Unter Win 7 HomePremium mehrfacher Trojaner-Befall

deeprybka · 09.07.2014, 12:34

Hi,
Schritt 1

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:

Code:

ATTFilter

ProxyServer: http=127.0.0.1:11006
2014-06-30 18:57 - 2014-02-23 12:34 - 00000000 __SHD () C:\Users\mot\TNZOQ
2014-06-30 18:57 - 2014-02-14 12:02 - 00000000 __SHD () C:\Users\mot\KUZPF
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM126.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM43.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM45.zip
S4 8658a67c3329f82.exe; C:\Users\mot\AppData\Local\1387ba9d0235a482284e5f8a507a65b2\8658a67c3329f82.exe [X]
S4 CompilerFirmwareIndex.exe; C:\Users\mot\AppData\Local\CompilerFirmwareIndex\CompilerFirmwareIndex.exe [110629 2014-06-27] () [File not signed]
C:\Users\mot\AppData\Local\CompilerFirmwareIndex\CompilerFirmwareIndex.exe [110629 2014-06-27] () [File not signed]
2014-06-27 09:00 - 2014-07-04 17:25 - 00000000 ____D () C:\Users\mot\AppData\Local\CompilerFirmwareIndex
2014-06-27 00:15 - 2014-07-07 06:46 - 00000000 ____D () C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62

Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.

Starte FRST und drücke auf den Fix-Button.
Das Tool erstellt eine "Fixlog.txt" -Datei.
Poste mir bitte deren Inhalt.

Schritt 2

Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

mot2001 · 09.07.2014, 12:57

hier die Logs:

fixlog:

Code:

ATTFilter

ï»¿Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-07-2014 01
Ran by mot at 2014-07-09 13:39:32 Run:1
Running from D:\SpyBotLogs
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ProxyServer: http=127.0.0.1:11006
2014-06-30 18:57 - 2014-02-23 12:34 - 00000000 __SHD () C:\Users\mot\TNZOQ
2014-06-30 18:57 - 2014-02-14 12:02 - 00000000 __SHD () C:\Users\mot\KUZPF
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM126.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM43.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM45.zip
S4 8658a67c3329f82.exe; C:\Users\mot\AppData\Local\1387ba9d0235a482284e5f8a507a65b2\8658a67c3329f82.exe [X]
S4 CompilerFirmwareIndex.exe; C:\Users\mot\AppData\Local\CompilerFirmwareIndex\CompilerFirmwareIndex.exe [110629 2014-06-27] () [File not signed]
C:\Users\mot\AppData\Local\CompilerFirmwareIndex\CompilerFirmwareIndex.exe [110629 2014-06-27] () [File not signed]
2014-06-27 09:00 - 2014-07-04 17:25 - 00000000 ____D () C:\Users\mot\AppData\Local\CompilerFirmwareIndex
2014-06-27 00:15 - 2014-07-07 06:46 - 00000000 ____D () C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62

*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
C:\Users\mot\TNZOQ => Moved successfully.
C:\Users\mot\KUZPF => Moved successfully.
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM126.zip" => File/Directory not found.
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM43.zip" => File/Directory not found.
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM45.zip" => File/Directory not found.
8658a67c3329f82.exe => Service deleted successfully.
CompilerFirmwareIndex.exe => Service deleted successfully.
"C:\Users\mot\AppData\Local\CompilerFirmwareIndex\CompilerFirmwareIndex.exe [110629 2014-06-27] () [File not signed]" => File/Directory not found.
C:\Users\mot\AppData\Local\CompilerFirmwareIndex => Moved successfully.
C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62 => Moved successfully.

