Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden

Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden


Log-Analyse und Auswertung: Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 29.12.2013, 13:19   #1
Durkadenz
 
Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden - Standard

Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden


Und hier der neue FRST Log:
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013
Ran by Christian (administrator) on SERENITY on 29-12-2013 13:05:11
Running from C:\Users\Christian\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AMD) C:\Windows\System32\atieclxx.exe
() C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Felix 'SniperBeamer' Geyer) C:\Program Files (x86)\Thunderbird-Tray\TBTray.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(TODO: <Company name>) C:\Program Files (x86)\VIA\VIAudioi\HDADeck\VIAJDS.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonTaskbar.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonUiAcc.exe
(Farbar) C:\Users\Christian\Downloads\FRST64(1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Monitor] - C:\Windows\PixArt\Pac207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [312376 2011-11-15] (Power Software Ltd)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] - C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini [334 2012-05-15] ()
HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [VIAJDS] - C:\Program Files (x86)\VIA\VIAudioi\HDADeck\VIAJDS.exe [458752 2009-12-08] (TODO: <Company name>)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5123216 2012-06-08] (VIA)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2010624 2013-07-20] (Dominik Reichl)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-19] (Google Inc.)
HKCU\...\Run: [LightShot] - C:\Users\Christian\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
MountPoints2: G - G:\AutoRun.exe
MountPoints2: I - I:\AutoRun.exe
MountPoints2: P - P:\AutoRun.exe
MountPoints2: {00c06d96-0ffd-11e3-9047-0026189bbce8} - G:\AutoRun.exe
MountPoints2: {00c06da7-0ffd-11e3-9047-0026189bbce8} - P:\AutoRun.exe
MountPoints2: {7b0b37b1-8044-11e2-b239-0026189bbce8} - G:\AutoRun.exe
MountPoints2: {7b0b37c1-8044-11e2-b239-0026189bbce8} - G:\AutoRun.exe
MountPoints2: {7b0b37d0-8044-11e2-b239-0026189bbce8} - I:\AutoRun.exe
MountPoints2: {b9af0a03-a139-11e2-bd8f-0026189bbce8} - P:\AutoRun.exe
MountPoints2: {b9af0a18-a139-11e2-bd8f-0026189bbce8} - P:\AutoRun.exe
MountPoints2: {b9af0a30-a139-11e2-bd8f-0026189bbce8} - I:\AutoRun.exe
MountPoints2: {c090c0e4-19ea-11e3-837e-0026189bbce8} - P:\AutoRun.exe
MountPoints2: {d87a3563-a1ff-11e2-8443-0026189bbce8} - P:\AutoRun.exe
MountPoints2: {d87a3580-a1ff-11e2-8443-0026189bbce8} - G:\AutoRun.exe
MountPoints2: {d87a359f-a1ff-11e2-8443-0026189bbce8} - G:\AutoRun.exe
MountPoints2: {d87a35b2-a1ff-11e2-8443-0026189bbce8} - P:\AutoRun.exe
MountPoints2: {d87a35c1-a1ff-11e2-8443-0026189bbce8} - P:\AutoRun.exe
MountPoints2: {d87a35d1-a1ff-11e2-8443-0026189bbce8} - P:\AutoRun.exe
MountPoints2: {f9481e39-77a8-11e2-854d-0026189bbce8} - I:\AutoRun.exe
MountPoints2: {f9481e5f-77a8-11e2-854d-0026189bbce8} - I:\AutoRun.exe
MountPoints2: {fe8e0010-72b2-11e2-bcb8-0026189bbce8} - P:\AutoRun.exe
MountPoints2: {fe8e0020-72b2-11e2-bcb8-0026189bbce8} - P:\AutoRun.exe
MountPoints2: {fe8e0054-72b2-11e2-bcb8-0026189bbce8} - G:\AutoRun.exe
MountPoints2: {fe8e0063-72b2-11e2-bcb8-0026189bbce8} - G:\AutoRun.exe
AppInit_DLLs-x32: c:\progra~3\browse~1\261040~1.25\{c16c1~1\browse~1.dll  [2202728 2012-12-25] ()
Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
SSODL-x32: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=70185bdf-f9aa-4cb1-ab25-40255259940c&searchtype=ds&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3F90FCAF7AE9CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=70185bdf-f9aa-4cb1-ab25-40255259940c&searchtype=ds&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = Babylon Search
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=70185bdf-f9aa-4cb1-ab25-40255259940c&searchtype=ds&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=70185bdf-f9aa-4cb1-ab25-40255259940c&searchtype=ds&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=70185bdf-f9aa-4cb1-ab25-40255259940c&searchtype=ds&q={searchTerms}
SearchScopes: HKCU - bProtectorDefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=70185bdf-f9aa-4cb1-ab25-40255259940c&searchtype=ds&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=110184&tt=0113_3&babsrc=SP_ss&mntrId=663b62ae0000000000000026189bbce8
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {F61253DD-9A2B-4E20-BA6F-E85A70E25BA7} URL = hxxp://search.daum.net/cgi-bin/nsp/search.cgi?w=tot&nil_ch=MSKR&q={searchTerms}
SearchScopes: HKCU - ëç÷Þb—ÍZÛ²Ì,¾¾wD>Aà[mW[¯¼¡>Õ§ŒÑèßOf”ÓI¶åD‹È@]Èjim-	s»™’ URL = 
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\bh\BabylonToolbar.dll (Babylon BHO)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\BabylonToolbarTlbr.dll (Babylon Ltd.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\..\Interfaces\{317A8E88-9FE3-420B-962A-9E9437D84357}: [NameServer]139.7.30.125 139.7.30.126
Tcpip\..\Interfaces\{C14D50A9-426C-41F4-A4AC-2736913AD760}: [NameServer]139.7.30.125 139.7.30.126

