Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   GVU Meldung und weißer Bildschirm (https://www.trojaner-board.de/137026-gvu-meldung-weisser-bildschirm.html)

rosjen 22.06.2013 16:02
GVU Meldung und weißer Bildschirm
 
Hallo,

Beim surfen im Internet habe ich mir den oben genannten Trojaner eingefangen.

Der PC lässt soch nicht mehr bedienen. Es erscheint unmittelbar die GVU Meldung, so dass
Ich Windows gar nocht bedienen kann.

Ich bin leider kein PC Experte und hoffe, dass ich mit eurer Hilfe wieder in mein Windows komme.

Schon jetzt ganz vielen dank für eure Hilfe.

aharonov 22.06.2013 16:20
Hallo,

was hast du für ein Betriebssystem? Windows XP, Vista, 7? Ist es 32-bit oder 64-bit?

rosjen 22.06.2013 17:04
Hallo,

ich habe Windows 7 installiert. Es sind 64-Bit.

Liebe Grüße

aharonov 22.06.2013 18:56
Hallo rosjen und :hallo:

Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten.

Eins vorneweg: Ich kann dir keine Garantien geben, dass ich alles finden werde. Bei schwerwiegenden Infektionen ist ein Formatieren und Neuinstallieren meist der schnellere und immer der sicherere Weg.
Wenn du dich für eine Bereinigung entscheidest, dann sollten wir gründlich vorgehen. Bleib also dran, bis ich dir eindeutig mitteile, dass wir fertig sind.
Auch wenn die auffälligen Symptome schon früh verschwinden, bedeutet das nicht, dass dein Rechner dann schon sauber und sicher ist.

Hinweise zum Ablauf
  • Du bekommst von mir jeweils eine individuell auf dich abgestimmte schrittweise Anleitung.
    • Lese diese Anweisungen immer zuerst vollständig durch und frag bei Unklarheiten nach, bevor du beginnst.
    • Arbeite die Anleitungen dann sorgfältig und in der angegebenen Reihenfolge ab und poste deine Rückmeldungen und Logfiles erst zum Schluss gesammelt in einer Antwort.
    • Füge den Inhalt der Logfiles wenn immer möglich innerhalb von Code-Tags in deine Antwort ein.
    • Sollten Probleme auftauchen, dann brich an dieser Stelle ab und schildere sie so gut wie möglich.
  • Es ist wichtig für mich, dass sich der Zustand deines Systems nicht plötzlich unvorhersehbar ändert:
    • Lasse keine Scanner oder Tools ohne Aufforderung laufen. Lösche nichts auf eigene Faust.
    • Installiere oder deinstalliere während der Bereinigung keine Software.

Los geht's:

Dann gehen wir es so an:


Schritt 1

Downloade dir bitte Farbar Recovery Scan Tool 64-Bit und speichere diese auf einen USB Stick (nicht in einen Unterordner!).
Schliesse den USB Stick an den infizierten Rechner an.

Du musst das System nun in die System Reparatur Option booten:
Variante 1 - Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während des Hochfahrens drücke mehrmals die F8 Taste.
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils Weiter.

oder

Variante 2 - Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und boote von der CD.
  • Wähle die Spracheinstellungen und klicke Weiter.
  • Klicke auf Computerreparaturoptionen.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils Weiter.

Wenn du jetzt in den Reparaturoptionen bist, wähle Eingabeaufforderung.
  • Gib nun bitte notepad ein und drücke Enter.
    • Es öffnet sich ein Textdokument. Klicke auf Datei -> Speichern unter und wähle Computer.
    • Lese nun hier den Laufwerksbuchstaben deines USB Sticks (z.B. e:\) ab.
    • Schliesse Notepad wieder.
  • Gib nun bitte folgenden Befehl ein und drücke Enter:
    e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Wenn es bei dir ein anderer Buchstabe ist, dann passe den Befehl entsprechend an.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan.
Das Tool erstellt eine Datei FRST.txt auf deinem USB Stick. Poste dessen Inhalt bitte hier.



Bitte poste in deiner nächsten Antwort:
  • Log von FRST

rosjen 22.06.2013 19:33
Toll! Danke! Das hat funktioniert!