==== End of Fixlog ====

und FRST-log:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by mot (administrator) on MOT-MEDIONPC on 09-07-2014 13:40:28
Running from D:\SpyBotLogs
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(cFos Software GmbH) C:\Program Files\TOPOS\cfosSpeed\spd.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Sourcefire, Inc.) C:\Program Files\Immunet\3.1.13\sfc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\System Control Manager\MSIService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
() C:\Program Files (x86)\watchmi\TvdService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(O&O Software GmbH) C:\Program Files\OO Software\DiskImage\oodiag.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(cFos Software GmbH) C:\Program Files\TOPOS\cfosSpeed\cfosspeed.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(O&O Software GmbH) C:\Program Files\OO Software\DiskImage\ooditray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(ashampoo GmbH & Co. KG) C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe
(1&1 Mail & Media GmbH) C:\Program Files (x86)\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(O3SIS AG) C:\Program Files (x86)\Deutsche Telekom\DataSync Outlook\DataSync Outlook.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Users\mot\AppData\Local\Viber\Viber.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Siemens AG) C:\Program Files (x86)\Siemens\CardOS API\bin\siecacst.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Dropbox, Inc.) C:\Users\mot\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Browser Guard\BGUI.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Immunet) C:\Program Files\Immunet\3.1.13\iptray.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Browser Guard\tmiegsrv.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scan64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
(Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-05-17] (Realtek Semiconductor)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-03] (Intel(R) Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2328360 2010-09-16] (Synaptics Incorporated)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10228224 2010-11-03] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-09-16] (Adobe Systems Incorporated)
HKLM\...\Run: [cFosSpeed] => C:\Program Files\Topos\cFosSpeed\cFosSpeed.exe [1469824 2011-11-08] (cFos Software GmbH)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [OODITRAY.EXE] => C:\Program Files\OO Software\DiskImage\ooditray.exe [2509680 2012-08-13] (O&O Software GmbH)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [596320 2014-05-19] (Copyright 2013 SAMSUNG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [MGSysCtrl] => C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe [2482176 2010-11-04] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [181208 2013-04-18] (cyberlink)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [161088 2011-01-12] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [243560 2014-01-15] (McAfee, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [TrayServer] => C:\Program Files (x86)\MAGIX\Video_deluxe_17_Plus_Sonderedition_Download-Version\TrayServer.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-28] (DivX, LLC)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Trend Micro Browser Guard] => C:\Program Files (x86)\Trend Micro\Browser Guard\BGUI.EXE [787984 2011-02-25] (Trend Micro Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [Immunet Protect] => C:\Program Files\Immunet\3.1.13\iptray.exe [3232512 2014-07-04] (Immunet)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2461921014-138286631-1203969870-1000\...\Run: [AshSnap] => C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe [3400600 2012-08-03] (ashampoo GmbH & Co. KG)
HKU\S-1-5-21-2461921014-138286631-1203969870-1000\...\Run: [WEB.DE_WEB.DE SmartDrive Manager] => C:\Program Files (x86)\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE [1259624 2011-11-21] (1&1 Mail & Media GmbH)
HKU\S-1-5-21-2461921014-138286631-1203969870-1000\...\Run: [Facebook Update] => "C:\Users\mot\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-2461921014-138286631-1203969870-1000\...\Run: [Google Update] => C:\Users\mot\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-26] (Google Inc.)
HKU\S-1-5-21-2461921014-138286631-1203969870-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2461921014-138286631-1203969870-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-07-18] (Samsung Electronics)
HKU\S-1-5-21-2461921014-138286631-1203969870-1000\...\Run: [DataSync Outlook] => C:\Program Files (x86)\Deutsche Telekom\DataSync Outlook\DataSync Outlook.exe [720896 2009-12-07] (O3SIS AG)
HKU\S-1-5-21-2461921014-138286631-1203969870-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-2461921014-138286631-1203969870-1000\...\Run: [AllTubeDownloader] => "D:\Program Files\AllTubeDownloader\AllTubeDownloader.exe" --hide
HKU\S-1-5-21-2461921014-138286631-1203969870-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21446272 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2461921014-138286631-1203969870-1000\...\Run: [Viber] => C:\Users\mot\AppData\Local\Viber\Viber.exe [936456 2014-03-05] ()
HKU\S-1-5-21-2461921014-138286631-1203969870-1000\...\MountPoints2: {2a0a9287-2fc3-11e2-a4b4-8c89a5a722b2} - I:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardOS API.lnk
ShortcutTarget: CardOS API.lnk -> C:\Program Files (x86)\Siemens\CardOS API\bin\siecacst.exe (Siemens AG)
Startup: C:\Users\mot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\mot\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: 01Mediencenter_InSync -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} =>  No File
ShellIconOverlayIdentifiers: 02Mediencenter_ToSync -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} =>  No File
ShellIconOverlayIdentifiers: 03Mediencenter_Failed -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} =>  No File
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: OODIIcon -> {14A94384-BBED-47ed-86C0-6BF63FD892D0} => C:\Program Files\OO Software\DiskImage\oodishi.dll (O&O Software GmbH)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140320090525.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: TMIEGBHO Class - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files (x86)\Trend Micro\Browser Guard\X64\TMAMS64.dll (Trend Micro Inc.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140320090526.dll (McAfee, Inc.)
BHO-x32: PC-WELT Sparberater - {88985437-C8E7-4E5D-9A11-4004B33B39A6} - C:\Program Files (x86)\pcwelt\Internet Explorer\pcwelt.dll (solute gmbh)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TMIEGBHO Class - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files (x86)\Trend Micro\Browser Guard\TMAMS.dll (Trend Micro Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - TMBGBAR TOOLBAR - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files (x86)\Trend Micro\Browser Guard\X64\tmieg64.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - PROMT - {892E81F6-EC63-4d13-8422-835A7A05D6EB} - C:\Program Files (x86)\PRMT8\PRMTIE\prmtie.dll (PROMT Ltd.)
Toolbar: HKLM-x32 - TMBGBAR TOOLBAR - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files (x86)\Trend Micro\Browser Guard\tmieg.dll (Trend Micro Inc.)
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 141.20.2.3 141.20.1.3
Tcpip\..\Interfaces\{803C3861-B92D-4A9F-BA60-052D4905309A}: [NameServer]0.0.0.0
Tcpip\..\Interfaces\{FEC6036F-245D-4D22-85C8-E1E222FA020E}: [NameServer]141.20.1.3,141.20.1.31

FireFox:
========
FF ProfilePath: C:\Users\mot\AppData\Roaming\Mozilla\Firefox\Profiles\2ozkkwsx.default-1403975090430
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: samsung.com/SamsungLinkPCPlugin - C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll No File
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\mot\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\mot\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\mot\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\mot\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\mot\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\mot\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-18]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-03-29]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012-03-25]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Skype Click to Call) - C:\Users\mot\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-12-30]
CHR Extension: (Google Wallet) - C:\Users\mot\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-18]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\mot\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-03-31]
CHR Extension: (PC-WELT Sparberater) - C:\Users\mot\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiafgonehkfdjhjejefmigicndkjgnkg [2012-03-31]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [oiafgonehkfdjhjejefmigicndkjgnkg] - C:\Program Files (x86)\pcwelt\Chrome\pcwelt-1.3.673.crx [2012-02-03]