FireFox:
========
FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default
FF user.js: detected! => C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\user.js
FF NewTab: hxxp://search.babylon.com/?affID=110184&tt=0113_3&babsrc=NT_ss&mntrId=663b62ae0000000000000026189bbce8
FF Homepage: https://www.google.de/
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.3.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.3.1 - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0-git-20120212-0402 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Christian\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Christian\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\searchplugins\babylon1.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Super Start - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\Extensions\superstart@enjoyfreeware.org
FF Extension: EPUBReader - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF Extension: Ghostery - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\Extensions\firefox@ghostery.com.xpi
FF Extension: Stealthy - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\Extensions\stealthyextension@gmail.com.xpi
FF Extension: NoScript - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Spamavert.com - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\Extensions\{8e9008b4-ec7c-4c2a-828e-007d5d2dad22}.xpi
FF Extension: ImTranslator - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
FF Extension: Easy YouTube Video Downloader - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: Adblock Plus - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: BetterPrivacy - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKCU\...\Firefox\Extensions: [{58bd07eb-0ee0-4df0-8121-dc9b693373df}] - C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
FF Extension: BrowserProtect - C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension

Chrome: 
=======
CHR HomePage: hxxp://search.babylon.com/?affID=110184&tt=0113_3&babsrc=HP_ss&mntrId=663b62ae0000000000000026189bbce8
CHR RestoreOnStartup: "hxxp://www.google.de/webhp?source=search_app"
CHR DefaultSearchKeyword: babylon.com
CHR DefaultSearchProvider: Search the web (Babylon)
CHR DefaultSearchURL: hxxp://search.babylon.com/?q={searchTerms}&affID=110184&tt=0113_3&babsrc=SP_ss&mntrId=663b62ae0000000000000026189bbce8
CHR DefaultNewTabURL: 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Christian\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Christian\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Christian\AppData\Local\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Screen Capture Plugin) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.4_0\plugins/screen_capture.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (TVU Web Player for FireFox) - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll No File
CHR Plugin: (Google Update) - C:\Users\Christian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Extension: (YouTube) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Google Search) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Search Assistant ) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfelndikbdcohbdimnhdhhokfljdidgn\2.0.0
CHR Extension: (K-ON!) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijlppfhlfgamaofmpafjpibhdmmcbde\3_0
CHR Extension: (Google Wallet) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: () - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0
CHR Extension: (Gmail) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\Christian\AppData\Roaming\BabSolution\CR\BabylonChrome1.crx
CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-07-04] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-27] (Avira Operations GmbH & Co. KG)
R2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2547816 2012-12-25] ()
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 NitroDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [341312 2011-09-24] (Nitro PDF Software)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2012-12-19] (Nitro PDF Software)
R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [624856 2012-04-06] (Pandora.TV)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-03-05] ()
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R2 uCamMonitor; C:\Program Files (x86)\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2008-04-24] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-27] (Avira Operations GmbH & Co. KG)
S3 BEHRINGER_2902; C:\Windows\System32\Drivers\BUSB2902.sys [460864 2009-10-30] (BEHRINGER)
S3 BEHRINGER_2902; C:\Windows\SysWow64\Drivers\BUSB2902.sys [340480 2007-11-06] (BEHRINGER)
