Trojaner-Board - Windows 7: Datein auf USB-Stick werden ungewollt zu Verknüpfungen verändert

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013

Ran by Robert (administrator) on JENNY on 01-11-2013 10:51:21

Running from C:\Users\Robert\Desktop

Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(AuthenTec, Inc) C:\Program Files\TrueSuite\TrueSuite.Service.exe

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\atservice.exe

(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe

(Novell, Inc.) C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(AuthenTec Inc.) C:\Program Files\TrueSuite\TrueSuite.TouchControl.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe

(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe

(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe

(TOSHIBA Corporation) C:\Windows\system32\ThpSrv.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

(Panda Security) C:\Program Files\Panda USB Vaccine\USBVaccine.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe

(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TEco.exe

(AuthenTec, Inc.) C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\TouchED\TouchED.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

() C:\Program Files\DivX\DivX Update\DivXUpdate.exe

(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

(Intel Corporation) C:\Windows\system32\igfxext.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe

(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALMon.exe

() C:\Windows\System32\nwtray.exe

(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

(Dropbox, Inc.) C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Microsoft Corporation) C:\FRST\Quarantine\ONENOTEM.EXE

(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe

(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe

(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe

(Secunia) C:\Program Files\Secunia\PSI\sua.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [TWebCamera] - C:\Program Files\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.)

HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [184320 2009-03-29] (Alps Electric Co., Ltd.)

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)

HKLM\...\Run: [TOSDCR] - C:\Program Files\Toshiba\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()

HKLM\...\Run: [TPwrMain] - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe [480608 2009-11-05] (TOSHIBA Corporation)

HKLM\...\Run: [HSON] - C:\Program Files\Toshiba\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation)

HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [521528 2009-08-13] (TOSHIBA Corporation)

HKLM\...\Run: [00TCrdMain] - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe [738616 2009-11-10] (TOSHIBA Corporation)

HKLM\...\Run: [ThpSrv] - C:\Windows\system32\thpsrv /logon

HKLM\...\Run: [TosSENotify] - C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-08-03] (TOSHIBA Corporation)

HKLM\...\Run: [Teco] - C:\Program Files\Toshiba\TECO\TEco.exe [1324384 2009-08-26] (TOSHIBA Corporation)

HKLM\...\Run: [TosWaitSrv] - C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe [611672 2009-08-06] (TOSHIBA Corporation)

HKLM\...\Run: [ClientAppLogon] - C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe [307008 2009-12-22] (AuthenTec, Inc.)

HKLM\...\Run: [TouchED] - C:\Program Files\Toshiba\TouchED\TouchED.exe [118784 2005-09-01] (TOSHIBA Corporation)

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()

HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)

HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\BrCtrCen.exe [114688 2008-12-24] (Brother Industries, Ltd.)

HKLM\...\Run: [ITSecMng] - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)

HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.)

HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()

HKLM\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files\Sophos\AutoUpdate\ALMon.exe [929272 2013-06-04] (Sophos Limited)

HKLM\...\Run: [NWTRAY] - C:\Windows\System32\nwtray.exe [34904 2012-03-27] ()

HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)

HKU\Administrator\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [ 2009-03-05] (Safer-Networking Ltd.)

HKU\Administrator\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-10-02] (Skype Technologies S.A.)

AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll,C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL [ 2013-06-04] (Sophos Limited)

Lsa: [Authentication Packages] msv1_0 ncv1_0

Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\FRST\Quarantine\ONENOTEM.EXE (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC0A10DF2B4A3CC01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search

SearchScopes: HKCU - {55FAF0F2-44D4-425f-B5F5-6B275B621EAB} URL = hxxp://search.burn4free-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field

BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll (AuthenTec Inc.)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)

Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)

Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)

Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)

Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)

Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)

Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)

Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)

Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)

Tcpip\Parameters: [DhcpNameServer] 10.2.0.1 10.2.0.2
 

FireFox:

========

FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default

FF Homepage: hxxp://www.zeit.de/

FF NetworkProxy: "http", "91.228.53.28"

FF NetworkProxy: "http_port", 8089

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File

FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File

FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll No File

FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VLC\npvlc.dll (VideoLAN)

FF Plugin: @wolfram.com/Mathematica - C:\Program Files\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Виявлення пристроїв Logitech - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\DeviceDetection@logitech.com

FF Extension: FoxyProxy Basic - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\foxyproxy@eric.h.jung

