppData\Roaming\Macromedia
2013-11-12 16:27 - 2013-11-12 16:27 - 00000000 ____D C:\Users\admin\AppData\Roaming\Adobe
2013-11-12 16:27 - 2013-11-12 16:27 - 00000000 ____D C:\Users\admin\AppData\Local\Macromedia
2013-11-12 16:15 - 2013-11-12 16:15 - 01699130 _____ C:\Users\INTERNET\Desktop\Windows_Mail.rar
2013-11-12 16:15 - 2013-11-12 16:15 - 00000000 ____D C:\Users\INTERNET\Desktop\64bit

==================== One Month Modified Files and Folders =======

2013-12-12 10:28 - 2013-12-12 10:24 - 00009371 _____ C:\Users\INTERNET\Desktop\FRST.txt
2013-12-12 10:24 - 2013-12-12 10:24 - 00000000 ____D C:\FRST
2013-12-12 10:23 - 2013-12-12 10:23 - 01927106 _____ (Farbar) C:\Users\INTERNET\Desktop\FRST64.exe
2013-12-12 10:19 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-12 10:19 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-12 10:15 - 2013-11-21 11:10 - 01383284 _____ C:\Windows\WindowsUpdate.log
2013-12-12 10:12 - 2013-09-16 10:19 - 00000514 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-12-12 10:11 - 2013-08-09 10:18 - 00000380 _____ C:\Users\INTERNET\AppData\Roaming\sp_data.sys
2013-12-12 10:10 - 2013-11-21 11:05 - 00004256 _____ C:\Windows\setupact.log
2013-12-12 10:10 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-12 02:24 - 2013-12-12 01:01 - 00053738 _____ C:\Users\INTERNET\Downloads\Extras.Txt
2013-12-12 02:24 - 2013-12-12 00:58 - 00063444 _____ C:\Users\INTERNET\Downloads\OTL.Txt
2013-12-12 02:04 - 2013-11-21 22:59 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-12 00:40 - 2013-12-12 00:40 - 00602112 _____ (OldTimer Tools) C:\Users\INTERNET\Downloads\otl.exe
2013-12-12 00:13 - 2013-12-11 23:56 - 00000000 ____D C:\Program Files (x86)\Connectify
2013-12-12 00:08 - 2013-12-12 00:08 - 00000374 _____ C:\Users\Public\Desktop\Connectify Dispatch.lnk
2013-12-12 00:08 - 2013-12-12 00:08 - 00000358 _____ C:\Users\Public\Desktop\Connectify Hotspot.lnk
2013-12-12 00:07 - 2013-12-12 00:07 - 00035352 _____ (Connectify) C:\Windows\system32\Drivers\cnnctfy3.sys
2013-12-12 00:06 - 2013-12-12 00:03 - 07709312 _____ C:\Users\INTERNET\Downloads\ConnectifyInstaller.exe
2013-12-12 00:06 - 2013-08-11 01:12 - 00000000 ____D C:\Users\admin
2013-12-12 00:02 - 2013-12-11 23:56 - 00000000 ____D C:\ProgramData\Connectify
2013-12-11 23:59 - 2013-11-21 16:23 - 00101852 _____ C:\Windows\PFRO.log
2013-12-11 23:47 - 2013-12-09 11:23 - 00000000 ____D C:\Program Files (x86)\Virtual Router
2013-12-11 23:34 - 2013-12-11 23:34 - 00000000 ____D C:\Program Files (x86)\MO Virtual Router
2013-12-11 23:32 - 2013-12-11 23:32 - 00342135 _____ (Murat ÖZKUL                                                 ) C:\Users\INTERNET\Downloads\MOVirtualRouter_Setup.exe
2013-12-11 23:16 - 2013-09-11 00:52 - 00000000 ____D C:\Users\INTERNET\AppData\Roaming\Skype
2013-12-11 22:12 - 2013-11-21 22:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 22:12 - 2013-11-21 22:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 22:12 - 2013-11-21 22:59 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 19:36 - 2013-09-11 00:51 - 00000000 ____D C:\ProgramData\Skype
2013-12-11 19:35 - 2013-12-10 20:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-11 11:54 - 2013-12-11 11:52 - 00000176 _____ C:\Users\INTERNET\Desktop\français avec victor.txt
2013-12-11 11:17 - 2011-04-12 08:43 - 00698926 _____ C:\Windows\system32\perfh007.dat
2013-12-11 11:17 - 2011-04-12 08:43 - 00149034 _____ C:\Windows\system32\perfc007.dat
2013-12-11 11:17 - 2009-07-14 06:13 - 01618320 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-10 20:01 - 2013-12-10 20:01 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-12-10 20:00 - 2013-12-10 20:00 - 00003142 _____ C:\Windows\System32\Tasks\{E4F887D6-46D4-4F49-8F4A-CF9104970836}
2013-12-10 19:46 - 2013-12-10 19:46 - 00003142 _____ C:\Windows\System32\Tasks\{EE2D957F-3AB5-4238-9BA8-1DB3CC57897B}
2013-12-10 19:24 - 2013-12-10 19:24 - 01551008 _____ (Skype Technologies S.A.) C:\Users\INTERNET\Downloads\SkypeSetup.exe
2013-12-10 10:22 - 2013-12-10 10:22 - 00180638 _____ C:\Users\INTERNET\Desktop\e-verbe.apk
2013-12-09 16:39 - 2013-12-09 16:39 - 00000010 _____ C:\Users\INTERNET\Desktop\kennwort-home.txt
2013-12-09 16:38 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-12-09 11:22 - 2013-12-08 18:31 - 00000000 ____D C:\Program Files (x86)\Virtual Router0
2013-12-08 23:11 - 2013-08-11 01:46 - 00000380 _____ C:\Users\admin\AppData\Roaming\sp_data.sys
2013-12-08 19:45 - 2013-12-08 19:45 - 01373696 _____ C:\Users\INTERNET\Downloads\VirtualRouterInstaller10.msi
2013-12-08 19:45 - 2013-12-08 19:38 - 01373696 _____ C:\Users\INTERNET\Downloads\VirtualRouterInstallerneu.msi
2013-12-08 18:41 - 2013-12-08 18:41 - 00000000 ____D C:\Users\INTERNET\AppData\Local\Chris_Pietschmann_(http__
2013-12-08 18:35 - 2013-08-08 22:48 - 00000000 ____D C:\Users\INTERNET
2013-12-08 18:14 - 2011-04-12 08:54 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-12-08 18:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-08 18:13 - 2013-12-07 13:00 - 00000000 ____D C:\Program Files (x86)\winhotspot
2013-12-08 18:13 - 2013-12-07 12:56 - 00000000 ____D C:\Users\INTERNET\Downloads\VirtualRouterPlus
2013-12-08 18:13 - 2013-11-28 18:05 - 00000000 ____D C:\Users\INTERNET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evernote
2013-12-08 18:13 - 2013-11-06 01:30 - 00000000 ____D C:\Users\admin\AppData\Local\Chris_Pietschmann_(http__
2013-12-08 18:13 - 2013-08-11 01:37 - 00000000 ____D C:\ProgramData\P4G
2013-12-08 18:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-12-08 18:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-12-08 18:12 - 2013-11-28 18:05 - 00000000 ____D C:\Users\INTERNET\AppData\Local\Apps\Evernote
2013-12-08 15:58 - 2013-12-08 15:27 - 226582528 _____ C:\Users\INTERNET\Downloads\Express-3.1-rc3-x86_64.iso
2013-12-08 15:31 - 2013-12-08 15:31 - 04734018 _____ C:\Users\INTERNET\Downloads\nat32v2.zip
2013-12-08 15:24 - 2013-12-08 15:24 - 00000000 ____D C:\Users\INTERNET\Downloads\opt
2013-12-08 14:18 - 2013-12-08 14:09 - 00000000 ____D C:\Users\Administrator
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Vorlagen
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Startmenü
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Netzwerkumgebung
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Lokale Einstellungen
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Eigene Dateien
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Druckumgebung
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Musik
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Bilder
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Verlauf
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Anwendungsdaten
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Anwendungsdaten
2013-12-07 22:25 - 2013-12-07 19:54 - 85067689 _____ C:\Users\INTERNET\Downloads\Vocabulaire en dialogues debutant.rar.part
2013-12-07 19:54 - 2013-12-07 19:54 - 00000000 _____ C:\Users\INTERNET\Downloads\Vocabulaire en dialogues debutant.rar
2013-12-07 13:23 - 2013-12-07 13:23 - 01757632 _____ C:\Users\INTERNET\Downloads\openvpn-install-2.3.2-I003-x86_64.exe
2013-12-07 13:09 - 2013-12-07 13:04 - 00013824 _____ C:\Users\admin\AppData\Roaming\Winhotspot.log
2013-12-07 12:40 - 2013-12-07 12:40 - 00000000 ____D C:\Users\admin\AppData\Roaming\Apple Computer
2013-12-05 19:31 - 2013-12-05 19:31 - 00000051 _____ C:\Users\INTERNET\Desktop\home.txt
2013-12-03 14:07 - 2013-11-21 17:17 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-28 18:06 - 2013-11-28 18:06 - 00000000 ____D C:\Users\INTERNET\AppData\Local\Evernote
2013-11-28 18:05 - 2013-11-28 18:05 - 00001222 _____ C:\Users\INTERNET\Desktop\Evernote.lnk
2013-11-28 18:03 - 2013-11-28 17:45 - 58823520 _____ (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\INTERNET\Downloads\Evernote_5.0.3.1614.exe
2013-11-27 08:30 - 2013-11-26 18:20 - 00000000 ____D C:\Users\INTERNET\AppData\Roaming\Apple Computer
2013-11-26 18:22 - 2013-11-26 18:22 - 00000000 ____D C:\Users\INTERNET\AppData\Local\Apple Computer
2013-11-26 18:12 - 2013-11-26 18:12 - 00000000 ____D C:\ProgramData\Apple Computer
2013-11-26 18:12 - 2013-11-26 18:12 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-11-26 18:10 - 2013-11-26 18:10 - 00000000 ____D C:\Users\admin\AppData\Local\Apple
2013-11-26 18:10 - 2013-11-26 18:10 - 00000000 ____D C:\ProgramData\Apple
2013-11-26 18:10 - 2013-11-26 18:10 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-11-26 18:08 - 2013-11-26 17:58 - 41404760 _____ (Apple Inc.) C:\Users\INTERNET\Downloads\QuickTimeInstaller.exe
2013-11-26 10:08 - 2013-11-26 10:08 - 00000207 _____ C:\Users\INTERNET\Desktop\Termin-plan-theater.txt
2013-11-25 21:00 - 2013-11-27 10:28 - 1891539492 _____ C:\Users\INTERNET\Desktop\Ronja_roh_Ausspielung.mov
2013-11-23 09:08 - 2013-11-23 09:06 - 07709312 _____ C:\Users\INTERNET\Downloads\Connectify71Installer.exe
2013-11-23 08:42 - 2013-11-23 01:15 - 00000000 ____D C:\Users\INTERNET\AppData\Roaming\uTorrent
2013-11-23 08:37 - 2013-11-23 08:37 - 00000000 ____D C:\Users\admin\AppData\Roaming\Avira
2013-11-23 01:16 - 2013-11-23 01:16 - 00000000 ____D C:\Users\admin\AppData\Roaming\uTorrent
2013-11-23 01:14 - 2013-11-23 01:14 - 01142864 _____ (BitTorrent Inc.) C:\Users\INTERNET\Downloads\uTorrent-30303.exe
2013-11-22 16:29 - 2013-11-22 16:29 - 00000000 ____D C:\Users\INTERNET\Downloads\ProcessMonitor
2013-11-22 16:24 - 2013-11-22 16:24 - 01110478 _____ C:\Users\INTERNET\Downloads\ProcessMonitor.zip
2013-11-21 23:14 - 2013-11-21 23:14 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-11-21 23:14 - 2013-08-09 06:21 - 00000000 ____D C:\Users\admin\AppData\Local\Adobe
2013-11-21 22:51 - 2013-10-11 19:12 - 04897880 _____ (Adobe Systems Inc.) C:\Users\INTERNET\Downloads\Shockwave_Installer_Slim.exe
2013-11-21 18:25 - 2013-11-21 18:25 - 00000000 ____D C:\Users\INTERNET\AppData\Roaming\Avira
2013-11-21 17:17 - 2013-11-21 17:17 - 00002066 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-11-21 17:17 - 2013-11-21 17:17 - 00000000 ____D C:\Program Files (x86)\Avira
2013-11-21 17:17 - 2013-09-05 06:53 - 00000000 ____D C:\ProgramData\Avira
2013-11-21 17:14 - 2013-11-21 16:28 - 126764512 _____ C:\Users\INTERNET\Downloads\avira_free_antivirus_de.exe
2013-11-21 11:05 - 2013-11-21 11:05 - 00000000 _____ C:\Windows\setuperr.log
2013-11-21 10:38 - 2013-11-17 22:13 - 00000000 ____D C:\Windows\Minidump
2013-11-18 18:05 - 2013-11-18 18:03 - 06199091 _____ C:\Users\INTERNET\Downloads\NexusLouderV8B1-Final.zip
2013-11-18 18:03 - 2013-11-18 18:03 - 00162620 _____ C:\Users\INTERNET\Downloads\NexusLouderV8B1-Revert.zip
2013-11-17 19:13 - 2013-11-17 19:13 - 104695876 _____ C:\Windows\SysWOW64\䴇춧ᵌ
2013-11-17 09:11 - 2013-10-06 22:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-16 14:12 - 2013-11-16 14:12 - 00004096 ____H C:\Users\INTERNET\AppData\Local\keyfile3.drm
2013-11-15 23:36 - 2013-11-15 23:23 - 01592784 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-12 16:27 - 2013-11-12 16:27 - 00000000 ____D C:\Users\admin\AppData\Roaming\Macromedia
2013-11-12 16:27 - 2013-11-12 16:27 - 00000000 ____D C:\Users\admin\AppData\Roaming\Adobe
2013-11-12 16:27 - 2013-11-12 16:27 - 00000000 ____D C:\Users\admin\AppData\Local\Macromedia
2013-11-12 16:15 - 2013-11-12 16:15 - 01699130 _____ C:\Users\INTERNET\Desktop\Windows_Mail.rar
2013-11-12 16:15 - 2013-11-12 16:15 - 00000000 ____D C:\Users\INTERNET\Desktop\64bit