S3 BUSB_AUDIO_WDM; C:\Windows\System32\drivers\busbwdm.sys [49728 2009-10-30] (BEHRINGER)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-31] (DT Soft Ltd)
R3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2013-08-28] (Huawei Technologies Co., Ltd.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S4 sptd; \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-29 13:00 - 2013-12-29 13:04 - 01931262 _____ (Farbar) C:\Users\Christian\Downloads\FRST64(1).exe
2013-12-29 12:49 - 2013-12-29 12:49 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-12-29 12:01 - 2013-12-29 12:05 - 01048400 _____ C:\Users\Christian\Downloads\tdsskiller(3).exe
2013-12-29 09:54 - 2013-12-29 12:54 - 00003432 _____ C:\Windows\System32\Tasks\BrowserProtect
2013-12-28 12:12 - 2013-12-28 12:21 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Christian\Downloads\TDSSKiller19.exe
2013-12-28 12:03 - 2013-12-28 12:06 - 01048400 _____ C:\Users\Christian\Downloads\tdsskiller(2).exe
2013-12-28 11:59 - 2013-12-28 12:02 - 01048400 _____ C:\Users\Christian\Downloads\tdsskiller(1).exe
2013-12-28 11:55 - 2013-12-28 11:58 - 01048400 _____ C:\Users\Christian\Downloads\tdsskiller.exe
2013-12-27 20:23 - 2013-12-27 20:23 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Malwarebytes
2013-12-27 10:57 - 2013-12-27 10:57 - 00033205 _____ C:\Users\Christian\Desktop\Gmer.txt
2013-12-27 10:39 - 2013-12-27 10:41 - 00377856 _____ C:\Users\Christian\Downloads\gmer_2.1.19163.exe
2013-12-27 10:35 - 2013-12-27 10:35 - 00053850 _____ C:\Users\Christian\Desktop\Addition.txt
2013-12-27 10:35 - 2013-12-27 10:35 - 00051341 _____ C:\Users\Christian\Desktop\FRST.txt
2013-12-27 10:33 - 2013-12-27 10:34 - 00053850 _____ C:\Users\Christian\Downloads\Addition.txt
2013-12-27 10:29 - 2013-12-29 13:05 - 00028589 _____ C:\Users\Christian\Downloads\FRST.txt
2013-12-27 10:29 - 2013-12-29 12:58 - 00000000 ____D C:\FRST
2013-12-27 10:20 - 2013-12-27 10:28 - 01928716 _____ (Farbar) C:\Users\Christian\Downloads\FRST64.exe
2013-12-27 10:13 - 2013-12-27 10:13 - 00000660 _____ C:\Users\Christian\Downloads\defogger_disable.log
2013-12-27 10:13 - 2013-12-27 10:13 - 00000188 _____ C:\Users\Christian\defogger_reenable
2013-12-27 10:12 - 2013-12-27 10:12 - 00050477 _____ C:\Users\Christian\Downloads\Defogger.exe
2013-12-27 04:16 - 2013-12-27 11:47 - 00012056 _____ C:\Users\Christian\Desktop\Ereignisse.txt
2013-12-26 22:24 - 2013-12-26 22:24 - 00037348 _____ C:\Users\Christian\Downloads\colors_of_autumn.zip
2013-12-26 22:23 - 2013-12-26 22:23 - 00095742 _____ C:\Users\Christian\Downloads\lovely_excuse.zip
2013-12-26 22:23 - 2013-12-26 22:23 - 00019571 _____ C:\Users\Christian\Downloads\the_quick.zip
2013-12-26 22:20 - 2013-12-26 22:20 - 00032855 _____ C:\Users\Christian\Downloads\the_blue_oasis.zip
2013-12-26 22:09 - 2013-12-26 22:12 - 00110523 _____ C:\Users\Christian\Downloads\vtks_inked.zip
2013-12-26 22:08 - 2013-12-26 22:11 - 00429375 _____ C:\Users\Christian\Downloads\basterds.zip
2013-12-26 22:08 - 2013-12-26 22:08 - 00050419 _____ C:\Users\Christian\Downloads\from_where_you_are.zip
2013-12-26 22:08 - 2013-12-26 22:08 - 00025583 _____ C:\Users\Christian\Downloads\beginning_yoga.zip
2013-12-26 22:07 - 2013-12-26 22:08 - 00025090 _____ C:\Users\Christian\Downloads\lasting_love.zip
2013-12-26 22:06 - 2013-12-26 22:07 - 00122938 _____ C:\Users\Christian\Downloads\praying_angel.zip
2013-12-26 22:06 - 2013-12-26 22:07 - 00120623 _____ C:\Users\Christian\Downloads\a_brush_no.zip
2013-12-26 22:06 - 2013-12-26 22:06 - 00047131 _____ C:\Users\Christian\Downloads\leap_of_faith.zip
2013-12-26 22:06 - 2013-12-26 22:06 - 00014544 _____ C:\Users\Christian\Downloads\beginning_of_summer.zip
2013-12-26 22:05 - 2013-12-26 22:05 - 00018277 _____ C:\Users\Christian\Downloads\da_streets.zip
2013-12-26 21:35 - 2013-12-26 21:35 - 00094223 _____ C:\Users\Christian\Downloads\skinny_jeans.zip
2013-12-26 21:35 - 2013-12-26 21:35 - 00058703 _____ C:\Users\Christian\Downloads\nkotb_fever.zip
2013-12-26 21:35 - 2013-12-26 21:35 - 00047466 _____ C:\Users\Christian\Downloads\manga_temple.zip
2013-12-26 21:34 - 2013-12-26 21:34 - 00041602 _____ C:\Users\Christian\Downloads\international_playboy.zip
2013-12-26 21:34 - 2013-12-26 21:34 - 00035947 _____ C:\Users\Christian\Downloads\creator_credits.zip
2013-12-26 21:33 - 2013-12-26 21:33 - 00048371 _____ C:\Users\Christian\Downloads\blowhole.zip
2013-12-26 21:33 - 2013-12-26 21:33 - 00044382 _____ C:\Users\Christian\Downloads\zud_juice.zip
2013-12-26 21:32 - 2013-12-26 21:34 - 00255162 _____ C:\Users\Christian\Downloads\fish_fingers.zip
2013-12-26 21:32 - 2013-12-26 21:34 - 00142667 _____ C:\Users\Christian\Downloads\minya_nouvelle.zip
2013-12-26 21:32 - 2013-12-26 21:32 - 00089325 _____ C:\Users\Christian\Downloads\mandroid.zip
