BitGuard, Babylon, Delta Search und andere Ad-, Spy- und Scareware @ MARCO-VAIO

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01
Ran by SYSTEM on MININT-R3I912R on 31-12-2013 05:33:51
Running from C:\MalwareAnalyse\FRST
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [x]
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2884880 2012-03-19] (Synaptics Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [693608 2012-02-21] (Sony Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-09] (Intel Corporation)
HKLM-x32\...\Run: [Intel AT Service signup] - C:\Program Files (x86)\Intel Corporation\Intel AT Service signup\IntelATServiceSignup.exe [382976 2012-02-15] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\marco\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [423144 2013-04-26] (BillP Studios)
HKU\marco\...\Run: [Google Update] - C:\Users\marco\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-04-08] (Google Inc.)
HKU\marco\...\RunOnce: [Application Restart #2] - C:\Users\marco\AppData\Local\Google\Chrome\Application\chrome.exe [863184 2013-12-04] (Google Inc.)
AppInit_DLLs: c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll c:\windows\system32\nvinitx.dll [ ] ()

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 ActiveDelayDeviceService; C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [78472 2011-09-20] (Sony Corporation)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-12] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
S4 BitGuard; C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3780064 2013-11-18] ()
S2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [300360 2012-02-20] (AuthenTec, Inc)
S2 GobiQDLService; C:\Program Files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe [318464 2011-03-04] (HUAWEI Technologies Co., Ltd.)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-23] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648 2012-03-23] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
S2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [260768 2011-11-30] (Sony Corporation)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
S2 WTGService; C:\Program Files (x86)\OneClickInternet\WTGService.exe [342984 2011-03-09] ()
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [x]

==================== Drivers (Whitelisted) ====================

S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 gobi3kfilter; C:\Windows\System32\DRIVERS\gobi3kfilter.sys [34304 2010-12-13] (QUALCOMM Incorporated)
S3 gobi3kmbb; C:\Windows\System32\DRIVERS\gobi3kmbb.sys [399872 2011-04-21] (QUALCOMM Incorporated)
S3 gobi3kserial; C:\Windows\System32\DRIVERS\gobi3kserial.sys [233984 2010-12-13] (QUALCOMM Incorporated)