FF Extension: YouTube Unblocker - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\youtubeunblocker@unblocker.yt

FF Extension: admin - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\admin@proxy-listen.de.xpi

FF Extension: DivXWebPlayer - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\DivXWebPlayer@divx.com.xpi

FF Extension: No Name - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\{33d51bac-b658-4a8d-b65c-ce07d82b9889}.xpi

FF Extension: noscript - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

FF Extension: Adblock Plus - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF Extension: TrueSuite Website Log On - C:\Program Files\Mozilla Firefox\extensions\websitelogon_toolbar@truesuite.com

FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
 

========================== Services (Whitelisted) =================
 

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)

R2 ATService; C:\Program Files\Fingerprint Sensor\atservice.exe [1819968 2009-12-22] (AuthenTec, Inc.)

R2 FPLService; C:\Program Files\TrueSuite\TrueSuite.Service.exe [108352 2009-12-22] (AuthenTec, Inc)

R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-06-04] (Sophos Limited)

R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [159296 2013-06-04] (Sophos Limited)

R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-10-14] (Secunia)

R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-10-14] (Secunia)

R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)

R2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [237048 2013-06-04] (Sophos Limited)

R2 Sophos Web Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2012-10-20] (Sophos Limited)

R2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-06-04] (Sophos Limited)

S2 swi_update; C:\ProgramData\Sophos\Web Intelligence\swi_update.exe [1468920 2013-06-04] (Sophos Limited)

R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-08-27] (TOSHIBA Corporation)

R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-08-03] (TOSHIBA Corporation)

R3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-06] (TOSHIBA Corporation)

R2 XTSvcMgr; C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe [16984 2012-03-27] (Novell, Inc.)
 

==================== Drivers (Whitelisted) ====================
 

S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2011-07-29] ()

S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2011-07-29] ()

R0 NCFilter; C:\Windows\System32\DRIVERS\NCFilter.sys [91736 2012-03-27] ()

R2 NCFSD; C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [90712 2012-03-27] ()

R2 NCIOCTL; C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [60504 2012-03-27] ()

R0 NCRecognizer; C:\Windows\System32\DRIVERS\NCRecognizer.sys [111192 2012-03-27] ()

R0 NCUncFilter; C:\Windows\System32\DRIVERS\NCUncFilter.sys [22616 2012-03-27] ()

R1 NICM; C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [27224 2012-03-27] (Novell, Inc.)

R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation)

R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-10-14] (Secunia)

R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [132424 2013-06-04] (Sophos Limited)

S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [33696 2012-10-20] (Sophos Limited)

R1 SKMScan; C:\Windows\System32\DRIVERS\skmscan.sys [33096 2013-06-04] (Sophos Limited)

S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [22536 2012-10-20] (Sophos Plc)

R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation)

U3 nciom; C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys [65112 2012-03-27] (Novell, Inc.)

U3 ncp; C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys [64088 2012-03-27] (Novell, Inc.)

U3 ncpl; C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys [41048 2012-03-27] (Novell, Inc.)

U3 ndm; C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys [18520 2012-03-27] (Novell, Inc.)

U3 ndmndap; C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys [66136 2012-03-27] (Novell, Inc.)

U3 niam; C:\Program Files\Novell\Client\XTier\Drivers\niam.sys [30808 2012-03-27] (Novell, Inc.)

U3 nipctl; C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys [45656 2012-03-27] (Novell, Inc.)

U3 nscm; C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys [27224 2012-03-27] (Novell, Inc.)

U3 nsns; C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys [22104 2012-03-27] (Novell, Inc.)

U3 nsvccost; C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys [28760 2012-03-27] (Novell, Inc.)

U3 xtxplat; C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys [45144 2012-03-27] (Novell, Inc.)

