Datei namens "Enhance views hack tool.vbs" verhindert, dass USB Stick zip- Dateien anzeigt.

trondheim · 10.02.2014, 19:35

Hallo zusammen,

ich habe ein Problem, das so ähnlich hier schon beschrieben wurde. Ich habe eine Datei auf meinem Rechner ausfindig gemacht, die scheints verhindert, dass USB-Sticks bzw. deren Inhalt richtig dargestellt werden. Die Datei "enhance views hack.vbs" taucht auf den USB- Sticks auf und auf zwei von meinen Rechnern.
Versuche, die Datei zu löschen, scheitern, sie ist sofort wieder da...
Nachforschungen (Google) ergeben zu dem Dateinamen sehr wenig...
Bei Virustotal kommen ungefähr 50% an Hinweise, manche Häkchen bleiben aber grün.
Eingefangen wurde der Zeugs mit einem infizierten Stick, da bin ich ziemlich sicher, nun hätte ich ihn gerne wieder los...

Die logfiles erstelle ich morgen, da ich heute schon seit 12 Uhr an den Rechnern scanne...

lg

trondheim

schrauber · 10.02.2014, 20:37

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

trondheim · 12.02.2014, 06:54

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014 01
Ran by xxxx (administrator) on OFFICEPC on 12-02-2014 06:50:48
Running from C:\Users\User\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(HP) C:\Windows\system32\HPSIsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Bdagent] - C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1737920 2014-01-15] (Bitdefender)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [222504 2010-12-23] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] - C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-08-02] (CyberLink Corp.)
HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-11-23] (cyberlink)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640 2013-12-20] (APN)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Agent] - C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-02-11] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse] - C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1001536 2014-02-11] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] - C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-02-11] (Bitdefender)
HKU\S-1-5-21-1152521600-1820386124-4228260927-1000\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-1152521600-1820386124-4228260927-1000\...\Run: [ISUSPM Startup] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKU\S-1-5-21-1152521600-1820386124-4228260927-1000\...\Run: [SkyDrive] - C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-24] (Microsoft Corporation)
HKU\S-1-5-21-1152521600-1820386124-4228260927-1000\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1152521600-1820386124-4228260927-1000\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1152521600-1820386124-4228260927-1000\...\Run: [Bitdefender-Geldbörse-Agent] - C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-02-11] (Bitdefender)
HKU\S-1-5-21-1152521600-1820386124-4228260927-1000\...\Run: [Bitdefender-Geldbörse] - C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1001536 2014-02-11] (Bitdefender)
HKU\S-1-5-21-1152521600-1820386124-4228260927-1000\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] - C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-02-11] (Bitdefender)
HKU\S-1-5-21-1152521600-1820386124-4228260927-1000\...\Run: [Enhance views Hack Tool] - C:\Users\User\AppData\Local\Temp\Enhance views Hack Tool.vbs [1161270 2013-10-29] () <===== ATTENTION
HKU\S-1-5-21-1152521600-1820386124-4228260927-1000\...\MountPoints2: {cce6664e-a814-11e2-9d56-806e6f6e6963} - F:\SISetup.exe
AppInit_DLLs: acaptuser64.dll => C:\Windows\system32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enhance views Hack Tool.vbs ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x28F3F7902397CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iz036nbo.default
FF DefaultSearchEngine: AVG Secure Search
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iz036nbo.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-09-10]
FF Extension: Firebug - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iz036nbo.default\Extensions\firebug@software.joehewitt.com.xpi [2013-04-18]
FF Extension: FlashGot - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iz036nbo.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-04-18]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-02-11]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-02-11]

==================== Services (Whitelisted) =================

S4 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2013-08-23] (AOMEI Tech Co., Ltd.)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2013-11-21] (Bitdefender)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-11-23] (CyberLink)
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2013-10-07] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1507248 2014-01-23] (Bitdefender)