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\AMPPAL.sys 1C591C1A0CB8ABE215FF66F9A1D8E955
C:\Windows\System32\DRIVERS\amppal.sys 1C591C1A0CB8ABE215FF66F9A1D8E955
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys C130BC4A51B1382B2BE8E44579EC4C0A
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys E857EEE6B92AAA473EBB3465ADD8F7E7
C:\Windows\System32\DRIVERS\ATSwpWDF.sys 0C9039EC45E6C4631BE31DDEC370D341
C:\Windows\System32\DRIVERS\avgntflt.sys 7806BFCD1D7FA5EC23F7324D4EAFD25B
C:\Windows\System32\DRIVERS\avipbb.sys C3A58DBD18786C338126D30BF8C33D72
C:\Windows\System32\DRIVERS\avkmgr.sys 390184FAD8FCC1B6DA25AEBAE928C3B6
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\btmaux.sys 988CC6CC49303665D3B2435C51505C3F
C:\Windows\System32\DRIVERS\btmhsf.sys 2B4B508AFAC2A563931AF1FE875A5B16
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\System32\DRIVERS\e1y60x64.sys 50AD8FC1DC800FF36087994C8F7FDFF2
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\DRIVERS\gobi3kfilter.sys 9495607C14F345E9632B3E1C12CEA7B0
C:\Windows\System32\DRIVERS\gobi3kmbb.sys 3568FB393C8D4099B8412476C9E2B7B1
C:\Windows\System32\DRIVERS\gobi3kserial.sys DBB405772F1C21CB7ED51593BAD5880D
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys D1753C06EE17E29352B065EACF3F10D0
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\iBtFltCoex.sys 9E3D44CE737388F6BBBB6DD4A1C1847C
C:\Windows\System32\DRIVERS\igdkmd64.sys 3FB253E8059A1AAC3A8B83A31D094CC5
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\intelaud.sys A387D6DE360C3B2284B23000B212910A
C:\Windows\System32\drivers\RTKVHD64.sys E83BB47C3446F0497019DE7FD6C6A86F
C:\Windows\System32\DRIVERS\IntcDAud.sys 6C9FFFECA9FED31347D211C5D1FFBD2D
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iusb3hcs.sys 846354992EBB373F452EB9182D501B08
C:\Windows\System32\DRIVERS\iusb3hub.sys 1D88A23853387D34D52CC8F9DDBFC56C
C:\Windows\System32\DRIVERS\iusb3xhc.sys FC5EFD7C797DF19DFB999F0605A7924E
C:\Windows\System32\DRIVERS\iwdbus.sys 716F66336F10885D935B08174DC54242
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys 6B01B7414A105B9E51652089A03027CF
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NETwNs64.sys 47DC062656EA661FE9175DBACAD00E9D
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys 8E4DE5A7712B466E615678F9F5CADF0F
C:\Windows\System32\DRIVERS\nvpciflt.sys 11EAB9B9423B03E174D1AB872C55710D
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\RtsPStor.sys EBBFA2B4E317AF86E93FEC4C04D7A9B3
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys 39A719875F572241C585A629EE62EB14
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SFEP.sys 85D0F874734C105D02280B39BF0AD23F
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfslh.sys 2046AA7491DE7EFA4D70E615D9BC9D09
C:\Windows\System32\DRIVERS\Sftplaylh.sys 0E0446BC4D51BE4263ACB7E33491191C
C:\Windows\System32\DRIVERS\Sftredirlh.sys C5FB982CD266E604ED3142102C26D62C
C:\Windows\System32\DRIVERS\Sftvollh.sys 2575511AF67AA1FA068CCC4918E2C2A3
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 5112713CD4BC77AFA21647351702F909
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\teamviewervpn.sys F5520DBB47C60EE83024B38720ABDA24
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\tpm.sys DBCC20C02E8A3E43B03C304A4E40A84F
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\DRIVERS\usbccgp.sys ACCEA6BC68D0C9A78EB97EE159028B4E
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 311C1DD1088E55BEAE15954D17F50646
C:\Windows\System32\DRIVERS\usbhub.sys 280E90CBF4B2DDD169F0728CB44D726F
C:\Windows\system32\drivers\usbohci.sys 9406D801042FAF859CF81B2C886413DC
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys A83D0EC9AE4C31704442099D40BA2471
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-31 05:30 - 2013-12-31 05:30 - 00000000 ____D C:\FRST
2013-12-31 03:36 - 2013-12-31 05:22 - 00000000 ____D C:\Users\marco\Desktop\Was ist Scare-, Ad- und Spyware
2013-12-31 03:31 - 2013-12-31 03:31 - 00000000 ____D C:\Users\marco\AppData\Roaming\WinPatrol
2013-12-31 03:31 - 2013-12-31 03:31 - 00000000 ____D C:\ProgramData\InstallMate
2013-12-31 03:31 - 2013-12-31 03:31 - 00000000 ____D C:\Program Files (x86)\BillP Studios
2013-12-31 03:20 - 2013-12-31 03:20 - 00000000 ____D C:\MalwareAnalyse
2013-12-25 01:38 - 2013-12-25 01:38 - 00000000 ____D C:\Users\marco\AppData\Roaming\2K Sports
2013-12-25 01:36 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
2013-12-25 01:36 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2013-12-25 01:36 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2013-12-25 01:36 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
2013-12-25 01:36 - 2009-03-16 14:18 - 00073544 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2013-12-25 01:36 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
2013-12-25 01:36 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2013-12-25 01:36 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
2013-12-25 01:36 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-12-25 01:36 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
2013-12-25 01:36 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
2013-12-25 01:36 - 2008-10-15 07:03 - 00518480 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2013-12-25 01:36 - 2008-10-15 07:03 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-12-25 01:36 - 2008-10-15 07:03 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-12-25 01:36 - 2008-10-15 07:03 - 00175440 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2013-12-25 01:36 - 2008-10-15 07:03 - 00074576 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2013-12-25 01:36 - 2008-10-15 07:03 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-12-25 01:36 - 2008-10-15 07:03 - 00025936 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2013-12-25 01:36 - 2008-10-15 07:03 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-12-25 01:36 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2013-12-25 01:36 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2013-12-25 01:36 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2013-12-25 01:36 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-12-25 01:36 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2013-12-25 01:36 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2013-12-25 01:36 - 2008-07-30 06:20 - 00513544 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