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\avgnt.exe
C:\Users\INTERNET\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-10 09:02

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

==================== Memory info =========================== 

Percentage of memory in use: 29%
Total physical RAM: 3691.7 MB
Available physical RAM: 2597.7 MB
Total Pagefile: 7381.6 MB
Available Pagefile: 6062.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:73.38 GB) (Free:39.55 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Volume) (Fixed) (Total:224.61 GB) (Free:178.14 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 8DE88DDA)
Partition 1: (Active) - (Size=73 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=225 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 12.12.2013, 12:49

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

daday · 12.12.2013, 18:23

Hallo schrauber,

vielen Dank für deine Unterstützung.
Ich kenne mich ja wenig mit dem Buchstabensalad, den die se Programme so aus sich geben, aus.
Hast du schon was verdächtiges gefunden?

Vielen herzlichen Dank nochmal.
Gruß
daday

Code:

ATTFilter

ComboFix 13-12-12.01 - admin 12.12.2013  18:05:13.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3692.2411 [GMT 1:00]
ausgeführt von:: c:\users\INTERNET\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-11-12 bis 2013-12-12  ))))))))))))))))))))))))))))))
.
.
2013-12-12 17:13 . 2013-12-12 17:13	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-12-12 17:13 . 2013-12-12 17:13	--------	d-----w-	c:\users\admin\AppData\Local\temp
2013-12-12 09:24 . 2013-12-12 09:24	--------	d-----w-	C:\FRST
2013-12-11 23:07 . 2013-12-11 23:07	35352	----a-w-	c:\windows\system32\drivers\cnnctfy3.sys
2013-12-11 22:56 . 2013-12-11 23:13	--------	d-----w-	c:\program files (x86)\Connectify
2013-12-11 22:56 . 2013-12-11 23:02	--------	d-----w-	c:\programdata\Connectify
2013-12-11 22:34 . 2013-12-11 22:34	--------	d-----w-	c:\program files (x86)\MO Virtual Router
2013-12-10 19:01 . 2013-12-10 19:01	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-12-10 19:01 . 2013-12-11 18:35	--------	d-----r-	c:\program files (x86)\Skype
2013-12-09 10:23 . 2013-12-11 22:47	--------	d-----w-	c:\program files (x86)\Virtual Router
2013-12-08 17:41 . 2013-12-08 17:41	--------	d-----w-	c:\users\INTERNET\AppData\Local\Chris_Pietschmann_(http__
2013-12-08 13:09 . 2013-12-08 13:18	--------	d-----w-	c:\users\Administrator
2013-12-07 12:00 . 2013-12-08 17:13	--------	d-----w-	c:\program files (x86)\winhotspot
2013-12-07 11:40 . 2013-12-07 11:40	--------	d-----w-	c:\users\admin\AppData\Roaming\Apple Computer
2013-11-28 17:06 . 2013-11-28 17:06	--------	d-----w-	c:\users\INTERNET\AppData\Local\Evernote
2013-11-28 17:05 . 2013-12-08 17:12	--------	d-----w-	c:\users\INTERNET\AppData\Local\Apps
2013-11-26 17:22 . 2013-11-26 17:22	--------	d-----w-	c:\users\INTERNET\AppData\Local\Apple Computer
2013-11-26 17:20 . 2013-11-27 07:30	--------	d-----w-	c:\users\INTERNET\AppData\Roaming\Apple Computer
2013-11-26 17:12 . 2013-11-26 17:12	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-11-26 17:12 . 2013-11-26 17:12	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-11-26 17:12 . 2013-11-26 17:12	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-11-26 17:12 . 2013-11-26 17:12	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-11-26 17:12 . 2013-11-26 17:12	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-11-26 17:12 . 2013-11-26 17:12	--------	d-----w-	c:\program files (x86)\QuickTime
2013-11-26 17:12 . 2013-11-26 17:12	--------	d-----w-	c:\programdata\Apple Computer
2013-11-26 17:11 . 2013-11-26 17:11	--------	d-----w-	c:\program files (x86)\Common Files\Apple
2013-11-26 17:10 . 2013-11-26 17:10	--------	d-----w-	c:\users\admin\AppData\Local\Apple
2013-11-26 17:10 . 2013-11-26 17:10	--------	d-----w-	c:\program files (x86)\Apple Software Update
2013-11-26 17:10 . 2013-11-26 17:10	--------	d-----w-	c:\programdata\Apple
2013-11-26 16:38 . 2013-11-26 16:38	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-11-26 16:28 . 2013-11-26 16:28	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-11-26 16:28 . 2013-11-26 16:28	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-11-23 07:37 . 2013-11-23 07:37	--------	d-----w-	c:\users\admin\AppData\Roaming\Avira
2013-11-23 00:16 . 2013-11-23 00:16	--------	d-----w-	c:\users\admin\AppData\Roaming\uTorrent
2013-11-23 00:15 . 2013-11-23 07:42	--------	d-----w-	c:\users\INTERNET\AppData\Roaming\uTorrent
2013-11-21 22:14 . 2013-11-21 22:14	--------	d-----w-	c:\windows\SysWow64\Adobe
2013-11-21 21:59 . 2013-12-11 21:12	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-21 21:59 . 2013-12-11 21:12	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-21 17:25 . 2013-11-21 17:25	--------	d-----w-	c:\users\INTERNET\AppData\Roaming\Avira
2013-11-21 16:17 . 2013-10-31 18:25	83160	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-11-21 16:17 . 2013-10-31 18:25	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-11-21 16:17 . 2013-10-31 18:25	132600	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-11-21 16:17 . 2013-12-03 13:07	107416	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-11-21 16:17 . 2013-11-21 16:17	--------	d-----w-	c:\program files (x86)\Avira
2013-11-15 22:20 . 2013-11-15 22:20	--------	d-----w-	c:\windows\Migration
2013-11-14 08:22 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2013-11-13 23:36 . 2012-03-01 06:46	23408	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2013-11-13 23:36 . 2012-03-01 06:38	220672	----a-w-	c:\windows\system32\wintrust.dll
2013-11-13 23:36 . 2012-03-01 06:33	81408	----a-w-	c:\windows\system32\imagehlp.dll
2013-11-13 23:36 . 2012-03-01 06:28	5120	----a-w-	c:\windows\system32\wmi.dll
2013-11-13 23:36 . 2012-03-01 05:37	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2013-11-13 23:36 . 2012-03-01 05:33	159232	----a-w-	c:\windows\SysWow64\imagehlp.dll
2013-11-13 23:36 . 2012-03-01 05:29	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2013-11-13 16:46 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2013-11-13 16:46 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2013-11-13 16:46 . 2012-02-17 04:58	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2013-11-13 16:46 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-12 16:46 . 2013-08-09 09:18	380	----a-w-	c:\users\INTERNET\AppData\Roaming\sp_data.sys
2013-12-08 22:11 . 2013-08-11 00:46	380	----a-w-	c:\users\admin\AppData\Roaming\sp_data.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"winhotspot"="c:\program files (x86)\winhotspot\winhotspot_version_1.2.42_dot_net_3.5.exe" [2013-12-07 158208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-21 102568]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2013-08-11 3058304]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-10-31 683576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;d:\i386\AsPrOb64.sys;d:\i386\AsPrOb64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 cnnctfy3;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy3.sys;c:\windows\SYSNATIVE\DRIVERS\cnnctfy3.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe;c:\program files (x86)\Connectify\ConnectifyService.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-12-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-21 21:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"Connectify Hotspot"="c:\program files (x86)\Connectify\Connectify.exe" [2013-11-05 3727648]
"Connectify Dispatch"="c:\program files (x86)\Connectify\DispatchUI.exe" [2013-11-05 1656608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ConnecitfyTemp d"="rmdir" [X]
"ConnecitfyTemp e"="rmdir" [X]
"ConnecitfyTemp 5"="rmdir" [X]
"ConnecitfyTemp 6"="rmdir" [X]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\xpfivy7u.default\
FF - prefs.js: browser.startup.homepage - google.de|hxxp://www.giga.de/androidnews/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Virtual WiFi Router - c:\program files (x86)\Virtual WiFi Router\Virtual WiFi Router.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-tulox Freeware-Wörterbuch (Französisch) - c:\progra~2\TULOXF~1\UNWISE32
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-12-12  18:17:19
ComboFix-quarantined-files.txt  2013-12-12 17:17
.
Vor Suchlauf: 8 Verzeichnis(se), 42.174.681.088 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 41.795.547.136 Bytes frei
.
- - End Of File - - 68CBE337797F402C91916F2F10C6DBBA
A36C5E4F47E84449FF07ED3517B43A31

schrauber · 13.12.2013, 17:09

Adware und so KRam, aber nix wildes.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

daday · 13.12.2013, 22:16

Hallo schrauber,

ich glaube, ich habe den Übeltäter gefunden und zwar die Datei "svchost.exe" verbraucht zwischen 60 bis 80% der Prozessor-Leistung.
Nun das ist eine Windows-Datei. Wenn ich den Prozess beende kommt der Rechner wieder zu ruhe. Aber die Frage ist, wie kann diese Datei soviel Leistung verbrauchen?
Also löschen darf man sie ja nicht. Vielleicht hat sich irgendein Malware daran gehängt?

Danke und Gruß
daday

Ach ja und die Texte? habe ich vergessen gehabt!