S3 catchme; \??\C:\Users\Robert\AppData\Local\Temp\catchme.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-11-01 10:50 - 2013-11-01 10:50 - 01089445 _____ (Farbar) C:\Users\Robert\Desktop\FRST.exe

2013-10-31 12:48 - 2013-10-31 12:48 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-10-31 11:46 - 2013-10-31 11:46 - 00001026 _____ C:\Users\Robert\Desktop\Panda USB Vaccine.lnk

2013-10-29 11:36 - 2013-10-29 11:36 - 00000000 ____D C:\_OTM

2013-10-29 11:34 - 2013-10-29 11:34 - 00522240 _____ (OldTimer Tools) C:\Users\Robert\Desktop\OTM.exe

2013-10-28 17:27 - 2013-10-28 17:37 - 00000000 ____D C:\Users\Robert\Desktop\PKV

2013-10-24 16:10 - 2013-10-24 16:10 - 00000000 ____D C:\Users\Robert\Desktop\Security

2013-10-22 18:25 - 2013-10-22 18:25 - 00000000 ____D C:\Users\Robert\AppData\Local\Tracker Software

2013-10-22 18:19 - 2013-10-22 18:19 - 00000000 ____D C:\Program Files\Foxit Software

2013-10-22 18:19 - 2013-06-09 20:59 - 00216064 _____ C:\Windows\system32\gcapi_dll.dll

2013-10-22 18:18 - 2012-08-21 12:01 - 00026840 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys

2013-10-22 18:16 - 2013-10-22 18:18 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-10-22 17:51 - 2013-10-22 17:51 - 00000000 ____D C:\Users\Robert\AppData\Local\Secunia PSI

2013-10-22 17:51 - 2013-10-22 17:51 - 00000000 ____D C:\Program Files\Secunia

2013-10-22 17:27 - 2013-10-22 17:29 - 00000851 _____ C:\DelFix.txt

2013-10-21 15:26 - 2013-10-30 17:14 - 00000000 ____D C:\Program Files\Mozilla Thunderbird

2013-10-21 13:51 - 2013-10-21 13:51 - 00000000 ____D C:\ProgramData\Oracle

2013-10-21 13:50 - 2013-10-21 13:50 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2013-10-21 13:50 - 2013-10-21 13:50 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2013-10-21 13:50 - 2013-10-21 13:50 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2013-10-21 13:50 - 2013-10-21 13:50 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2013-10-19 09:06 - 2013-10-22 17:27 - 00000000 ____D C:\Windows\ERUNT

2013-10-19 08:54 - 2013-10-19 08:56 - 00000000 ____D C:\AdwCleaner

2013-10-19 08:40 - 2013-10-19 08:40 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Malwarebytes

2013-10-19 08:40 - 2013-10-19 08:40 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-10-19 08:40 - 2013-04-04 13:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-10-18 15:28 - 2013-10-22 17:23 - 00000000 ____D C:\Windows\erdnt

2013-10-18 15:26 - 2013-10-31 11:19 - 00000000 ____D C:\Program Files\Panda USB Vaccine

2013-10-18 15:26 - 2013-10-18 15:26 - 00000000 ____D C:\ProgramData\Panda Security

2013-10-18 13:46 - 2013-10-28 15:06 - 00000000 ____D C:\FRST

2013-10-14 11:04 - 2013-10-14 11:04 - 00016024 _____ (Secunia) C:\Windows\system32\Drivers\psi_mf_x86.sys

2013-10-10 18:25 - 2013-09-04 02:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2013-10-10 18:25 - 2013-09-04 02:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2013-10-10 18:25 - 2013-09-04 02:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2013-10-10 18:25 - 2013-09-04 02:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2013-10-10 18:25 - 2013-09-04 02:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2013-10-10 18:25 - 2013-09-04 02:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2013-10-10 18:25 - 2013-09-04 02:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2013-10-09 23:26 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-10-09 23:26 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-10-09 23:26 - 2013-09-23 00:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-10-09 23:26 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-10-09 23:26 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-10-09 23:26 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-10-09 23:26 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-10-09 23:26 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-10-09 23:26 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-10-09 23:26 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-10-09 23:26 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-10-09 23:26 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-10-09 23:26 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-10-09 23:26 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-10-09 23:26 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-10-09 23:25 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-10-09 21:56 - 2013-09-14 01:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-10-09 21:56 - 2013-09-08 03:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-10-09 21:56 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll

2013-10-09 21:56 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2013-10-09 21:56 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-10-09 21:56 - 2013-08-29 02:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-10-09 21:56 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2013-10-09 21:56 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2013-10-09 21:56 - 2013-08-28 02:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-10-09 21:56 - 2013-08-28 01:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll

2013-10-09 21:56 - 2013-08-01 12:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2013-10-09 21:56 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-09 21:56 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2013-10-09 21:56 - 2013-07-03 05:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys

2013-10-09 21:56 - 2013-07-03 04:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys

2013-10-09 21:56 - 2013-07-03 04:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

2013-10-09 21:56 - 2013-06-06 05:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2013-10-09 21:56 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2013-10-09 21:56 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2013-10-09 21:56 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2013-10-09 21:56 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2013-10-09 21:55 - 2013-07-12 11:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys

2013-10-09 21:55 - 2013-07-12 11:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys

2013-10-09 21:55 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll

2013-10-09 21:55 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll

2013-10-09 21:55 - 2013-07-04 10:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2013-10-09 21:55 - 2013-06-25 23:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys

2013-10-07 19:14 - 2013-10-07 19:14 - 00000000 ____D C:\Users\Robert\Desktop\Der Pate 3
 

==================== One Month Modified Files and Folders =======
 

2013-11-01 10:51 - 2012-07-22 13:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-11-01 10:50 - 2013-11-01 10:50 - 01089445 _____ (Farbar) C:\Users\Robert\Desktop\FRST.exe

2013-11-01 10:44 - 2011-11-16 16:22 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Skype

2013-11-01 09:53 - 2011-11-16 16:05 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Dropbox

2013-11-01 09:51 - 2009-07-14 05:34 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-11-01 09:51 - 2009-07-14 05:34 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-11-01 09:43 - 2012-05-14 13:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-11-01 09:43 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-11-01 09:43 - 2009-07-14 05:39 - 00110496 _____ C:\Windows\setupact.log

2013-10-31 23:31 - 2011-11-15 17:21 - 01722249 _____ C:\Windows\WindowsUpdate.log

2013-10-31 22:58 - 2011-11-16 18:41 - 00000000 ____D C:\Users\Robert\AppData\Roaming\vlc

2013-10-31 20:17 - 2012-07-22 14:19 - 00000000 ____D C:\Users\Robert\AppData\Roaming\dvdcss

2013-10-31 12:48 - 2013-10-31 12:48 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-10-31 11:46 - 2013-10-31 11:46 - 00001026 _____ C:\Users\Robert\Desktop\Panda USB Vaccine.lnk

2013-10-31 11:19 - 2013-10-18 15:26 - 00000000 ____D C:\Program Files\Panda USB Vaccine

2013-10-31 11:16 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public

2013-10-30 17:14 - 2013-10-21 15:26 - 00000000 ____D C:\Program Files\Mozilla Thunderbird

2013-10-29 12:38 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET

2013-10-29 11:36 - 2013-10-29 11:36 - 00000000 ____D C:\_OTM

2013-10-29 11:34 - 2013-10-29 11:34 - 00522240 _____ (OldTimer Tools) C:\Users\Robert\Desktop\OTM.exe

2013-10-29 01:24 - 2011-11-16 19:10 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-10-29 01:24 - 2009-07-14 03:04 - 00000478 _____ C:\Windows\win.ini

2013-10-29 00:38 - 2010-11-20 22:01 - 01507342 _____ C:\Windows\system32\PerfStringBackup.INI

2013-10-28 17:37 - 2013-10-28 17:27 - 00000000 ____D C:\Users\Robert\Desktop\PKV

2013-10-28 15:06 - 2013-10-18 13:46 - 00000000 ____D C:\FRST

2013-10-24 16:10 - 2013-10-24 16:10 - 00000000 ____D C:\Users\Robert\Desktop\Security

2013-10-24 16:10 - 2011-11-16 18:45 - 00281514 _____ C:\Windows\DPINST.LOG

2013-10-24 16:10 - 2011-04-29 16:26 - 00000000 ____D C:\Program Files\Sony Ericsson

2013-10-24 16:08 - 2011-11-27 22:19 - 00000000 ____D C:\Windows\system32\appmgmt

2013-10-23 15:19 - 2013-07-15 12:15 - 00000000 _____ C:\Windows\system32\vireng.log

2013-10-23 15:09 - 2010-04-03 13:30 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-10-22 21:42 - 2011-01-14 14:46 - 00000000 ____D C:\Program Files\QuickTime

2013-10-22 18:25 - 2013-10-22 18:25 - 00000000 ____D C:\Users\Robert\AppData\Local\Tracker Software

2013-10-22 18:19 - 2013-10-22 18:19 - 00000000 ____D C:\Program Files\Foxit Software

2013-10-22 18:19 - 2011-12-11 17:42 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Foxit Software

