Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 8.1 TR/Mediyes.gen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 27.01.2014, 19:51   #1
Helpme03
 
Windows 8.1 TR/Mediyes.gen - Standard

Windows 8.1 TR/Mediyes.gen



Hey ihr Lieben,

ich habe leider ein kleines und hartnäckiges Problem auf dem Laptop. Habe den tolle Trojaner(?) "TR/Mediyes.gen" bei mir entdeckt, der immer wieder kommt.
AntiVir sagt:
Die Datei 'C:\Windows\WinSxS\Temp\PendingRenames\d882ac757d1bcf017b040000480b7404.x86_microsoft-windows-kernelstreaming_31bf3856ad364e35_6.3.9600.16395_none_ec16b73cb184e5d3_ks.sys_f36cc2f7'
enthielt einen Virus oder unerwünschtes Programm 'TR/Mediyes.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5b0a36e5.qua' verschoben!


Habe schon OTL ausgeführt -> siehe unten.

OTL.Txt:

OTL logfile created on: 27.01.2014 19:30:13 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Desktop
Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,91 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 47,20% Memory free
3,73 Gb Paging File | 1,70 Gb Available in Paging File | 45,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,49 Gb Total Space | 27,52 Gb Free Space | 56,76% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 42,54 Gb Free Space | 87,12% Space Free | Partition Type: NTFS
Drive E: | 832,88 Gb Total Space | 494,90 Gb Free Space | 59,42% Space Free | Partition Type: NTFS
Drive F: | 4,29 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: ELENA-NOTEBOOK | User Name: Elena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.01.27 19:27:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Desktop\otl.exe
PRC - [2014.01.09 12:42:56 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Users\Elena\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014.01.03 01:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\Elena\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.12.21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.12.13 10:22:36 | 000,493,056 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2013.12.13 10:22:36 | 000,209,408 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2013.12.09 11:37:21 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.12.09 11:37:19 | 001,032,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\avscan.exe
PRC - [2013.12.09 11:37:19 | 000,431,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.12.09 11:37:18 | 000,684,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.12.09 11:37:18 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.12.05 20:34:42 | 000,275,568 | ---- | M] (Mozilla Corporation) -- D:\Programme\Firefox\firefox.exe
PRC - [2013.10.22 07:03:47 | 002,065,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2013.10.20 17:47:04 | 000,139,776 | ---- | M] (IvoSoft) -- D:\Programme\Classic Shell\ClassicStartMenu.exe
PRC - [2013.08.22 06:30:48 | 000,066,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhostex.exe
PRC - [2013.08.22 06:30:48 | 000,064,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013.08.22 03:45:10 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dasHost.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.29 15:22:38 | 000,174,080 | ---- | M] (Atheros Commnucations) -- C:\Windows\System32\AdminService.exe
PRC - [2005.04.06 16:53:04 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- D:\Programme\CS\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe


========== Modules (No Company Name) ==========

MOD - [2014.01.03 01:45:04 | 003,558,400 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013.12.20 23:52:14 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2013.12.05 20:36:56 | 003,559,024 | ---- | M] () -- D:\Programme\Firefox\mozjs.dll
MOD - [2013.10.19 00:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Dropbox\bin\libcef.dll


========== Services (SafeList) ==========

SRV - [2014.01.27 16:21:30 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.12.21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.12.20 23:52:28 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013.12.13 10:22:36 | 000,209,408 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.12.11 15:59:12 | 001,050,904 | ---- | M] () [Auto | Stopped] -- D:\Programme\KMSpico\Service_KMS.exe -- (Service KMSELDI)
SRV - [2013.12.09 11:37:21 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.12.09 11:37:19 | 001,011,768 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- D:\Programme\Avira\AntiVir Desktop\avwebg7.exe -- (AntiVirWebService)
SRV - [2013.12.09 11:37:18 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.12.05 20:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.11.27 15:09:45 | 002,872,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WSService.dll -- (WSService)
SRV - [2013.11.08 04:30:03 | 001,128,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AppXDeploymentServer.dll -- (AppXSvc)
SRV - [2013.10.22 02:40:33 | 001,210,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\workfolderssvc.dll -- (workfolderssvc)
SRV - [2013.10.19 05:43:18 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013.10.04 09:00:53 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AppReadiness.dll -- (AppReadiness)
SRV - [2013.08.22 16:02:28 | 000,075,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\KeyboardFilterSvc.dll -- (MsKeyboardFilter)
SRV - [2013.08.22 16:02:25 | 001,778,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2013.08.22 16:02:21 | 000,174,080 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2013.08.22 06:18:20 | 000,278,264 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV - [2013.08.22 06:18:20 | 000,022,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2013.08.22 06:17:49 | 002,407,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\spool\drivers\w32x86\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013.08.22 05:03:29 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wephostsvc.dll -- (WEPHOSTSVC)
SRV - [2013.08.22 05:03:12 | 000,028,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\efssvc.dll -- (EFS)
SRV - [2013.08.22 04:56:08 | 000,052,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wiarpc.dll -- (WiaRpc)
SRV - [2013.08.22 04:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2013.08.22 04:54:45 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\svsvc.dll -- (svsvc)
SRV - [2013.08.22 04:50:48 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\fhsvc.dll -- (fhsvc)
SRV - [2013.08.22 04:10:39 | 000,141,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcaSvc.dll -- (NcaSvc)
SRV - [2013.08.22 04:05:56 | 000,417,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicvss)
SRV - [2013.08.22 04:05:56 | 000,417,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmictimesync)
SRV - [2013.08.22 04:05:56 | 000,417,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicshutdown)
SRV - [2013.08.22 04:05:56 | 000,417,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicrdv)
SRV - [2013.08.22 04:05:56 | 000,417,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmickvpexchange)
SRV - [2013.08.22 04:05:56 | 000,417,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicheartbeat)
SRV - [2013.08.22 04:05:56 | 000,417,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicguestinterface)
SRV - [2013.08.22 03:59:51 | 001,122,816 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2013.08.22 03:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\smphost.dll -- (smphost)
SRV - [2013.08.22 03:50:12 | 000,197,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV - [2013.08.22 03:49:34 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV - [2013.08.22 03:48:12 | 000,044,032 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\keyiso.dll -- (KeyIso)
SRV - [2013.08.22 03:45:36 | 000,173,056 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\TimeBrokerServer.dll -- (TimeBroker)
SRV - [2013.08.22 03:44:38 | 000,415,744 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofmsvc.dll -- (netprofm)
SRV - [2013.08.22 03:41:55 | 000,124,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ncbservice.dll -- (NcbService)
SRV - [2013.08.22 03:39:58 | 000,300,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wcmsvc.dll -- (Wcmsvc)
SRV - [2013.08.22 03:39:05 | 000,196,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\vaultsvc.dll -- (VaultSvc)
SRV - [2013.08.22 03:38:43 | 000,306,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\das.dll -- (DeviceAssociationService)
SRV - [2013.08.22 03:38:31 | 000,202,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\bisrv.dll -- (BrokerInfrastructure)
SRV - [2013.08.22 03:37:53 | 001,185,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlidsvc.dll -- (wlidsvc)
SRV - [2013.08.22 03:37:53 | 000,173,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV - [2013.08.22 03:36:04 | 000,614,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsm.dll -- (LSM)
SRV - [2013.08.22 03:35:39 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013.08.22 03:31:45 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\DeviceSetupManager.dll -- (DsmSvc)
SRV - [2013.08.22 03:21:32 | 000,064,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.10.01 20:30:04 | 000,150,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2012.08.29 15:22:38 | 000,174,080 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Windows\System32\AdminService.exe -- (AtherosSvc)
SRV - [2005.04.06 16:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- d:\Programme\CS\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)