==================== Drivers (Whitelisted) ====================

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2013-05-07] ()
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2013-05-07] ()
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2013-02-06] ()
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2013-12-02] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2013-12-02] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-02-22] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
R3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-08-07] (BitDefender S.R.L.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-12 06:49 - 2014-02-12 06:50 - 02151424 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-02-11 15:59 - 2014-02-11 15:59 - 00006631 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-11 15:59 - 2014-02-11 15:59 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-11 15:53 - 2014-02-11 15:53 - 00001257 _____ () C:\Users\User\Desktop\Blu-ray Disc Suite.lnk
2014-02-11 09:17 - 2014-02-11 15:52 - 00000000 ____D () C:\Windows\pss
2014-02-11 08:59 - 2014-02-11 08:59 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2014-02-11 08:31 - 2014-02-11 08:31 - 00000000 ____D () C:\Users\User\AppData\Local\richy
2014-02-11 08:28 - 2014-02-11 08:28 - 00000385 _____ () C:\Users\User\AppData\Roaminguser_gensett.xml
2014-02-11 08:27 - 2014-02-11 09:07 - 01594028 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-11 08:08 - 2014-02-11 08:59 - 00074512 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll
2014-02-11 08:08 - 2014-02-11 08:08 - 00581481 _____ () C:\ProgramData\1392102185.bdinstall.bin
2014-02-11 08:08 - 2014-02-11 08:08 - 00002190 _____ () C:\Users\Public\Desktop\Bitdefender Safepay.lnk
2014-02-11 08:08 - 2014-02-11 08:08 - 00002071 _____ () C:\Users\Public\Desktop\Bitdefender Total Security.lnk
2014-02-11 08:08 - 2014-02-11 08:08 - 00000684 ____H () C:\bdr-cf01
2014-02-11 08:08 - 2014-02-11 08:08 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2014-02-11 08:08 - 2014-02-11 08:08 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-02-11 08:08 - 2014-02-11 08:08 - 00000000 ____D () C:\ProgramData\BDLogging
2014-02-11 08:08 - 2013-12-02 11:58 - 00635392 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2014-02-11 08:08 - 2013-12-02 11:56 - 00893440 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2014-02-11 08:08 - 2013-11-04 15:47 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2014-02-11 08:08 - 2013-02-22 18:46 - 00093600 _____ (BitDefender LLC) C:\Windows\system32\Drivers\BdfNdisf6.sys
2014-02-11 08:08 - 2012-11-02 13:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-02-11 08:08 - 2012-04-17 13:34 - 00076944 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2014-02-11 08:08 - 2007-04-11 10:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2014-02-11 08:04 - 2014-02-11 08:08 - 00253404 ____H () C:\bdr-ld01
2014-02-11 08:04 - 2014-02-11 08:08 - 00009216 ____H () C:\bdr-ld01.mbr
2014-02-11 08:04 - 2014-02-11 08:08 - 00000000 ____D () C:\Users\User\AppData\Roaming\Bitdefender
2014-02-11 08:04 - 2013-09-24 15:38 - 46879860 ____H () C:\bdr-im01.gz
2014-02-11 08:04 - 2013-08-13 12:38 - 03271472 ____H () C:\bdr-bz01
2014-02-11 08:03 - 2014-02-11 09:00 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-02-11 08:03 - 2014-02-11 08:04 - 00000000 ____D () C:\Program Files\Bitdefender
2014-02-11 08:03 - 2014-02-11 08:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\QuickScan
2014-02-11 08:03 - 2013-11-04 15:47 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUISkin.dll
2014-02-11 08:03 - 2013-11-04 15:46 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUH.dll
2014-02-11 08:03 - 2013-08-23 12:48 - 00150256 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2014-02-11 08:03 - 2013-08-07 12:46 - 00389240 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-02-11 08:01 - 2014-02-11 08:03 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-02-11 08:00 - 2014-02-11 08:00 - 07171632 _____ () C:\Users\User\Downloads\bitdefender_tsecurity.exe
2014-02-10 20:05 - 2014-02-10 20:05 - 00000000 ____D () C:\Program Files (x86)\Attribute Changer
2014-02-10 20:04 - 2014-02-10 20:04 - 03307203 _____ (Romain Petges ) C:\Users\User\Downloads\ac.exe
2014-02-10 19:22 - 2014-02-10 19:22 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-10 19:21 - 2014-02-10 19:21 - 02347384 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_deu.exe
2014-02-10 19:18 - 2014-02-10 19:18 - 00000000 ___SD () C:\32788R22FWJFW
2014-02-10 19:18 - 2014-02-10 19:18 - 00000000 ____D () C:\Windows\erdnt
2014-02-10 18:56 - 2014-02-10 18:56 - 00000000 ____D () C:\Users\User\test
2014-02-10 18:47 - 2014-02-10 18:47 - 04969219 _____ (R. Aquila, F. Ostermeier ) C:\Users\User\Downloads\setupzd.exe
2014-02-10 18:47 - 2014-02-10 18:47 - 00000621 _____ () C:\Users\User\Desktop\WinZD.lnk
2014-02-10 18:47 - 2013-11-09 11:40 - 00663552 _____ () C:\Windows\SysWOW64\Tx12.dll
2014-02-10 18:47 - 2013-11-09 11:40 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2014-02-10 18:47 - 2013-11-09 11:40 - 00520192 _____ (The Imaging Source Europe GmbH) C:\Windows\SysWOW64\tx12_pdf.dll
2014-02-10 18:47 - 2013-11-09 11:40 - 00479232 _____ (The Imaging Source Europe GmbH) C:\Windows\SysWOW64\tx12_doc.dll
2014-02-10 18:47 - 2013-11-09 11:40 - 00360448 _____ (The Imaging Source Europe GmbH) C:\Windows\SysWOW64\tx12_rtf.dll
2014-02-10 18:47 - 2013-11-09 11:40 - 00352256 _____ (The Imaging Source Europe GmbH) C:\Windows\SysWOW64\Tx4ole12.ocx
2014-02-10 18:47 - 2013-11-09 11:40 - 00339968 _____ (The Imaging Source Europe GmbH) C:\Windows\SysWOW64\tx12_obj.dll
2014-02-10 18:47 - 2013-11-09 11:40 - 00303104 _____ (The Imaging Source Europe GmbH) C:\Windows\SysWOW64\tx12_xml.dll