2013-10-22 18:18 - 2013-10-22 18:16 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-10-22 18:18 - 2011-05-23 22:11 - 00000000 ____D C:\Program Files\iTunes

2013-10-22 18:16 - 2011-05-23 22:11 - 00000000 ____D C:\Program Files\iPod

2013-10-22 18:15 - 2011-11-16 16:32 - 00000000 ____D C:\Program Files\VLC

2013-10-22 17:51 - 2013-10-22 17:51 - 00000000 ____D C:\Users\Robert\AppData\Local\Secunia PSI

2013-10-22 17:51 - 2013-10-22 17:51 - 00000000 ____D C:\Program Files\Secunia

2013-10-22 17:29 - 2013-10-22 17:27 - 00000851 _____ C:\DelFix.txt

2013-10-22 17:27 - 2013-10-19 09:06 - 00000000 ____D C:\Windows\ERUNT

2013-10-22 17:23 - 2013-10-18 15:28 - 00000000 ____D C:\Windows\erdnt

2013-10-22 17:19 - 2011-11-15 17:31 - 00000000 ____D C:\Users\Robert

2013-10-22 10:34 - 2010-11-20 22:48 - 00096752 _____ C:\Windows\PFRO.log

2013-10-21 19:17 - 2013-04-11 17:41 - 00000000 ____D C:\Users\Robert\Desktop\entwickeln

2013-10-21 13:51 - 2013-10-21 13:51 - 00000000 ____D C:\ProgramData\Oracle

2013-10-21 13:50 - 2013-10-21 13:50 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2013-10-21 13:50 - 2013-10-21 13:50 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2013-10-21 13:50 - 2013-10-21 13:50 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2013-10-21 13:50 - 2013-10-21 13:50 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2013-10-21 13:50 - 2008-07-21 13:43 - 00000000 ____D C:\Program Files\Java

2013-10-19 08:56 - 2013-10-19 08:54 - 00000000 ____D C:\AdwCleaner

2013-10-19 08:40 - 2013-10-19 08:40 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Malwarebytes

2013-10-19 08:40 - 2013-10-19 08:40 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-10-18 17:34 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Default

2013-10-18 17:28 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini

2013-10-18 16:32 - 2009-07-14 03:03 - 52953088 _____ C:\Windows\system32\config\SOFTWARE.bak

2013-10-18 16:32 - 2009-07-14 03:03 - 15990784 _____ C:\Windows\system32\config\SYSTEM.bak

2013-10-18 16:32 - 2009-07-14 03:03 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak

2013-10-18 16:32 - 2009-07-14 03:03 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak

2013-10-18 16:32 - 2009-07-14 03:03 - 00262144 _____ C:\Windows\system32\config\SAM.bak

2013-10-18 15:26 - 2013-10-18 15:26 - 00000000 ____D C:\ProgramData\Panda Security

2013-10-14 11:04 - 2013-10-14 11:04 - 00016024 _____ (Secunia) C:\Windows\system32\Drivers\psi_mf_x86.sys

2013-10-12 12:11 - 2011-11-16 16:22 - 00000000 ____D C:\ProgramData\Skype

2013-10-12 12:11 - 2009-08-14 11:32 - 00000000 ___RD C:\Program Files\Skype

2013-10-11 11:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache

2013-10-10 09:21 - 2009-07-14 05:33 - 00366296 _____ C:\Windows\system32\FNTCACHE.DAT

2013-10-10 09:19 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE

2013-10-09 23:30 - 2013-07-20 18:31 - 00000000 ____D C:\Windows\system32\MRT

2013-10-09 23:28 - 2011-11-17 21:25 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-10-09 23:27 - 2010-11-21 19:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-10-08 23:51 - 2012-03-30 09:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2013-10-08 23:51 - 2011-11-15 17:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2013-10-07 19:14 - 2013-10-07 19:14 - 00000000 ____D C:\Users\Robert\Desktop\Der Pate 3
 

Some content of TEMP:

====================

C:\Users\Robert\AppData\Local\temp\Checkupdate.exe

C:\Users\Robert\AppData\Local\temp\Foxit Reader Updater.exe

C:\Users\Robert\AppData\Local\temp\gcapi_dll.dll

C:\Users\Robert\AppData\Local\temp\gtapi_signed.dll
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-10-31 12:27
 

==================== End Of Log ============================
--- --- ---