========== Driver Services (SafeList) ==========

DRV - File not found [Unknown (-1) | Unknown (-1) | Unknown] -- -- (WinDivert1.1)
DRV - [2014.01.27 17:37:50 | 000,040,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5FFC35D8-AE99-4368-A87E-45B1C8CAA511}\MpKsl52098cd9.sys -- (MpKsl52098cd9)
DRV - [2014.01.22 08:52:12 | 000,184,192 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2014.01.22 08:52:12 | 000,088,576 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2014.01.06 17:48:51 | 000,243,128 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\Drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013.12.15 00:34:54 | 000,033,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV - [2013.12.15 00:34:54 | 000,023,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\iwdbus.sys -- (iwdbus)
DRV - [2013.12.13 10:22:38 | 011,527,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\atikmdag.sys -- (amdkmdag)
DRV - [2013.12.13 10:22:38 | 000,501,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\atikmpag.sys -- (amdkmdap)
DRV - [2013.12.13 10:22:28 | 000,024,832 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\amdkmpfd.sys -- (amdkmpfd)
DRV - [2013.12.09 11:37:21 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\Drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013.12.09 11:37:19 | 000,068,728 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\avnetflt.sys -- (avnetflt)
DRV - [2013.12.09 11:37:19 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.12.09 11:37:18 | 000,135,648 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avipbb.sys -- (avipbb)
DRV - [2013.12.09 11:37:18 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\Drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.11.11 01:50:33 | 000,036,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\intelpep.sys -- (intelpep)
DRV - [2013.11.09 11:54:52 | 000,261,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV - [2013.11.01 11:17:26 | 000,077,144 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\pdc.sys -- (pdc)
DRV - [2013.10.26 21:28:41 | 000,120,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SerCx2.sys -- (SerCx2)
DRV - [2013.10.13 01:45:41 | 000,069,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV - [2013.10.05 13:30:03 | 000,047,960 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\stornvme.sys -- (stornvme)
DRV - [2013.10.05 13:30:02 | 000,321,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\spaceport.sys -- (spaceport)
DRV - [2013.08.22 16:02:30 | 000,019,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\kbldfltr.sys -- (kbldfltr)
DRV - [2013.08.22 16:02:28 | 000,023,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2013.08.22 16:02:15 | 000,030,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\terminpt.sys -- (terminpt)
DRV - [2013.08.22 07:13:53 | 000,142,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VerifierExt.sys -- (VerifierExt)
DRV - [2013.08.22 07:13:53 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\condrv.sys -- (condrv)
DRV - [2013.08.22 06:35:21 | 000,053,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\dam.sys -- (dam)
DRV - [2013.08.22 06:35:20 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\acpiex.sys -- (acpiex)
DRV - [2013.08.22 06:34:52 | 000,133,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\tpm.sys -- (TPM)
DRV - [2013.08.22 06:33:32 | 000,058,208 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\mvumis.sys -- (mvumis)
DRV - [2013.08.22 06:33:31 | 000,033,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV - [2013.08.22 06:33:30 | 000,122,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV - [2013.08.22 06:33:30 | 000,068,960 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV - [2013.08.22 06:33:29 | 000,069,472 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV - [2013.08.22 06:33:26 | 000,086,368 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\3ware.sys -- (3ware)
DRV - [2013.08.22 06:33:25 | 000,773,472 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\adp80xx.sys -- (ADP80XX)
DRV - [2013.08.22 06:33:25 | 000,100,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV - [2013.08.22 06:33:24 | 000,073,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorClass.sys -- (EhStorClass)
DRV - [2013.08.22 06:33:01 | 000,276,832 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV - [2013.08.22 06:33:00 | 000,375,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV - [2013.08.22 06:32:57 | 000,163,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\UCX01000.SYS -- (UCX01000)
DRV - [2013.08.22 06:32:57 | 000,090,976 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\storahci.sys -- (storahci)
DRV - [2013.08.22 06:32:57 | 000,064,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\sdstor.sys -- (sdstor)
DRV - [2013.08.22 06:32:57 | 000,059,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SpbCx.sys -- (SpbCx)
DRV - [2013.08.22 06:32:57 | 000,058,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SerCx.sys -- (SerCx)
DRV - [2013.08.22 06:32:57 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\uaspstor.sys -- (UASPStor)
DRV - [2013.08.22 06:32:38 | 000,031,584 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\cnghwassist.sys -- (cnghwassist)
DRV - [2013.08.22 06:25:38 | 000,046,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\wpcfltr.sys -- (wpcfltr)
DRV - [2013.08.22 06:25:37 | 000,284,000 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\clfs.sys -- (CLFS)
DRV - [2013.08.22 06:24:56 | 000,023,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\uefi.sys -- (UEFI)
DRV - [2013.08.22 06:24:36 | 000,023,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV - [2013.08.22 06:20:49 | 000,093,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\WdNisDrv.sys -- (WdNisDrv)
DRV - [2013.08.22 06:20:48 | 000,214,368 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\WdFilter.sys -- (WdFilter)
DRV - [2013.08.22 06:20:22 | 000,093,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmbus.sys -- (vmbus)
DRV - [2013.08.22 06:20:22 | 000,045,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmstorfl.sys -- (storflt)
DRV - [2013.08.22 06:20:22 | 000,042,304 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storvsc.sys -- (storvsc)
DRV - [2013.08.22 06:17:00 | 000,029,128 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\WdBoot.sys -- (WdBoot)
DRV - [2013.08.22 05:11:29 | 000,063,488 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\ahcache.sys -- (ahcache)
DRV - [2013.08.22 05:11:04 | 000,043,520 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV - [2013.08.22 05:10:58 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicRender.sys -- (BasicRender)
DRV - [2013.08.22 05:10:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\HyperVideo.sys -- (HyperVideo)
DRV - [2013.08.22 05:10:37 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mshidumdf.sys -- (mshidumdf)
DRV - [2013.08.22 05:10:28 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpitime.sys -- (acpitime)
DRV - [2013.08.22 05:10:21 | 000,009,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpipagr.sys -- (acpipagr)
DRV - [2013.08.22 05:10:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\npsvctrig.sys -- (npsvctrig)
DRV - [2013.08.22 05:10:01 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV - [2013.08.22 05:09:59 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\kdnic.sys -- (kdnic)
DRV - [2013.08.22 05:09:57 | 000,006,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vms3cap.sys -- (s3cap)
DRV - [2013.08.22 05:09:50 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vmgencounter.sys -- (gencounter)
DRV - [2013.08.22 05:09:37 | 000,023,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthhfHid.sys -- (bthhfhid)
DRV - [2013.08.22 05:09:23 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\winusb.sys -- (WinUsb)
DRV - [2013.08.22 05:09:15 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV - [2013.08.22 05:09:10 | 000,026,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2013.08.22 05:09:09 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hyperkbd.sys -- (hyperkbd)
DRV - [2013.08.22 05:09:03 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2013.08.22 05:09:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hidi2c.sys -- (hidi2c)
DRV - [2013.08.22 05:09:01 | 000,018,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2013.08.22 05:08:37 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\dmvsc.sys -- (dmvsc)
DRV - [2013.08.22 05:08:18 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\netvsc63.sys -- (netvsc)
DRV - [2013.08.22 05:08:17 | 000,185,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV - [2013.08.22 05:08:06 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV - [2013.08.22 05:07:57 | 000,109,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV - [2013.08.22 05:07:55 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mslldp.sys -- (MsLldp)
DRV - [2013.08.22 05:07:53 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\vwifimp.sys -- (vwifimp)
DRV - [2013.08.22 05:07:19 | 000,091,136 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\Ndu.sys -- (Ndu)
DRV - [2013.08.22 02:58:35 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\fxppm.sys -- (FxPPM)
DRV - [2013.08.13 00:25:32 | 000,016,088 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\bcmfn2.sys -- (bcmfn2)
DRV - [2013.08.10 01:39:44 | 000,524,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\iaStorAV.sys -- (iaStorAV)
DRV - [2013.07.23 22:18:30 | 000,061,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\iaioi2c.sys -- (iaioi2c)
DRV - [2013.07.23 22:18:30 | 000,022,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\iaiogpio.sys -- (GPIO)
DRV - [2013.06.18 13:20:48 | 002,795,520 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\athw8.sys -- (athr)
DRV - [2013.06.18 13:20:33 | 000,110,792 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\L1C63x86.sys -- (L1C)
DRV - [2013.04.04 15:59:12 | 000,028,656 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\mbam.sys -- (MBAMProtector)
DRV - [2013.01.15 10:37:10 | 000,242,760 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV - [2012.08.29 15:22:38 | 000,480,256 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\btfilter.sys -- (BtFilter)
DRV - [2012.07.17 18:12:08 | 000,055,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\HECI.sys -- (MEI)
DRV - [2010.01.20 06:14:42 | 000,023,136 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\AcpiVpc.sys -- (ACPIVPC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2458439203-4094309802-2839035977-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2458439203-4094309802-2839035977-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-2458439203-4094309802-2839035977-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: D:\Programme\Java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: D:\Programme\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Programme\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: D:\Programme\VLC Media Player\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: D:\Programme\Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: D:\Programme\Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.1\extensions\\Components: D:\Programme\Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.1\extensions\\Plugins: D:\Programme\Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Components: D:\Programme\Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Plugins: D:\Programme\Thunderbird\plugins