==================== Services (Whitelisted) =================

S4 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [897088 2010-11-03] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-11-03] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [983104 2010-11-03] (Intel Corporation) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 cFosSpeedS; C:\Program Files\Topos\cFosSpeed\spd.exe [421760 2011-11-08] (cFos Software GmbH)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [247768 2013-04-18] (CyberLink)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-14] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-14] (CyberLink)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 ImmunetProtect; C:\Program Files\Immunet\3.1.13\sfc.exe [546256 2014-07-04] (Sourcefire, Inc.)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [120128 2011-01-12] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [242448 2014-03-20] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [208416 2014-01-15] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185280 2014-03-20] (McAfee, Inc.)
R2 Micro Star SCM; C:\Program Files (x86)\System Control Manager\MSIService.exe [160768 2009-07-10] (Micro-Star International Co., Ltd.) [File not signed]
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-03] ()
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
S3 OKI OPHI DCS Loader; C:\Windows\system32\spool\DRIVERS\x64\3\OPHILDCS.EXE [20480 2007-05-29] (Oki Data Corporation) [File not signed]
R2 OO DiskImage; C:\Program Files\OO Software\DiskImage\oodiag.exe [4771696 2012-08-13] (O&O Software GmbH)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [604512 2014-05-19] (Copyright 2013 SAMSUNG)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 scan; C:\Program Files\Immunet\tetra\scan.dll [447744 2014-07-04] (BitDefender)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2011-10-07] () [File not signed]