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.13.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
admin :: SYSTEM [Administrator]

Schutz: Aktiviert

13.12.2013 17:38:06
mbam-log-2013-12-13 (17-38-06).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 258463
Laufzeit: 6 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

2013/12/13 17:29:24 +0100	SYSTEM	INTERNET	MESSAGE	Starting protection
2013/12/13 17:29:24 +0100	SYSTEM	INTERNET	MESSAGE	Protection started successfully
2013/12/13 17:29:24 +0100	SYSTEM	INTERNET	MESSAGE	Starting IP protection
2013/12/13 17:30:42 +0100	SYSTEM	INTERNET	MESSAGE	IP Protection started successfully
2013/12/13 17:33:10 +0100	SYSTEM	INTERNET	MESSAGE	Starting database refresh
2013/12/13 17:33:10 +0100	SYSTEM	INTERNET	MESSAGE	Stopping IP protection
2013/12/13 17:33:14 +0100	SYSTEM	INTERNET	MESSAGE	IP Protection stopped successfully
2013/12/13 17:33:26 +0100	SYSTEM	INTERNET	MESSAGE	Database refreshed successfully
2013/12/13 17:33:26 +0100	SYSTEM	INTERNET	MESSAGE	Starting IP protection
2013/12/13 17:33:55 +0100	SYSTEM	INTERNET	MESSAGE	IP Protection started successfully
2013/12/13 17:58:01 +0100	SYSTEM	INTERNET	MESSAGE	Starting protection
2013/12/13 17:58:01 +0100	SYSTEM	INTERNET	MESSAGE	Protection started successfully
2013/12/13 17:58:01 +0100	SYSTEM	INTERNET	MESSAGE	Starting IP protection
2013/12/13 17:58:13 +0100	SYSTEM	INTERNET	MESSAGE	IP Protection started successfully
2013/12/13 18:04:12 +0100	SYSTEM	(null)	MESSAGE	Starting protection
2013/12/13 18:04:12 +0100	SYSTEM	(null)	MESSAGE	Protection started successfully
2013/12/13 18:04:12 +0100	SYSTEM	(null)	MESSAGE	Starting IP protection
2013/12/13 18:04:26 +0100	SYSTEM	INTERNET	MESSAGE	IP Protection started successfully
2013/12/13 20:54:03 +0100	SYSTEM	(null)	MESSAGE	Starting protection
2013/12/13 20:54:03 +0100	SYSTEM	(null)	MESSAGE	Protection started successfully
2013/12/13 20:54:03 +0100	SYSTEM	(null)	MESSAGE	Starting IP protection
2013/12/13 20:54:15 +0100	SYSTEM	(null)	MESSAGE	IP Protection started successfully
2013/12/13 21:03:46 +0100	SYSTEM	(null)	MESSAGE	Starting protection
2013/12/13 21:03:46 +0100	SYSTEM	(null)	MESSAGE	Protection started successfully
2013/12/13 21:03:46 +0100	SYSTEM	(null)	MESSAGE	Starting IP protection
2013/12/13 21:04:00 +0100	SYSTEM	(null)	MESSAGE	IP Protection started successfully

Code:

ATTFilter

# AdwCleaner v3.015 - Bericht erstellt am 13/12/2013 um 17:53:35
# Updated 10/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : admin - SYSTEM
# Gestartet von : C:\Users\INTERNET\Desktop\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gefunden C:\ProgramData\apn

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASUS_Screensaver
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WS_FTP Pro

***** [ Browser ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v25.0.1 (de)

[ Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\xpfivy7u.default\prefs.js ]


[ Datei : C:\Users\INTERNET\AppData\Roaming\Mozilla\Firefox\Profiles\yjurzdvr.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Datei : C:\Users\INTERNET\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1483 octets] - [13/12/2013 17:53:35]

########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [1543 octets] ##########

Code:

ATTFilter

# AdwCleaner v3.015 - Bericht erstellt am 13/12/2013 um 18:00:12
# Updated 10/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : admin - SYSTEM
# Gestartet von : C:\Users\INTERNET\Desktop\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v25.0.1 (de)

[ Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\xpfivy7u.default\prefs.js ]


[ Datei : C:\Users\INTERNET\AppData\Roaming\Mozilla\Firefox\Profiles\yjurzdvr.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Datei : C:\Users\INTERNET\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1621 octets] - [13/12/2013 17:53:35]
AdwCleaner[R1].txt - [1035 octets] - [13/12/2013 18:00:12]
AdwCleaner[S0].txt - [1684 octets] - [13/12/2013 17:56:07]

########## EOF - \AdwCleaner\AdwCleaner[R1].txt - [1155 octets] ##########

Code:

ATTFilter

# AdwCleaner v3.015 - Bericht erstellt am 13/12/2013 um 17:56:07
# Updated 10/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : admin - SYSTEM
# Gestartet von : C:\Users\INTERNET\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASUS_Screensaver
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WS_FTP Pro

***** [ Browser ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v25.0.1 (de)

[ Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\xpfivy7u.default\prefs.js ]


[ Datei : C:\Users\INTERNET\AppData\Roaming\Mozilla\Firefox\Profiles\yjurzdvr.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Datei : C:\Users\INTERNET\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1621 octets] - [13/12/2013 17:53:35]
AdwCleaner[S0].txt - [1546 octets] - [13/12/2013 17:56:07]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [1606 octets] ##########

Code:

ATTFilter

# AdwCleaner v3.015 - Bericht erstellt am 13/12/2013 um 18:02:17
# Updated 10/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : admin - SYSTEM
# Gestartet von : C:\Users\INTERNET\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v25.0.1 (de)

[ Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\xpfivy7u.default\prefs.js ]


[ Datei : C:\Users\INTERNET\AppData\Roaming\Mozilla\Firefox\Profiles\yjurzdvr.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Datei : C:\Users\INTERNET\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1621 octets] - [13/12/2013 17:53:35]
AdwCleaner[R1].txt - [1233 octets] - [13/12/2013 18:00:12]
AdwCleaner[S0].txt - [1684 octets] - [13/12/2013 17:56:07]
AdwCleaner[S1].txt - [1156 octets] - [13/12/2013 18:02:17]

########## EOF - \AdwCleaner\AdwCleaner[S1].txt - [1216 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by admin on 13.12.2013 at 18:07:25,74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.12.2013 at 18:42:30,88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

schrauber · 14.12.2013, 07:55

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

daday · 14.12.2013, 15:58

Hallo schrauber,

ich habe den Eindruck, ändert sich nicht viel.
Ich weiß ja nicht ob ich doch diese Windows-Datei lösche und durch eien neue ersetze?

Vielen Dank und Gruß
daday

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6ea2b724a29aa24188d0c0d0905da32e
# engine=16268
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-14 02:02:44
# local_time=2013-12-14 03:02:44 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 57 77 152313 155949 0 0
# compatibility_mode=5893 16776573 100 94 65177 138659614 0 0
# scanned=167979
# found=0
# cleaned=0
# scan_time=12367