[2014.01.05 01:38:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elena\AppData\Roaming\mozilla\Extensions
[2014.01.17 13:50:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elena\AppData\Roaming\mozilla\Firefox\Profiles\emqxwize.default\extensions
[2014.01.08 16:19:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Elena\AppData\Roaming\mozilla\Firefox\Profiles\emqxwize.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014.01.17 13:50:49 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\Elena\AppData\Roaming\mozilla\firefox\profiles\emqxwize.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.11.15 03:30:36 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{go ogle:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEnco ding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:ze roPrefixUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Mail = C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013.08.22 07:13:55 | 000,000,824 | ---- | M]) - C:\Windows\System32\Drivers\etc\hosts
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - D:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - D:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - D:\Programme\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - D:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O4 - HKLM..\Run: [Adobe Version Cue CS2] d:\Programme\CS\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2458439203-4094309802-2839035977-1001..\Run: [DAEMON Tools Lite] D:\Programme\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-2458439203-4094309802-2839035977-1001..\Run: [Spotify Web Helper] C:\Users\Elena\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Elena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - D:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - D:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - D:\Programme\Classic Shell\ClassicIE_32.exe (IvoSoft)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AE6B9D7-63B1-42F4-9D38-C71EF43CB738}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5D51DB6-4BE9-4B1B-8CA9-F54D1E9E68CB}: DhcpNameServer = 134.102.20.20 134.102.200.14 192.76.176.9
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Programme\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.08.22 09:16:34 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014.01.27 19:27:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- E:\Desktop\otl.exe
[2014.01.24 20:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014.01.24 20:29:54 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014.01.24 20:19:09 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.01.24 19:45:59 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\TeamViewer
[2014.01.24 19:43:05 | 004,571,480 | ---- | C] (TeamViewer) -- E:\Desktop\TeamViewerQS_de.exe
[2014.01.24 09:39:17 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Local\Diagnostics
[2014.01.22 12:24:04 | 000,000,000 | ---D | C] -- E:\Desktop\Klausuren
[2014.01.22 08:52:12 | 000,184,192 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2014.01.22 08:52:12 | 000,088,576 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2014.01.21 01:21:29 | 000,000,000 | ---D | C] -- E:\Desktop\Lernzettel
[2014.01.19 11:32:43 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014.01.19 11:32:40 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014.01.19 11:32:40 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014.01.19 11:32:40 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014.01.19 11:32:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014.01.15 21:20:27 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014.01.15 21:20:22 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Local\Google
[2014.01.15 15:46:48 | 002,872,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSService.dll
[2014.01.15 15:46:48 | 000,695,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSShared.dll
[2014.01.15 15:46:47 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSClient.dll
[2014.01.15 15:46:47 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSCollect.exe
[2014.01.15 15:46:46 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
[2014.01.15 15:46:44 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2014.01.14 19:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014.01.14 19:29:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014.01.13 20:50:48 | 000,000,000 | ---D | C] -- E:\Desktop\Meeres-Geo-Referat-Parasound
[2014.01.11 23:15:35 | 000,000,000 | ---D | C] -- E:\Desktop\Istanbul
[2014.01.11 22:18:39 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Local\gtk-2.0
[2014.01.11 22:18:05 | 000,000,000 | ---D | C] -- C:\Users\Elena\.thumbnails
[2014.01.11 22:04:58 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Local\fontconfig
[2014.01.11 22:04:51 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Local\gegl-0.2
[2014.01.11 22:04:51 | 000,000,000 | ---D | C] -- C:\Users\Elena\.gimp-2.8
[2014.01.11 10:53:58 | 000,000,000 | ---D | C] -- E:\Desktop\Mama Handy
[2014.01.09 21:45:48 | 000,000,000 | ---D | C] -- E:\Desktop\opaomafotobuch
[2014.01.09 21:22:28 | 000,000,000 | ---D | C] -- E:\Dokumente\Meinfotoalbum Projects
[2014.01.09 21:22:28 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\Meinfotoalbum
[2014.01.09 20:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Meinfotoalbum
[2014.01.09 10:29:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014.01.09 10:21:19 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\7-PDFSplitMerge
[2014.01.09 10:21:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-PDF
[2014.01.09 10:13:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2014.01.09 10:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared
[2014.01.09 10:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2014.01.09 10:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2014.01.09 10:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2014.01.09 10:12:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2014.01.08 16:25:18 | 000,000,000 | ---D | C] -- E:\Dokumente\Benutzerdefinierte Office-Vorlagen
[2014.01.08 16:20:43 | 000,000,000 | ---D | C] -- C:\Users\Elena\dwhelper
[2014.01.08 14:05:11 | 000,000,000 | R--D | C] -- C:\Windows\BrowserChoice
[2014.01.08 14:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014.01.08 13:54:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2014.01.08 13:23:30 | 000,000,000 | ---D | C] -- E:\Desktop\alter pc - praktikumReferat
[2014.01.07 10:15:05 | 011,674,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\twinui.dll
[2014.01.07 10:15:04 | 001,128,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AppXDeploymentServer.dll
[2014.01.07 10:15:03 | 001,765,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2014.01.07 10:15:02 | 005,753,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2014.01.07 10:15:01 | 001,765,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmcore.dll
[2014.01.07 10:15:00 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SettingSyncHost.exe
[2014.01.07 10:15:00 | 000,406,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2014.01.07 10:14:59 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dcomp.dll
[2014.01.07 10:14:58 | 002,038,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SettingsHandlers.dll
[2014.01.07 10:14:55 | 001,381,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.efi
[2014.01.07 10:14:55 | 001,261,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.efi
[2014.01.07 10:14:54 | 001,270,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2014.01.07 10:14:54 | 001,159,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2014.01.07 10:14:54 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BulkOperationHost.exe
[2014.01.07 10:14:53 | 002,266,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2014.01.07 10:14:53 | 000,320,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2014.01.07 10:14:53 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AppXDeploymentClient.dll
[2014.01.07 10:14:52 | 001,391,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPDMC.exe
[2014.01.07 10:14:52 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SettingSyncCore.dll
[2014.01.07 10:14:52 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpncore.dll
[2014.01.07 10:14:52 | 000,036,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\intelpep.sys
[2014.01.07 10:14:51 | 000,261,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBXHCI.SYS
[2014.01.07 10:14:51 | 000,120,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\SerCx2.sys
[2014.01.07 10:14:51 | 000,077,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pdc.sys
[2014.01.07 10:14:50 | 001,816,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Display.dll
[2014.01.07 10:14:50 | 000,544,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlidcli.dll
[2014.01.07 10:14:50 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CredentialMigrationHandler.dll
[2014.01.07 10:14:49 | 000,734,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AppXDeploymentExtensions.dll
[2014.01.07 10:14:49 | 000,366,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appmgr.dll
[2014.01.07 10:14:27 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winbici.dll
[2014.01.07 10:12:34 | 002,065,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2014.01.07 10:12:32 | 000,883,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfasfsrcsnk.dll
[2014.01.07 10:12:30 | 001,210,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\workfolderssvc.dll
[2014.01.07 10:12:28 | 001,799,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2014.01.07 10:12:28 | 000,706,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iuilp.dll
[2014.01.07 10:12:27 | 000,920,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2014.01.07 10:12:27 | 000,380,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfsvr.dll
[2014.01.07 10:12:26 | 002,295,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2014.01.07 10:12:25 | 001,204,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winmde.dll
[2014.01.07 10:12:25 | 000,518,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WWAHost.exe
[2014.01.07 10:12:24 | 001,155,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2014.01.07 10:12:24 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
[2014.01.07 10:12:24 | 000,142,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd_02_8086.dll
[2014.01.07 10:12:24 | 000,029,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ploptin.dll
[2014.01.07 10:12:23 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Windows.Media.dll
[2014.01.07 10:12:23 | 000,409,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AppReadiness.dll
[2014.01.07 10:12:23 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AppxAllUserStore.dll
[2014.01.07 10:12:22 | 003,934,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2014.01.07 10:12:22 | 000,578,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2014.01.07 10:12:21 | 000,795,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll
[2014.01.07 10:12:21 | 000,345,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsmf.dll
[2014.01.07 10:12:20 | 000,088,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptsslp.dll
[2014.01.07 10:12:19 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Windows.Web.Http.dll
[2014.01.07 10:12:19 | 000,326,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2014.01.07 10:12:19 | 000,262,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2014.01.07 10:12:19 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psmsrv.dll
[2014.01.07 10:12:18 | 000,667,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WorkfoldersControl.dll
[2014.01.07 10:12:17 | 000,321,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spaceport.sys
[2014.01.07 10:12:17 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcsvDevice.dll
[2014.01.07 10:12:16 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dafBth.dll
[2014.01.07 10:12:16 | 000,079,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\embeddedapplauncher.exe
[2014.01.07 10:12:16 | 000,047,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stornvme.sys