2014-02-10 18:47 - 2013-11-09 11:40 - 00249856 _____ (The Imaging Source Europe GmbH) C:\Windows\SysWOW64\tx12_css.dll
2014-02-10 18:47 - 2013-11-09 11:40 - 00225280 _____ (The Imaging Source Europe GmbH) C:\Windows\SysWOW64\tx12_htm.dll
2014-02-10 18:47 - 2013-11-09 11:40 - 00221184 _____ (The Imaging Source Europe GmbH) C:\Windows\SysWOW64\tx12_png.flt
2014-02-10 18:47 - 2013-11-09 11:40 - 00172032 _____ (The Imaging Source Europe GmbH) C:\Windows\SysWOW64\tx12_jpg.flt
2014-02-10 18:47 - 2013-11-09 11:40 - 00126976 _____ (The Imaging Source Europe GmbH) C:\Windows\SysWOW64\tx12_tls.dll
2014-02-10 18:47 - 2013-11-09 11:40 - 00124688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSWINSCK.OCX
2014-02-10 18:47 - 2013-11-09 11:40 - 00106496 _____ (The Imaging Source Europe GmbH) C:\Windows\SysWOW64\tx12_ic.dll
2014-02-10 18:47 - 2013-11-09 11:40 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2014-02-10 18:47 - 2013-11-09 11:40 - 00061440 _____ (The Imaging Source Europe GmbH) C:\Windows\SysWOW64\tx12_tif.flt
2014-02-10 18:47 - 2013-11-09 11:40 - 00053248 _____ (The Imaging Source Europe GmbH) C:\Windows\SysWOW64\tx12_wnd.dll
2014-02-10 18:47 - 2013-11-09 11:40 - 00049152 _____ (The Imaging Source Europe GmbH) C:\Windows\SysWOW64\tx12_bmp.flt
2014-02-10 18:47 - 2013-11-09 11:40 - 00033280 _____ (The Imaging Source Europe GmbH) C:\Windows\SysWOW64\tx12_wmf.flt
2014-02-10 18:47 - 2013-11-09 11:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WINSKDE.DLL
2014-02-10 18:47 - 2013-11-09 11:40 - 00000530 _____ () C:\Windows\SysWOW64\tx12_ic.ini
2014-02-10 18:20 - 2014-02-10 18:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\LavasoftStatistics
2014-02-10 18:11 - 2014-02-10 18:11 - 01725064 _____ () C:\Users\User\Downloads\Adaware_Installer_11.1.exe
2014-02-10 18:11 - 2014-02-10 18:11 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-10 18:02 - 2014-02-10 18:02 - 24859352 _____ (Microsoft Corporation) C:\Users\User\Downloads\Windows-KB890830-x64-V5.8.exe
2014-02-10 17:53 - 2014-02-10 19:18 - 00000000 ___SD () C:\ComboFix
2014-02-10 17:52 - 2014-02-10 17:52 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-02-10 16:50 - 2014-02-10 19:07 - 00024114 _____ () C:\Users\User\Downloads\Addition.txt
2014-02-10 16:49 - 2014-02-12 06:50 - 00016629 _____ () C:\Users\User\Downloads\FRST.txt
2014-02-10 16:49 - 2014-02-12 06:50 - 00000000 ____D () C:\FRST
2014-02-10 16:14 - 2014-02-10 16:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Malwarebytes
2014-02-10 15:35 - 2014-02-10 15:37 - 276840448 _____ () C:\Users\User\Downloads\drweb-livecd-602.iso
2014-02-10 15:19 - 2014-02-10 15:19 - 00000000 ____D () C:\Windows\ERUNT
2014-02-10 15:07 - 2014-02-10 17:55 - 00000000 ____D () C:\AdwCleaner
2014-02-10 14:55 - 2014-02-10 15:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-10 14:55 - 2014-02-10 14:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-10 13:55 - 2014-02-10 13:55 - 00000000 ____D () C:\Users\User\AppData\Local\Apps\2.0
2014-02-06 06:53 - 2014-02-06 06:53 - 00000859 _____ () C:\Users\User\Desktop\Sach- und Textaufgaben Mathematik.lnk
2014-02-04 07:17 - 2014-02-04 07:17 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-04 07:17 - 2014-02-04 07:17 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-04 07:17 - 2014-02-04 07:17 - 00000000 ____D () C:\Program Files\iTunes
2014-02-04 07:17 - 2014-02-04 07:17 - 00000000 ____D () C:\Program Files\iPod
2014-02-04 07:17 - 2014-02-04 07:17 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-31 10:53 - 2014-01-31 10:53 - 00031744 _____ () C:\Users\User\Desktop\Meldeliste_Grundschulwettbewerb.xls
2014-01-22 08:18 - 2014-01-22 08:18 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-15 07:06 - 2014-01-15 07:20 - 00000000 ____D () C:\Program Files (x86)\Meldeprogramm
2014-01-15 07:06 - 2014-01-15 07:06 - 02389536 _____ (Jan Limbeck ) C:\Users\User\Downloads\Meldeprogramm-2014.exe
2014-01-15 07:06 - 2014-01-15 07:06 - 00000997 _____ () C:\Users\Administrator.OfficePC.000\Desktop\Meldeprogramm.lnk
2014-01-15 07:06 - 2013-11-09 11:40 - 00152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.OCX
2014-01-15 07:06 - 2001-08-18 14:00 - 01355776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvbvm50.dll
2014-01-15 07:06 - 2000-12-13 16:47 - 00123664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSJInt35.DLL
2014-01-15 07:06 - 2000-12-13 16:47 - 00024848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSJtEr35.DLL
2014-01-15 07:06 - 2000-06-08 18:00 - 01064960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSJet35.dll
2014-01-15 07:06 - 2000-06-08 18:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRepl35.dll
2014-01-15 07:06 - 1998-08-10 12:56 - 00089129 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB5DB.dll
2014-01-15 07:06 - 1998-05-31 00:00 - 00072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ODBCTL32.dll
2014-01-15 07:06 - 1998-04-24 01:00 - 00252176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSRD2x35.dll
2014-01-15 07:06 - 1997-07-22 11:21 - 00099866 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vb5de.dll
2014-01-15 07:06 - 1997-07-19 17:00 - 00134416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmapi32.ocx
2014-01-15 07:06 - 1997-02-25 23:00 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMpiDE.dll
2014-01-15 07:02 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 07:02 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 07:02 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 07:02 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 07:02 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 07:02 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 07:02 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 07:02 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 07:02 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