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 40  
 Java version out of Date! 
 Adobe Flash Player 11.9.900.170  
 Adobe Reader XI  
 Mozilla Firefox (25.0.1) 
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2013 01
Ran by admin (administrator) on SYSTEM on 14-12-2013 15:42:22
Running from C:\Users\INTERNET\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Connectify) C:\Program Files (x86)\Connectify\ConnectifyService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectifyd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectify.exe
(Connectify) C:\Program Files (x86)\Connectify\DispatchUI.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Windows\AsScrPro.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Connectify) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [Connectify Hotspot] - C:\Program Files (x86)\Connectify\Connectify.exe [3727648 2013-11-05] (Connectify)
HKLM\...\Run: [Connectify Dispatch] - C:\Program Files (x86)\Connectify\DispatchUI.exe [1656608 2013-11-05] (Connectify)
HKLM\...\Runonce: [ConnecitfyTemp d] - cmd /Q /C "rmdir /S /Q C:\Users\admin\AppData\Local\Temp\Connectify\d"
HKLM\...\Runonce: [ConnecitfyTemp e] - cmd /Q /C "rmdir /S /Q C:\Users\admin\AppData\Local\Temp\Connectify\e"
HKLM\...\Runonce: [ConnecitfyTemp 5] - cmd /Q /C "rmdir /S /Q C:\Users\admin\AppData\Local\Temp\Connectify\5"
HKLM\...\Runonce: [ConnecitfyTemp 6] - cmd /Q /C "rmdir /S /Q C:\Users\admin\AppData\Local\Temp\Connectify\6"
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [winhotspot] - C:\Program Files (x86)\winhotspot\winhotspot_version_1.2.42_dot_net_3.5.exe [158208 2013-12-07] ()
HKLM-x32\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-21] (ASUS)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] - C:\Windows\AsScrPro.exe [3058304 2013-08-11] (ASUS)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-12-12] (AVAST Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4E67EE5B2B96CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files (x86)\WS_FTP Pro\wsbho2k0.dll (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\xpfivy7u.default
FF Homepage: google.de|hxxp://www.giga.de/androidnews/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome: 
=======
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: google.de
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Extension: (Google Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (avast! Online Security) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0
CHR Extension: (Google Wallet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-03-21] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-12] (AVAST Software)
R2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [487936 2013-11-05] (Connectify)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-12-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-12-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-12-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-12-12] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-12-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-12-12] ()
R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [35352 2013-12-12] (Connectify)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ASUSProcObsrv; \??\D:\I386\AsPrOb64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-14 15:42 - 2013-12-14 15:42 - 00014173 _____ C:\Users\INTERNET\Desktop\FRST.txt
2013-12-14 15:41 - 2013-12-14 15:41 - 00000000 ____D C:\Users\INTERNET\Desktop\FRST-OlderVersion
2013-12-14 15:36 - 2013-12-14 15:36 - 00001033 _____ C:\Users\INTERNET\Desktop\checkup.txt
2013-12-14 15:35 - 2013-12-14 15:35 - 00001033 _____ C:\Users\admin\Desktop\checkup.txt
2013-12-14 15:11 - 2013-12-14 15:16 - 00891200 _____ C:\Users\INTERNET\Desktop\SecurityCheck.exe
2013-12-14 11:28 - 2013-12-14 11:28 - 02347384 _____ (ESET) C:\Users\INTERNET\Desktop\esetsmartinstaller_enu.exe
2013-12-13 20:48 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-13 20:48 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-13 20:48 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-13 20:48 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-13 19:27 - 2012-07-26 04:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-12-13 19:27 - 2012-07-26 04:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-12-13 19:27 - 2012-07-26 04:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-12-13 19:27 - 2012-07-26 04:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-12-13 19:27 - 2012-07-26 04:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-12-13 19:27 - 2012-07-26 03:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-12-13 19:27 - 2012-07-26 03:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-12-13 19:27 - 2012-06-02 15:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-12-13 18:42 - 2013-12-13 18:42 - 00000759 _____ C:\Users\admin\Desktop\JRT.txt
2013-12-13 18:07 - 2013-12-13 18:07 - 00000000 ____D C:\Windows\ERUNT
2013-12-13 17:53 - 2013-12-13 18:02 - 00000000 ____D C:\AdwCleaner
2013-12-13 17:51 - 2013-12-13 17:52 - 01034531 _____ (Thisisu) C:\Users\INTERNET\Desktop\JRT.exe
2013-12-13 17:50 - 2013-12-13 17:50 - 01226802 _____ C:\Users\INTERNET\Desktop\adwcleaner.exe
2013-12-13 17:28 - 2013-12-13 17:28 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-13 17:28 - 2013-12-13 17:28 - 00000000 ____D C:\Users\admin\AppData\Roaming\Malwarebytes
2013-12-13 17:28 - 2013-12-13 17:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-13 17:28 - 2013-12-13 17:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-13 17:28 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-13 17:22 - 2013-12-13 17:23 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\INTERNET\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-13 11:08 - 2013-12-13 11:08 - 00000000 ____D C:\Users\INTERNET\AppData\Roaming\AVAST Software
2013-12-12 22:03 - 2013-12-12 22:03 - 00000000 ____D C:\Users\INTERNET\AppData\Local\Google
2013-12-12 21:20 - 2013-07-09 06:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-12-12 21:20 - 2013-07-09 05:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-12-12 21:20 - 2011-06-15 11:02 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll
2013-12-12 21:20 - 2011-06-15 11:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
2013-12-12 21:20 - 2011-06-15 11:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll
2013-12-12 21:20 - 2011-06-15 11:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll
2013-12-12 21:20 - 2011-06-15 09:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2013-12-12 21:20 - 2011-06-15 09:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2013-12-12 21:20 - 2011-06-15 09:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2013-12-12 21:20 - 2011-06-15 09:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2013-12-12 21:20 - 2011-06-15 09:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2013-12-12 21:20 - 2011-04-09 07:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2013-12-12 21:20 - 2011-04-09 06:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2013-12-12 21:18 - 2013-02-27 07:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-12-12 21:18 - 2013-02-27 06:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-12-12 21:18 - 2012-01-04 11:44 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2013-12-12 21:18 - 2012-01-04 09:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2013-12-12 21:18 - 2011-10-26 06:25 - 01572864 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2013-12-12 21:18 - 2011-10-26 06:25 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-12-12 21:18 - 2011-10-26 05:32 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2013-12-12 21:18 - 2011-10-26 05:32 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-12-12 21:18 - 2011-05-04 06:25 - 02315776 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2013-12-12 21:18 - 2011-05-04 06:22 - 02223616 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2013-12-12 21:18 - 2011-05-04 06:22 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2013-12-12 21:18 - 2011-05-04 06:22 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2013-12-12 21:18 - 2011-05-04 06:22 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2013-12-12 21:18 - 2011-05-04 06:22 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2013-12-12 21:18 - 2011-05-04 06:19 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2013-12-12 21:18 - 2011-05-04 06:19 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2013-12-12 21:18 - 2011-05-04 06:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2013-12-12 21:18 - 2011-05-04 05:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2013-12-12 21:18 - 2011-05-04 05:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2013-12-12 21:18 - 2011-05-04 05:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2013-12-12 21:18 - 2011-05-04 05:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2013-12-12 21:18 - 2011-05-04 05:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2013-12-12 21:18 - 2011-05-04 05:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2013-12-12 21:18 - 2011-05-04 05:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2013-12-12 21:18 - 2011-05-04 05:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2013-12-12 21:18 - 2011-05-04 05:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2013-12-12 21:17 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-12-12 21:17 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-12-12 21:17 - 2013-07-09 06:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-12-12 21:17 - 2013-07-09 06:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-12-12 21:17 - 2013-07-09 05:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-12-12 21:17 - 2013-07-09 05:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-12-12 21:17 - 2013-04-01 07:03 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_AuthenticAMD.dll
2013-12-12 21:17 - 2011-11-17 07:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2013-12-12 21:17 - 2011-11-17 06:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2013-12-12 21:17 - 2011-07-09 03:46 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2013-12-12 21:17 - 2011-04-27 03:40 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2013-12-12 21:17 - 2011-04-27 03:39 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2013-12-12 21:16 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-12-12 21:16 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-12-12 21:16 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-12-12 21:16 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-12-12 21:16 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-12-12 21:16 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-12-12 21:16 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-12-12 21:16 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-12-12 21:16 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-12-12 21:16 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-12-12 21:16 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-12-12 21:16 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-12-12 21:16 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-12-12 21:16 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-12-12 21:15 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-12-12 21:15 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-12-12 21:15 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-12-12 21:15 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-12-12 21:15 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-12-12 21:15 - 2012-11-01 06:43 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-12-12 21:15 - 2012-11-01 06:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2013-12-12 21:15 - 2012-11-01 05:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-12-12 21:15 - 2012-11-01 05:47 - 01236992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-12-12 21:15 - 2012-10-03 18:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2013-12-12 21:15 - 2012-10-03 18:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2013-12-12 21:15 - 2012-10-03 18:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-12-12 21:15 - 2012-10-03 18:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2013-12-12 21:15 - 2012-10-03 18:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2013-12-12 21:15 - 2012-10-03 18:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2013-12-12 21:15 - 2012-10-03 17:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2013-12-12 21:15 - 2012-10-03 17:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-12-12 21:15 - 2012-10-03 17:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2013-12-12 21:15 - 2012-10-03 17:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-12-12 21:15 - 2012-08-22 19:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-12-12 21:15 - 2012-07-04 21:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2013-12-12 21:15 - 2012-01-13 08:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-12-12 21:15 - 2011-03-03 07:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2013-12-12 21:15 - 2011-03-03 07:24 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2013-12-12 21:15 - 2011-03-03 07:21 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2013-12-12 21:15 - 2011-03-03 06:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2013-12-12 21:15 - 2011-03-03 06:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2013-12-12 21:15 - 2010-06-26 04:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2013-12-12 21:15 - 2010-06-26 04:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2013-12-12 21:04 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-12-12 21:04 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-12-12 21:04 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-12-12 21:04 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-12-12 21:04 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-12-12 21:04 - 2011-04-22 23:15 - 00027520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2013-12-12 21:03 - 2013-06-15 05:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-12-12 21:03 - 2013-06-04 07:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-12-12 21:03 - 2013-06-04 05:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-12-12 21:03 - 2011-04-29 04:06 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2013-12-12 21:03 - 2011-04-29 04:05 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2013-12-12 21:03 - 2011-04-29 04:05 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2013-12-12 21:02 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-12-12 21:02 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-12-12 21:02 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-12-12 21:02 - 2012-08-11 01:56 - 00715776 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-12-12 21:02 - 2012-08-11 00:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-12-12 21:02 - 2012-04-28 04:55 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2013-12-12 21:02 - 2012-04-07 13:31 - 03216384 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2013-12-12 21:02 - 2012-04-07 12:26 - 02342400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2013-12-12 21:02 - 2011-08-17 06:26 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2013-12-12 21:02 - 2011-08-17 06:25 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2013-12-12 21:02 - 2011-08-17 05:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2013-12-12 21:02 - 2011-08-17 05:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2013-12-12 21:01 - 2012-11-30 06:45 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-12-12 21:01 - 2012-11-30 06:45 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-12-12 21:01 - 2012-11-30 06:43 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-12-12 21:01 - 2012-11-30 00:17 - 00420064 _____ C:\Windows\SysWOW64\locale.nls