2013-12-26 21:32 - 2013-12-26 21:32 - 00026950 _____ C:\Users\Christian\Downloads\eight_years_later.zip
2013-12-26 21:27 - 2013-12-26 21:28 - 00045280 _____ C:\Users\Christian\Downloads\candy_stripe.zip
2013-12-26 21:24 - 2013-12-26 21:28 - 00285121 _____ C:\Users\Christian\Downloads\childs_play.zip
2013-12-26 21:24 - 2013-12-26 21:24 - 00040598 _____ C:\Users\Christian\Downloads\brown_bear_funk.zip
2013-12-26 21:24 - 2013-12-26 21:24 - 00023739 _____ C:\Users\Christian\Downloads\bottle_rocket.zip
2013-12-26 21:23 - 2013-12-26 21:23 - 00025439 _____ C:\Users\Christian\Downloads\blam_blam.zip
2013-12-26 21:23 - 2013-12-26 21:23 - 00022391 _____ C:\Users\Christian\Downloads\black_boys_on_mopeds.zip
2013-12-26 21:22 - 2013-12-26 21:22 - 00094590 _____ C:\Users\Christian\Downloads\acme_secret_agent.zip
2013-12-26 21:22 - 2013-12-26 21:22 - 00055656 _____ C:\Users\Christian\Downloads\anime_ace.zip
2013-12-26 21:20 - 2013-12-26 21:21 - 00073281 _____ C:\Users\Christian\Downloads\achilles.zip
2013-12-23 09:58 - 2013-12-23 16:08 - 106512568 _____ C:\Windows\SysWOW64\藽嬴–
2013-12-23 09:54 - 2013-12-23 10:12 - 00001822 _____ C:\Users\Christian\Desktop\Beschreibungen_aS.txt
2013-12-22 23:49 - 2013-12-22 23:49 - 00000000 ____D C:\Users\Christian\Downloads\31_Degrees_Celsius_[lililicious]
2013-12-22 23:43 - 2013-12-22 23:49 - 03506155 _____ C:\Users\Christian\Downloads\31_Degrees_Celsius_[lililicious].zip
2013-12-22 10:48 - 2013-12-22 10:50 - 00000000 ____D C:\Users\Christian\Desktop\Bilder_aS_Profil
2013-12-18 03:59 - 2013-12-18 03:59 - 00181083 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_04Uhr00_Final_v2.xlsm
2013-12-18 03:38 - 2013-12-18 03:54 - 00181073 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_03Uhr30_v2.xlsm
2013-12-18 03:13 - 2013-12-18 03:13 - 00004172 _____ C:\Users\Christian\Desktop\Wenn_DANN_Formeln.txt
2013-12-18 02:25 - 2013-12-18 03:03 - 00186431 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_02Uhr30_v2.xlsm
2013-12-18 02:11 - 2013-12-18 02:18 - 00184676 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_02Uhr00_v2.xlsm
2013-12-18 02:04 - 2013-12-18 02:04 - 00183765 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_02Uhr00.xlsm
2013-12-18 01:27 - 2013-12-18 01:44 - 00187441 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_01Uhr30.xlsm
2013-12-18 00:58 - 2013-12-18 00:58 - 00183247 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_01Uhr00.xlsm
2013-12-18 00:28 - 2013-12-18 00:28 - 00182185 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_00Uhr30.xlsm
2013-12-18 00:01 - 2013-12-18 00:20 - 00181437 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_00Uhr00.xlsm
2013-12-17 22:33 - 2013-12-17 22:33 - 00000000 _____ C:\Users\Christian\Desktop\Neues Textdokument.txt
2013-12-17 21:16 - 2013-12-17 23:51 - 00180663 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_21Uhr15.xlsm
2013-12-17 20:57 - 2013-12-17 21:03 - 00184068 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU.xlsm
2013-12-16 20:10 - 2013-12-16 20:10 - 00024012 _____ C:\Users\Christian\Desktop\Kopie von Kurosakitest.xlsm
2013-12-16 20:08 - 2013-12-16 17:20 - 00182787 _____ C:\Users\Christian\Desktop\Entscheidungshilfe_Tier-1_test2GANDALF_2.xlsm
2013-12-16 20:08 - 2013-12-16 17:20 - 00182787 _____ C:\Users\Christian\Desktop\Entscheidungshilfe_Tier-1_test2GANDALF.xlsm
2013-12-15 19:06 - 2013-12-15 19:06 - 00014918 _____ C:\Users\Christian\Desktop\Kopie von Kurosakitest-2.xlsm
2013-12-14 13:35 - 2013-12-14 13:35 - 00068096 _____ C:\Users\Christian\Desktop\Kopie von BeispielUserForms.xls
2013-12-11 19:29 - 2012-08-09 11:40 - 00031232 _____ C:\Users\Christian\Desktop\test.xls
2013-12-09 21:21 - 2013-12-09 21:23 - 00780800 _____ C:\Users\Christian\Downloads\2007-2010_windows_7_vor_update.zip
2013-12-08 15:42 - 2013-12-08 15:48 - 01616864 _____ C:\Users\Christian\Downloads\[Payapaya]_Yurika_no_Campus_Life_Chapter_1.zip
2013-12-05 22:18 - 2013-12-05 22:24 - 03542704 _____ C:\Users\Christian\Downloads\Shoujo_Sect_-_Volume_01_Chapter_01_[otenba](1).zip
2013-12-05 22:14 - 2013-12-05 22:18 - 02275256 _____ C:\Users\Christian\Downloads\Shoujo_Sect_-_Volume_01_Chapter_01_[otenba].zip
2013-12-05 08:59 - 2013-12-10 16:28 - 00000000 ____D C:\Users\Christian\Desktop\rivat
2013-12-03 21:16 - 2013-12-29 11:39 - 00000000 ____D C:\Users\Christian\Desktop\dj
2013-12-01 10:59 - 2013-12-08 21:36 - 00317339 _____ C:\Users\Christian\Desktop\Mangaliste_2.xlsm
2013-11-30 11:31 - 2013-11-30 11:30 - 02235763 _____ C:\Users\Christian\Desktop\suzumiya_haruhi_v02_the_sighs_of_suzumiya_haruhi_n.epub
2013-11-30 11:21 - 2013-11-30 11:19 - 02243783 _____ C:\Users\Christian\Desktop\suzumiya_haruhi_v01_the_melancholy_of_suzumiya_har.epub