2014-02-12 06:50 - 2014-02-12 06:49 - 02151424 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-02-12 06:50 - 2014-02-10 16:49 - 00016629 _____ () C:\Users\User\Downloads\FRST.txt
2014-02-12 06:50 - 2014-02-10 16:49 - 00000000 ____D () C:\FRST
2014-02-12 06:10 - 2013-02-13 15:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-11 17:08 - 2013-04-19 10:58 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2014-02-11 16:10 - 2011-04-12 08:43 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-02-11 16:10 - 2011-04-12 08:43 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-02-11 16:10 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-11 16:00 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-11 16:00 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-11 15:59 - 2014-02-11 15:59 - 00006631 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-11 15:59 - 2014-02-11 15:59 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-11 15:59 - 2013-04-11 20:32 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-11 15:53 - 2014-02-11 15:53 - 00001257 _____ () C:\Users\User\Desktop\Blu-ray Disc Suite.lnk
2014-02-11 15:53 - 2013-08-24 11:00 - 00000000 ___RD () C:\Users\User\SkyDrive
2014-02-11 15:53 - 2013-04-19 11:00 - 00000000 ___RD () C:\Users\User\Dropbox
2014-02-11 15:53 - 2012-09-20 14:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2014-02-11 15:53 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-11 15:52 - 2014-02-11 09:17 - 00000000 ____D () C:\Windows\pss
2014-02-11 15:52 - 2013-09-13 14:49 - 00012886 _____ () C:\Windows\setupact.log
2014-02-11 15:52 - 2012-09-20 09:12 - 01728709 _____ () C:\Windows\WindowsUpdate.log
2014-02-11 15:43 - 2013-05-15 10:12 - 00000000 ____D () C:\Program Files (x86)\TurboPlaner
2014-02-11 15:40 - 2010-11-21 04:47 - 00369338 _____ () C:\Windows\PFRO.log
2014-02-11 09:17 - 2012-09-20 09:12 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-11 09:07 - 2014-02-11 08:27 - 01594028 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-11 09:00 - 2014-02-11 08:03 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-02-11 08:59 - 2014-02-11 08:59 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2014-02-11 08:59 - 2014-02-11 08:08 - 00074512 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll
2014-02-11 08:31 - 2014-02-11 08:31 - 00000000 ____D () C:\Users\User\AppData\Local\richy
2014-02-11 08:28 - 2014-02-11 08:28 - 00000385 _____ () C:\Users\User\AppData\Roaminguser_gensett.xml
2014-02-11 08:08 - 2014-02-11 08:08 - 00581481 _____ () C:\ProgramData\1392102185.bdinstall.bin
2014-02-11 08:08 - 2014-02-11 08:08 - 00002190 _____ () C:\Users\Public\Desktop\Bitdefender Safepay.lnk
2014-02-11 08:08 - 2014-02-11 08:08 - 00002071 _____ () C:\Users\Public\Desktop\Bitdefender Total Security.lnk
2014-02-11 08:08 - 2014-02-11 08:08 - 00000684 ____H () C:\bdr-cf01
2014-02-11 08:08 - 2014-02-11 08:08 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2014-02-11 08:08 - 2014-02-11 08:08 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-02-11 08:08 - 2014-02-11 08:08 - 00000000 ____D () C:\ProgramData\BDLogging
2014-02-11 08:08 - 2014-02-11 08:04 - 00253404 ____H () C:\bdr-ld01
2014-02-11 08:08 - 2014-02-11 08:04 - 00009216 ____H () C:\bdr-ld01.mbr
2014-02-11 08:08 - 2014-02-11 08:04 - 00000000 ____D () C:\Users\User\AppData\Roaming\Bitdefender
2014-02-11 08:04 - 2014-02-11 08:03 - 00000000 ____D () C:\Program Files\Bitdefender
2014-02-11 08:03 - 2014-02-11 08:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\QuickScan
2014-02-11 08:03 - 2014-02-11 08:01 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-02-11 08:01 - 2013-08-21 09:52 - 00000000 ____D () C:\ProgramData\Avira
2014-02-11 08:00 - 2014-02-11 08:00 - 07171632 _____ () C:\Users\User\Downloads\bitdefender_tsecurity.exe
2014-02-10 20:05 - 2014-02-10 20:05 - 00000000 ____D () C:\Program Files (x86)\Attribute Changer
2014-02-10 20:04 - 2014-02-10 20:04 - 03307203 _____ (Romain Petges ) C:\Users\User\Downloads\ac.exe
2014-02-10 19:22 - 2014-02-10 19:22 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-10 19:21 - 2014-02-10 19:21 - 02347384 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_deu.exe