2013-12-12 21:01 - 2012-11-30 00:15 - 00420064 _____ C:\Windows\system32\locale.nls
2013-12-12 20:58 - 2012-06-16 06:16 - 00609792 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-12 20:58 - 2012-06-16 06:15 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-12 20:58 - 2012-06-16 05:26 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-12 20:58 - 2012-06-16 05:26 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-12 20:57 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-12-12 20:57 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-12-12 20:57 - 2013-07-26 03:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-12-12 20:57 - 2013-07-26 03:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-12-12 20:57 - 2013-07-26 02:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-12-12 20:57 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-12-12 20:57 - 2013-04-26 06:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-12-12 20:57 - 2013-04-26 05:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-12-12 20:57 - 2012-11-23 04:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-12-12 20:51 - 2013-12-12 20:51 - 00000000 ____D C:\Users\admin\AppData\Roaming\AVAST Software
2013-12-12 20:50 - 2013-12-12 21:01 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-12-12 20:50 - 2013-12-12 20:50 - 00002247 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-12 20:50 - 2013-12-12 20:50 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-12 20:50 - 2013-01-24 07:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-12-12 20:50 - 2013-01-03 07:00 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-12-12 20:50 - 2012-08-22 19:12 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-12-12 20:50 - 2012-07-04 23:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2013-12-12 20:50 - 2012-07-04 23:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2013-12-12 20:50 - 2012-07-04 23:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2013-12-12 20:50 - 2012-07-04 22:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2013-12-12 20:50 - 2012-07-04 22:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2013-12-12 20:49 - 2013-05-13 06:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-12-12 20:49 - 2013-05-13 04:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-12-12 20:49 - 2013-05-13 04:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-12-12 20:49 - 2013-05-13 04:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-12-12 20:49 - 2011-05-03 06:29 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2013-12-12 20:49 - 2011-05-03 05:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2013-12-12 20:49 - 2011-02-12 12:34 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
2013-12-12 20:48 - 2013-08-27 10:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-12-12 20:48 - 2013-08-27 10:01 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-12-12 20:48 - 2013-08-27 09:21 - 01077760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-12-12 20:47 - 2011-10-15 07:31 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2013-12-12 20:47 - 2011-10-15 06:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2013-12-12 20:47 - 2011-02-23 05:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2013-12-12 20:46 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-12-12 20:46 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-12-12 20:46 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-12-12 20:46 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-12-12 20:46 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-12-12 20:44 - 2013-12-14 15:25 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-12 20:44 - 2013-12-14 14:55 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-12 20:44 - 2013-12-13 10:50 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-12 20:44 - 2013-12-13 10:50 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-12 20:44 - 2013-12-12 20:51 - 00000000 ____D C:\Users\admin\AppData\Local\Google
2013-12-12 20:44 - 2013-12-12 20:50 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-12 20:44 - 2013-12-12 20:43 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-12 20:44 - 2013-12-12 20:43 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-12 20:44 - 2013-12-12 20:43 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-12 20:44 - 2013-12-12 20:43 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-12 20:44 - 2013-12-12 20:43 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-12-12 20:43 - 2013-12-12 20:43 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-12 20:43 - 2013-12-12 20:43 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-12-12 20:43 - 2013-12-12 20:43 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-12 20:43 - 2013-12-12 20:43 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-12 20:43 - 2013-12-12 20:43 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-12-12 20:43 - 2013-12-12 20:43 - 00000000 ____D C:\Program Files\AVAST Software
2013-12-12 20:42 - 2013-12-12 20:42 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-12 20:08 - 2013-12-12 20:28 - 87529432 _____ (AVAST Software) C:\Users\INTERNET\Downloads\avast_free_antivirus_setup.exe
2013-12-12 19:23 - 2013-12-12 19:23 - 00700980 _____ C:\Users\INTERNET\Downloads\adblock_edge-2.0.7-sm+an+tb+fx-windows.xpi
2013-12-12 19:23 - 2013-12-12 19:23 - 00526323 _____ C:\Users\INTERNET\Downloads\web_of_trust_wot-20131118-fx.zip
2013-12-12 19:22 - 2013-12-12 19:22 - 00534752 _____ C:\Users\INTERNET\Downloads\noscript-2.6.8.7.xpi.zip
2013-12-12 19:20 - 2013-12-12 20:06 - 30712411 _____ (AVAST Software) C:\Users\INTERNET\Downloads\avast_free_antivirus_setup_9.0.2006.159.exe.part
2013-12-12 19:16 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 19:16 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-12 19:16 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 19:16 - 2013-05-06 14:39 - 09060352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 19:16 - 2013-05-06 14:04 - 06033408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 19:16 - 2013-02-28 13:03 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 19:16 - 2013-02-28 12:38 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 19:15 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 19:15 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-12 19:15 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 19:15 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 19:15 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 19:15 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-12 19:15 - 2011-04-29 06:52 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-12 19:15 - 2011-04-29 06:51 - 02443776 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 19:15 - 2011-04-29 05:54 - 02064384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 19:15 - 2011-04-29 05:54 - 00599552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-12 19:15 - 2011-04-22 23:08 - 01492992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 19:15 - 2011-04-22 23:08 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 19:15 - 2011-04-22 23:04 - 12262400 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 19:15 - 2011-04-22 23:04 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 19:15 - 2011-04-22 23:04 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 19:15 - 2011-04-22 20:10 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 19:15 - 2011-04-22 20:09 - 10990592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 19:15 - 2011-04-22 20:09 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 19:15 - 2011-04-22 20:09 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 19:15 - 2011-04-22 20:09 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 19:03 - 2013-07-25 10:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-12-12 19:03 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-12-12 19:02 - 2012-04-26 06:41 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2013-12-12 19:02 - 2012-04-26 06:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2013-12-12 19:02 - 2012-04-26 06:34 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2013-12-12 18:58 - 2013-12-12 18:59 - 00651264 _____ C:\Users\INTERNET\Downloads\MicrosoftFixit50096.msi
2013-12-12 18:58 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 18:58 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 18:58 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-12 18:58 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-12 18:58 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 18:58 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 18:58 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-12 18:58 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-12 18:17 - 2013-12-12 18:17 - 00012967 _____ C:\ComboFix.txt
2013-12-12 18:02 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-12 18:02 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-12 18:02 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-12 18:02 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-12 18:02 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-12 18:02 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-12 18:02 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-12 18:02 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-12 18:01 - 2013-12-12 18:17 - 00000000 ____D C:\Qoobox
2013-12-12 18:01 - 2013-12-12 18:14 - 00000000 ____D C:\Windows\erdnt
2013-12-12 17:51 - 2013-12-12 17:52 - 05153468 ____R (Swearware) C:\Users\INTERNET\Desktop\ComboFix.exe
2013-12-12 17:47 - 2013-12-12 17:49 - 00000000 ____D C:\Users\INTERNET\Desktop\OTL
2013-12-12 10:24 - 2013-12-14 15:41 - 00000000 ____D C:\FRST
2013-12-12 10:23 - 2013-12-14 15:41 - 01927796 _____ (Farbar) C:\Users\INTERNET\Desktop\FRST64.exe
2013-12-12 00:40 - 2013-12-12 00:40 - 00602112 _____ (OldTimer Tools) C:\Users\INTERNET\Downloads\otl.exe
2013-12-12 00:08 - 2013-12-12 00:08 - 00000374 _____ C:\Users\Public\Desktop\Connectify Dispatch.lnk
2013-12-12 00:08 - 2013-12-12 00:08 - 00000358 _____ C:\Users\Public\Desktop\Connectify Hotspot.lnk
2013-12-12 00:07 - 2013-12-12 00:07 - 00035352 _____ (Connectify) C:\Windows\system32\Drivers\cnnctfy3.sys
2013-12-12 00:03 - 2013-12-12 00:06 - 07709312 _____ C:\Users\INTERNET\Downloads\ConnectifyInstaller.exe
2013-12-11 23:56 - 2013-12-12 00:13 - 00000000 ____D C:\Program Files (x86)\Connectify
2013-12-11 23:56 - 2013-12-12 00:02 - 00000000 ____D C:\ProgramData\Connectify
2013-12-11 23:32 - 2013-12-11 23:32 - 00342135 _____ (Murat ÖZKUL                                                 ) C:\Users\INTERNET\Downloads\MOVirtualRouter_Setup.exe
2013-12-11 11:52 - 2013-12-11 11:54 - 00000176 _____ C:\Users\INTERNET\Desktop\français avec victor.txt
2013-12-10 20:01 - 2013-12-11 19:35 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-10 20:01 - 2013-12-10 20:01 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-12-10 20:00 - 2013-12-10 20:00 - 00003142 _____ C:\Windows\System32\Tasks\{E4F887D6-46D4-4F49-8F4A-CF9104970836}
2013-12-10 19:46 - 2013-12-10 19:46 - 00003142 _____ C:\Windows\System32\Tasks\{EE2D957F-3AB5-4238-9BA8-1DB3CC57897B}
2013-12-10 19:24 - 2013-12-10 19:24 - 01551008 _____ (Skype Technologies S.A.) C:\Users\INTERNET\Downloads\SkypeSetup.exe
2013-12-10 10:22 - 2013-12-10 10:22 - 00180638 _____ C:\Users\INTERNET\Desktop\e-verbe.apk
2013-12-09 16:39 - 2013-12-09 16:39 - 00000010 _____ C:\Users\INTERNET\Desktop\kennwort-home.txt
2013-12-09 11:23 - 2013-12-11 23:47 - 00000000 ____D C:\Program Files (x86)\Virtual Router
2013-12-08 19:45 - 2013-12-08 19:45 - 01373696 _____ C:\Users\INTERNET\Downloads\VirtualRouterInstaller10.msi
2013-12-08 19:38 - 2013-12-08 19:45 - 01373696 _____ C:\Users\INTERNET\Downloads\VirtualRouterInstallerneu.msi
2013-12-08 18:41 - 2013-12-08 18:41 - 00000000 ____D C:\Users\INTERNET\AppData\Local\Chris_Pietschmann_(http__
2013-12-08 18:31 - 2013-12-09 11:22 - 00000000 ____D C:\Program Files (x86)\Virtual Router0
2013-12-08 15:31 - 2013-12-08 15:31 - 04734018 _____ C:\Users\INTERNET\Downloads\nat32v2.zip
2013-12-08 15:27 - 2013-12-08 15:58 - 226582528 _____ C:\Users\INTERNET\Downloads\Express-3.1-rc3-x86_64.iso
2013-12-08 15:24 - 2013-12-08 15:24 - 00000000 ____D C:\Users\INTERNET\Downloads\opt
2013-12-08 14:09 - 2013-12-08 14:18 - 00000000 ____D C:\Users\Administrator
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Vorlagen
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Startmenü
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Netzwerkumgebung
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Lokale Einstellungen
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Eigene Dateien
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Druckumgebung
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Musik
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Bilder
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Verlauf
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Anwendungsdaten
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Anwendungsdaten
2013-12-07 19:54 - 2013-12-07 22:25 - 85067689 _____ C:\Users\INTERNET\Downloads\Vocabulaire en dialogues debutant.rar.part
2013-12-07 19:54 - 2013-12-07 19:54 - 00000000 _____ C:\Users\INTERNET\Downloads\Vocabulaire en dialogues debutant.rar
2013-12-07 13:23 - 2013-12-07 13:23 - 01757632 _____ C:\Users\INTERNET\Downloads\openvpn-install-2.3.2-I003-x86_64.exe
2013-12-07 13:04 - 2013-12-07 13:09 - 00013824 _____ C:\Users\admin\AppData\Roaming\Winhotspot.log
2013-12-07 13:00 - 2013-12-08 18:13 - 00000000 ____D C:\Program Files (x86)\winhotspot
2013-12-07 12:56 - 2013-12-08 18:13 - 00000000 ____D C:\Users\INTERNET\Downloads\VirtualRouterPlus
2013-12-07 12:40 - 2013-12-07 12:40 - 00000000 ____D C:\Users\admin\AppData\Roaming\Apple Computer
2013-12-05 19:31 - 2013-12-05 19:31 - 00000051 _____ C:\Users\INTERNET\Desktop\home.txt
2013-11-28 18:06 - 2013-11-28 18:06 - 00000000 ____D C:\Users\INTERNET\AppData\Local\Evernote
2013-11-28 18:05 - 2013-12-08 18:13 - 00000000 ____D C:\Users\INTERNET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evernote
2013-11-28 18:05 - 2013-12-08 18:12 - 00000000 ____D C:\Users\INTERNET\AppData\Local\Apps\Evernote
2013-11-28 18:05 - 2013-11-28 18:05 - 00001222 _____ C:\Users\INTERNET\Desktop\Evernote.lnk
2013-11-28 17:45 - 2013-11-28 18:03 - 58823520 _____ (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\INTERNET\Downloads\Evernote_5.0.3.1614.exe
2013-11-27 10:28 - 2013-11-25 21:00 - 1891539492 _____ C:\Users\INTERNET\Desktop\Ronja_roh_Ausspielung.mov
2013-11-26 18:22 - 2013-11-26 18:22 - 00000000 ____D C:\Users\INTERNET\AppData\Local\Apple Computer
2013-11-26 18:20 - 2013-11-27 08:30 - 00000000 ____D C:\Users\INTERNET\AppData\Roaming\Apple Computer
2013-11-26 18:12 - 2013-11-26 18:12 - 00000000 ____D C:\ProgramData\Apple Computer
2013-11-26 18:12 - 2013-11-26 18:12 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-11-26 18:10 - 2013-11-26 18:10 - 00000000 ____D C:\Users\admin\AppData\Local\Apple
2013-11-26 18:10 - 2013-11-26 18:10 - 00000000 ____D C:\ProgramData\Apple