==================== One Month Modified Files and Folders =======

2013-12-29 13:05 - 2013-12-27 10:29 - 00028589 _____ C:\Users\Christian\Downloads\FRST.txt
2013-12-29 13:04 - 2013-12-29 13:00 - 01931262 _____ (Farbar) C:\Users\Christian\Downloads\FRST64(1).exe
2013-12-29 12:58 - 2013-12-27 10:29 - 00000000 ____D C:\FRST
2013-12-29 12:54 - 2013-12-29 09:54 - 00003432 _____ C:\Windows\System32\Tasks\BrowserProtect
2013-12-29 12:49 - 2013-12-29 12:49 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-12-29 12:45 - 2012-03-31 15:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-29 12:42 - 2012-02-19 22:17 - 00001136 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-794549961-1181347935-302815916-1001UA.job
2013-12-29 12:05 - 2013-12-29 12:01 - 01048400 _____ C:\Users\Christian\Downloads\tdsskiller(3).exe
2013-12-29 11:53 - 2012-02-19 23:39 - 00000396 _____ C:\Windows\Tasks\update-S-1-5-21-794549961-1181347935-302815916-1001.job
2013-12-29 11:39 - 2013-12-03 21:16 - 00000000 ____D C:\Users\Christian\Desktop\dj
2013-12-29 11:16 - 2012-02-19 23:39 - 00000396 _____ C:\Windows\Tasks\update-sys.job
2013-12-29 11:02 - 2012-04-07 09:08 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Nitro PDF
2013-12-29 10:11 - 2012-02-17 16:18 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Winamp
2013-12-29 10:02 - 2009-07-14 05:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-29 10:02 - 2009-07-14 05:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-29 10:00 - 2009-07-14 18:58 - 01284002 _____ C:\Windows\system32\perfh007.dat
2013-12-29 10:00 - 2009-07-14 18:58 - 00680220 _____ C:\Windows\system32\perfc007.dat
2013-12-29 10:00 - 2009-07-14 06:13 - 00006666 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-29 09:54 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-29 09:54 - 2009-07-14 05:51 - 13994807 _____ C:\Windows\setupact.log
2013-12-29 04:04 - 2012-02-12 11:50 - 01608123 _____ C:\Windows\WindowsUpdate.log
2013-12-28 21:42 - 2012-02-19 22:17 - 00001084 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-794549961-1181347935-302815916-1001Core.job
2013-12-28 12:21 - 2013-12-28 12:12 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Christian\Downloads\TDSSKiller19.exe
2013-12-28 12:06 - 2013-12-28 12:03 - 01048400 _____ C:\Users\Christian\Downloads\tdsskiller(2).exe
2013-12-28 12:02 - 2013-12-28 11:59 - 01048400 _____ C:\Users\Christian\Downloads\tdsskiller(1).exe
2013-12-28 11:58 - 2013-12-28 11:55 - 01048400 _____ C:\Users\Christian\Downloads\tdsskiller.exe
2013-12-27 22:13 - 2012-02-13 00:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-27 20:23 - 2013-12-27 20:23 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Malwarebytes
2013-12-27 11:47 - 2013-12-27 04:16 - 00012056 _____ C:\Users\Christian\Desktop\Ereignisse.txt
2013-12-27 10:57 - 2013-12-27 10:57 - 00033205 _____ C:\Users\Christian\Desktop\Gmer.txt
2013-12-27 10:41 - 2013-12-27 10:39 - 00377856 _____ C:\Users\Christian\Downloads\gmer_2.1.19163.exe
2013-12-27 10:35 - 2013-12-27 10:35 - 00053850 _____ C:\Users\Christian\Desktop\Addition.txt
2013-12-27 10:35 - 2013-12-27 10:35 - 00051341 _____ C:\Users\Christian\Desktop\FRST.txt
2013-12-27 10:34 - 2013-12-27 10:33 - 00053850 _____ C:\Users\Christian\Downloads\Addition.txt
2013-12-27 10:28 - 2013-12-27 10:20 - 01928716 _____ (Farbar) C:\Users\Christian\Downloads\FRST64.exe
2013-12-27 10:13 - 2013-12-27 10:13 - 00000660 _____ C:\Users\Christian\Downloads\defogger_disable.log
2013-12-27 10:13 - 2013-12-27 10:13 - 00000188 _____ C:\Users\Christian\defogger_reenable
2013-12-27 10:13 - 2012-02-12 11:55 - 00000000 ____D C:\Users\Christian
2013-12-27 10:12 - 2013-12-27 10:12 - 00050477 _____ C:\Users\Christian\Downloads\Defogger.exe
2013-12-27 01:57 - 2013-06-28 21:12 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-27 01:57 - 2013-06-28 21:12 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-27 01:57 - 2013-06-28 21:12 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-27 01:57 - 2013-06-28 21:12 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-12-26 22:24 - 2013-12-26 22:24 - 00037348 _____ C:\Users\Christian\Downloads\colors_of_autumn.zip
2013-12-26 22:23 - 2013-12-26 22:23 - 00095742 _____ C:\Users\Christian\Downloads\lovely_excuse.zip
2013-12-26 22:23 - 2013-12-26 22:23 - 00019571 _____ C:\Users\Christian\Downloads\the_quick.zip
2013-12-26 22:20 - 2013-12-26 22:20 - 00032855 _____ C:\Users\Christian\Downloads\the_blue_oasis.zip
2013-12-26 22:12 - 2013-12-26 22:09 - 00110523 _____ C:\Users\Christian\Downloads\vtks_inked.zip
2013-12-26 22:11 - 2013-12-26 22:08 - 00429375 _____ C:\Users\Christian\Downloads\basterds.zip
2013-12-26 22:08 - 2013-12-26 22:08 - 00050419 _____ C:\Users\Christian\Downloads\from_where_you_are.zip
2013-12-26 22:08 - 2013-12-26 22:08 - 00025583 _____ C:\Users\Christian\Downloads\beginning_yoga.zip
2013-12-26 22:08 - 2013-12-26 22:07 - 00025090 _____ C:\Users\Christian\Downloads\lasting_love.zip
2013-12-26 22:07 - 2013-12-26 22:06 - 00122938 _____ C:\Users\Christian\Downloads\praying_angel.zip
2013-12-26 22:07 - 2013-12-26 22:06 - 00120623 _____ C:\Users\Christian\Downloads\a_brush_no.zip
2013-12-26 22:06 - 2013-12-26 22:06 - 00047131 _____ C:\Users\Christian\Downloads\leap_of_faith.zip
2013-12-26 22:06 - 2013-12-26 22:06 - 00014544 _____ C:\Users\Christian\Downloads\beginning_of_summer.zip
2013-12-26 22:05 - 2013-12-26 22:05 - 00018277 _____ C:\Users\Christian\Downloads\da_streets.zip
2013-12-26 21:35 - 2013-12-26 21:35 - 00094223 _____ C:\Users\Christian\Downloads\skinny_jeans.zip
2013-12-26 21:35 - 2013-12-26 21:35 - 00058703 _____ C:\Users\Christian\Downloads\nkotb_fever.zip
2013-12-26 21:35 - 2013-12-26 21:35 - 00047466 _____ C:\Users\Christian\Downloads\manga_temple.zip
2013-12-26 21:34 - 2013-12-26 21:34 - 00041602 _____ C:\Users\Christian\Downloads\international_playboy.zip