2013-12-25 01:36 - 2008-07-30 06:20 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-12-25 01:36 - 2008-07-30 06:20 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-12-25 01:36 - 2008-07-30 06:20 - 00177672 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
2013-12-25 01:36 - 2008-07-30 06:20 - 00072200 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
2013-12-25 01:36 - 2008-07-30 06:20 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-12-25 01:36 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-12-25 01:36 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
2013-12-25 01:36 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-12-25 01:36 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
2013-12-25 01:36 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-12-25 01:36 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
2013-12-25 01:36 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
2013-12-25 01:36 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2013-12-25 01:36 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2013-12-25 01:36 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
2013-12-25 01:36 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
2013-12-25 01:36 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2013-12-25 01:36 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2013-12-25 01:36 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
2013-12-25 01:36 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
2013-12-25 01:36 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2013-12-25 01:36 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
2013-12-25 01:36 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2013-12-25 01:36 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
2013-12-25 01:36 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2013-12-25 01:36 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
2013-12-25 01:36 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2013-12-25 01:36 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2013-12-25 01:36 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
2013-12-25 01:36 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
2013-12-25 01:36 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2013-12-25 01:36 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
2013-12-25 01:36 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2013-12-25 01:36 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
2013-12-25 01:36 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2013-12-25 01:36 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
2013-12-25 01:36 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2013-12-25 01:36 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll
2013-12-25 01:36 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2013-12-25 01:36 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll
2013-12-25 01:36 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2013-12-25 01:36 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_36.dll
2013-12-25 01:36 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2013-12-25 01:36 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll
2013-12-25 01:36 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2013-12-25 01:36 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll
2013-12-25 01:36 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2013-12-25 01:36 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll
2013-12-25 01:36 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2013-12-25 01:36 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll
2013-12-25 01:36 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2013-12-25 01:36 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll
2013-12-25 01:36 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2013-12-25 01:36 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll
2013-12-25 01:36 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2013-12-25 01:36 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll
2013-12-25 01:36 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2013-12-25 01:36 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll
2013-12-25 01:36 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2013-12-25 01:36 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll
2013-12-25 01:36 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2013-12-25 01:36 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
2013-12-25 01:36 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2013-12-25 01:36 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
2013-12-25 01:36 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2013-12-25 01:36 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
2013-12-25 01:36 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2013-12-25 01:36 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
2013-12-25 01:36 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-12-25 01:36 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
2013-12-25 01:36 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2013-12-25 01:36 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
2013-12-25 01:36 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2013-12-25 01:36 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
2013-12-25 01:36 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2013-12-25 01:36 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2013-12-25 01:36 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll
2013-12-25 01:36 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10.dll
2013-12-25 01:36 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2013-12-25 01:36 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll
2013-12-25 01:36 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2013-12-25 01:36 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2013-12-25 01:36 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll
2013-12-25 01:36 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll
2013-12-25 01:36 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll
2013-12-25 01:36 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2013-12-25 01:36 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2013-12-25 01:36 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2013-12-25 01:36 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll
2013-12-25 01:36 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
2013-12-25 01:36 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2013-12-25 01:36 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
2013-12-25 01:36 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2013-12-25 01:35 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll
2013-12-25 01:35 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2013-12-25 01:35 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll
2013-12-25 01:35 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2013-12-25 01:35 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
2013-12-25 01:35 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2013-12-25 01:35 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll
2013-12-25 01:35 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2013-12-25 01:35 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll
2013-12-25 01:35 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-12-25 01:35 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll
2013-12-25 01:35 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2013-12-25 01:35 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll
2013-12-25 01:35 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2013-12-25 01:35 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll
2013-12-25 01:35 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2013-12-25 01:33 - 2013-12-25 01:33 - 00001158 _____ C:\Users\marco\Desktop\NBA 2K14.lnk
2013-12-25 01:16 - 2013-12-25 01:16 - 00000000 ____D C:\Program Files (x86)\2K Sports
2013-12-21 02:44 - 2013-12-21 02:44 - 00000000 _____ C:\Windows\SysWOW64\shoE571.tmp
2013-12-12 04:15 - 2013-12-12 04:15 - 00000000 _____ C:\Windows\SysWOW64\shoFA0A.tmp
2013-12-12 03:06 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2013-12-12 03:06 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2013-12-12 03:06 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 03:06 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 03:03 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-12-12 03:03 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-12-12 03:03 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2013-12-12 03:03 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 03:03 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-12-12 03:03 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2013-12-12 03:03 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-12-12 03:03 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-12-12 03:03 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-12-12 03:03 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 03:03 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-12-12 03:03 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-12-12 03:03 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2013-12-12 03:03 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2013-12-12 03:03 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-12-12 03:03 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 03:03 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 03:03 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-12-12 03:03 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 03:03 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 03:03 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 03:03 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-12-12 03:03 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-12-12 03:03 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 03:03 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 03:03 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-12-12 03:03 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-12-12 03:03 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-12-12 03:03 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 03:03 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 03:03 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 01:02 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\System32\msieftp.dll
2013-12-12 01:02 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-12 01:02 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-12-12 01:01 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 01:01 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-12-12 01:01 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2013-12-12 01:01 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 01:00 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-12-12 01:00 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-12 00:59 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\System32\wshom.ocx
2013-12-12 00:59 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\System32\scrrun.dll
2013-12-12 00:59 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-12 00:59 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-12 00:59 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\wscript.exe
2013-12-12 00:59 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\System32\cscript.exe
2013-12-12 00:59 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-12 00:59 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-12 00:59 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2013-12-12 00:59 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2013-12-03 00:30 - 2013-12-03 00:30 - 00285760 _____ C:\Windows\Minidump\120313-26847-02.dmp
2013-12-03 00:21 - 2013-12-03 00:21 - 00285912 _____ C:\Windows\Minidump\120313-19203-01.dmp
2013-12-03 00:07 - 2013-12-03 00:07 - 00285608 _____ C:\Windows\Minidump\120313-26847-01.dmp