[2014.01.07 10:12:15 | 000,044,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wldp.dll
[2014.01.07 10:12:13 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WorkFoldersShell.dll
[2014.01.07 10:12:13 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WorkFolders.exe
[2014.01.07 10:12:13 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WorkFoldersRes.dll
[2014.01.07 10:12:12 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUSettingsProvider.dll
[2014.01.07 10:12:12 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2014.01.07 10:12:12 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2014.01.07 10:12:11 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014.01.07 10:12:11 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2014.01.07 10:12:11 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dafWfdProvider.dll
[2014.01.07 10:12:11 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msched.dll
[2014.01.07 10:12:10 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\miutils.dll
[2014.01.07 10:12:10 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2014.01.07 10:12:09 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014.01.07 10:12:09 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2014.01.07 10:12:08 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WiFiDisplay.dll
[2014.01.07 10:12:02 | 001,634,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2014.01.07 10:11:59 | 000,284,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
[2014.01.07 10:11:55 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MrmCoreR.dll
[2014.01.07 10:10:26 | 013,925,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Windows.UI.Xaml.dll
[2014.01.07 10:10:09 | 000,869,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\twinui.appcore.dll
[2014.01.07 10:02:29 | 000,552,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SkyDriveTelemetry.dll
[2014.01.07 10:02:29 | 000,515,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MrmIndexer.dll
[2014.01.06 23:17:31 | 003,494,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014.01.06 23:16:58 | 004,243,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014.01.06 23:16:52 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014.01.06 23:16:50 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014.01.06 23:16:48 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014.01.06 23:08:03 | 000,698,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2014.01.06 23:06:35 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2014.01.06 23:06:33 | 003,423,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncEngine.dll
[2014.01.06 23:06:31 | 000,463,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SkyDrive.exe
[2014.01.06 22:39:57 | 000,977,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Windows.Media.Streaming.dll
[2014.01.06 22:39:56 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Windows.Devices.Sensors.dll
[2014.01.06 22:38:43 | 000,240,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mdmregistration.dll
[2014.01.06 22:38:41 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MDMAgent.exe
[2014.01.06 22:28:09 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\wfplwfs.sys
[2014.01.06 18:32:24 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\WinRAR
[2014.01.06 18:26:39 | 000,231,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2014.01.06 17:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2014.01.06 17:55:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2014.01.06 17:54:33 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2014.01.06 17:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2014.01.06 17:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2014.01.06 17:52:59 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Local\Microsoft Help
[2014.01.06 17:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2014.01.06 17:48:51 | 000,243,128 | ---- | C] (Disc Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2014.01.06 17:48:49 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\DAEMON Tools Lite
[2014.01.06 15:02:43 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\FileZilla
[2014.01.06 13:53:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\sda
[2014.01.06 13:53:43 | 009,888,840 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtsUVStoricon.dll
[2014.01.06 13:53:26 | 000,242,760 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RtsUVStor.sys
[2014.01.06 13:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2014.01.05 15:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2014.01.05 15:01:46 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Local\Spotify
[2014.01.05 14:56:23 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\Spotify
[2014.01.05 14:31:42 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\Thunderbird
[2014.01.05 14:31:42 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Local\Thunderbird
[2014.01.05 14:22:36 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014.01.05 14:21:06 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\Dropbox
[2014.01.05 14:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2014.01.05 14:11:01 | 000,151,280 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynTPCo17.dll
[2014.01.05 14:10:36 | 000,028,656 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\drivers\Smb_driver_Intel.sys
[2014.01.05 13:35:44 | 000,000,000 | R--D | C] -- C:\Users\Elena\Musik
[2014.01.05 12:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\ClassicShell
[2014.01.05 12:01:31 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\ClassicShell
[2014.01.05 11:46:14 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\Macromedia
[2014.01.05 11:46:14 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Local\Macromedia
[2014.01.05 11:45:10 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Local\Adobe
[2014.01.05 11:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014.01.05 11:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014.01.05 11:31:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014.01.05 11:10:31 | 000,024,832 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\amdkmpfd.sys
[2014.01.05 01:50:14 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\ATI
[2014.01.05 01:50:14 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Local\ATI
[2014.01.05 01:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2014.01.05 01:38:50 | 000,000,000 | ---D | C] -- C:\Intel
[2014.01.05 01:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2014.01.05 01:38:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2014.01.05 01:38:10 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\Mozilla
[2014.01.05 01:38:10 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Local\Mozilla
[2014.01.05 01:38:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014.01.05 01:38:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014.01.05 01:36:05 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced Micro Devices, Inc
[2014.01.05 01:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[2014.01.05 01:35:32 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2014.01.05 01:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2014.01.05 01:35:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014.01.05 01:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2014.01.05 01:35:07 | 000,000,000 | ---D | C] -- C:\AMD
[2014.01.05 01:35:02 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2014.01.05 01:34:15 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\vlc
[2014.01.05 01:26:14 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\Malwarebytes
[2014.01.05 01:26:03 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014.01.05 01:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.01.05 01:25:30 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Local\Programs
[2014.01.05 01:25:12 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\Avira
[2014.01.05 01:24:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2014.01.05 01:24:05 | 000,135,648 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2014.01.05 01:24:05 | 000,068,728 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avnetflt.sys
[2014.01.05 01:24:05 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2014.01.05 01:24:04 | 000,090,400 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2014.01.05 01:24:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2014.01.05 01:14:06 | 000,000,000 | R--D | C] -- C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014.01.05 01:14:06 | 000,000,000 | R--D | C] -- C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014.01.05 01:14:05 | 000,000,000 | R--D | C] -- C:\Users\Elena\Searches
[2014.01.05 01:14:05 | 000,000,000 | R--D | C] -- C:\Users\Elena\Contacts
[2014.01.05 01:13:57 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Local\VirtualStore
[2014.01.05 01:13:53 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Local\Packages
[2014.01.05 01:13:53 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\Adobe
[2014.01.05 01:13:49 | 000,000,000 | -HSD | C] -- C:\Users\Elena\Vorlagen
[2014.01.05 01:13:49 | 000,000,000 | -HSD | C] -- C:\Users\Elena\AppData\Local\Verlauf
[2014.01.05 01:13:49 | 000,000,000 | -HSD | C] -- C:\Users\Elena\AppData\Local\Temporary Internet Files
[2014.01.05 01:13:49 | 000,000,000 | -HSD | C] -- C:\Users\Elena\Startmenü
[2014.01.05 01:13:49 | 000,000,000 | -HSD | C] -- C:\Users\Elena\SendTo
[2014.01.05 01:13:49 | 000,000,000 | -HSD | C] -- C:\Users\Elena\Recent
[2014.01.05 01:13:49 | 000,000,000 | -HSD | C] -- C:\Users\Elena\Netzwerkumgebung
[2014.01.05 01:13:49 | 000,000,000 | -HSD | C] -- C:\Users\Elena\Lokale Einstellungen
[2014.01.05 01:13:49 | 000,000,000 | -HSD | C] -- C:\Users\Elena\Eigene Dateien
[2014.01.05 01:13:49 | 000,000,000 | -HSD | C] -- C:\Users\Elena\Druckumgebung
[2014.01.05 01:13:49 | 000,000,000 | -HSD | C] -- C:\Users\Elena\Cookies
[2014.01.05 01:13:49 | 000,000,000 | -HSD | C] -- C:\Users\Elena\AppData\Local\Anwendungsdaten
[2014.01.05 01:13:49 | 000,000,000 | -HSD | C] -- C:\Users\Elena\Anwendungsdaten
[2014.01.05 01:13:48 | 000,000,000 | --SD | C] -- C:\Users\Elena\AppData\Roaming\Microsoft
[2014.01.05 01:13:48 | 000,000,000 | R--D | C] -- C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2014.01.05 01:13:48 | 000,000,000 | R--D | C] -- C:\Users\Elena\Saved Games
[2014.01.05 01:13:48 | 000,000,000 | R--D | C] -- C:\Users\Elena\Links
[2014.01.05 01:13:48 | 000,000,000 | R--D | C] -- C:\Users\Elena\Favorites
[2014.01.05 01:13:48 | 000,000,000 | R--D | C] -- C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014.01.05 01:13:48 | 000,000,000 | R--D | C] -- C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2014.01.05 01:13:48 | 000,000,000 | -H-D | C] -- C:\Users\Elena\AppData
[2014.01.05 01:13:48 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Local\Temp
[2014.01.05 01:13:48 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Local\Microsoft
[2014.01.05 01:13:48 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014.01.05 01:13:40 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014.01.05 01:06:41 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2014.01.05 01:00:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2014.01.05 01:00:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2014.01.05 01:00:24 | 000,000,000 | -HSD | C] -- C:\Programme
[2014.01.05 01:00:24 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2014.01.05 01:00:24 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2014.01.05 01:00:24 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2014.01.05 01:00:24 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2014.01.05 01:00:24 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2014.01.05 01:00:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2014.01.05 01:00:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2014.01.05 00:58:29 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2014.01.05 00:57:58 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2014.01.05 00:57:43 | 000,000,000 | ---D | C] -- C:\Windows\Panther