==================== Drivers (Whitelisted) ====================

S3 CrystalSysInfo; C:\Program Files\MediaCoder\SysInfoX64.sys [18128 2007-09-25] ()
S3 cxbu0x64; C:\Windows\System32\DRIVERS\cxbu0x64.sys [177920 2011-09-06] (HID Global Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-11] (Disc Soft Ltd)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
R2 ImmunetNetworkMonitorDriver; C:\Windows\System32\Drivers\ImmunetNetworkMonitor.sys [100096 2014-07-04] (Sourcefire, Inc.)
R1 ImmunetProtectDriver; C:\Windows\System32\Drivers\immunetprotect.sys [58112 2014-07-04] (Windows (R) Win 7 DDK provider)
R1 ImmunetSelfProtectDriver; C:\Windows\System32\Drivers\immunetselfprotect.sys [33024 2014-07-04] (Windows (R) Win 7 DDK provider)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-20] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782968 2014-03-20] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [107032 2014-03-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344176 2014-03-20] (McAfee, Inc.)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-12] (NetFilterSDK.com)
R0 oodisr; C:\Windows\System32\DRIVERS\oodisr.sys [118000 2012-02-17] (O&O Software GmbH)
R0 oodisrh; C:\Windows\System32\DRIVERS\oodisrh.sys [40688 2012-02-17] (O&O Software GmbH)
R0 oodivd; C:\Windows\System32\DRIVERS\oodivd.sys [259312 2012-02-17] (O&O Software GmbH)
R0 oodivdh; C:\Windows\System32\DRIVERS\oodivdh.sys [44272 2012-02-17] (O&O Software GmbH)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 ShredderVolumeDriver; C:\Windows\System32\Drivers\ShredderDriver64.sys [33152 2012-10-26] (ITOS)
S3 SliceDisk5; C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [31824 2011-02-25] (Atola) [File not signed]
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-12-10] (Duplex Secure Ltd.)
S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
S3 Trufos; C:\Windows\System32\Drivers\trufos.sys [329800 2014-07-04] (BitDefender S.R.L.)
R1 uiwbrdr; C:\Windows\System32\DRIVERS\uiwbrdr.sys [199752 2011-11-21] (1&1 Mail & Media GmbH)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-08 16:11 - 2014-07-08 15:40 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-08 15:42 - 2014-07-08 16:13 - 00015635 _____ () C:\zoek-results.log
2014-07-08 15:40 - 2014-07-08 16:12 - 00000000 ____D () C:\zoek_backup
2014-07-08 15:37 - 2014-07-08 15:37 - 00000000 ____D () C:\Users\Public\Documents\Browser Guard
2014-07-08 15:36 - 2014-07-08 15:42 - 00000000 ____D () C:\Users\mot\AppData\Local\Browser Guard
2014-07-08 15:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-08 15:20 - 2014-07-08 15:33 - 00000000 ____D () C:\AdwCleaner
2014-07-06 21:43 - 2014-07-09 13:40 - 00000000 ____D () C:\FRST
2014-07-06 21:17 - 2014-07-06 21:17 - 00000000 ____D () C:\Users\mot\AppData\Roaming\Nico Mak Computing
2014-07-06 21:16 - 2014-07-08 16:01 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-07-06 21:16 - 2014-07-06 21:16 - 00001193 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-07-06 19:29 - 2014-07-06 19:29 - 00000188 _____ () C:\Users\mot\defogger_reenable
2014-07-06 07:27 - 2014-07-06 07:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-07-04 06:27 - 2014-07-04 06:27 - 00000000 ____D () C:\ProgramData\Immunet
2014-07-04 06:26 - 2014-07-09 13:41 - 00000000 ____D () C:\Program Files\Immunet
2014-07-04 06:26 - 2014-07-04 06:26 - 00329800 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-07-04 06:26 - 2014-07-04 06:26 - 00100096 _____ (Sourcefire, Inc.) C:\Windows\system32\Drivers\ImmunetNetworkMonitor.sys
2014-07-04 06:26 - 2014-07-04 06:26 - 00058112 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\immunetprotect.sys
2014-07-04 06:26 - 2014-07-04 06:26 - 00033024 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\immunetselfprotect.sys
2014-07-04 06:26 - 2014-07-04 06:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ImmunetNetworkMonitor_01009.Wdf
2014-07-04 06:26 - 2014-07-04 06:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immunet 3
2014-07-04 06:24 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-07-04 06:24 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-07-03 15:05 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-07-03 15:05 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-07-03 15:05 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-07-03 15:05 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-07-03 15:05 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-07-03 15:05 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-07-03 15:05 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-07-03 15:05 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-07-03 15:05 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-07-03 15:05 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-07-03 15:05 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-07-03 15:05 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-07-03 15:05 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-07-03 15:05 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-07-03 15:05 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-07-03 15:05 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-07-03 15:03 - 2014-07-03 15:03 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2014-07-03 15:03 - 2014-07-03 15:03 - 00000000 _SHDL () C:\Users\UpdatusUser\Vorlagen
2014-07-03 15:03 - 2014-07-03 15:03 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü
2014-07-03 15:03 - 2014-07-03 15:03 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung
2014-07-03 15:03 - 2014-07-03 15:03 - 00000000 _SHDL () C:\Users\UpdatusUser\Lokale Einstellungen
2014-07-03 15:03 - 2014-07-03 15:03 - 00000000 _SHDL () C:\Users\UpdatusUser\Eigene Dateien
2014-07-03 15:03 - 2014-07-03 15:03 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung
2014-07-03 15:03 - 2014-07-03 15:03 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik
2014-07-03 15:03 - 2014-07-03 15:03 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder
2014-07-03 15:03 - 2014-07-03 15:03 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-03 15:03 - 2014-07-03 15:03 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf
2014-07-03 15:03 - 2014-07-03 15:03 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2014-07-03 15:03 - 2014-07-03 15:03 - 00000000 _SHDL () C:\Users\UpdatusUser\Anwendungsdaten
2014-07-03 15:03 - 2014-07-03 15:03 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-07-03 15:03 - 2013-03-15 20:57 - 00000000 ____D () C:\Users\UpdatusUser\AppData\LocalGoogle
2014-07-03 15:03 - 2013-03-15 20:57 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
2014-07-03 15:03 - 2012-07-22 03:00 - 00000000 ____D () C:\Users\UpdatusUser\Documents\Visual Studio 2008
2014-07-03 15:03 - 2012-03-28 09:30 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\McAfee
2014-07-03 15:03 - 2012-03-26 09:50 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Microsoft Help
2014-07-03 15:03 - 2011-10-14 13:27 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Macromedia
2014-07-03 15:03 - 2011-07-18 23:23 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerRecover
2014-07-03 15:03 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-03 15:03 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-03 14:55 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-07-03 14:55 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-07-02 18:25 - 2014-07-02 18:25 - 00229008 _____ () C:\Users\mot\Downloads\MEDION_Treibersuche.exe