2014-02-10 19:18 - 2014-02-10 19:18 - 00000000 ___SD () C:\32788R22FWJFW
2014-02-10 19:18 - 2014-02-10 19:18 - 00000000 ____D () C:\Windows\erdnt
2014-02-10 19:18 - 2014-02-10 17:53 - 00000000 ___SD () C:\ComboFix
2014-02-10 19:07 - 2014-02-10 16:50 - 00024114 _____ () C:\Users\User\Downloads\Addition.txt
2014-02-10 18:56 - 2014-02-10 18:56 - 00000000 ____D () C:\Users\User\test
2014-02-10 18:47 - 2014-02-10 18:47 - 04969219 _____ (R. Aquila, F. Ostermeier ) C:\Users\User\Downloads\setupzd.exe
2014-02-10 18:47 - 2014-02-10 18:47 - 00000621 _____ () C:\Users\User\Desktop\WinZD.lnk
2014-02-10 18:20 - 2014-02-10 18:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\LavasoftStatistics
2014-02-10 18:11 - 2014-02-10 18:11 - 01725064 _____ () C:\Users\User\Downloads\Adaware_Installer_11.1.exe
2014-02-10 18:11 - 2014-02-10 18:11 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-10 18:02 - 2014-02-10 18:02 - 24859352 _____ (Microsoft Corporation) C:\Users\User\Downloads\Windows-KB890830-x64-V5.8.exe
2014-02-10 17:55 - 2014-02-10 15:07 - 00000000 ____D () C:\AdwCleaner
2014-02-10 17:55 - 2013-08-21 09:52 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-02-10 17:55 - 2013-08-01 08:23 - 00000000 ____D () C:\Users\Administrator.OfficePC.000
2014-02-10 17:55 - 2013-04-18 12:14 - 00000000 ____D () C:\winsv
2014-02-10 17:55 - 2013-02-13 14:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-10 17:55 - 2012-09-20 12:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-10 17:55 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-02-10 17:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-02-10 17:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-02-10 17:52 - 2014-02-10 17:52 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-02-10 16:14 - 2014-02-10 16:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Malwarebytes
2014-02-10 15:37 - 2014-02-10 15:35 - 276840448 _____ () C:\Users\User\Downloads\drweb-livecd-602.iso
2014-02-10 15:19 - 2014-02-10 15:19 - 00000000 ____D () C:\Windows\ERUNT
2014-02-10 15:06 - 2014-02-10 14:55 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-10 14:55 - 2014-02-10 14:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-10 13:55 - 2014-02-10 13:55 - 00000000 ____D () C:\Users\User\AppData\Local\Apps\2.0
2014-02-07 07:20 - 2013-09-15 15:07 - 00000000 ____D () C:\Users\User\Desktop\Schuljahr2013_14
2014-02-06 06:53 - 2014-02-06 06:53 - 00000859 _____ () C:\Users\User\Desktop\Sach- und Textaufgaben Mathematik.lnk
2014-02-06 06:53 - 2012-09-20 12:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-04 07:17 - 2014-02-04 07:17 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-04 07:17 - 2014-02-04 07:17 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-04 07:17 - 2014-02-04 07:17 - 00000000 ____D () C:\Program Files\iTunes
2014-02-04 07:17 - 2014-02-04 07:17 - 00000000 ____D () C:\Program Files\iPod
2014-02-04 07:17 - 2014-02-04 07:17 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-04 07:16 - 2013-07-11 05:51 - 00000000 ____D () C:\ProgramData\Apple
2014-01-31 10:53 - 2014-01-31 10:53 - 00031744 _____ () C:\Users\User\Desktop\Meldeliste_Grundschulwettbewerb.xls
2014-01-23 07:00 - 2012-09-20 09:12 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2014-01-22 08:18 - 2014-01-22 08:18 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-21 17:23 - 2013-04-19 11:00 - 00000976 _____ () C:\Users\User\Desktop\Dropbox.lnk
2014-01-21 17:23 - 2013-04-19 10:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-15 07:23 - 2009-07-14 05:45 - 02433448 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 07:21 - 2013-08-26 07:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 07:21 - 2012-09-20 15:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-15 07:20 - 2014-01-15 07:06 - 00000000 ____D () C:\Program Files (x86)\Meldeprogramm
2014-01-15 07:06 - 2014-01-15 07:06 - 02389536 _____ (Jan Limbeck ) C:\Users\User\Downloads\Meldeprogramm-2014.exe
2014-01-15 07:06 - 2014-01-15 07:06 - 00000997 _____ () C:\Users\Administrator.OfficePC.000\Desktop\Meldeprogramm.lnk
2014-01-14 06:54 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