2013-12-26 21:34 - 2013-12-26 21:34 - 00035947 _____ C:\Users\Christian\Downloads\creator_credits.zip
2013-12-26 21:34 - 2013-12-26 21:32 - 00255162 _____ C:\Users\Christian\Downloads\fish_fingers.zip
2013-12-26 21:34 - 2013-12-26 21:32 - 00142667 _____ C:\Users\Christian\Downloads\minya_nouvelle.zip
2013-12-26 21:33 - 2013-12-26 21:33 - 00048371 _____ C:\Users\Christian\Downloads\blowhole.zip
2013-12-26 21:33 - 2013-12-26 21:33 - 00044382 _____ C:\Users\Christian\Downloads\zud_juice.zip
2013-12-26 21:32 - 2013-12-26 21:32 - 00089325 _____ C:\Users\Christian\Downloads\mandroid.zip
2013-12-26 21:32 - 2013-12-26 21:32 - 00026950 _____ C:\Users\Christian\Downloads\eight_years_later.zip
2013-12-26 21:28 - 2013-12-26 21:27 - 00045280 _____ C:\Users\Christian\Downloads\candy_stripe.zip
2013-12-26 21:28 - 2013-12-26 21:24 - 00285121 _____ C:\Users\Christian\Downloads\childs_play.zip
2013-12-26 21:24 - 2013-12-26 21:24 - 00040598 _____ C:\Users\Christian\Downloads\brown_bear_funk.zip
2013-12-26 21:24 - 2013-12-26 21:24 - 00023739 _____ C:\Users\Christian\Downloads\bottle_rocket.zip
2013-12-26 21:23 - 2013-12-26 21:23 - 00025439 _____ C:\Users\Christian\Downloads\blam_blam.zip
2013-12-26 21:23 - 2013-12-26 21:23 - 00022391 _____ C:\Users\Christian\Downloads\black_boys_on_mopeds.zip
2013-12-26 21:22 - 2013-12-26 21:22 - 00094590 _____ C:\Users\Christian\Downloads\acme_secret_agent.zip
2013-12-26 21:22 - 2013-12-26 21:22 - 00055656 _____ C:\Users\Christian\Downloads\anime_ace.zip
2013-12-26 21:21 - 2013-12-26 21:20 - 00073281 _____ C:\Users\Christian\Downloads\achilles.zip
2013-12-24 00:04 - 2012-05-20 19:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-23 16:08 - 2013-12-23 09:58 - 106512568 _____ C:\Windows\SysWOW64\藽嬴–
2013-12-23 10:12 - 2013-12-23 09:54 - 00001822 _____ C:\Users\Christian\Desktop\Beschreibungen_aS.txt
2013-12-23 09:40 - 2012-12-07 18:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-22 23:49 - 2013-12-22 23:49 - 00000000 ____D C:\Users\Christian\Downloads\31_Degrees_Celsius_[lililicious]
2013-12-22 23:49 - 2013-12-22 23:43 - 03506155 _____ C:\Users\Christian\Downloads\31_Degrees_Celsius_[lililicious].zip
2013-12-22 10:50 - 2013-12-22 10:48 - 00000000 ____D C:\Users\Christian\Desktop\Bilder_aS_Profil
2013-12-20 11:30 - 2012-02-19 13:28 - 00000000 ____D C:\Users\Christian\AppData\Roaming\vlc
2013-12-19 15:51 - 2012-08-19 15:53 - 00000000 ____D C:\Program Files (x86)\osu!
2013-12-19 15:05 - 2013-08-08 15:08 - 00000000 ____D C:\Users\Christian\AppData\Roaming\KeePass
2013-12-18 03:59 - 2013-12-18 03:59 - 00181083 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_04Uhr00_Final_v2.xlsm
2013-12-18 03:54 - 2013-12-18 03:38 - 00181073 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_03Uhr30_v2.xlsm
2013-12-18 03:13 - 2013-12-18 03:13 - 00004172 _____ C:\Users\Christian\Desktop\Wenn_DANN_Formeln.txt
2013-12-18 03:03 - 2013-12-18 02:25 - 00186431 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_02Uhr30_v2.xlsm
2013-12-18 02:18 - 2013-12-18 02:11 - 00184676 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_02Uhr00_v2.xlsm
2013-12-18 02:04 - 2013-12-18 02:04 - 00183765 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_02Uhr00.xlsm
2013-12-18 01:44 - 2013-12-18 01:27 - 00187441 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_01Uhr30.xlsm
2013-12-18 00:58 - 2013-12-18 00:58 - 00183247 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_01Uhr00.xlsm
2013-12-18 00:28 - 2013-12-18 00:28 - 00182185 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_00Uhr30.xlsm
2013-12-18 00:20 - 2013-12-18 00:01 - 00181437 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_00Uhr00.xlsm
2013-12-17 23:51 - 2013-12-17 21:16 - 00180663 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_21Uhr15.xlsm
2013-12-17 22:33 - 2013-12-17 22:33 - 00000000 _____ C:\Users\Christian\Desktop\Neues Textdokument.txt
2013-12-17 21:03 - 2013-12-17 20:57 - 00184068 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU.xlsm
2013-12-16 20:10 - 2013-12-16 20:10 - 00024012 _____ C:\Users\Christian\Desktop\Kopie von Kurosakitest.xlsm
2013-12-16 17:20 - 2013-12-16 20:08 - 00182787 _____ C:\Users\Christian\Desktop\Entscheidungshilfe_Tier-1_test2GANDALF_2.xlsm
2013-12-16 17:20 - 2013-12-16 20:08 - 00182787 _____ C:\Users\Christian\Desktop\Entscheidungshilfe_Tier-1_test2GANDALF.xlsm
2013-12-15 19:06 - 2013-12-15 19:06 - 00014918 _____ C:\Users\Christian\Desktop\Kopie von Kurosakitest-2.xlsm
2013-12-14 13:35 - 2013-12-14 13:35 - 00068096 _____ C:\Users\Christian\Desktop\Kopie von BeispielUserForms.xls
2013-12-11 20:27 - 2012-10-23 09:41 - 00000000 ____D C:\Users\Christian\Documents\Calibre Bibliothek
2013-12-10 16:28 - 2013-12-05 08:59 - 00000000 ____D C:\Users\Christian\Desktop\rivat
2013-12-09 21:23 - 2013-12-09 21:21 - 00780800 _____ C:\Users\Christian\Downloads\2007-2010_windows_7_vor_update.zip
2013-12-08 21:36 - 2013-12-01 10:59 - 00317339 _____ C:\Users\Christian\Desktop\Mangaliste_2.xlsm
2013-12-08 15:48 - 2013-12-08 15:42 - 01616864 _____ C:\Users\Christian\Downloads\[Payapaya]_Yurika_no_Campus_Life_Chapter_1.zip
2013-12-05 22:24 - 2013-12-05 22:18 - 03542704 _____ C:\Users\Christian\Downloads\Shoujo_Sect_-_Volume_01_Chapter_01_[otenba](1).zip
2013-12-05 22:18 - 2013-12-05 22:14 - 02275256 _____ C:\Users\Christian\Downloads\Shoujo_Sect_-_Volume_01_Chapter_01_[otenba].zip
2013-12-03 21:37 - 2012-02-19 22:17 - 00004114 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-794549961-1181347935-302815916-1001UA
2013-12-03 21:37 - 2012-02-19 22:17 - 00003718 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-794549961-1181347935-302815916-1001Core
2013-11-30 11:30 - 2013-11-30 11:31 - 02235763 _____ C:\Users\Christian\Desktop\suzumiya_haruhi_v02_the_sighs_of_suzumiya_haruhi_n.epub
2013-11-30 11:19 - 2013-11-30 11:21 - 02243783 _____ C:\Users\Christian\Desktop\suzumiya_haruhi_v01_the_melancholy_of_suzumiya_har.epub