2014-07-02 14:54 - 2014-07-02 14:54 - 00004471 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-07-02 14:54 - 2014-07-02 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-02 14:54 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-02 14:54 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-02 14:54 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-02 14:54 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-02 14:27 - 2012-03-27 01:58 - 00001217 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
2014-07-02 14:26 - 2014-07-02 14:26 - 00000000 ____D () C:\Program Files\Common Files\Topaz Labs
2014-07-02 14:26 - 2014-07-02 14:26 - 00000000 ____D () C:\Program Files (x86)\Topaz Labs
2014-07-02 14:23 - 2014-07-02 14:26 - 00000000 ____D () C:\Users\mot\Desktop\TOPAZ ADJUST (PC Download)
2014-07-02 06:41 - 2014-07-02 06:41 - 00000000 ____D () C:\ProgramData\Reprise
2014-07-02 06:40 - 2014-07-02 06:40 - 00000000 ____D () C:\ProgramData\VertusTech
2014-07-02 06:40 - 2014-07-02 06:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fluid Mask 3
2014-07-02 06:40 - 2014-07-02 06:40 - 00000000 ____D () C:\Program Files (x86)\Vertus Fluid Mask 3
2014-07-01 09:25 - 2014-07-01 09:25 - 00000000 ____D () C:\Windows\System32\Tasks\Nero
2014-07-01 09:24 - 2014-07-01 09:24 - 00002913 _____ () C:\Users\Public\Desktop\Nero 2014.lnk
2014-07-01 09:22 - 2014-07-01 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2014-06-30 11:18 - 2014-06-30 15:24 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-06-29 18:11 - 2014-06-29 18:11 - 00001078 _____ () C:\Users\Public\Desktop\Astroburn Lite.lnk
2014-06-29 18:11 - 2014-06-29 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astroburn Lite
2014-06-29 18:11 - 2014-06-29 18:11 - 00000000 ____D () C:\ProgramData\Astroburn Lite
2014-06-29 18:11 - 2014-06-29 18:11 - 00000000 ____D () C:\Program Files (x86)\Astroburn Lite
2014-06-28 19:04 - 2014-06-28 19:04 - 00000000 ____D () C:\Users\mot\Desktop\Alte Firefox-Daten
2014-06-28 15:44 - 2014-07-09 07:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-28 15:43 - 2014-06-28 15:43 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-28 15:43 - 2014-06-28 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-28 15:43 - 2014-06-28 15:43 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-28 15:43 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-28 15:43 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-22 16:12 - 2014-06-22 16:12 - 00001993 _____ () C:\Users\Public\Desktop\SILKYPIX Developer Studio Pro 6 Deutsch.lnk
2014-06-22 16:12 - 2014-06-22 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SILKYPIX Developer Studio Pro 6 Deutsch
2014-06-18 10:30 - 2014-06-18 10:30 - 00000875 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-06-18 10:30 - 2014-06-18 10:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-06-18 10:16 - 2014-06-18 10:16 - 00000000 ____D () C:\Users\mot\AppData\Local\Apps\2.0
2014-06-18 07:17 - 2014-06-18 07:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-16 09:29 - 2014-06-16 09:29 - 00001104 _____ () C:\Users\Public\Desktop\Trend Micro Browser Guard v3.0 Beta.lnk
2014-06-16 09:29 - 2014-06-16 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Browser Guard
2014-06-12 21:05 - 2014-06-12 21:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-06-12 13:06 - 2014-06-12 13:06 - 00001181 _____ () C:\Users\Public\Desktop\YouTube Song Downloader.lnk
2014-06-12 13:06 - 2014-06-12 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Song Downloader
2014-06-12 12:09 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 12:09 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 12:09 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 12:09 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 12:09 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 12:09 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 12:09 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 12:09 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 12:09 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 12:09 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 12:09 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 12:09 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 12:09 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 12:09 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 12:09 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 12:09 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 12:09 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 12:09 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 12:09 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 12:09 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 12:09 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 12:09 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 12:09 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 12:09 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 12:09 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 12:09 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 12:09 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 12:09 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 12:09 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 12:09 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 12:09 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 12:09 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 12:09 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 12:09 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 12:09 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 12:09 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 12:09 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 12:09 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 12:09 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 12:09 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 12:09 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 12:09 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 12:09 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 12:09 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 12:09 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 12:09 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 12:09 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 12:09 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 12:09 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 12:09 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 12:09 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 12:09 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-12 12:09 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 12:09 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-12 12:09 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 12:09 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 12:09 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 12:09 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 12:09 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 12:09 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 12:09 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 12:09 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 12:09 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 12:09 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 12:09 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 12:09 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