Files to move or delete:
====================
C:\Users\User\AppData\Local\Temp\Enhance views Hack Tool.vbs


Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\MoviesToolbarSetup_Somoto.exe
C:\Users\User\AppData\Local\Temp\PicasaCD.exe
C:\Users\User\AppData\Local\Temp\siinst.exe
C:\Users\User\AppData\Local\Temp\strings.dll
C:\Users\User\AppData\Local\Temp\UpdateCheckerSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-10 17:39

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-02-2014 01
Ran by xxxxx at 2014-02-12 06:53:53
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

53721 Siegburg
ACDSee Foto-Manager 12 (x32 Version: 12.0.344 - ACD Systems International Inc.)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (x32 Version: 9.0.0 - Adobe Systems) Hidden
Adobe Acrobat 9 Pro Extended 64-bit Add-On (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.169 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (x32 Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
AOMEI Backupper (x32 Version:  - AOMEI Technology Co., Ltd.)
Apple Application Support (x32 Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Attribute Changer 7.10e (x32 Version: 7.10e - Romain Petges)
Avira SearchFree Toolbar (x32 Version: 12.10.0.2948 - APN, LLC)
Bitdefender Total Security (Version: 17.25.0.1074 - Bitdefender)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Brother P-touch Address Book 1.1 (x32 Version: 1.1.100 - Brother Industries, Ltd.)
Brother P-touch Address Book 1.1 (x32 Version: 1.1.100 - Brother Industries, Ltd.) Hidden
Brother P-touch Editor 5.0 (x32 Version: 5.0.110 - Brother Industries, Ltd.)
Brother P-touch Editor 5.0 (x32 Version: 5.0.110 - Brother Industries, Ltd.) Hidden
CorelDRAW Graphics Suite X3 (x32 Version:  - Corel Corporation)
CorelDRAW Graphics Suite X3 (x32 Version: 13.2 - Corel Corporation) Hidden
CyberLink Blu-ray Disc Suite (x32 Version: 6.0.4703 - CyberLink Corp.)
CyberLink Blu-ray Disc Suite (x32 Version: 6.0.4703 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (x32 Version: 9.0.4322.52 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.4322.52 - CyberLink Corp.) Hidden
CyberLink PowerProducer (x32 Version: 5.0.2.2512 - CyberLink Corp.)
CyberLink PowerProducer (x32 Version: 5.0.2.2512 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DE (x32 Version: 13.0 - Corel Corporation) Hidden
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Germany)
Google Earth (x32 Version: 6.1.0.5001 - Google)
Google+ Auto Backup (x32 Version: 1.0.21.81 - Google)
High-Definition Video Playback (x32 Version: 7.1.12500.33.0 - Nero AG) Hidden
HP LaserJet Professional P1100-P1560-P1600 Series (Version:  - )
iCloud (Version: 3.1.0.40 - Apple Inc.)
Intel(R) OpenCL CPU Runtime (x32 Version:  - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2932 - Intel Corporation)
iTunes (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 17 (64-bit) (Version: 7.0.170 - Oracle)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Johannesstraße 41
klickIdent 26 (x32 Version: 26.00 - )
klickTel Telefon- und Branchenbuch Frühjahr 2011 (x32 Version: 1.00.0000 - telegate MEDIA AG)
Meldeprogramm (x32 Version:  - Jan Limbeck)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0 (x86 de) (x32 Version: 27.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 27.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (x32 Version: 24.3.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 Menu TemplatePack Basic (x32 Version: 10.2.10000.0.0 - Nero AG) Hidden
Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10000.0.0 - Nero AG) Hidden
Nero Burning ROM 10 (x32 Version: 10.2.10500.7.100 - Nero AG)
Nero BurningROM 10 Help (CHM) (x32 Version: 10.2.10600 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.2.0.0.0 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.17200.8.0 - Nero AG) Hidden
Nero Dolby Files 10 (x32 Version: 2.0.12001.0.10 - Nero AG) Hidden
Nero Multimedia Suite 10 Platinum HD (x32 Version: 10.5.10000 - Nero AG)
Nero Recode 10 (x32 Version: 4.8.10400.3.100 - Nero AG)
Nero Recode 10 Help (CHM) (x32 Version: 10.2.10500 - Nero AG) Hidden
Nero SoundTrax 10 (x32 Version: 4.8.10200.1.100 - Nero AG)
Nero SoundTrax 10 Help (CHM) (x32 Version: 10.2.10600 - Nero AG) Hidden
Nero Vision 10 (x32 Version: 7.2.14000.4.100 - Nero AG)
Nero Vision 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden
Nero WaveEditor 10 (x32 Version: 5.8.10200.1.100 - Nero AG)
Nero WaveEditor 10 Help (CHM) (x32 Version: 10.2.10600 - Nero AG) Hidden
Octava SD4 (x32 Version: 5.01 - Obtiv)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Picasa 3 (x32 Version: 3.9 - Google, Inc.)
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Schülerdatei (x32 Version:  - )
Scribus 1.4.3 (64bit) (Version: 1.4.3 - The Scribus Team)
streamWriter (x32 Version:  - )
TeamViewer 8 (x32 Version: 8.0.20935 - TeamViewer)
Turbo-Planer (x32 Version:  - Haneke Software
UBitMenuDE (x32 Version: 01.04 - UBit Schweiz AG)
UltraMixer 2.4.6 (x32 Version: 2.4.6 - UltraMixer Digital Audio Solutions)
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32 Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
Update Manager (x32 Version: 4.60 - Corel Corporation) Hidden
VIS version 2.0.0.0 (x32 Version: 2.0.0.0 - Eloam)
VLC media player 2.0.5 (x32 Version: 2.0.5 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WINZD 2013-08 Rev. 2 (x32 Version:  - R. Aquila, F. Ostermeier)