Hier die Datei


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2013
Ran by R65 (administrator) on 22-06-2013 21:20:33
Running from F:\
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\System32\lpksetup.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DATA BECKER GmbH & Co KG) C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) D:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(Dropbox, Inc.) C:\Users\R65\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Microsoft Corporation) C:\Windows\system32\presentationsettings.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16336488 2009-08-28] (NVIDIA Corporation)
HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-08-12] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.)
HKCU\...\Run: [OfficeSyncProcess] "D:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [x]
HKCU\...\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [435672 2011-11-14] (TomTom)
HKCU\...\Run: [Facebook Update] "C:\Users\R65\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-17] (Facebook Inc.)
HKCU\...\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844168 2013-06-10] (Samsung)
HKCU\...\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray [1086376 2012-08-03] (Nokia)
HKCU\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [1561968 2013-04-23] (Samsung)
HKCU\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [578560 2013-04-18] (Samsung Electronics)
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-4052187697-802691591-208067248-1000\$2be7a7e21d87f0fde075de3fe445bdc3\n. ATTENTION! ====> ZeroAccess
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6937216 2009-10-09] (ASUS)
HKLM-x32\...\Run: [BCSSync] "D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\SRS Premium Sound.lnk
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
Startup: C:\Users\R65\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\R65\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=eb61c2e8-760e-48be-bf65-026bea384630&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
HKLM-x32 SearchScopes: DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=eb61c2e8-760e-48be-bf65-026bea384630&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=eb61c2e8-760e-48be-bf65-026bea384630&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
HKCU SearchScopes: DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=eb61c2e8-760e-48be-bf65-026bea384630&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=eb61c2e8-760e-48be-bf65-026bea384630&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
SearchScopes: HKCU - {34CFF45B-7154-4AF9-A87D-897D2AFCD1F6} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {459FA174-3829-4446-9094-4B2629215F1E} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {7B9E3889-F9BF-4C39-AF02-376EF56F31C8} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=96fc5f97-4dd5-4a17-9b48-40ddf9eeda28&apn_sauid=10412A3B-7C5F-477A-A9DF-62E352D2ADB4
SearchScopes: HKCU - {92C98AF0-6946-4FA5-830E-1E3AA43B8728} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {CEF7FB2F-9495-45A1-8550-3831422F36ED} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL No File
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - D:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} -  No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome:
=======
CHR HomePage: hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=eb61c2e8-760e-48be-bf65-026bea384630&affid=111585&searchtype=hp&babsrc=lnkry
CHR RestoreOnStartup: "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=eb61c2e8-760e-48be-bf65-026bea384630&affid=111585&searchtype=hp&babsrc=lnkry"
CHR DefaultSearchURL: (Ask) - hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=96fc5f97-4dd5-4a17-9b48-40ddf9eeda28&apn_ptnrs=%5EABT&apn_sauid=10412A3B-7C5F-477A-A9DF-62E352D2ADB4&apn_dtid=%5EYYYYYY%5EYY%5EDE&q={searchTerms}
CHR DefaultSuggestURL: (Ask) - hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Microsoft Office 2010) - D:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - D:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File