========== Files - Modified Within 30 Days ==========

[2014.01.27 19:27:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Desktop\otl.exe
[2014.01.27 19:19:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.01.27 17:56:23 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.01.26 22:22:23 | 000,424,806 | ---- | M] () -- E:\Desktop\LEK 01.10.2013.pdf
[2014.01.24 22:34:41 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014.01.24 22:34:38 | 2502,193,152 | -HS- | M] () -- C:\hiberfil.sys
[2014.01.24 21:04:14 | 000,743,546 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2014.01.24 21:04:14 | 000,691,462 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014.01.24 21:04:14 | 000,156,142 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2014.01.24 21:04:14 | 000,131,902 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014.01.24 19:43:54 | 004,571,480 | ---- | M] (TeamViewer) -- E:\Desktop\TeamViewerQS_de.exe
[2014.01.24 09:20:54 | 000,000,774 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2014.01.22 21:44:41 | 000,411,521 | ---- | M] () -- E:\Desktop\Handout.pdf
[2014.01.22 12:13:24 | 040,203,481 | ---- | M] () -- E:\Desktop\Paläozeanographie_Palöoklimatologie.pdf
[2014.01.22 08:52:12 | 000,184,192 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2014.01.22 08:52:12 | 000,088,576 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2014.01.21 21:25:30 | 000,004,019 | ---- | M] () -- C:\Users\Elena\AppData\Local\recently-used.xbel
[2014.01.21 01:28:04 | 000,155,858 | ---- | M] () -- E:\Desktop\thermohaline-Zirkulation.jpg
[2014.01.19 15:18:52 | 000,080,519 | ---- | M] () -- E:\Desktop\Blick_auf_den_Meeresboden_vor_Endelave.jpg
[2014.01.19 08:37:44 | 000,231,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2014.01.18 14:16:35 | 000,343,375 | ---- | M] () -- E:\Desktop\geotechno.pdf
[2014.01.18 14:13:59 | 000,666,883 | ---- | M] () -- E:\Desktop\Geotechnologien Lernskript.pdf
[2014.01.18 14:00:36 | 001,023,217 | ---- | M] () -- E:\Desktop\EKO_Sperrmuellabfuhr_privat_Internet.pdf
[2014.01.11 10:52:56 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2014.01.09 23:03:36 | 000,074,752 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Meinfotoalbum Prefsv3
[2014.01.09 20:18:46 | 000,402,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014.01.09 10:13:12 | 000,001,276 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2014.01.06 23:31:05 | 000,693,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014.01.06 23:31:05 | 000,105,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014.01.06 17:48:51 | 000,243,128 | ---- | M] (Disc Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2014.01.05 14:24:28 | 000,001,068 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014.01.05 14:11:32 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2014.01.05 14:11:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
[2014.01.05 11:10:10 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2014.01.05 00:59:33 | 000,055,502 | ---- | M] () -- C:\Windows\System32\license.rtf
[2014.01.05 00:58:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_11_00.Wdf