==================== One Month Modified Files and Folders =======

2013-12-31 05:30 - 2013-12-31 05:30 - 00000000 ____D C:\FRST
2013-12-31 05:22 - 2013-12-31 03:36 - 00000000 ____D C:\Users\marco\Desktop\Was ist Scare-, Ad- und Spyware
2013-12-31 05:09 - 2013-01-07 23:28 - 00858784 _____ C:\Windows\System32\perfh007.dat
2013-12-31 05:09 - 2013-01-07 23:28 - 00199334 _____ C:\Windows\System32\perfc007.dat
2013-12-31 05:09 - 2009-07-14 06:13 - 00006476 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-31 05:03 - 2009-07-14 05:45 - 00360608 _____ C:\Windows\System32\FNTCACHE.DAT
2013-12-31 05:02 - 2010-11-21 04:47 - 00288696 _____ C:\Windows\PFRO.log
2013-12-31 03:36 - 2013-03-21 13:55 - 00083656 _____ C:\Users\marco\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-31 03:31 - 2013-12-31 03:31 - 00000000 ____D C:\Users\marco\AppData\Roaming\WinPatrol
2013-12-31 03:31 - 2013-12-31 03:31 - 00000000 ____D C:\ProgramData\InstallMate
2013-12-31 03:31 - 2013-12-31 03:31 - 00000000 ____D C:\Program Files (x86)\BillP Studios
2013-12-31 03:24 - 2013-03-21 13:56 - 00000000 ____D C:\Windows\pss
2013-12-31 03:20 - 2013-12-31 03:20 - 00000000 ____D C:\MalwareAnalyse
2013-12-31 03:15 - 2013-03-23 19:21 - 00000000 ____D C:\Users\marco\AppData\Roaming\TeamViewer
2013-12-31 03:15 - 2013-03-21 16:53 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-12-31 03:14 - 2013-01-07 23:33 - 01608640 _____ C:\Windows\WindowsUpdate.log
2013-12-31 03:14 - 2009-07-14 05:51 - 00113755 _____ C:\Windows\setupact.log
2013-12-29 00:30 - 2013-01-08 00:20 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-28 23:49 - 2013-04-08 21:17 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3408842093-2765481994-226583006-1001UA.job
2013-12-28 23:03 - 2009-07-14 05:45 - 00020992 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-28 23:03 - 2009-07-14 05:45 - 00020992 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-28 22:59 - 2013-07-09 21:25 - 00001906 _____ C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job
2013-12-28 22:59 - 2013-07-09 21:25 - 00001198 _____ C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job
2013-12-28 22:59 - 2013-07-09 21:25 - 00001194 _____ C:\Windows\Tasks\Plus-HD-2.3-updater.job
2013-12-28 22:59 - 2013-07-09 21:25 - 00001098 _____ C:\Windows\Tasks\Plus-HD-2.3-enabler.job
2013-12-28 22:56 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-25 01:38 - 2013-12-25 01:38 - 00000000 ____D C:\Users\marco\AppData\Roaming\2K Sports
2013-12-25 01:36 - 2013-01-08 00:35 - 00011102 _____ C:\Windows\DirectX.log
2013-12-25 01:33 - 2013-12-25 01:33 - 00001158 _____ C:\Users\marco\Desktop\NBA 2K14.lnk
2013-12-25 01:16 - 2013-12-25 01:16 - 00000000 ____D C:\Program Files (x86)\2K Sports
2013-12-24 16:37 - 2013-07-09 21:25 - 00004224 _____ C:\Windows\System32\Tasks\Plus-HD-2.3-updater
2013-12-22 15:23 - 2013-04-08 21:17 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3408842093-2765481994-226583006-1001Core.job
2013-12-21 02:44 - 2013-12-21 02:44 - 00000000 _____ C:\Windows\SysWOW64\shoE571.tmp
2013-12-12 13:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-12 12:56 - 2013-05-06 12:10 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-12-12 12:56 - 2013-03-28 00:31 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-12-12 12:56 - 2013-03-28 00:31 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-12-12 04:15 - 2013-12-12 04:15 - 00000000 _____ C:\Windows\SysWOW64\shoFA0A.tmp
2013-12-12 03:06 - 2013-06-30 17:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 01:25 - 2013-01-08 00:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 01:25 - 2013-01-08 00:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 01:25 - 2013-01-08 00:20 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-04 05:44 - 2013-04-08 21:17 - 00004090 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3408842093-2765481994-226583006-1001UA
2013-12-04 05:44 - 2013-04-08 21:17 - 00003694 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3408842093-2765481994-226583006-1001Core
2013-12-03 00:30 - 2013-12-03 00:30 - 00285760 _____ C:\Windows\Minidump\120313-26847-02.dmp
2013-12-03 00:30 - 2013-08-11 14:21 - 608984835 _____ C:\Windows\MEMORY.DMP
2013-12-03 00:30 - 2013-08-11 14:21 - 00000000 ____D C:\Windows\Minidump
2013-12-03 00:22 - 2013-03-21 13:55 - 00000000 ____D C:\users\marco
2013-12-03 00:21 - 2013-12-03 00:21 - 00285912 _____ C:\Windows\Minidump\120313-19203-01.dmp
2013-12-03 00:07 - 2013-12-03 00:07 - 00285608 _____ C:\Windows\Minidump\120313-26847-01.dmp
2013-12-03 00:03 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:
====================
C:\Users\marco\AppData\Local\Temp\avgnt.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-12-12 02:14:38
Restore point made on: 2013-12-12 03:01:05
Restore point made on: 2013-12-14 02:02:10
Restore point made on: 2013-12-14 02:03:10
Restore point made on: 2013-12-14 03:49:14
Restore point made on: 2013-12-19 14:49:54
Restore point made on: 2013-12-21 02:02:15
Restore point made on: 2013-12-21 02:12:57
Restore point made on: 2013-12-21 02:37:06
Restore point made on: 2013-12-25 01:16:07
Restore point made on: 2013-12-25 01:34:31
Restore point made on: 2013-12-28 23:01:55
Restore point made on: 2013-12-28 23:02:04
Restore point made on: 2013-12-28 23:36:16
Restore point made on: 2013-12-28 23:50:59

==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 3995.28 MB
Available physical RAM: 3389.26 MB
Total Pagefile: 3993.48 MB
Available Pagefile: 3388.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (Win 7 Sony) (Fixed) (Total:279.66 GB) (Free:202.2 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 0CED95E8)

Partition: GPT Partition Type

LastRegBack: 2013-12-20 09:12

==================== End Of Log ============================
         

# AdwCleaner v3.016 - Bericht erstellt am 31/12/2013 um 06:38:02
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : marco - MARCO-VAIO
# Gestartet von : C:\MalwareAnalyse\AdwCleaner\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****