==================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-04-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-04-06] (Avira Operations GmbH & Co. KG)
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
R2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [187456 2013-03-13] (DATA BECKER GmbH & Co KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [30785672 2012-09-20] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57966424 2010-09-17] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R3 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [430424 2010-09-17] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-06] (Avira Operations GmbH & Co. KG)
S2 DgiVecp; C:\Windows\SysWow64\Drivers\DgiVecp.sys [41984 2004-05-17] (DeviceGuys, Inc.)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-03] ()
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-03] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 PcaSp60; C:\Windows\SysWow64\DRIVERS\PcaSp60.sys [38912 2010-05-19] (Printing Communications Assoc., Inc. (PCAUSA))
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-07-17] ()
S3 VSPerfDrv100; D:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-17] (Microsoft Corporation)
S3 VSPerfDrv100; D:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-17] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S2 DgiVecp; System32\Drivers\DgiVecp.sys [x]
S3 ipswuio; System32\DRIVERS\ipswuio.sys [x]
S3 massfilter; system32\drivers\massfilter.sys [x]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\system32\drivers\acedrv11.sys 84DA132E969484F581C550DE69BD1727
C:\Windows\system32\drivers\acedrv11.sys 84DA132E969484F581C550DE69BD1727
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\drivers\AmUStor.SYS 391887990CDAA83DE5C56C3FDE966DA1
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Program Files\ATKGFNEX\ASMMAP64.sys 2DB34EDD17D3A8DA7105A19C95A3DD68
C:\Program Files\ATKGFNEX\ASMMAP64.sys 2DB34EDD17D3A8DA7105A19C95A3DD68
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys 0ACC06FCF46F64ED4F11E57EE461C1F4
C:\Windows\System32\DRIVERS\avgntflt.sys 09E6069EF94B345061B4BD3CEBD974C8
C:\Windows\System32\DRIVERS\avipbb.sys 488486DAD09A5B6C6DBB8B990A8B2307
C:\Windows\System32\DRIVERS\avkmgr.sys 490FA25161BF3E51993EB724ECF0ACEB
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\SysWow64\Drivers\DgiVecp.sys A5034F77B278F07E224FE07CF98A8B76
C:\Windows\System32\DRIVERS\ssudbus.sys 0B3F6C8F93C5C25977EA5A8B2E656357
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ETD.sys 3C38648375B7F3988691F53A7AAE10A9
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys 7D66EBDE8B7F9B4E00BEEFEEE82670D4
C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys 7D66EBDE8B7F9B4E00BEEFEEE82670D4
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys DFEAF0A1D98D397035012C8E28D1520F
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 5BA1779E2C84FDE2A5E201FFF9C42C9C
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbfiltr.sys E63EF8C3271D014F14E2469CE75FECB4
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys B4A3A05B0F9C81D098B96AB6AA915042
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910
C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ATK64AMD.sys 032D35C996F21D19A205A7C8F0B76F3C
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\ccdcmbx64.sys 5FE6F8C05F0769BBB74AFAC11453B182
C:\Windows\System32\drivers\ccdcmbox64.sys 73C929945C0850B8D1FE2FEA05FDF05D
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvhda64v.sys 6E41A4DF26340A07A489B721F9721EC1
C:\Windows\System32\DRIVERS\nvlddmkm.sys 5A9A416F77E98686079E4D7F90A55498
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\DRIVERS\PcaSp60.sys D65714E2C35C13ED9074B01EA41918BC
C:\Windows\SysWow64\DRIVERS\PcaSp60.sys D65714E2C35C13ED9074B01EA41918BC
C:\Windows\System32\DRIVERS\pccsmcfdx64.sys 3FDE033DFB0D07F8B7D5C9A3044AA121
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RsFx0103.sys CD553B8633466A6D1C115812F2619F1F
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\snp2uvc.sys A415C67B40DFB903ACCC1D40FBEE3269
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\ssudmdm.sys EA8F41484CCC5BA6A1455C2AD3D1BE3C
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 9849EA3843A2ADBDD1497E97A85D8CAE
C:\Windows\System32\DRIVERS\tcpip.sys 9849EA3843A2ADBDD1497E97A85D8CAE
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys 34AFB83C7BBA370E404E52CC2290350C
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\DRIVERS\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbser.sys 4ACEE387FA8FD39F83564FCD2FC234F2
C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys AA75E1EFBEE7186B4CBAAACF1F15E6CA
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\System32\DRIVERS\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\system32\drivers\usb8023x.sys 7B28E2FBE75115660FAB31079C0A9F29
C:\Windows\System32\DRIVERS\VClone.sys FD911873C0BB6945FA38C16E9A2B58F9
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
D:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys 1928B9CA20F51BFBBAD54D2C2C447B13
D:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys 1928B9CA20F51BFBBAD54D2C2C447B13
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-22 21:20 - 2013-06-22 21:20 - 00000000 ____D C:\FRST
2013-06-22 16:22 - 2013-06-22 17:07 - 00000004 ____A C:\Users\R65\AppData\Roaming\skype.ini
2013-06-21 22:41 - 2013-06-21 22:41 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-21 22:41 - 2013-06-21 22:41 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-21 22:41 - 2013-06-21 22:41 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-21 22:40 - 2013-06-21 22:40 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-21 22:40 - 2013-06-21 22:40 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-21 22:40 - 2013-06-21 22:40 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-21 22:40 - 2013-06-21 22:40 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-21 22:40 - 2013-06-21 22:40 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-21 22:40 - 2013-06-21 22:40 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-21 22:40 - 2013-06-21 22:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-21 22:40 - 2013-06-21 22:40 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-21 22:40 - 2013-06-21 22:40 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-21 22:40 - 2013-06-21 22:40 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-21 22:30 - 2013-06-21 22:49 - 00010557 ____A C:\Windows\IE10_main.log
2013-06-12 17:14 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 17:09 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 17:09 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 17:09 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 17:09 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 17:09 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 17:09 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 17:08 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 17:08 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 17:08 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 17:08 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 17:08 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 17:08 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 17:08 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 17:08 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 17:08 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 17:08 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 17:08 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 17:08 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-10 20:53 - 2013-06-10 20:53 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-06-10 17:49 - 2013-06-10 17:49 - 00002002 ____A C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2013-06-10 17:49 - 2013-06-10 17:49 - 00001992 ____A C:\Users\Public\Desktop\Samsung Kies.lnk
2013-06-10 17:49 - 2013-06-10 17:49 - 00000000 ____D C:\Users\R65\Documents\samsung
2013-06-10 17:49 - 2013-06-10 17:49 - 00000000 ____D C:\Users\R65\AppData\Roaming\Samsung
2013-06-10 17:49 - 2013-06-10 17:49 - 00000000 ____D C:\Users\R65\AppData\Local\Samsung
2013-06-10 17:49 - 2013-06-10 17:49 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2013-06-10 17:46 - 2013-06-10 17:46 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2013-06-10 17:38 - 2013-06-10 17:47 - 00000000 ____D C:\ProgramData\Samsung
2013-06-10 17:38 - 2013-06-10 17:47 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-06-10 17:38 - 2013-04-18 19:08 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2013-06-10 17:38 - 2013-04-18 19:06 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2013-06-10 17:13 - 2013-06-10 17:13 - 00000000 ____D C:\Users\R65\AppData\Local\Downloaded Installations
2013-06-10 16:54 - 2013-06-10 16:54 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-06-08 13:25 - 2013-06-08 13:25 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-08 13:25 - 2013-06-08 13:25 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-08 13:25 - 2013-06-08 13:25 - 00000000 ____D C:\Program Files\iTunes
2013-06-08 13:25 - 2013-06-08 13:25 - 00000000 ____D C:\Program Files\iPod
2013-06-08 13:25 - 2013-06-08 13:25 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-04 09:15 - 2013-06-04 09:15 - 00203672 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2013-06-04 09:15 - 2013-06-04 09:15 - 00103448 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys

==================== One Month Modified Files and Folders =======

2013-06-22 21:21 - 2011-07-13 15:28 - 00000000 ____D C:\Users\R65\AppData\Roaming\Dropbox
2013-06-22 21:20 - 2013-06-22 21:20 - 00000000 ____D C:\FRST
2013-06-22 21:18 - 2012-05-19 15:02 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-22 21:15 - 2011-04-04 20:01 - 00001100 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-22 21:15 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-22 21:15 - 2009-07-14 06:51 - 00217605 ____A C:\Windows\setupact.log
2013-06-22 17:07 - 2013-06-22 16:22 - 00000004 ____A C:\Users\R65\AppData\Roaming\skype.ini
2013-06-22 17:07 - 2011-04-04 18:40 - 01753881 ____A C:\Windows\WindowsUpdate.log
2013-06-22 16:55 - 2011-11-03 17:45 - 00001130 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4052187697-802691591-208067248-1000UA.job
2013-06-22 16:27 - 2011-04-04 20:01 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-22 15:36 - 2011-06-09 18:33 - 00000000 ____D C:\Users\R65\Documents\Outlook-Dateien
2013-06-22 10:16 - 2009-07-14 06:45 - 00016704 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-22 10:16 - 2009-07-14 06:45 - 00016704 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-22 10:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-21 22:49 - 2013-06-21 22:30 - 00010557 ____A C:\Windows\IE10_main.log
2013-06-21 22:41 - 2013-06-21 22:41 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-21 22:41 - 2013-06-21 22:41 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-21 22:41 - 2013-06-21 22:41 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-21 22:40 - 2013-06-21 22:40 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-21 22:40 - 2013-06-21 22:40 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-21 22:40 - 2013-06-21 22:40 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-21 22:40 - 2013-06-21 22:40 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-21 22:40 - 2013-06-21 22:40 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-21 22:40 - 2013-06-21 22:40 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-21 22:40 - 2013-06-21 22:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-21 22:40 - 2013-06-21 22:40 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-21 22:40 - 2013-06-21 22:40 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-21 22:40 - 2013-06-21 22:40 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-17 22:55 - 2011-11-03 17:45 - 00001108 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4052187697-802691591-208067248-1000Core.job
2013-06-15 12:15 - 2009-12-01 06:49 - 00766802 ____A C:\Windows\System32\perfh007.dat
2013-06-15 12:15 - 2009-12-01 06:49 - 00174656 ____A C:\Windows\System32\perfc007.dat
2013-06-15 12:15 - 2009-07-14 07:13 - 01808826 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-12 20:01 - 2011-04-05 12:20 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 18:19 - 2012-05-19 15:02 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 18:19 - 2011-06-24 15:24 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 16:48 - 2011-04-05 17:54 - 00001910 ____A C:\Windows\System32\AutoRunFilter.ini
2013-06-10 20:53 - 2013-06-10 20:53 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-06-10 18:03 - 2011-04-05 08:58 - 01829236 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-10 17:49 - 2013-06-10 17:49 - 00002002 ____A C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2013-06-10 17:49 - 2013-06-10 17:49 - 00001992 ____A C:\Users\Public\Desktop\Samsung Kies.lnk
2013-06-10 17:49 - 2013-06-10 17:49 - 00000000 ____D C:\Users\R65\Documents\samsung
2013-06-10 17:49 - 2013-06-10 17:49 - 00000000 ____D C:\Users\R65\AppData\Roaming\Samsung
2013-06-10 17:49 - 2013-06-10 17:49 - 00000000 ____D C:\Users\R65\AppData\Local\Samsung
2013-06-10 17:49 - 2013-06-10 17:49 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2013-06-10 17:47 - 2013-06-10 17:38 - 00000000 ____D C:\ProgramData\Samsung
2013-06-10 17:47 - 2013-06-10 17:38 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-06-10 17:46 - 2013-06-10 17:46 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2013-06-10 17:38 - 2011-04-05 17:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-10 17:13 - 2013-06-10 17:13 - 00000000 ____D C:\Users\R65\AppData\Local\Downloaded Installations
2013-06-10 16:54 - 2013-06-10 16:54 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-06-08 13:25 - 2013-06-08 13:25 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-08 13:25 - 2013-06-08 13:25 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-08 13:25 - 2013-06-08 13:25 - 00000000 ____D C:\Program Files\iTunes
2013-06-08 13:25 - 2013-06-08 13:25 - 00000000 ____D C:\Program Files\iPod
2013-06-08 13:25 - 2013-06-08 13:25 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-04 09:15 - 2013-06-04 09:15 - 00203672 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2013-06-04 09:15 - 2013-06-04 09:15 - 00103448 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2013-06-02 19:17 - 2011-07-13 15:30 - 00001008 ____A C:\Users\R65\Desktop\Dropbox.lnk