==================== Restore Points  =========================

10-02-2014 18:18:18 ComboFix created restore point
10-02-2014 18:19:18 AA11
11-02-2014 07:26:20 Windows Update
11-02-2014 08:07:41 Windows Update
11-02-2014 14:58:57 Installed Java 7 Update 51

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1BC7E6FF-171B-490C-A76C-A6228BF0109F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {77E1F06A-C11F-4D1A-A9D0-1714BE117BF7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-07] (Adobe Systems Incorporated)
Task: {B4111A0E-67A1-4F8F-A41A-87CC20D4AB6D} - System32\Tasks\ASUS\i-Setup111154 => C:\Windows\Intel_Chipset_V9301021_XPWin7_8\AsusSetup.exe [2010-09-08] (ASUSTeK Computer Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-02-11 08:08 - 2013-06-19 11:45 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2012-03-26 16:33 - 2012-03-26 16:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-10 07:28 - 2013-08-23 19:15 - 00196312 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll
2013-09-10 07:28 - 2013-08-23 19:15 - 00220888 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll
2013-09-10 07:28 - 2013-08-23 19:15 - 00171736 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll
2013-09-10 07:28 - 2013-08-23 19:15 - 00077528 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll
2013-09-10 07:28 - 2013-08-23 19:15 - 00061144 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll
2013-09-10 07:28 - 2013-08-23 19:15 - 00257752 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll
2013-09-10 07:28 - 2013-08-23 19:15 - 00368344 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll
2013-09-10 07:28 - 2013-08-23 19:15 - 00057048 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll
2013-09-10 07:28 - 2013-08-23 19:15 - 00167640 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll
2013-09-10 07:28 - 2013-08-23 19:15 - 00245464 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll
2013-09-10 07:28 - 2013-08-23 19:15 - 00028376 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll
2013-09-10 07:28 - 2013-08-23 19:15 - 00073432 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll
2013-09-10 07:28 - 2013-08-23 19:15 - 00093912 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll
2013-09-10 07:28 - 2013-08-23 19:15 - 00043736 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-02-11 08:08 - 2013-06-19 11:44 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\antispam32\txmlutil.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libcef.dll
2012-09-20 12:46 - 2014-02-06 06:53 - 03019376 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2012-09-20 12:46 - 2014-02-06 06:53 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2012-09-20 12:46 - 2014-02-06 06:53 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2012-09-20 12:46 - 2014-02-06 11:38 - 03583600 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\User\Downloads\FRST64.exe:BDU

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: APNMCP => 2
MSCONFIG\startupreg: Enhance views Hack Tool => wscript.exe //B "C:\Users\User\AppData\Local\Temp\Enhance views Hack Tool.vbs"
MSCONFIG\startupreg: Haneke Software - AutoUpdate (C: => 