Dienst Gefunden : BitGuard

***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gefunden : C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gefunden : C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
Datei Gefunden : C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
Datei Gefunden : C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage
Datei Gefunden : C:\Windows\System32\Tasks\EPUpdater
Datei Gefunden : C:\Windows\System32\Tasks\Plus-HD-2.3-chromeinstaller
Datei Gefunden : C:\Windows\System32\Tasks\Plus-HD-2.3-codedownloader
Datei Gefunden : C:\Windows\System32\Tasks\Plus-HD-2.3-enabler
Datei Gefunden : C:\Windows\System32\Tasks\Plus-HD-2.3-updater
Datei Gefunden : C:\Windows\Tasks\EPUpdater.job
Datei Gefunden : C:\Windows\Tasks\LyriXeeker-1-chromeinstaller.job
Datei Gefunden : C:\Windows\Tasks\LyriXeeker-1-codedownloader.job
Datei Gefunden : C:\Windows\Tasks\LyriXeeker-1-enabler.job
Datei Gefunden : C:\Windows\Tasks\LyriXeeker-1-updater.job
Datei Gefunden : C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job
Datei Gefunden : C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job
Datei Gefunden : C:\Windows\Tasks\Plus-HD-2.3-enabler.job
Datei Gefunden : C:\Windows\Tasks\Plus-HD-2.3-updater.job
Ordner Gefunden : C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Ordner Gefunden : C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig
Ordner Gefunden : C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Ordner Gefunden : C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec
Ordner Gefunden : C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec
Ordner Gefunden C:\Program Files (x86)\Delta
Ordner Gefunden C:\Program Files (x86)\LyriXeeker-1
Ordner Gefunden C:\Program Files (x86)\PC Speed Maximizer
Ordner Gefunden C:\Program Files (x86)\Plus-HD-2.3
Ordner Gefunden C:\Program Files (x86)\Plus-HD-2.3
Ordner Gefunden C:\ProgramData\Babylon
Ordner Gefunden C:\ProgramData\BitGuard
Ordner Gefunden C:\ProgramData\DSearchLink
Ordner Gefunden C:\ProgramData\eSafe
Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
Ordner Gefunden C:\Users\marco\AppData\Local\Temp\eIntaller
Ordner Gefunden C:\Users\marco\AppData\Roaming\BabSolution
Ordner Gefunden C:\Users\marco\AppData\Roaming\Babylon
Ordner Gefunden C:\Users\marco\AppData\Roaming\Delta
Ordner Gefunden C:\Users\marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Ordner Gefunden C:\Users\marco\AppData\Roaming\OpenCandy
Ordner Gefunden C:\Users\marco\AppData\Roaming\PC Speed Maximizer

***** [ Verknüpfungen ] *****

Verknüpfung Gefunden : C:\Users\marco\Desktop\facf.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=HitachiXHTS543232A7A384_E20342BL2ED36P2ED36PX&ts=1379110802 )
Verknüpfung Gefunden : C:\Users\marco\Desktop\Search.lnk ( -url hxxp://www2.delta-search.com/?babsrc=DT_ss&mntrId=EE9C00FFA699B574&affID=119357&tsp=5005 -wbr 4 )
Verknüpfung Gefunden : C:\Users\marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=HitachiXHTS543232A7A384_E20342BL2ED36P2ED36PX&ts=1379110802 )
Verknüpfung Gefunden : C:\Users\marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=HitachiXHTS543232A7A384_E20342BL2ED36P2ED36PX&ts=1379110802 )
Verknüpfung Gefunden : C:\Users\marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=HitachiXHTS543232A7A384_E20342BL2ED36P2ED36PX&ts=1379110802 )
Verknüpfung Gefunden : C:\Users\marco\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=HitachiXHTS543232A7A384_E20342BL2ED36P2ED36PX&ts=1379110802 )
Verknüpfung Gefunden : C:\Users\marco\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=HitachiXHTS543232A7A384_E20342BL2ED36P2ED36PX&ts=1379110802 )
Verknüpfung Gefunden : C:\Users\marco\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=HitachiXHTS543232A7A384_E20342BL2ED36P2ED36PX&ts=1379110802 )