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-4052187697-802691591-208067248-1000\$2be7a7e21d87f0fde075de3fe445bdc3

Files to move or delete:
====================
C:\Users\R65\AppData\Roaming\skype.dat
C:\Users\R65\AppData\Roaming\skype.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description            Windows Boot Manager
locale                  de-DE
inherit                {globalsettings}
default                {current}
resumeobject            {8b20296f-5f2d-11e0-900c-bf2d30d73598}
displayorder            {current}
toolsdisplayorder      {memdiag}
timeout                30

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description            Windows 7
locale                  de-DE
inherit                {bootloadersettings}
recoverysequence        {8b202971-5f2d-11e0-900c-bf2d30d73598}
recoveryenabled        Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {8b20296f-5f2d-11e0-900c-bf2d30d73598}
nx                      OptIn

Windows-Startladeprogramm
-------------------------
Bezeichner              {8b202971-5f2d-11e0-900c-bf2d30d73598}

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {8b20296f-5f2d-11e0-900c-bf2d30d73598}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description            Windows Resume Application
locale                  de-DE
inherit                {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description            Windows-Speicherdiagnose
locale                  de-DE
inherit                {globalsettings}
badmemoryaccess        Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype              Serial
debugport              1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype    Serial
hypervisordebugport    1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {8b202972-5f2d-11e0-900c-bf2d30d73598}
description            Ramdisk Options
ramdisksdidevice        unknown
ramdisksdipath          \Recovery\8b202971-5f2d-11e0-900c-bf2d30d73598\boot.sdi



LastRegBack: 2011-12-01 18:47

==================== End Of Log ============================
--- --- ---


Und wie machen wir weiter?

aharonov 22.06.2013 19:48
Äähm, du kannst du den Rechner in den normalen Modus starten...
Dann mach bitte so weiter:


Schritt 1

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 2

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.




Schritt 3

Verschiebe die frst64.exe vom USB-Stick auf deinen Desktop.
  • Starte dann FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von Adwcleaner
  • Log von Combofix
  • Logs von FRST

rosjen 22.06.2013 21:36
Gesagt getan!