==================== One Month Modified Files and Folders =======

2014-07-09 13:41 - 2014-07-04 06:26 - 00000000 ____D () C:\Program Files\Immunet
2014-07-09 13:40 - 2014-07-06 21:43 - 00000000 ____D () C:\FRST
2014-07-09 13:39 - 2012-04-03 18:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-09 13:39 - 2012-03-25 21:27 - 00000000 ____D () C:\Users\mot
2014-07-09 13:30 - 2012-11-06 13:13 - 00000000 ____D () C:\Users\mot\AppData\Roaming\Skype
2014-07-09 13:29 - 2013-12-02 15:55 - 00000334 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-07-09 13:22 - 2012-04-01 11:53 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2461921014-138286631-1203969870-1000UA.job
2014-07-09 13:06 - 2012-03-25 21:25 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-09 12:22 - 2012-04-01 11:53 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2461921014-138286631-1203969870-1000Core.job
2014-07-09 11:39 - 2012-04-03 18:13 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 11:39 - 2012-04-03 18:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 11:39 - 2011-10-14 14:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 11:32 - 2012-03-31 12:40 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2461921014-138286631-1203969870-1000UA.job
2014-07-09 11:32 - 2012-03-31 12:40 - 00000898 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2461921014-138286631-1203969870-1000Core.job
2014-07-09 10:37 - 2012-03-25 21:27 - 01175348 _____ () C:\Windows\WindowsUpdate.log
2014-07-09 08:53 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-09 08:53 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-09 08:51 - 2011-05-16 16:04 - 00703230 _____ () C:\Windows\system32\perfh007.dat
2014-07-09 08:51 - 2011-05-16 16:04 - 00150838 _____ () C:\Windows\system32\perfc007.dat
2014-07-09 08:51 - 2009-07-14 07:13 - 01629508 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-09 08:48 - 2012-03-25 21:28 - 00000000 ____D () C:\Users\mot\Documents\Youcam
2014-07-09 08:47 - 2014-05-15 18:42 - 00000000 ____D () C:\Users\mot\AppData\Roaming\DropboxMaster
2014-07-09 08:47 - 2012-04-05 14:19 - 00000000 ____D () C:\Users\mot\AppData\Roaming\Dropbox
2014-07-09 08:46 - 2014-03-27 12:47 - 00000000 ____D () C:\Users\mot\AppData\Roaming\ViberPC
2014-07-09 08:46 - 2014-03-27 12:46 - 00000000 ____D () C:\Users\mot\AppData\Local\Viber
2014-07-09 08:46 - 2012-03-25 21:25 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-09 08:45 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-09 08:45 - 2009-07-14 06:51 - 00317264 _____ () C:\Windows\setupact.log
2014-07-09 07:01 - 2014-06-28 15:44 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-08 23:18 - 2012-03-27 14:12 - 00000000 ____D () C:\Quarantine
2014-07-08 16:13 - 2014-07-08 15:42 - 00015635 _____ () C:\zoek-results.log
2014-07-08 16:12 - 2014-07-08 15:40 - 00000000 ____D () C:\zoek_backup
2014-07-08 16:12 - 2010-11-21 05:47 - 00261088 _____ () C:\Windows\PFRO.log
2014-07-08 16:01 - 2014-07-06 21:16 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-07-08 15:42 - 2014-07-08 15:36 - 00000000 ____D () C:\Users\mot\AppData\Local\Browser Guard
2014-07-08 15:40 - 2014-07-08 16:11 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-08 15:37 - 2014-07-08 15:37 - 00000000 ____D () C:\Users\Public\Documents\Browser Guard
2014-07-08 15:33 - 2014-07-08 15:20 - 00000000 ____D () C:\AdwCleaner
2014-07-08 15:21 - 2012-03-27 10:04 - 00000000 ____D () C:\Users\mot\Documents\Outlook-Dateien
2014-07-08 12:12 - 2013-02-09 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-07 18:25 - 2012-06-13 11:12 - 00000000 ____D () C:\Windows\es
2014-07-07 06:47 - 2012-11-06 13:13 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-07 06:46 - 2012-05-11 10:29 - 00000000 ____D () C:\Windows\WindowsMobile
2014-07-06 21:17 - 2014-07-06 21:17 - 00000000 ____D () C:\Users\mot\AppData\Roaming\Nico Mak Computing
2014-07-06 21:16 - 2014-07-06 21:16 - 00001193 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-07-06 19:29 - 2014-07-06 19:29 - 00000188 _____ () C:\Users\mot\defogger_reenable
2014-07-06 07:29 - 2012-03-25 23:00 - 00000000 ____D () C:\ProgramData\DivX
2014-07-06 07:28 - 2014-07-06 07:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-07-06 07:28 - 2012-03-25 23:02 - 00000000 ____D () C:\Program Files\DivX
2014-07-06 07:28 - 2012-03-25 23:00 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-07-06 07:27 - 2012-03-25 23:02 - 00000000 ____D () C:\Users\mot\AppData\Roaming\DivX
2014-07-05 16:33 - 2012-06-16 11:08 - 00000000 ____D () C:\Users\mot2
2014-07-05 09:13 - 2013-09-11 17:15 - 00000000 ____D () C:\Windows\rescache
2014-07-04 06:27 - 2014-07-04 06:27 - 00000000 ____D () C:\ProgramData\Immunet
2014-07-04 06:26 - 2014-07-04 06:26 - 00329800 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-07-04 06:26 - 2014-07-04 06:26 - 00100096 _____ (Sourcefire, Inc.) C:\Windows\system32\Drivers\ImmunetNetworkMonitor.sys
2014-07-04 06:26 - 2014-07-04 06:26 - 00058112 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\immunetprotect.sys
2014-07-04 06:26 - 2014-07-04 06:26 - 00033024 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\immunetselfprotect.sys
2014-07-04 06:26 - 2014-07-04 06:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ImmunetNetworkMonitor_01009.Wdf
2014-07-04 06:26 - 2014-07-04 06:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immunet 3
2014-07-03 15:13 - 2011-12-13 10:31 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-03 15:03 - 2014-07-03 15:03 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2014-07-03 15:03 - 2014-07-03 15:03 - 00000000 _SHDL () C:\Users\UpdatusUser\Vorlagen
2014-07-03 15:03 - 2014-07-03 15:03 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü
2014-07-03 15:03 - 2014-07-03 15:03 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung
2014-07-03 15:03 - 2014-07-03 15:03 - 00000000 _SHDL () C:\Users\UpdatusUser\Lokale Einstellungen
2014-07-03 15:03 - 2014-07-03 15:03 - 00000000 _SHDL () C:\Users\UpdatusUser\Eigene Dateien
2014-07-03 15:03 - 2014-07-03 15:03 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung
2014-07-03 15:03 - 2014-07-03 15:03 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik
2014-07-03 15:03 - 2014-07-03 15:03 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder
2014-07-03 15:03 - 2014-07-03 15:03 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-03 15:03 - 2014-07-03 15:03 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf
2014-07-03 15:03 - 2014-07-03 15:03 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2014-07-03 15:03 - 2014-07-03 15:03 - 00000000 _SHDL () C:\Users\UpdatusUser\Anwendungsdaten
2014-07-03 15:03 - 2014-07-03 15:03 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-07-03 15:03 - 2014-04-19 12:49 - 00000000 ____D () C:\temp
2014-07-03 15:03 - 2011-12-13 10:30 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-03 12:48 - 2014-05-01 12:44 - 00007628 _____ () C:\Users\mot\AppData\Local\resmon.resmoncfg
2014-07-03 08:00 - 2013-08-04 10:31 - 00000000 ____D () C:\Users\mot\AppData\Roaming\vlc
2014-07-02 18:25 - 2014-07-02 18:25 - 00229008 _____ () C:\Users\mot\Downloads\MEDION_Treibersuche.exe