***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=HitachiXHTS543232A7A384_E20342BL2ED36P2ED36PX&ts=1379110802
Daten Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll
Daten Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\LyriXeeker-1
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Plus-HD-2.3
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Plus-HD-2.3
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\BabSolution
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\Delta
Schlüssel Gefunden : HKCU\Software\e53d78ab26db845
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\installedbrowserextensions
Schlüssel Gefunden : HKCU\Software\InstalledThirdPartyPrograms
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\qvo6.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411181156}
Schlüssel Gefunden : HKCU\Software\pc speed maximizer
Schlüssel Gefunden : [x64] HKCU\Software\BabSolution
Schlüssel Gefunden : [x64] HKCU\Software\Conduit
Schlüssel Gefunden : [x64] HKCU\Software\DataMngr
Schlüssel Gefunden : [x64] HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : [x64] HKCU\Software\Delta
Schlüssel Gefunden : [x64] HKCU\Software\InstallCore
Schlüssel Gefunden : [x64] HKCU\Software\installedbrowserextensions
Schlüssel Gefunden : [x64] HKCU\Software\InstalledThirdPartyPrograms
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Schlüssel Gefunden : [x64] HKCU\Software\pc speed maximizer
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311341126}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411181156}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322342226}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422182256}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0033426.BHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0033426.BHO.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0033426.Sandbox
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0033426.Sandbox.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0041856.BHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0041856.BHO.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0041856.Sandbox
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0041856.Sandbox.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\d
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355345526}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455185556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366346626}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466186656}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344344426}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444184456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\Software\Delta
Schlüssel Gefunden : HKLM\SOFTWARE\e53d78ab26db845
Schlüssel Gefunden : HKLM\Software\eSafeSecControl
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\nkgfcicgjhneabbbfhddfcgifljdhhpl
Schlüssel Gefunden : HKLM\Software\LyriXeeker-1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{090bb045-13a7-447c-b78e-30b1ddb41389}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2fa47400-045a-4ff8-81a2-377f157a4e5a}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37237a65-5777-43f2-ba9b-339de5a29d22}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B424109-6F99-4306-8F2B-0B2BB1C8C415}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3b424109-6f99-4306-8f2b-0b2bb1c8c415}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4b7fb8aa-25e0-4a1d-ba79-f77e674dd6a2}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C0EB0A9-265F-4D9D-AF96-0EF2403A73E8}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8c0eb0a9-265f-4d9d-af96-0ef2403a73e8}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90b3c11d-5652-4b5a-886b-9e20a42dbadc}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9df046e1-80f7-43e0-80c0-0ad696799c8f}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9DF046E1-80F7-43E0-80C0-0AD696799C8F}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d0fd0502-5878-441d-a3c0-9a4531c526cb}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D0FD0502-5878-441D-A3C0-9A4531C526CB}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e3e46008-1902-41a7-91c7-26ec6e0b66d2}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E3E46008-1902-41A7-91C7-26EC6E0B66D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311341126}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411181156}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311341126}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411181156}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LyriXeeker-1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.3
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.3
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl
Schlüssel Gefunden : HKLM\Software\Plus-HD-2.3
Schlüssel Gefunden : HKLM\Software\Plus-HD-2.3
Schlüssel Gefunden : HKLM\Software\qvo6Software
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411181156}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422182256}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355345526}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455185556}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366346626}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466186656}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411181156}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16736

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.searchgol.com/?babsrc=HP_ss_wls_Btisdt7&mntrId=EE9C00FFA699B574&affID=119357&tsp=5005
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=HitachiXHTS543232A7A384_E20342BL2ED36P2ED36PX&ts=1379110802
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=HitachiXHTS543232A7A384_E20342BL2ED36P2ED36PX&ts=1379110802
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=HitachiXHTS543232A7A384_E20342BL2ED36P2ED36PX&ts=1379110802
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=HitachiXHTS543232A7A384_E20342BL2ED36P2ED36PX&ts=1379110802
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=HitachiXHTS543232A7A384_E20342BL2ED36P2ED36PX&ts=1379110802

-\\ Google Chrome v

[ Datei : C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gefunden : icon_url
Gefunden : search_url
Gefunden : keyword
Gefunden : urls_to_restore_on_startup
Gefunden : search_url
Gefunden : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [22971 octets] - [31/12/2013 06:38:02]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [23032 octets] ##########