========== Files Created - No Company Name ==========

[2014.01.26 22:22:23 | 000,424,806 | ---- | C] () -- E:\Desktop\LEK 01.10.2013.pdf
[2014.01.24 09:20:54 | 000,000,774 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2014.01.22 21:44:41 | 000,411,521 | ---- | C] () -- E:\Desktop\Handout.pdf
[2014.01.22 12:13:01 | 040,203,481 | ---- | C] () -- E:\Desktop\Paläozeanographie_Palöoklimatologie.pdf
[2014.01.21 21:25:30 | 000,004,019 | ---- | C] () -- C:\Users\Elena\AppData\Local\recently-used.xbel
[2014.01.21 01:26:34 | 000,155,858 | ---- | C] () -- E:\Desktop\thermohaline-Zirkulation.jpg
[2014.01.19 15:18:52 | 000,080,519 | ---- | C] () -- E:\Desktop\Blick_auf_den_Meeresboden_vor_Endelave.jpg
[2014.01.18 14:16:34 | 000,343,375 | ---- | C] () -- E:\Desktop\geotechno.pdf
[2014.01.18 14:15:03 | 000,666,883 | ---- | C] () -- E:\Desktop\Geotechnologien Lernskript.pdf
[2014.01.18 14:00:36 | 001,023,217 | ---- | C] () -- E:\Desktop\EKO_Sperrmuellabfuhr_privat_Internet.pdf
[2014.01.15 15:46:47 | 000,103,936 | ---- | C] () -- C:\Windows\System32\OEMLicense.dll
[2014.01.11 10:52:56 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2014.01.09 21:22:51 | 000,074,752 | ---- | C] () -- C:\Users\Elena\AppData\Roaming\Meinfotoalbum Prefsv3
[2014.01.09 10:25:50 | 000,002,457 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014.01.09 10:17:19 | 000,002,238 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS2.lnk
[2014.01.09 10:16:29 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2014.01.09 10:15:13 | 000,000,753 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS2.lnk
[2014.01.09 10:14:00 | 000,001,764 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
[2014.01.09 10:13:59 | 000,001,767 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
[2014.01.09 10:13:33 | 000,001,749 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
[2014.01.09 10:13:12 | 000,001,276 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2014.01.09 10:12:41 | 000,001,731 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
[2014.01.09 10:07:33 | 000,000,760 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2014.01.07 10:12:13 | 000,385,528 | ---- | C] () -- C:\Windows\System32\ApnDatabase.xml
[2014.01.05 15:01:45 | 000,001,806 | ---- | C] () -- C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2014.01.05 14:23:05 | 000,001,068 | ---- | C] () -- C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014.01.05 14:11:32 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2014.01.05 14:11:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
[2014.01.05 11:46:08 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.01.05 11:10:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2014.01.05 01:13:53 | 000,001,454 | ---- | C] () -- C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014.01.05 00:59:51 | 2502,193,152 | -HS- | C] () -- C:\hiberfil.sys
[2014.01.05 00:58:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2014.01.05 00:58:00 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2013.12.20 23:52:22 | 000,012,288 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2013.12.20 23:52:20 | 000,280,064 | ---- | C] () -- C:\Windows\System32\igdmd32.dll
[2013.12.20 23:52:18 | 000,182,272 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2013.12.20 23:52:18 | 000,142,848 | ---- | C] () -- C:\Windows\System32\igdail32.dll
[2013.12.20 23:52:14 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2013.12.20 23:52:14 | 000,001,806 | ---- | C] () -- C:\Windows\System32\GfxUIEx.exe.config
[2013.12.20 23:52:14 | 000,000,264 | ---- | C] () -- C:\Windows\System32\GfxUIHotKeyMenu.exe.config
[2013.12.20 23:52:12 | 002,585,088 | ---- | C] () -- C:\Windows\System32\GfxRes.dll
[2013.12.20 23:52:12 | 000,529,880 | ---- | C] () -- C:\Windows\System32\DPTopologyApp.exe
[2013.12.20 23:52:12 | 000,000,935 | ---- | C] () -- C:\Windows\System32\DPTopologyApp.exe.config
[2013.12.20 23:52:10 | 000,000,935 | ---- | C] () -- C:\Windows\System32\CustomModeApp.exe.config
[2013.12.13 10:22:54 | 000,200,704 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2013.12.13 10:22:46 | 000,234,036 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik.dat
[2013.12.13 10:22:46 | 000,233,776 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik_nd.dat
[2013.12.13 10:22:46 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2013.12.13 10:22:46 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2013.12.13 10:22:44 | 000,083,552 | ---- | C] () -- C:\Windows\System32\ativce02.dat
[2013.12.13 10:22:40 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2013.12.13 10:22:36 | 000,721,296 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2013.12.13 10:22:32 | 000,995,342 | ---- | C] () -- C:\Windows\System32\amdocl_as32.exe
[2013.12.13 10:22:32 | 000,798,734 | ---- | C] () -- C:\Windows\System32\amdocl_ld32.exe
[2013.12.13 10:22:28 | 000,360,960 | ---- | C] () -- C:\Windows\System32\amdmiracast.dll
[2013.12.13 10:22:28 | 000,123,392 | ---- | C] () -- C:\Windows\System32\amdhdl32.dll
[2013.08.22 15:59:39 | 000,743,546 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2013.08.22 15:59:39 | 000,305,634 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2013.08.22 15:59:39 | 000,156,142 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2013.08.22 15:59:39 | 000,040,390 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2013.08.22 09:19:09 | 000,691,462 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2013.08.22 09:19:09 | 000,296,742 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2013.08.22 09:19:09 | 000,131,902 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2013.08.22 09:19:09 | 000,033,362 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2013.08.22 09:17:31 | 000,000,389 | ---- | C] () -- C:\Windows\System32\AutoWorkplace.exe.config
[2013.08.22 09:17:30 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2013.08.22 09:17:29 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2013.08.22 08:24:03 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2013.08.22 08:22:45 | 000,402,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.08.22 04:33:54 | 000,073,216 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2013.08.22 04:32:36 | 000,046,080 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2013.08.22 00:57:03 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2013.08.22 00:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2013.08.22 00:52:35 | 001,520,828 | ---- | C] () -- C:\Windows\System32\WpcNBModel.bin
[2013.08.22 00:52:35 | 000,526,068 | ---- | C] () -- C:\Windows\System32\staticurllist.bin
[2013.08.22 00:50:57 | 000,008,192 | ---- | C] () -- C:\Windows\System32\settings.dat
[2013.08.22 00:48:14 | 000,049,963 | ---- | C] () -- C:\Windows\System32\srms.dat
[2012.08.29 15:22:38 | 000,246,804 | ---- | C] () -- C:\Windows\System32\drivers\AtherosBT.bin

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.11.05 19:51:37 | 018,642,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013.08.22 03:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2013.08.22 03:42:12 | 000,390,144 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >


EXTRAS.Txt
OTL Extras logfile created on: 27.01.2014 19:30:13 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Desktop
Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,91 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 47,20% Memory free
3,73 Gb Paging File | 1,70 Gb Available in Paging File | 45,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,49 Gb Total Space | 27,52 Gb Free Space | 56,76% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 42,54 Gb Free Space | 87,12% Space Free | Partition Type: NTFS
Drive E: | 832,88 Gb Total Space | 494,90 Gb Free Space | 59,42% Space Free | Partition Type: NTFS
Drive F: | 4,29 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: ELENA-NOTEBOOK | User Name: Elena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2458439203-4094309802-2839035977-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Programme\Microsoft Office\Office15\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\Microsoft Office\Office15\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0712B52A-1A8C-4535-B362-080FC24CCD15}" = protocol=6 | dir=in | app=d:\programme\kmspico\autopico.exe |
"{07F0528A-CC4E-47B8-9FD0-AD1FBC2C5768}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{1254B47F-3967-4558-88BE-EC74976023ED}" = protocol=17 | dir=in | app=d:\programme\kmspico\autopico.exe |
"{163061A6-E613-4B24-816C-2EE7FDB1A562}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.1.337_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{1688C251-B46B-4284-801B-023DE0FD9F22}" = protocol=6 | dir=in | app=d:\programme\kmspico\kmseldi.exe |
"{19B0983A-B9A0-4689-984F-D4D0C0F5AF59}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{24302677-D7AD-4CB6-86D8-F21F02904B58}" = protocol=6 | dir=in | app=d:\programme\kmspico\service_kms.exe |
"{27AAD0B4-4BE5-4DC2-BEBF-EDD8574CAEC4}" = protocol=17 | dir=in | app=d:\programme\microsoft office\office15\lync.exe |
"{2DF2E2B0-A588-4810-90EB-4C394CAB983F}" = dir=in | name=junipernetworks.junospulsevpn |
"{305F6CDA-82F1-4494-9F9B-127D3D03D085}" = dir=in | name=skype |
"{331D3F10-92E3-4211-9259-CAF9D02FCE86}" = dir=out | name=junipernetworks.junospulsevpn |
"{365E5384-9EFC-485C-8720-D2760C6E2460}" = protocol=6 | dir=in | app=d:\programme\microsoft office\office15\lync.exe |
"{3C093942-59DF-4683-B68C-68FE5713C77F}" = protocol=17 | dir=in | app=d:\programme\cs\adobe version cue cs2\bin\versioncuecs2.exe |
"{40E3F69A-D3B0-4E52-A3F9-A4EA0E2F4569}" = dir=out | name=@{microsoft.zunemusic_2.2.444.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{41C11401-5BDF-4EFB-9011-53A6625EB292}" = protocol=17 | dir=in | app=d:\programme\kmspico\service_kms.exe |
"{444FDB81-EE5B-4CF2-A39D-1C6F8725B831}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{4461AC17-C266-4BC5-A565-58FBC80F748F}" = dir=out | name=@{microsoft.bingfinance_3.0.1.299_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{450BDB47-1DB3-4284-99FF-818672F9126E}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20315_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{4D0974A1-0827-4995-A5A3-A1FF8FFF2463}" = protocol=6 | dir=in | app=d:\programme\cs\adobe version cue cs2\bin\versioncuecs2.exe |
"{4F312F4D-4D10-42AA-8D9D-B28579A59017}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{561F3532-6183-4497-B31F-5E394BFFD7EA}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{5C74D718-3A28-47CD-93C7-40258CC2BD1C}" = dir=out | name=@{microsoft.bingmaps_2.0.2210.2401_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{64364616-9029-45C8-9E22-0AA358E6D038}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{6D7BD779-4AC0-4F61-80FC-8237E688EA63}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{835E0E77-65D1-4FAA-AA5E-AC67565A94FB}" = dir=out | name=sonicwall.mobileconnect |
"{8CDEF1D3-0901-401D-B470-6D42A9F21CDB}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{992FCE42-1E69-49BC-9B30-2E803204765F}" = dir=out | name=@{microsoft.bingweather_3.0.1.203_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{9DDF9DC9-6390-4C93-877F-D64FF60DD937}" = dir=out | name=@{microsoft.zunevideo_2.2.338.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{9EAB991D-EAE8-418E-A34D-38D2FA8A0CC6}" = protocol=17 | dir=in | app=c:\users\elena\appdata\roaming\dropbox\bin\dropbox.exe |
"{A723AFCF-6FE8-4A15-9CDA-B8B506B493B2}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{A9080F4C-BE69-49F6-87CD-FAE444526D27}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{AF4CD98F-A6B6-4B1C-8D65-661A94CE0BDE}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{B159F30B-04FD-4D4E-95E4-BFC89F006AFD}" = protocol=17 | dir=in | app=d:\programme\microsoft office\office15\ucmapi.exe |
"{B48AD32A-CA6C-4363-94A0-331284CE2887}" = dir=out | name=@{microsoft.bingnews_3.0.1.321_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/apptitle} |
"{B83C5EF6-14FF-4284-98B6-D3265EC0CCCE}" = protocol=6 | dir=in | app=c:\users\elena\appdata\roaming\dropbox\bin\dropbox.exe |
"{C1311859-CF49-4140-96B6-C770433104AF}" = dir=in | app=c:\program files\winzip driver updater\winzipdu.exe |
"{C3EA623E-D2CD-4FDA-987B-8F72C9FA2B72}" = dir=out | name=skype |
"{C6182E4B-10FC-4083-A766-458080D68E73}" = dir=in | name=f5.vpn.client |
"{C9837BF4-9372-4DA3-829B-CC97F60DB153}" = dir=out | name=@{microsoft.bingtravel_3.0.1.202_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{CF4A4CA5-D607-4C19-A54C-EBC2DB4E56F8}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.1.335_x86__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{DB0F259E-B839-4C83-A4A0-572EECFA926D}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20315_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{E20BB53A-3BDC-460D-BAEE-FFDC117AB485}" = dir=in | name=sonicwall.mobileconnect |
"{E6A4BE21-4183-455E-8C07-84C78011B261}" = dir=out | name=checkpoint.vpn |
"{ECAC5071-2E65-4935-96C1-E570E94B65E8}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{F0FC9543-1844-4C4E-9634-BFBCDDDF078B}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{F62574B3-4E55-4C00-8999-63E837DAA9BE}" = protocol=6 | dir=in | app=d:\programme\microsoft office\office15\ucmapi.exe |
"{F7893BFF-C8CB-44C7-BFB3-856D2E514456}" = dir=out | name=@{microsoft.bingsports_3.0.1.203_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{FA35BA80-EA4B-48FD-9FEF-74E9E0B3FEC7}" = dir=in | name=checkpoint.vpn |
"{FE5EA256-AD54-4FD8-B211-1263089653FF}" = dir=out | name=f5.vpn.client |
"{FFA2209B-B420-47A8-9D9C-AD627C658A07}" = protocol=17 | dir=in | app=d:\programme\kmspico\kmseldi.exe |
"TCP Query User{45CF367D-AA9F-48EC-999C-DAD140A1EB15}C:\users\elena\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\elena\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{9DDCF170-7014-49F7-8480-7D8EBAA9F596}C:\users\elena\appdata\local\temp\kmspico\kmsserver.exe" = protocol=6 | dir=in | app=c:\users\elena\appdata\local\temp\kmspico\kmsserver.exe |
"TCP Query User{E59CC14C-C283-4143-9AD3-FE050CCC0A45}C:\users\elena\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\elena\appdata\roaming\spotify\spotify.exe |
"UDP Query User{121A598A-418B-4558-9DD6-6DD7B6A48D1D}C:\users\elena\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\elena\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{CE0E2B9B-ECB5-430E-822F-ACC509D98EBF}C:\users\elena\appdata\local\temp\kmspico\kmsserver.exe" = protocol=17 | dir=in | app=c:\users\elena\appdata\local\temp\kmspico\kmsserver.exe |
"UDP Query User{FEA5EA41-DC22-4BF7-BA9B-176342D80E26}C:\users\elena\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\elena\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{1812E293-E2D1-3072-0ED4-C15163533D7E}" = CCC Help Swedish
"{1E496A68-4943-424E-829D-5C3C85B7B8F2}" = Realtek USB Card Reader
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{25087F13-EBE7-C817-CA31-08C196F73B23}" = CCC Help Hungarian
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{29043AAA-3A1A-D36B-C1CB-E201FA72C16A}" = CCC Help Dutch
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{3C7F465C-765F-A038-60BE-03B7301B0161}" = CCC Help Norwegian
"{42321261-5D40-644C-1235-927141D4FA20}" = CCC Help Portuguese
"{446CF7B3-EE4D-1C10-E2B7-87C1C8517FE8}" = CCC Help Korean
"{450BED09-F405-87EE-CD52-5055B1EF8F72}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D628C2E-D9F7-2D3A-E610-00F4D52F219F}" = CCC Help Polish
"{553B5DE6-496A-4328-DE0B-D1C83F7FE4D8}" = CCC Help Turkish
"{5EA2099A-0249-1D98-5387-0BEF207D72AA}" = AMD Catalyst Control Center
"{632396AA-8A78-A9A4-0945-7E24DF3F5B6C}" = CCC Help French
"{64592305-22DF-6756-FD51-1B7234D4C6AB}" = CCC Help Russian
"{6DC13EFF-D4FF-65B6-7538-8B3E6075853F}" = Catalyst Control Center InstallProxy
"{72C8D86C-600C-3668-FB8D-BD392ABE7614}" = ccc-utility
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7BC48761-EE54-AA23-5607-0D11B7550CFB}" = CCC Help Italian
"{7C58E0C8-89FB-7E36-158C-5DC0B57027D9}" = CCC Help Czech
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{87270A4A-EDE9-BFDF-AE0C-0FBDEEA5D4BD}" = CCC Help Thai
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}" = Catalyst Control Center
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{8F1ABC89-3D34-1D8B-DF69-EC9198604283}" = CCC Help Spanish
"{90150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0407-0000-0000000FF1CE}" = Microsoft Access MUI (German) 2013
"{90150000-0016-0407-0000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013
"{90150000-0018-0407-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013
"{90150000-0019-0407-0000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013
"{90150000-001A-0407-0000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013
"{90150000-001B-0407-0000-0000000FF1CE}" = Microsoft Word MUI (German) 2013
"{90150000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013
"{90150000-0044-0407-0000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013
"{90150000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-0090-0407-0000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013
"{90150000-00A1-0407-0000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013
"{90150000-00BA-0407-0000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013
"{90150000-00E1-0407-0000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013
"{90150000-00E2-0407-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013
"{90150000-012B-0407-0000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013
"{96DAF3C6-C2D4-5804-E219-86C034A02355}" = CCC Help Japanese
"{9BB69BDB-FE40-24D2-3822-828FB6DF6DE2}" = CCC Help German
"{A71019D0-8C9D-DB8D-2801-CBFC736FF307}" = CCC Help Danish
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) - Deutsch
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B99E1A30-E349-FA3B-80F7-FB55EBC40996}" = CCC Help Chinese Traditional
"{C28E9DF6-C68D-18DF-076C-7E92B9F30A96}" = CCC Help English
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C68D4599-2D2A-2060-39D0-0B3DEA861657}" = Catalyst Control Center Localization All
"{CB79256B-C0E0-40C6-8EB7-BDD796203581}" = Catalyst Control Center - Branding
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{ED436519-8A0E-4CD0-987C-174D134513C2}" = Classic Shell
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F940E929-2FFF-1F4E-7ECB-DE1B0377D627}" = CCC Help Finnish
"{FB8AF07B-42FB-4746-058A-B6A063472452}" = CCC Help Greek
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"7-PDF Split & Merge_is1" = 7-PDF Split & Merge Version 2.2.0 (Build 145)
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"FileZilla Client" = FileZilla Client 3.7.3
"GIMP-2_is1" = GIMP 2.8.10
"KMSpico_is1" = KMSpico v9.1.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 26.0 (x86 de)" = Mozilla Firefox 26.0 (x86 de)
"Mozilla Thunderbird 24.1.1 (x86 de)" = Mozilla Thunderbird 24.1.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.1.2
"WinRAR archiver" = WinRAR 5.01 (32-Bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2458439203-4094309802-2839035977-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Meinfotoalbum" = Meinfotoalbum
"Mozilla Thunderbird 24.2.0 (x86 de)" = Mozilla Thunderbird 24.2.0 (x86 de)
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 24.01.2014 17:36:13 | Computer Name = Elena-Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Service_KMS.exe, Version: 11.0.0.0,
Zeitstempel: 0x52a8d15d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0x00000000 Fehleroffset: 0x010801a0 ID des fehlerhaften
Prozesses: 0x810 Startzeit der fehlerhaften Anwendung: 0x01cf194c234981e9 Pfad der
fehlerhaften Anwendung: D:\Programme\KMSpico\Service_KMS.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 8b713d06-853f-11e3-9727-a4db30565264 Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:

Error - 25.01.2014 05:10:53 | Computer Name = Elena-Notebook | Source = ATIeRecord | ID = 16386
Description = ATI EEU Client has failed to start

Error - 26.01.2014 17:37:23 | Computer Name = Elena-Notebook | Source = ATIeRecord | ID = 16386
Description = ATI EEU Client has failed to start

[ System Events ]
Error - 24.01.2014 17:33:56 | Computer Name = Elena-Notebook | Source = DCOM | ID = 10010
Description =

Error - 24.01.2014 17:33:56 | Computer Name = Elena-Notebook | Source = DCOM | ID = 10010
Description =

Error - 24.01.2014 17:33:56 | Computer Name = Elena-Notebook | Source = DCOM | ID = 10010
Description =

Error - 24.01.2014 17:36:23 | Computer Name = Elena-Notebook | Source = Service Control Manager | ID = 7034
Description = Dienst "Service KMSELDI" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.

Error - 25.01.2014 05:54:19 | Computer Name = Elena-Notebook | Source = DCOM | ID = 10010
Description =

Error - 25.01.2014 05:54:49 | Computer Name = Elena-Notebook | Source = DCOM | ID = 10010
Description =

Error - 25.01.2014 05:56:20 | Computer Name = Elena-Notebook | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070005 fehlgeschlagen: Update für Windows 8.1 (KB2883200)

Error - 27.01.2014 12:28:31 | Computer Name = Elena-Notebook | Source = DCOM | ID = 10010
Description =

Error - 27.01.2014 12:29:02 | Computer Name = Elena-Notebook | Source = DCOM | ID = 10010
Description =

Error - 27.01.2014 12:34:26 | Computer Name = Elena-Notebook | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070005 fehlgeschlagen: Update für Windows 8.1 (KB2883200)


< End of report >

Alt 27.01.2014, 23:15   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8.1 TR/Mediyes.gen - Standard

Windows 8.1 TR/Mediyes.gen



Hi,

Fehlalarm
__________________

__________________

Alt 28.01.2014, 08:25   #3
Helpme03
 
Windows 8.1 TR/Mediyes.gen - Standard

Windows 8.1 TR/Mediyes.gen



Guten Morgen,

danke für die schnelle Antwort. Kannst du mir vielleicht sagen, warum das ein "Fehlalarm" war? Ob ich da nicht schon ausversehen was wichtiges gelöscht habe.

Vielen Dank und schönen Tag noch
__________________

Alt 28.01.2014, 15:53   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8.1 TR/Mediyes.gen - Standard

Windows 8.1 TR/Mediyes.gen



Weil du der 100ste bist der genau diese Datei, oder Dateien in diesem Windows Ordner hat, die Avira als Mediyes bemängelt. Bei den ersten 20 usern hab ich noch richtig nachgschaut, bei den nächsten 20 nur noch die Datei ansich schnell gegen gecheckt, seit dem weiß ich dass man es einfach in die ewig lange Liste der Fehlalarme von Avira eintragen kann.....
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 8.1 TR/Mediyes.gen
antivir, autorun, avira, bho, browser, down, error, failed, firefox, flash player, google, install.exe, installation, kmspico, logfile, mozilla, problem, programm, realtek, registry, rundll, scan, security, software, spotify web helper, trojaner, virus, windows, windows 8.1 tr/mediyes.gen, winzip driver updater




Ähnliche Themen: Windows 8.1 TR/Mediyes.gen


  1. Trojaner Mediyes.Gen
    Plagegeister aller Art und deren Bekämpfung - 24.08.2015 (14)
  2. TR/Mediyes.J.1 und Netzwerkprobleme
    Log-Analyse und Auswertung - 26.08.2014 (7)
  3. Virenfund TR/Mediyes.Gen auf Windows 8.1
    Plagegeister aller Art und deren Bekämpfung - 29.01.2014 (5)
  4. TR/Mediyes.gen in C:\Windows\WinSxs\Temp\PendingRenames\ in Qarantäne
    Plagegeister aller Art und deren Bekämpfung - 22.01.2014 (7)
  5. Windows 8.1 TR/Mediyes.gen
    Log-Analyse und Auswertung - 11.01.2014 (5)
  6. TR/Mediyes.Gen gefunden!
    Plagegeister aller Art und deren Bekämpfung - 05.01.2014 (5)
  7. Trojaner Mediyes.Gen
    Log-Analyse und Auswertung - 29.11.2013 (10)
  8. Trojaner Mediyes.Gen
    Plagegeister aller Art und deren Bekämpfung - 04.11.2013 (13)
  9. TR/Mediyes.gen entdeckt D:
    Plagegeister aller Art und deren Bekämpfung - 17.04.2013 (37)
  10. tr/mediyes.cd
    Log-Analyse und Auswertung - 09.07.2012 (1)
  11. TR/Mediyes.EB.1 & TR/ATRAPS.Gen
    Log-Analyse und Auswertung - 26.06.2012 (35)
  12. TR/mediyes.F.3
    Plagegeister aller Art und deren Bekämpfung - 26.06.2012 (32)
  13. generic28 HGR / Mediyes
    Log-Analyse und Auswertung - 08.05.2012 (1)
  14. TR/Mediyes.B.6.
    Plagegeister aller Art und deren Bekämpfung - 17.03.2012 (10)
  15. WinNT/Mediyes.A
    Plagegeister aller Art und deren Bekämpfung - 15.04.2010 (4)

Zum Thema Windows 8.1 TR/Mediyes.gen - Hey ihr Lieben, ich habe leider ein kleines und hartnäckiges Problem auf dem Laptop. Habe den tolle Trojaner(?) "TR/Mediyes.gen" bei mir entdeckt, der immer wieder kommt. AntiVir sagt: Die Datei - Windows 8.1 TR/Mediyes.gen...
Archiv
Du betrachtest: Windows 8.1 TR/Mediyes.gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.