2014-07-02 14:54 - 2014-07-02 14:54 - 00004471 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-07-02 14:54 - 2014-07-02 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-02 14:54 - 2014-02-19 10:47 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-02 14:54 - 2011-10-14 13:25 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-02 14:26 - 2014-07-02 14:26 - 00000000 ____D () C:\Program Files\Common Files\Topaz Labs
2014-07-02 14:26 - 2014-07-02 14:26 - 00000000 ____D () C:\Program Files (x86)\Topaz Labs
2014-07-02 14:26 - 2014-07-02 14:23 - 00000000 ____D () C:\Users\mot\Desktop\TOPAZ ADJUST (PC Download)
2014-07-02 06:41 - 2014-07-02 06:41 - 00000000 ____D () C:\ProgramData\Reprise
2014-07-02 06:40 - 2014-07-02 06:40 - 00000000 ____D () C:\ProgramData\VertusTech
2014-07-02 06:40 - 2014-07-02 06:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fluid Mask 3
2014-07-02 06:40 - 2014-07-02 06:40 - 00000000 ____D () C:\Program Files (x86)\Vertus Fluid Mask 3
2014-07-01 18:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-01 10:01 - 2014-07-01 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2014-07-01 10:00 - 2012-03-26 13:27 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-07-01 09:25 - 2014-07-01 09:25 - 00000000 ____D () C:\Windows\System32\Tasks\Nero
2014-07-01 09:25 - 2012-03-26 13:31 - 00000000 ____D () C:\ProgramData\Nero
2014-07-01 09:24 - 2014-07-01 09:24 - 00002913 _____ () C:\Users\Public\Desktop\Nero 2014.lnk
2014-07-01 09:15 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-01 08:51 - 2012-06-20 09:14 - 00000000 ____D () C:\Program Files (x86)\MultiCommander
2014-06-30 15:24 - 2014-06-30 11:18 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-06-30 06:36 - 2014-04-20 14:29 - 00000000 ____D () C:\Windows\pss
2014-06-29 21:47 - 2011-07-18 23:22 - 00000000 ____D () C:\ProgramData\Temp
2014-06-29 21:46 - 2014-03-24 11:28 - 00000955 _____ () C:\Users\Public\Desktop\AKVIS Refocus.lnk
2014-06-29 18:11 - 2014-06-29 18:11 - 00001078 _____ () C:\Users\Public\Desktop\Astroburn Lite.lnk
2014-06-29 18:11 - 2014-06-29 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astroburn Lite
2014-06-29 18:11 - 2014-06-29 18:11 - 00000000 ____D () C:\ProgramData\Astroburn Lite
2014-06-29 18:11 - 2014-06-29 18:11 - 00000000 ____D () C:\Program Files (x86)\Astroburn Lite
2014-06-29 11:38 - 2013-01-04 11:03 - 00000000 ____D () C:\Program Files (x86)\Framing Studio
2014-06-29 11:38 - 2012-12-06 10:34 - 00000000 ____D () C:\Program Files (x86)\MultiKey
2014-06-29 11:36 - 2012-05-09 06:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-06-29 11:35 - 2014-04-03 14:47 - 00000000 ____D () C:\Program Files (x86)\WebSite X5 v10 - Evolution
2014-06-29 11:17 - 2014-05-06 15:14 - 00000000 ____D () C:\Program Files (x86)\CollageIt
2014-06-28 19:04 - 2014-06-28 19:04 - 00000000 ____D () C:\Users\mot\Desktop\Alte Firefox-Daten
2014-06-28 18:50 - 2012-06-13 11:12 - 00000000 ____D () C:\Windows\tr
2014-06-28 15:43 - 2014-06-28 15:43 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-28 15:43 - 2014-06-28 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-28 15:43 - 2014-06-28 15:43 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-28 15:43 - 2012-06-29 14:30 - 00000000 ____D () C:\Users\mot\AppData\Roaming\Malwarebytes
2014-06-28 15:43 - 2012-06-29 14:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-25 16:24 - 2012-07-01 00:33 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-06-22 16:16 - 2012-03-26 14:42 - 00000000 ____D () C:\Users\mot\AppData\Local\ISL
2014-06-22 16:13 - 2012-03-26 14:41 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-06-22 16:13 - 2011-07-18 23:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-22 16:12 - 2014-06-22 16:12 - 00001993 _____ () C:\Users\Public\Desktop\SILKYPIX Developer Studio Pro 6 Deutsch.lnk
2014-06-22 16:12 - 2014-06-22 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SILKYPIX Developer Studio Pro 6 Deutsch
2014-06-22 16:12 - 2012-08-15 11:09 - 00000000 ____D () C:\Program Files\ISL
2014-06-22 14:01 - 2012-03-25 21:25 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-22 14:01 - 2012-03-25 21:25 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 12:17 - 2012-04-01 11:53 - 00004078 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2461921014-138286631-1203969870-1000UA
2014-06-20 12:17 - 2012-04-01 11:53 - 00003682 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2461921014-138286631-1203969870-1000Core
2014-06-18 19:00 - 2012-04-25 20:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-18 11:12 - 2013-01-09 08:14 - 00000000 ____D () C:\Users\mot\AppData\Roaming\LumacDaemon
2014-06-18 10:30 - 2014-06-18 10:30 - 00000875 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-06-18 10:30 - 2014-06-18 10:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-06-18 10:30 - 2013-08-04 10:28 - 00000000 ____D () C:\Program Files\VideoLAN
2014-06-18 10:16 - 2014-06-18 10:16 - 00000000 ____D () C:\Users\mot\AppData\Local\Apps\2.0
2014-06-18 07:17 - 2014-06-18 07:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-17 10:30 - 2012-05-25 10:30 - 00000000 ____D () C:\Program Files (x86)\WebSite X5 v9 - Evolution
2014-06-17 10:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-06-17 09:48 - 2012-03-29 15:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoZoom Express 3
2014-06-17 09:48 - 2012-03-29 15:17 - 00000000 ____D () C:\Program Files (x86)\PhotoZoom Express 3
2014-06-17 09:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-06-16 09:29 - 2014-06-16 09:29 - 00001104 _____ () C:\Users\Public\Desktop\Trend Micro Browser Guard v3.0 Beta.lnk
2014-06-16 09:29 - 2014-06-16 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Browser Guard
2014-06-14 00:02 - 2012-03-25 21:26 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-13 11:45 - 2012-03-29 14:26 - 00000000 ____D () C:\Users\mot\AppData\Local\Nero
2014-06-13 11:43 - 2012-03-29 14:28 - 00000000 ____D () C:\Users\mot\AppData\Local\Nero_AG
2014-06-13 11:43 - 2012-03-29 14:26 - 00000000 ____D () C:\Users\mot\AppData\Roaming\Nero
2014-06-13 08:55 - 2012-03-29 08:53 - 00000000 ____D () C:\ProgramData\Skype
2014-06-12 21:05 - 2014-06-12 21:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-06-12 17:15 - 2013-08-14 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 17:09 - 2011-07-18 22:31 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 17:08 - 2012-03-26 09:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 13:06 - 2014-06-12 13:06 - 00001181 _____ () C:\Users\Public\Desktop\YouTube Song Downloader.lnk
2014-06-12 13:06 - 2014-06-12 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Song Downloader
2014-06-12 13:06 - 2012-03-29 13:53 - 00000000 ____D () C:\Program Files (x86)\YouTube Song Downloader
2014-06-12 13:06 - 2012-03-29 13:53 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2014-06-12 10:36 - 2012-04-05 14:19 - 00000000 ____D () C:\Users\mot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-11 13:22 - 2012-03-28 09:57 - 00000600 _____ () C:\Users\mot\AppData\Roaming\winscp.rnd