2013-11-26 18:10 - 2013-11-26 18:10 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-11-26 17:58 - 2013-11-26 18:08 - 41404760 _____ (Apple Inc.) C:\Users\INTERNET\Downloads\QuickTimeInstaller.exe
2013-11-26 10:08 - 2013-11-26 10:08 - 00000207 _____ C:\Users\INTERNET\Desktop\Termin-plan-theater.txt
2013-11-23 09:06 - 2013-11-23 09:08 - 07709312 _____ C:\Users\INTERNET\Downloads\Connectify71Installer.exe
2013-11-23 01:16 - 2013-11-23 01:16 - 00000000 ____D C:\Users\admin\AppData\Roaming\uTorrent
2013-11-23 01:15 - 2013-11-23 08:42 - 00000000 ____D C:\Users\INTERNET\AppData\Roaming\uTorrent
2013-11-23 01:14 - 2013-11-23 01:14 - 01142864 _____ (BitTorrent Inc.) C:\Users\INTERNET\Downloads\uTorrent-30303.exe
2013-11-22 16:29 - 2013-11-22 16:29 - 00000000 ____D C:\Users\INTERNET\Downloads\ProcessMonitor
2013-11-22 16:24 - 2013-11-22 16:24 - 01110478 _____ C:\Users\INTERNET\Downloads\ProcessMonitor.zip
2013-11-21 23:14 - 2013-11-21 23:14 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-11-21 22:59 - 2013-12-14 15:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-21 22:59 - 2013-12-11 22:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-21 22:59 - 2013-12-11 22:12 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-21 22:59 - 2013-12-11 22:12 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-21 16:28 - 2013-11-21 17:14 - 126764512 _____ C:\Users\INTERNET\Downloads\avira_free_antivirus_de.exe
2013-11-21 16:23 - 2013-12-14 15:24 - 00104034 _____ C:\Windows\PFRO.log
2013-11-21 11:10 - 2013-12-14 15:28 - 01941085 _____ C:\Windows\WindowsUpdate.log
2013-11-21 11:05 - 2013-12-14 15:24 - 00004816 _____ C:\Windows\setupact.log
2013-11-21 11:05 - 2013-11-21 11:05 - 00000000 _____ C:\Windows\setuperr.log
2013-11-18 18:03 - 2013-11-18 18:05 - 06199091 _____ C:\Users\INTERNET\Downloads\NexusLouderV8B1-Final.zip
2013-11-18 18:03 - 2013-11-18 18:03 - 00162620 _____ C:\Users\INTERNET\Downloads\NexusLouderV8B1-Revert.zip
2013-11-17 22:13 - 2013-11-21 10:38 - 00000000 ____D C:\Windows\Minidump
2013-11-17 19:13 - 2013-11-17 19:13 - 104695876 _____ C:\Windows\SysWOW64\䴇춧ᵌ
2013-11-16 14:12 - 2013-11-16 14:12 - 00004096 ____H C:\Users\INTERNET\AppData\Local\keyfile3.drm
2013-11-15 23:23 - 2013-11-15 23:36 - 01592784 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-14 10:08 - 2013-08-05 03:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-11-14 10:08 - 2011-12-30 07:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2013-11-14 10:08 - 2011-12-30 06:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2013-11-14 10:08 - 2011-03-11 07:34 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2013-11-14 10:08 - 2011-03-11 07:34 - 01359872 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2013-11-14 10:08 - 2011-03-11 06:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2013-11-14 10:08 - 2011-03-11 06:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2013-11-14 10:07 - 2013-05-10 06:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-11-14 10:07 - 2013-05-10 04:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-11-14 10:06 - 2011-06-16 06:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2013-11-14 10:06 - 2011-06-16 05:33 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2013-11-14 10:05 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-11-14 10:05 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-11-14 10:05 - 2013-02-12 05:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-11-14 10:05 - 2012-10-09 19:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2013-11-14 10:05 - 2012-10-09 19:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2013-11-14 10:05 - 2012-10-09 18:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2013-11-14 10:05 - 2012-10-09 18:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-11-14 10:04 - 2013-04-12 15:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-11-14 10:04 - 2013-03-19 06:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-11-14 10:04 - 2013-03-19 06:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-11-14 10:04 - 2013-02-15 07:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-11-14 10:04 - 2013-02-15 07:06 - 03717632 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-11-14 10:04 - 2013-02-15 07:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-11-14 10:04 - 2013-02-15 05:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-11-14 10:04 - 2013-02-15 05:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-11-14 10:04 - 2013-02-15 04:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-11-14 10:04 - 2010-12-23 11:42 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2013-11-14 10:04 - 2010-12-23 11:42 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2013-11-14 10:04 - 2010-12-23 11:36 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2013-11-14 10:04 - 2010-12-23 06:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2013-11-14 10:04 - 2010-12-23 06:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2013-11-14 10:04 - 2010-12-23 06:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2013-11-14 10:03 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 10:03 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 10:03 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 10:03 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 10:03 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 10:03 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 10:03 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 10:03 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-11-14 10:03 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-11-14 10:03 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-11-14 10:03 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-11-14 10:03 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-11-14 10:03 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-11-14 10:03 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-11-14 10:03 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-11-14 10:03 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-11-14 10:03 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-11-14 10:01 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-11-14 10:01 - 2012-11-28 23:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-11-14 10:01 - 2012-11-28 23:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-11-14 10:01 - 2012-11-28 23:56 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-11-14 09:52 - 2013-08-02 03:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-11-14 09:52 - 2013-08-02 03:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-11-14 09:52 - 2013-08-02 03:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-11-14 09:52 - 2013-08-02 03:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-11-14 09:52 - 2013-08-02 03:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-11-14 09:52 - 2013-08-02 03:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 03:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 02:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-11-14 09:52 - 2013-08-02 02:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-11-14 09:52 - 2013-08-02 02:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-11-14 09:52 - 2013-08-02 02:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 02:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-11-14 09:52 - 2013-08-02 01:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-11-14 09:52 - 2013-08-02 01:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 01:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 01:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-11-14 09:52 - 2013-08-02 01:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-11-14 09:52 - 2012-06-06 07:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2013-11-14 09:52 - 2012-06-06 06:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2013-11-14 09:45 - 2013-07-09 06:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-11-14 09:45 - 2013-07-09 05:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-11-14 09:45 - 2012-05-01 06:40 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2013-11-14 09:44 - 2012-11-02 06:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-11-14 09:44 - 2012-11-02 06:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-11-14 09:44 - 2012-08-21 22:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2013-11-14 09:43 - 2012-12-07 14:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2013-11-14 09:43 - 2012-12-07 14:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2013-11-14 09:43 - 2012-12-07 13:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-11-14 09:43 - 2012-12-07 13:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-11-14 09:43 - 2012-12-07 12:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2013-11-14 09:43 - 2012-12-07 12:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2013-11-14 09:43 - 2012-12-07 12:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2013-11-14 09:43 - 2012-12-07 12:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2013-11-14 09:43 - 2012-12-07 12:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2013-11-14 09:43 - 2012-12-07 12:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2013-11-14 09:43 - 2012-12-07 12:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2013-11-14 09:43 - 2012-12-07 12:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2013-11-14 09:43 - 2012-12-07 12:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2013-11-14 09:43 - 2012-12-07 12:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2013-11-14 09:43 - 2012-12-07 12:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2013-11-14 09:43 - 2012-12-07 12:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2013-11-14 09:43 - 2012-12-07 12:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2013-11-14 09:43 - 2012-12-07 12:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2013-11-14 09:43 - 2012-12-07 11:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-11-14 09:43 - 2012-12-07 11:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-11-14 09:43 - 2012-12-07 11:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-11-14 09:43 - 2012-12-07 11:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-11-14 09:43 - 2012-12-07 11:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-11-14 09:43 - 2012-12-07 11:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-11-14 09:43 - 2012-12-07 11:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-11-14 09:43 - 2012-12-07 11:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-11-14 09:43 - 2012-12-07 11:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-11-14 09:43 - 2012-12-07 11:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-11-14 09:43 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-11-14 09:43 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-11-14 09:43 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-11-14 09:43 - 2012-12-07 11:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-11-14 09:43 - 2012-11-22 06:44 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2013-11-14 09:43 - 2012-11-22 05:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-11-14 09:41 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-11-14 09:41 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-11-14 09:41 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-11-14 09:41 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-11-14 09:41 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-11-14 09:41 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-11-14 09:41 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-11-14 09:41 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-11-14 09:41 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-11-14 09:41 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-11-14 09:41 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-11-14 09:41 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-11-14 09:41 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-11-14 09:41 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-11-14 09:41 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-11-14 09:40 - 2012-03-17 08:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2013-11-14 09:35 - 2012-09-25 23:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-11-14 09:35 - 2012-09-25 23:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-11-14 09:35 - 2011-02-05 18:10 - 00642944 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2013-11-14 09:35 - 2011-02-05 18:10 - 00020352 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll
2013-11-14 09:35 - 2011-02-05 18:10 - 00019328 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
2013-11-14 09:35 - 2011-02-05 18:10 - 00017792 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll
2013-11-14 09:35 - 2011-02-05 18:06 - 00605552 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2013-11-14 09:35 - 2011-02-05 18:06 - 00566208 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2013-11-14 09:35 - 2011-02-05 18:06 - 00518672 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2013-11-14 09:30 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-11-14 09:30 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-11-14 09:30 - 2012-05-05 09:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2013-11-14 09:30 - 2012-05-05 08:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2013-11-14 09:30 - 2011-12-16 09:46 - 00634880 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2013-11-14 09:30 - 2011-12-16 08:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2013-11-14 09:30 - 2011-05-24 12:42 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2013-11-14 09:30 - 2011-05-24 11:40 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2013-11-14 09:30 - 2011-05-24 11:40 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2013-11-14 09:30 - 2011-05-24 11:39 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2013-11-14 09:30 - 2011-05-24 11:37 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2013-11-14 09:30 - 2011-02-18 11:51 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2013-11-14 09:30 - 2011-02-18 06:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2013-11-14 09:29 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-11-14 09:29 - 2013-04-10 07:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-11-14 09:29 - 2012-05-14 06:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-11-14 09:29 - 2011-08-27 06:37 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-11-14 09:29 - 2011-08-27 06:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2013-11-14 09:29 - 2011-08-27 05:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-11-14 09:29 - 2011-08-27 05:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2013-11-14 09:29 - 2011-02-03 12:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-11-14 09:24 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-11-14 09:23 - 2011-11-19 15:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2013-11-14 09:23 - 2011-11-19 15:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2013-11-14 09:22 - 2010-02-23 09:16 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2013-11-14 00:36 - 2012-03-01 07:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2013-11-14 00:36 - 2012-03-01 07:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2013-11-14 00:36 - 2012-03-01 06:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll

==================== One Month Modified Files and Folders =======

2013-12-14 15:42 - 2013-12-14 15:42 - 00014173 _____ C:\Users\INTERNET\Desktop\FRST.txt
2013-12-14 15:41 - 2013-12-14 15:41 - 00000000 ____D C:\Users\INTERNET\Desktop\FRST-OlderVersion
2013-12-14 15:41 - 2013-12-12 10:24 - 00000000 ____D C:\FRST
2013-12-14 15:41 - 2013-12-12 10:23 - 01927796 _____ (Farbar) C:\Users\INTERNET\Desktop\FRST64.exe
2013-12-14 15:36 - 2013-12-14 15:36 - 00001033 _____ C:\Users\INTERNET\Desktop\checkup.txt
2013-12-14 15:35 - 2013-12-14 15:35 - 00001033 _____ C:\Users\admin\Desktop\checkup.txt
2013-12-14 15:32 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-14 15:32 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-14 15:28 - 2013-11-21 11:10 - 01941085 _____ C:\Windows\WindowsUpdate.log
2013-12-14 15:28 - 2011-04-12 08:43 - 00698926 _____ C:\Windows\system32\perfh007.dat
2013-12-14 15:28 - 2011-04-12 08:43 - 00149034 _____ C:\Windows\system32\perfc007.dat
2013-12-14 15:28 - 2009-07-14 06:13 - 01618320 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-14 15:25 - 2013-12-12 20:44 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-14 15:25 - 2013-09-16 10:19 - 00000514 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-12-14 15:25 - 2013-08-09 10:18 - 00000380 _____ C:\Users\INTERNET\AppData\Roaming\sp_data.sys
2013-12-14 15:24 - 2013-11-21 16:23 - 00104034 _____ C:\Windows\PFRO.log
2013-12-14 15:24 - 2013-11-21 11:05 - 00004816 _____ C:\Windows\setupact.log
2013-12-14 15:24 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-14 15:16 - 2013-12-14 15:11 - 00891200 _____ C:\Users\INTERNET\Desktop\SecurityCheck.exe
2013-12-14 15:04 - 2013-11-21 22:59 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-14 14:55 - 2013-12-12 20:44 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-14 11:28 - 2013-12-14 11:28 - 02347384 _____ (ESET) C:\Users\INTERNET\Desktop\esetsmartinstaller_enu.exe
2013-12-13 21:48 - 2013-10-08 18:38 - 00007622 _____ C:\Users\admin\AppData\Local\Resmon.ResmonCfg
2013-12-13 21:07 - 2013-08-20 21:46 - 00084592 _____ C:\Users\INTERNET\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-13 21:07 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-13 21:06 - 2013-08-08 22:49 - 00000000 ___RD C:\Users\INTERNET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-13 21:06 - 2013-08-08 22:49 - 00000000 ___RD C:\Users\INTERNET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-13 21:03 - 2009-07-14 05:45 - 00339352 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-13 20:56 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-12-13 20:56 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-12-13 20:56 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-12-13 20:55 - 2011-04-12 08:55 - 00000000 ____D C:\Program Files\Windows Journal
2013-12-13 18:42 - 2013-12-13 18:42 - 00000759 _____ C:\Users\admin\Desktop\JRT.txt
2013-12-13 18:07 - 2013-12-13 18:07 - 00000000 ____D C:\Windows\ERUNT
2013-12-13 18:02 - 2013-12-13 17:53 - 00000000 ____D C:\AdwCleaner
2013-12-13 17:52 - 2013-12-13 17:51 - 01034531 _____ (Thisisu) C:\Users\INTERNET\Desktop\JRT.exe
2013-12-13 17:50 - 2013-12-13 17:50 - 01226802 _____ C:\Users\INTERNET\Desktop\adwcleaner.exe
2013-12-13 17:28 - 2013-12-13 17:28 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-13 17:28 - 2013-12-13 17:28 - 00000000 ____D C:\Users\admin\AppData\Roaming\Malwarebytes
2013-12-13 17:28 - 2013-12-13 17:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-13 17:28 - 2013-12-13 17:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-13 17:23 - 2013-12-13 17:22 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\INTERNET\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-13 15:33 - 2013-09-11 00:52 - 00000000 ____D C:\Users\INTERNET\AppData\Roaming\Skype
2013-12-13 11:09 - 2013-08-11 01:12 - 00000000 ____D C:\Users\admin
2013-12-13 11:08 - 2013-12-13 11:08 - 00000000 ____D C:\Users\INTERNET\AppData\Roaming\AVAST Software
2013-12-13 10:50 - 2013-12-12 20:44 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-13 10:50 - 2013-12-12 20:44 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-12 22:03 - 2013-12-12 22:03 - 00000000 ____D C:\Users\INTERNET\AppData\Local\Google
2013-12-12 21:01 - 2013-12-12 20:50 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-12-12 20:51 - 2013-12-12 20:51 - 00000000 ____D C:\Users\admin\AppData\Roaming\AVAST Software
2013-12-12 20:51 - 2013-12-12 20:44 - 00000000 ____D C:\Users\admin\AppData\Local\Google
2013-12-12 20:50 - 2013-12-12 20:50 - 00002247 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-12 20:50 - 2013-12-12 20:50 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-12 20:50 - 2013-12-12 20:44 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-12 20:43 - 2013-12-12 20:44 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-12 20:43 - 2013-12-12 20:44 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-12 20:43 - 2013-12-12 20:44 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-12 20:43 - 2013-12-12 20:44 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-12 20:43 - 2013-12-12 20:44 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-12-12 20:43 - 2013-12-12 20:43 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-12 20:43 - 2013-12-12 20:43 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-12-12 20:43 - 2013-12-12 20:43 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-12 20:43 - 2013-12-12 20:43 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-12 20:43 - 2013-12-12 20:43 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-12-12 20:43 - 2013-12-12 20:43 - 00000000 ____D C:\Program Files\AVAST Software
2013-12-12 20:42 - 2013-12-12 20:42 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-12 20:38 - 2013-09-05 06:53 - 00000000 ____D C:\ProgramData\Avira
2013-12-12 20:28 - 2013-12-12 20:08 - 87529432 _____ (AVAST Software) C:\Users\INTERNET\Downloads\avast_free_antivirus_setup.exe
2013-12-12 20:06 - 2013-12-12 19:20 - 30712411 _____ (AVAST Software) C:\Users\INTERNET\Downloads\avast_free_antivirus_setup_9.0.2006.159.exe.part
2013-12-12 19:23 - 2013-12-12 19:23 - 00700980 _____ C:\Users\INTERNET\Downloads\adblock_edge-2.0.7-sm+an+tb+fx-windows.xpi
2013-12-12 19:23 - 2013-12-12 19:23 - 00526323 _____ C:\Users\INTERNET\Downloads\web_of_trust_wot-20131118-fx.zip
2013-12-12 19:22 - 2013-12-12 19:22 - 00534752 _____ C:\Users\INTERNET\Downloads\noscript-2.6.8.7.xpi.zip
2013-12-12 18:59 - 2013-12-12 18:58 - 00651264 _____ C:\Users\INTERNET\Downloads\MicrosoftFixit50096.msi
2013-12-12 18:17 - 2013-12-12 18:17 - 00012967 _____ C:\ComboFix.txt
2013-12-12 18:17 - 2013-12-12 18:01 - 00000000 ____D C:\Qoobox
2013-12-12 18:17 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-12-12 18:14 - 2013-12-12 18:01 - 00000000 ____D C:\Windows\erdnt
2013-12-12 18:13 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-12-12 17:52 - 2013-12-12 17:51 - 05153468 ____R (Swearware) C:\Users\INTERNET\Desktop\ComboFix.exe
2013-12-12 17:49 - 2013-12-12 17:47 - 00000000 ____D C:\Users\INTERNET\Desktop\OTL
2013-12-12 00:40 - 2013-12-12 00:40 - 00602112 _____ (OldTimer Tools) C:\Users\INTERNET\Downloads\otl.exe
2013-12-12 00:13 - 2013-12-11 23:56 - 00000000 ____D C:\Program Files (x86)\Connectify
2013-12-12 00:08 - 2013-12-12 00:08 - 00000374 _____ C:\Users\Public\Desktop\Connectify Dispatch.lnk
2013-12-12 00:08 - 2013-12-12 00:08 - 00000358 _____ C:\Users\Public\Desktop\Connectify Hotspot.lnk
2013-12-12 00:07 - 2013-12-12 00:07 - 00035352 _____ (Connectify) C:\Windows\system32\Drivers\cnnctfy3.sys
2013-12-12 00:06 - 2013-12-12 00:03 - 07709312 _____ C:\Users\INTERNET\Downloads\ConnectifyInstaller.exe
2013-12-12 00:02 - 2013-12-11 23:56 - 00000000 ____D C:\ProgramData\Connectify
2013-12-11 23:47 - 2013-12-09 11:23 - 00000000 ____D C:\Program Files (x86)\Virtual Router
2013-12-11 23:32 - 2013-12-11 23:32 - 00342135 _____ (Murat ÖZKUL                                                 ) C:\Users\INTERNET\Downloads\MOVirtualRouter_Setup.exe
2013-12-11 22:12 - 2013-11-21 22:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 22:12 - 2013-11-21 22:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 22:12 - 2013-11-21 22:59 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 19:36 - 2013-09-11 00:51 - 00000000 ____D C:\ProgramData\Skype
2013-12-11 19:35 - 2013-12-10 20:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-11 11:54 - 2013-12-11 11:52 - 00000176 _____ C:\Users\INTERNET\Desktop\français avec victor.txt
2013-12-10 20:01 - 2013-12-10 20:01 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-12-10 20:00 - 2013-12-10 20:00 - 00003142 _____ C:\Windows\System32\Tasks\{E4F887D6-46D4-4F49-8F4A-CF9104970836}
2013-12-10 19:46 - 2013-12-10 19:46 - 00003142 _____ C:\Windows\System32\Tasks\{EE2D957F-3AB5-4238-9BA8-1DB3CC57897B}
2013-12-10 19:24 - 2013-12-10 19:24 - 01551008 _____ (Skype Technologies S.A.) C:\Users\INTERNET\Downloads\SkypeSetup.exe
2013-12-10 10:22 - 2013-12-10 10:22 - 00180638 _____ C:\Users\INTERNET\Desktop\e-verbe.apk
2013-12-09 16:39 - 2013-12-09 16:39 - 00000010 _____ C:\Users\INTERNET\Desktop\kennwort-home.txt
2013-12-09 16:38 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-12-09 11:22 - 2013-12-08 18:31 - 00000000 ____D C:\Program Files (x86)\Virtual Router0
2013-12-08 23:11 - 2013-08-11 01:46 - 00000380 _____ C:\Users\admin\AppData\Roaming\sp_data.sys
2013-12-08 19:45 - 2013-12-08 19:45 - 01373696 _____ C:\Users\INTERNET\Downloads\VirtualRouterInstaller10.msi
2013-12-08 19:45 - 2013-12-08 19:38 - 01373696 _____ C:\Users\INTERNET\Downloads\VirtualRouterInstallerneu.msi
2013-12-08 18:41 - 2013-12-08 18:41 - 00000000 ____D C:\Users\INTERNET\AppData\Local\Chris_Pietschmann_(http__
2013-12-08 18:35 - 2013-08-08 22:48 - 00000000 ____D C:\Users\INTERNET
2013-12-08 18:14 - 2011-04-12 08:54 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-12-08 18:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-08 18:13 - 2013-12-07 13:00 - 00000000 ____D C:\Program Files (x86)\winhotspot
2013-12-08 18:13 - 2013-12-07 12:56 - 00000000 ____D C:\Users\INTERNET\Downloads\VirtualRouterPlus
2013-12-08 18:13 - 2013-11-28 18:05 - 00000000 ____D C:\Users\INTERNET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evernote
2013-12-08 18:13 - 2013-11-06 01:30 - 00000000 ____D C:\Users\admin\AppData\Local\Chris_Pietschmann_(http__
2013-12-08 18:13 - 2013-08-11 01:37 - 00000000 ____D C:\ProgramData\P4G
2013-12-08 18:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-12-08 18:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-12-08 18:12 - 2013-11-28 18:05 - 00000000 ____D C:\Users\INTERNET\AppData\Local\Apps\Evernote
2013-12-08 15:58 - 2013-12-08 15:27 - 226582528 _____ C:\Users\INTERNET\Downloads\Express-3.1-rc3-x86_64.iso
2013-12-08 15:31 - 2013-12-08 15:31 - 04734018 _____ C:\Users\INTERNET\Downloads\nat32v2.zip
2013-12-08 15:24 - 2013-12-08 15:24 - 00000000 ____D C:\Users\INTERNET\Downloads\opt
2013-12-08 14:18 - 2013-12-08 14:09 - 00000000 ____D C:\Users\Administrator
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Vorlagen
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Startmenü
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Netzwerkumgebung
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Lokale Einstellungen
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Eigene Dateien
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Druckumgebung
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Musik
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Bilder
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Verlauf
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Anwendungsdaten
2013-12-08 14:09 - 2013-12-08 14:09 - 00000000 _SHDL C:\Users\Administrator\Anwendungsdaten
2013-12-07 22:25 - 2013-12-07 19:54 - 85067689 _____ C:\Users\INTERNET\Downloads\Vocabulaire en dialogues debutant.rar.part
2013-12-07 19:54 - 2013-12-07 19:54 - 00000000 _____ C:\Users\INTERNET\Downloads\Vocabulaire en dialogues debutant.rar
2013-12-07 13:23 - 2013-12-07 13:23 - 01757632 _____ C:\Users\INTERNET\Downloads\openvpn-install-2.3.2-I003-x86_64.exe
2013-12-07 13:09 - 2013-12-07 13:04 - 00013824 _____ C:\Users\admin\AppData\Roaming\Winhotspot.log
2013-12-07 12:40 - 2013-12-07 12:40 - 00000000 ____D C:\Users\admin\AppData\Roaming\Apple Computer
2013-12-05 19:31 - 2013-12-05 19:31 - 00000051 _____ C:\Users\INTERNET\Desktop\home.txt
2013-11-28 18:06 - 2013-11-28 18:06 - 00000000 ____D C:\Users\INTERNET\AppData\Local\Evernote
2013-11-28 18:05 - 2013-11-28 18:05 - 00001222 _____ C:\Users\INTERNET\Desktop\Evernote.lnk
2013-11-28 18:03 - 2013-11-28 17:45 - 58823520 _____ (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\INTERNET\Downloads\Evernote_5.0.3.1614.exe
2013-11-27 08:30 - 2013-11-26 18:20 - 00000000 ____D C:\Users\INTERNET\AppData\Roaming\Apple Computer
2013-11-26 18:22 - 2013-11-26 18:22 - 00000000 ____D C:\Users\INTERNET\AppData\Local\Apple Computer
2013-11-26 18:12 - 2013-11-26 18:12 - 00000000 ____D C:\ProgramData\Apple Computer
2013-11-26 18:12 - 2013-11-26 18:12 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-11-26 18:10 - 2013-11-26 18:10 - 00000000 ____D C:\Users\admin\AppData\Local\Apple
2013-11-26 18:10 - 2013-11-26 18:10 - 00000000 ____D C:\ProgramData\Apple
2013-11-26 18:10 - 2013-11-26 18:10 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-11-26 18:08 - 2013-11-26 17:58 - 41404760 _____ (Apple Inc.) C:\Users\INTERNET\Downloads\QuickTimeInstaller.exe
2013-11-26 10:08 - 2013-11-26 10:08 - 00000207 _____ C:\Users\INTERNET\Desktop\Termin-plan-theater.txt
2013-11-25 21:00 - 2013-11-27 10:28 - 1891539492 _____ C:\Users\INTERNET\Desktop\Ronja_roh_Ausspielung.mov
2013-11-23 09:08 - 2013-11-23 09:06 - 07709312 _____ C:\Users\INTERNET\Downloads\Connectify71Installer.exe
2013-11-23 08:42 - 2013-11-23 01:15 - 00000000 ____D C:\Users\INTERNET\AppData\Roaming\uTorrent
2013-11-23 01:16 - 2013-11-23 01:16 - 00000000 ____D C:\Users\admin\AppData\Roaming\uTorrent
2013-11-23 01:14 - 2013-11-23 01:14 - 01142864 _____ (BitTorrent Inc.) C:\Users\INTERNET\Downloads\uTorrent-30303.exe
2013-11-22 16:29 - 2013-11-22 16:29 - 00000000 ____D C:\Users\INTERNET\Downloads\ProcessMonitor
2013-11-22 16:24 - 2013-11-22 16:24 - 01110478 _____ C:\Users\INTERNET\Downloads\ProcessMonitor.zip
2013-11-21 23:14 - 2013-11-21 23:14 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-11-21 23:14 - 2013-08-09 06:21 - 00000000 ____D C:\Users\admin\AppData\Local\Adobe
2013-11-21 22:51 - 2013-10-11 19:12 - 04897880 _____ (Adobe Systems Inc.) C:\Users\INTERNET\Downloads\Shockwave_Installer_Slim.exe
2013-11-21 17:14 - 2013-11-21 16:28 - 126764512 _____ C:\Users\INTERNET\Downloads\avira_free_antivirus_de.exe
2013-11-21 11:05 - 2013-11-21 11:05 - 00000000 _____ C:\Windows\setuperr.log
2013-11-21 10:38 - 2013-11-17 22:13 - 00000000 ____D C:\Windows\Minidump
2013-11-19 03:33 - 2010-11-21 04:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-18 18:05 - 2013-11-18 18:03 - 06199091 _____ C:\Users\INTERNET\Downloads\NexusLouderV8B1-Final.zip
2013-11-18 18:03 - 2013-11-18 18:03 - 00162620 _____ C:\Users\INTERNET\Downloads\NexusLouderV8B1-Revert.zip
2013-11-17 19:13 - 2013-11-17 19:13 - 104695876 _____ C:\Windows\SysWOW64\䴇춧ᵌ
2013-11-17 09:11 - 2013-10-06 22:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-16 14:12 - 2013-11-16 14:12 - 00004096 ____H C:\Users\INTERNET\AppData\Local\keyfile3.drm
2013-11-15 23:36 - 2013-11-15 23:23 - 01592784 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\temp\Quarantine.exe
C:\Users\INTERNET\AppData\Local\temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-10 09:02

==================== End Of Log ============================

--- --- ---

daday · 14.12.2013, 16:01

Nscheinend war alle zu groß für einen Beitrag!