Some content of TEMP:
====================
C:\Users\Christian\AppData\Local\Temp\12-6-legacy_vista_win7_64_dd_ccc_whql.exe
C:\Users\Christian\AppData\Local\Temp\AskSLib.dll
C:\Users\Christian\AppData\Local\Temp\avgnt.exe
C:\Users\Christian\AppData\Local\Temp\binkw32.dll
C:\Users\Christian\AppData\Local\Temp\d2l_Install.exe
C:\Users\Christian\AppData\Local\Temp\DTLite4454-0315.exe
C:\Users\Christian\AppData\Local\Temp\IcqUpdater.exe
C:\Users\Christian\AppData\Local\Temp\installerdll28338860.dll
C:\Users\Christian\AppData\Local\Temp\jna4221618882833569241.dll
C:\Users\Christian\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Christian\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Christian\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Christian\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Christian\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Christian\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Christian\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Christian\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Christian\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Christian\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Christian\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Christian\AppData\Local\Temp\KMP_3.3.0.33.exe
C:\Users\Christian\AppData\Local\Temp\KMP_3.4.0.59.exe
C:\Users\Christian\AppData\Local\Temp\KMP_3.5.0.77.exe
C:\Users\Christian\AppData\Local\Temp\KMP_3.6.0.87.exe
C:\Users\Christian\AppData\Local\Temp\KMP_3.7.0.109.exe
C:\Users\Christian\AppData\Local\Temp\KMP_3.7.0.113.exe
C:\Users\Christian\AppData\Local\Temp\ose00000.exe
C:\Users\Christian\AppData\Local\Temp\PIPInstaller_PTV_.exe
C:\Users\Christian\AppData\Local\Temp\pyl3DB.tmp.exe
C:\Users\Christian\AppData\Local\Temp\RESTART.exe
C:\Users\Christian\AppData\Local\Temp\set0000.exe
C:\Users\Christian\AppData\Local\Temp\set0001.exe
C:\Users\Christian\AppData\Local\Temp\set0002.exe
C:\Users\Christian\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Christian\AppData\Local\Temp\sonarinst.exe
C:\Users\Christian\AppData\Local\Temp\tmp2338.exe
C:\Users\Christian\AppData\Local\Temp\tmp5C42.exe
C:\Users\Christian\AppData\Local\Temp\tmp5CCF.exe
C:\Users\Christian\AppData\Local\Temp\tmp6834.exe
C:\Users\Christian\AppData\Local\Temp\tmp8880.exe
C:\Users\Christian\AppData\Local\Temp\tmpA997.exe
C:\Users\Christian\AppData\Local\Temp\tmpD95D.exe
C:\Users\Christian\AppData\Local\Temp\tmpDDE0.exe
C:\Users\Christian\AppData\Local\Temp\tmpE168.exe
C:\Users\Christian\AppData\Local\Temp\tmpE8E7.exe
C:\Users\Christian\AppData\Local\Temp\tmpFC78.exe
C:\Users\Christian\AppData\Local\Temp\ydetect.exe
C:\Users\Christian\AppData\Local\Temp\_isACF3.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-20 00:39