Some content of TEMP:
====================
C:\Users\mot\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjvz3sf.dll
C:\Users\mot\AppData\Local\Temp\NOSEventMessages.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 00:58

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Hi, zur Zeit laeuft alles gut. Vielen, vielen Dank Dir!!! was soll ich mit den Dateien in den Quarantaeneordnern machen? Im abgesicherten Modus loeschen?

Ich nutze mein Notebook nur fuer seriöse Dinge. Wie dieser Trojanerbefall ausgeloest wurde, ist mir eigentlich ein Raetsel, da ich nur Webseiten besuche, die ich brauche, wie web.de oder pcwelt - facebook natuerlich und Mails oeffne ich nur, wenn sie von mir Bekannten zugesandt wurden. Andere Mails checke ich mit dem Mailscanner von McAfee.

deeprybka · 09.07.2014, 13:02

OK,
anbei Tipps. Die Quarantäne wird durch Delfix gelöscht. Achte auf Deine Download-Quellen! Und installiere nicht soviel Security-Software. Lieber wenig, dafür gutes.

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:

Combofix-Deinstallation.

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Ja! Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

>>clean<<
Wir haben es geschafft!

Die Logs sehen für mich im Moment sauber aus.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.

Wie kann ich mich in Zukunft besser schützen?

Tipps, Dos & Don'ts

Updates & Software

Beim Betriebsystem Windows die automatischen Updates aktivieren.

Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:
Browser
Java
Flash-Player & PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.

Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Firewall, Antivirus & Co.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. (Updatefunktion aktivieren!)
Meine Empfehlungen:
Kaspersky Antivirus
Emsisoft Anti-Malware
avast Free Antivirus
Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Cracks, Downloads & Co.

Neben unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.
Der Besuch dubioser Websites kann bereits Risiken bergen. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher und beliebter Weg um Malware zu verbreiten.
Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kann man nie sicher sein, ob auch wirklich drin ist, was drauf steht. (Trojanisches Pferd^^)

Auch virustotal.com ist Dein Freund! Lade dubiose oder unbekannte Dateien hoch, bevor Du diese startest oder installierst.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden zu verleiten, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).

Surfe daher mit Vorsicht und klicke mit Verstand.
Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von Dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo Deine Daten eingeben.
Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst Du von einem Deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und Du solltest nicht denselben Fehler machen.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.

Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:

Erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

mot2001 · 09.07.2014, 13:03

Kann man eigentlich nachvollziehen, was die Ursache war - Internet oder USB-Schnittstelle?

deeprybka · 09.07.2014, 13:12

Das ist schwierig retrospektiv irgendwelche Angaben zu machen.

Spybot, winzipmalware-protector, Immunet würden auf meinem PC keine Verwendung finden.

Emsisoft und Windows-Firewall ist meine Empfehlung.

Bezüglich USB...
Hier noch ein Tipp:

Schritt 1

Panda USB Vaccine

Bitte lade Dir von hier Panda USB Vaccine herunter.

Starte und installiere es.
Impfe Deinen PC

Unter Win 7 HomePremium mehrfacher Trojaner-Befall

Plagegeister aller Art und deren Bekämpfung: Unter Win 7 HomePremium mehrfacher Trojaner-Befall