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2013 01
Ran by admin at 2013-12-14 15:44:56
Running from C:\Users\INTERNET\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.5.146)
AMD APP SDK Runtime (Version: 10.0.851.4)
AMD Catalyst Install Manager (Version: 3.0.859.0)
AMD Fuel (Version: 2012.0321.2215.37961)
AMD Media Foundation Decoders (Version: 1.0.70321.2226)
AMD Steady Video Plug-In  (Version: 2.03.0000)
AMD VISION Engine Control Center (x32 Version: 2012.0321.2215.37961)
Apple Application Support (x32 Version: 2.3.4)
Apple Software Update (x32 Version: 2.1.3.127)
Ashampoo Burning Studio 2013 v.11.0.6 (x32 Version: 11.0.6)
ASUS FaceLogon (x32 Version: 1.0.0014)
ASUS FancyStart (x32 Version: 1.1.1)
ASUS LifeFrame3 (x32 Version: 3.1.1)
ASUS Power4Gear Hybrid (Version: 1.2.1)
ASUS Sonic Focus (x32 Version: 1.0.0.5)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.02.0041)
ASUS Virtual Camera (x32 Version: 1.0.25)
ATK Package (x32 Version: 1.0.0016)
avast! Free Antivirus (x32 Version: 9.0.2008)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0321.2215.37961)
Catalyst Control Center InstallProxy (x32 Version: 2012.0321.2215.37961)
Catalyst Control Center Localization All (x32 Version: 2012.0321.2215.37961)
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0321.2215.37961)
CCC Help Chinese Standard (x32 Version: 2012.0321.2214.37961)
CCC Help Chinese Traditional (x32 Version: 2012.0321.2214.37961)
CCC Help Czech (x32 Version: 2012.0321.2214.37961)
CCC Help Danish (x32 Version: 2012.0321.2214.37961)
CCC Help Dutch (x32 Version: 2012.0321.2214.37961)
CCC Help English (x32 Version: 2012.0321.2214.37961)
CCC Help Finnish (x32 Version: 2012.0321.2214.37961)
CCC Help French (x32 Version: 2012.0321.2214.37961)
CCC Help German (x32 Version: 2012.0321.2214.37961)
CCC Help Greek (x32 Version: 2012.0321.2214.37961)
CCC Help Hungarian (x32 Version: 2012.0321.2214.37961)
CCC Help Italian (x32 Version: 2012.0321.2214.37961)
CCC Help Japanese (x32 Version: 2012.0321.2214.37961)
CCC Help Korean (x32 Version: 2012.0321.2214.37961)
CCC Help Norwegian (x32 Version: 2012.0321.2214.37961)
CCC Help Polish (x32 Version: 2012.0321.2214.37961)
CCC Help Portuguese (x32 Version: 2012.0321.2214.37961)
CCC Help Russian (x32 Version: 2012.0321.2214.37961)
CCC Help Spanish (x32 Version: 2012.0321.2214.37961)
CCC Help Swedish (x32 Version: 2012.0321.2214.37961)
CCC Help Thai (x32 Version: 2012.0321.2214.37961)
CCC Help Turkish (x32 Version: 2012.0321.2214.37961)
ccc-utility64 (Version: 2012.0321.2215.37961)
CCleaner (Version: 3.00)
Connectify (Version: 7.1.0.29279)
ETDWare PS/2-X64 8.0.5.1_WHQL (Version: 8.0.5.1)
Evernote v. 5.0.3 (x32 Version: 5.0.3.1614)
Google Chrome (x32 Version: 31.0.1650.63)
Google Update Helper (x32 Version: 1.3.22.3)
Hama Wireless LAN Adapter (x32 Version: 1.00.0000)
HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät (Version: 22.50.231.0)
HP Officejet 6500 E710a-f Hilfe (x32 Version: 140.0.2.2)
I.R.I.S. OCR (x32 Version: 12.3.4.0)
Java 7 Update 40 (x32 Version: 7.0.400)
Java Auto Updater (x32 Version: 2.1.9.8)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938)
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1)
Qualcomm Atheros WiFi Driver Installation (x32 Version: 9.2)
QuickTime (x32 Version: 7.74.80.86)
Realtek Ethernet Controller Driver (x32 Version: 7.42.304.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6482)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30127)
Skype™ 6.11 (x32 Version: 6.11.102)
Studie zur Verbesserung von HP Officejet 6500 E710a-f Produkten (Version: 22.50.231.0)
swMSM (x32 Version: 12.0.0.1)
tulox Freeware-Wörterbuch (Französisch) (x32)
WinRAR Archivierer (x32)

==================== Restore Points  =========================

12-12-2013 19:42:46 avast! antivirus system restore point
12-12-2013 20:27:35 Windows Update
12-12-2013 22:15:15 Windows Update
13-12-2013 18:14:34 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {187AD877-F2A7-4406-B1EF-7DFA109CEE0D} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-02-16] (ASUSTek Computer Inc.)
Task: {421E132A-644E-4E89-891D-F52844DC054C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {46E4A042-63B9-41F9-92E2-B67DB681816C} - System32\Tasks\{EE2D957F-3AB5-4238-9BA8-1DB3CC57897B} => Firefox.exe hxxp://ui.skype.com/ui/0/6.11.0.102/de/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {4900172F-1569-49AD-90E0-F06DD6CFBB82} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-02-15] (ASUS)
Task: {6EC4B714-9FA4-40C7-951F-CDFC58427DD1} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2012-02-16] (ASUSTek Computer Inc.)
Task: {86E4FAAD-78C6-4AB5-A80D-5360EFBD0238} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-12] (AVAST Software)
Task: {9FA57234-E8D0-4CCD-81DF-29E458A4ACFE} - System32\Tasks\{E4F887D6-46D4-4F49-8F4A-CF9104970836} => Firefox.exe hxxp://ui.skype.com/ui/0/6.11.0.102/de/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {AD8735F4-298F-4C3B-BC04-14128404BD3E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-12] (Google Inc.)
Task: {C3E12289-B014-4354-BC0B-1F97737FA460} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-12] (Google Inc.)
Task: {DE190992-56AA-4008-98DD-12E99BED5ADF} - System32\Tasks\hpUtility.exe => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\utils\hpUtility.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {E5171D7C-4CAF-42D5-B5D3-6201DC1EDF8E} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710a-f => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-13 14:03 - 2013-12-13 09:58 - 02152448 _____ () C:\Program Files\AVAST Software\Avast\defs\13121300\algo.dll
2013-12-11 23:57 - 2013-11-05 21:07 - 00376608 _____ () C:\Program Files (x86)\Connectify\NativeLibrary.dll
2013-12-11 23:57 - 2013-11-05 21:07 - 03156256 _____ () C:\Program Files (x86)\Connectify\ConnectifyNAT.dll
2013-12-11 23:57 - 2013-11-05 21:07 - 00714016 _____ () C:\Program Files (x86)\Connectify\log4cplus.dll
2013-12-11 23:57 - 2013-11-05 21:07 - 00353056 _____ () C:\Program Files (x86)\Connectify\LibDispatch.dll
2012-02-21 13:49 - 2012-02-21 13:49 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2013-12-12 20:43 - 2013-12-12 20:43 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-10-06 22:52 - 2013-11-17 09:11 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-12-11 22:12 - 2013-12-11 22:12 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
2013-08-08 21:55 - 2001-01-16 18:46 - 00015360 _____ () C:\Program Files (x86)\WS_FTP Pro\nsftpch.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/14/2013 03:25:40 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/14/2013 03:25:20 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/14/2013 03:05:39 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/14/2013 11:28:59 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/14/2013 11:28:41 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/14/2013 11:28:41 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/14/2013 11:28:36 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/14/2013 10:14:13 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/13/2013 09:07:37 PM) (Source: Windows Search Service) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-2415952919-342969038-3676353109-1002}/">.

Error: (12/13/2013 09:07:37 PM) (Source: Windows Search Service) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-2415952919-342969038-3676353109-1000}/">.


System errors:
=============
Error: (12/14/2013 03:26:10 PM) (Source: ipnathlp) (User: )
Description: 0

Error: (12/14/2013 03:24:26 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎14.‎12.‎2013 um 15:22:49 unerwartet heruntergefahren.

Error: (12/14/2013 02:48:57 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "SSDP-Suche" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (12/14/2013 02:48:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "UPnP-Gerätehost" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/14/2013 02:48:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SSDP-Suche" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/14/2013 02:48:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Dienst für Schriftartencache" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/14/2013 10:16:03 AM) (Source: BROWSER) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{E11E18F6-FA54-4C14-BCAC-7C73107031C3}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.

Error: (12/13/2013 09:48:09 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "SSDP-Suche" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (12/13/2013 09:48:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "UPnP-Gerätehost" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/13/2013 09:48:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SSDP-Suche" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (12/14/2013 03:25:40 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\INTERNET\Desktop\esetsmartinstaller_enu.exe

Error: (12/14/2013 03:25:20 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/14/2013 03:05:39 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (12/14/2013 11:28:59 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\INTERNET\Desktop\esetsmartinstaller_enu.exe

Error: (12/14/2013 11:28:41 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\INTERNET\Desktop\esetsmartinstaller_enu.exe

Error: (12/14/2013 11:28:41 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\INTERNET\Desktop\esetsmartinstaller_enu.exe

Error: (12/14/2013 11:28:36 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\INTERNET\Desktop\esetsmartinstaller_enu.exe

Error: (12/14/2013 10:14:13 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/13/2013 09:07:37 PM) (Source: Windows Search Service)(User: )
Description: 300x80040d07iehistory://{S-1-5-21-2415952919-342969038-3676353109-1002}/

Error: (12/13/2013 09:07:37 PM) (Source: Windows Search Service)(User: )
Description: 300x80040d07iehistory://{S-1-5-21-2415952919-342969038-3676353109-1000}/


==================== Memory info =========================== 

Percentage of memory in use: 36%
Total physical RAM: 3691.7 MB
Available physical RAM: 2361.95 MB
Total Pagefile: 7381.58 MB
Available Pagefile: 5926.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:73.38 GB) (Free:37.61 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Volume) (Fixed) (Total:224.61 GB) (Free:177.85 GB) NTFS
Drive f: (USB DISK) (Removable) (Total:1.87 GB) (Free:1.84 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 8DE88DDA)
Partition 1: (Active) - (Size=73 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=225 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=2 GB) - (Type=06)

==================== End Of Log ============================

schrauber · 15.12.2013, 07:34

Avast deinstallieren, Rechner ohne Avast booten und testen.

15.12.2013, 07:34	#11
schrauber /// the machine /// TB-Ausbilder	CPU läuft immer auf 100% ohne Anwendungen! Avast deinstallieren, Rechner ohne Avast booten und testen. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

CPU läuft immer auf 100% ohne Anwendungen!

Log-Analyse und Auswertung: CPU läuft immer auf 100% ohne Anwendungen!