==================== End Of Log ============================
--- --- ---
Alt 30.12.2013, 17:51   #2
sunjojo
/// Malwareteam
 
Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden - Standard

Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden


Schritt 1
Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


Poste folgende Logfiles in deiner nächsten Antwort:
  • MBAR-Scan
__________________

__________________
Antwort

Themen zu Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden
adblock, anime, antivir, avira, bildschirm, bonjour, branding, browser, converter, desktop, downloader, error, excel, firefox, flash player, google, home, homepage, iexplore.exe, launch, malware, mp3, newtab, plug-in, poweriso, programm, search the web, security, server, software, startbildschirm, starten, super, system, virus


« TR/Crypt.Xpack.41536 in der Outlook .pst | Werbung trotz Addblocker Plus. Funktioniert nicht. »


Ähnliche Themen: Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden


  1. Virus 'BOO/TDss.O' im Masterbootsektor
    Log-Analyse und Auswertung - 08.09.2014 (24)
  2. Windows 7: Virus 'BOO/TDss.O' im Masterbootsektor
    Log-Analyse und Auswertung - 08.05.2014 (33)
  3. BOO/TDss.M im Masterbootsektor/HD0 entdeckt
    Plagegeister aller Art und deren Bekämpfung - 07.05.2014 (3)
  4. BOO/TDss.O im Masterbootsektor
    Log-Analyse und Auswertung - 17.04.2014 (11)
  5. Avira meldet nach Update "TR/Spy.131488" gefunden --> Quarantäne und nun?
    Log-Analyse und Auswertung - 10.03.2014 (13)
  6. BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte
    Plagegeister aller Art und deren Bekämpfung - 07.01.2014 (33)
  7. Win Vista: Avira meldet 'BOO/TDss.O' gefunden
    Log-Analyse und Auswertung - 03.01.2014 (32)
  8. Windows 7: BOO/TDss.O in Masterbootsektor nach Formatierung
    Log-Analyse und Auswertung - 17.11.2013 (6)
  9. Virus BOO/Whistler.DB im Masterbootsektor HD1 gefunden(Avira)
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (5)
  10. BOO/TDss.M in Masterbootsektor
    Plagegeister aller Art und deren Bekämpfung - 22.03.2012 (22)
  11. Virus oder unerwünschtes Programm ' BOO/TDss.O' wurde von Antivir gefunden
    Log-Analyse und Auswertung - 19.02.2012 (29)
  12. BOO/TDss.m Masterbootsektor verseucht! versuch zu bereinigen gescheitert
    Plagegeister aller Art und deren Bekämpfung - 06.01.2012 (27)
  13. BOO/TDss.M im Masterbootsektor gefunden.(Antivir) Auch nach Systemrücksetzung mit Samsung Recovery
    Plagegeister aller Art und deren Bekämpfung - 03.11.2011 (36)
  14. Masterbootsektor HD0 Virus BOO/TDss.D
    Plagegeister aller Art und deren Bekämpfung - 24.09.2011 (35)
  15. BOO/TDss.M im Masterbootsektor/HD0 entdeckt
    Plagegeister aller Art und deren Bekämpfung - 25.07.2011 (27)
  16. BOO/TDss.M im Masterbootsektor gefunden - wie entfernen?
    Log-Analyse und Auswertung - 20.05.2011 (26)
  17. Masterbootsektor mit BOO/TDss.M vereucht
    Plagegeister aller Art und deren Bekämpfung - 05.05.2011 (32)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden - Und hier der neue FRST Log: FRST Logfile: Code: Alles auswählen Aufklappen ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 Ran by Christian (administrator) on SERENITY - Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden...
Archiv
Du betrachtest: Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131