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/12/2014 02:57:48 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "NScCoreComponents,type="win32",version="5.3.2.0"1". Fehler in Manifest- oder Richtliniendatei "NScCoreComponents,type="win32",version="5.3.2.0"2" in Zeile  NScCoreComponents,type="win32",version="5.3.2.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: NScCoreComponents,type="win32",version="5.3.2.0".
Definition: NScCoreComponents,type="win32",version="5.3.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (02/12/2014 02:57:48 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "NFD,type="win32",version="5.2.0.0"1". Fehler in Manifest- oder Richtliniendatei "NFD,type="win32",version="5.2.0.0"2" in Zeile  NFD,type="win32",version="5.2.0.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: NFD,type="win32",version="5.2.0.0".
Definition: NFD,type="win32",version="5.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (02/11/2014 03:56:26 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/11/2014 03:43:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: autoupdate.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0xba8
Startzeit der fehlerhaften Anwendung: 0xautoupdate.exe0
Pfad der fehlerhaften Anwendung: autoupdate.exe1
Pfad des fehlerhaften Moduls: autoupdate.exe2
Berichtskennung: autoupdate.exe3

Error: (02/11/2014 09:14:00 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: autoupdate.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0x3dc
Startzeit der fehlerhaften Anwendung: 0xautoupdate.exe0
Pfad der fehlerhaften Anwendung: autoupdate.exe1
Pfad des fehlerhaften Moduls: autoupdate.exe2
Berichtskennung: autoupdate.exe3

Error: (02/11/2014 08:28:37 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: autoupdate.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0xe14
Startzeit der fehlerhaften Anwendung: 0xautoupdate.exe0
Pfad der fehlerhaften Anwendung: autoupdate.exe1
Pfad des fehlerhaften Moduls: autoupdate.exe2
Berichtskennung: autoupdate.exe3

Error: (02/11/2014 00:30:13 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "NScCoreComponents,type="win32",version="5.3.2.0"1". Fehler in Manifest- oder Richtliniendatei "NScCoreComponents,type="win32",version="5.3.2.0"2" in Zeile  NScCoreComponents,type="win32",version="5.3.2.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: NScCoreComponents,type="win32",version="5.3.2.0".
Definition: NScCoreComponents,type="win32",version="5.3.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (02/11/2014 00:30:13 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "NFD,type="win32",version="5.2.0.0"1". Fehler in Manifest- oder Richtliniendatei "NFD,type="win32",version="5.2.0.0"2" in Zeile  NFD,type="win32",version="5.2.0.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: NFD,type="win32",version="5.2.0.0".
Definition: NFD,type="win32",version="5.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (02/10/2014 07:22:03 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/10/2014 07:21:57 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (02/11/2014 04:09:25 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR7 gefunden.

Error: (02/11/2014 04:09:24 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR7 gefunden.

Error: (02/11/2014 04:09:23 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR7 gefunden.

Error: (02/11/2014 04:09:23 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR7 gefunden.

Error: (02/11/2014 03:54:02 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (02/11/2014 03:41:11 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (02/11/2014 09:11:45 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (02/11/2014 08:29:33 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (02/11/2014 08:16:32 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (02/11/2014 08:03:44 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-02-10 16:58:15.297
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-02-10 16:58:15.266
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 23%
Total physical RAM: 7883.01 MB
Available physical RAM: 6021.93 MB
Total Pagefile: 15764.2 MB
Available Pagefile: 13268.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:46.5 GB) NTFS
Drive d: (Daten) (Fixed) (Total:1863.01 GB) (Free:1642 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 9716A6F8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 292FC70E)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 13.02.2014, 05:49

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

trondheim · 13.02.2014, 07:00

Hallo,

erstmals schon danke für die bereits geleistete Hilfe. Ich bin dem Problem auf folgende Weise auf dem Leib gerückt:
Hab im Task- Manager den Prozess wscript.exe gekillt sowie den enhanced views hack tool.
Danach die registry nach den entsprechenden Einträgen durchsucht und ebenfalls gelöscht.
Mit Bitdefender das ganze etliche Male durchleuchtet, und siehe da, der Mist ist weg.
Keine enhanced views hack tool.vbs Datei mehr auf dem Rechner...

schrauber · 13.02.2014, 22:24

ok

13.02.2014, 22:24	#6
schrauber /// the machine /// TB-Ausbilder	Datei namens "Enhance views hack tool.vbs" verhindert, dass USB Stick zip- Dateien anzeigt. ok __________________ --> Datei namens "Enhance views hack tool.vbs" verhindert, dass USB Stick zip- Dateien anzeigt.

Datei namens "Enhance views hack tool.vbs" verhindert, dass USB Stick zip- Dateien anzeigt.

Plagegeister aller Art und deren Bekämpfung: Datei namens "Enhance views hack tool.vbs" verhindert, dass USB Stick zip- Dateien anzeigt.