Hier nun die Log-Dateien

Adwcleaner

Code:
# AdwCleaner v2.303 - Datei am 22/06/2013 um 22:43:54 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : R65 - JENNY
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\R65\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\R65\AppData\Local\APN
Ordner Gelöscht : C:\Users\R65\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\R65\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\R65\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Web-Suche
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\Software\DeviceVM
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16618

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=eb61c2e8-760e-48be-bf65-026bea384630&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=eb61c2e8-760e-48be-bf65-026bea384630&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=eb61c2e8-760e-48be-bf65-026bea384630&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=eb61c2e8-760e-48be-bf65-026bea384630&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=eb61c2e8-760e-48be-bf65-026bea384630&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=eb61c2e8-760e-48be-bf65-026bea384630&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com

-\\ Google Chrome v27.0.1453.116

Datei : C:\Users\R65\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.36] : icon_url = "hxxp://www.ask.com/favicon.ico",
Gelöscht [l.39] : keyword = "ask.com",
Gelöscht [l.42] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-3&o=APN10395&locale=d[...]
Gelöscht [l.43] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]
Gelöscht [l.1236] : homepage = "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=eb61c2e8-760e-48be-bf65[...]
Gelöscht [l.1398] : urls_to_restore_on_startup = [ "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=[...]

*************************

AdwCleaner[S1].txt - [6153 octets] - [22/06/2013 22:43:54]

########## EOF - C:\AdwCleaner[S1].txt - [6213 octets] ##########
Combofix
Code:
ComboFix 13-06-22.01 - R65 22.06.2013  23:00:01.2.2 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.4061.2238 [GMT 2:00]
ausgeführt von:: c:\users\R65\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\R65\AppData\Roaming\skype.dat
c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-05-22 bis 2013-06-22  ))))))))))))))))))))))))))))))
.
.
2013-06-22 21:13 . 2013-06-22 21:13        --------        d-----w-        c:\users\Public\AppData\Local\temp
2013-06-22 21:13 . 2013-06-22 21:13        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-06-22 19:20 . 2013-06-22 19:20        --------        d-----w-        C:\FRST
2013-06-21 20:41 . 2013-06-21 20:41        770648        ----a-w-        c:\program files (x86)\Internet Explorer\iexplore.exe
2013-06-21 20:41 . 2013-06-21 20:41        71680        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-21 20:41 . 2013-06-21 20:41        226304        ----a-w-        c:\windows\system32\elshyph.dll
2013-06-21 20:41 . 2013-06-21 20:41        218112        ----a-w-        c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-06-21 20:41 . 2013-06-21 20:41        185344        ----a-w-        c:\windows\SysWow64\elshyph.dll
2013-06-21 20:41 . 2013-06-21 20:41        1767936        ----a-w-        c:\windows\SysWow64\wininet.dll
2013-06-21 20:41 . 2013-06-21 20:41        158720        ----a-w-        c:\windows\SysWow64\msls31.dll
2013-06-21 20:41 . 2013-06-21 20:41        1054720        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-12 15:14 . 2013-05-08 06:39        1910632        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-06-12 15:09 . 2013-04-26 05:51        751104        ----a-w-        c:\windows\system32\win32spl.dll
2013-06-12 15:09 . 2013-04-26 04:55        492544        ----a-w-        c:\windows\SysWow64\win32spl.dll
2013-06-12 15:09 . 2013-05-10 05:49        30720        ----a-w-        c:\windows\system32\cryptdlg.dll
2013-06-12 15:09 . 2013-05-10 03:20        24576        ----a-w-        c:\windows\SysWow64\cryptdlg.dll
2013-06-12 15:09 . 2013-04-17 07:02        1230336        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2013-06-12 15:09 . 2013-04-17 06:24        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2013-06-12 15:08 . 2013-05-13 05:51        1464320        ----a-w-        c:\windows\system32\crypt32.dll
2013-06-12 15:08 . 2013-05-13 03:43        1192448        ----a-w-        c:\windows\system32\certutil.exe
2013-06-12 15:08 . 2013-05-13 03:08        903168        ----a-w-        c:\windows\SysWow64\certutil.exe
2013-06-12 15:08 . 2013-05-13 05:51        184320        ----a-w-        c:\windows\system32\cryptsvc.dll
2013-06-12 15:08 . 2013-05-13 05:51        139776        ----a-w-        c:\windows\system32\cryptnet.dll
2013-06-12 15:08 . 2013-05-13 05:50        52224        ----a-w-        c:\windows\system32\certenc.dll
2013-06-12 15:08 . 2013-05-13 04:45        140288        ----a-w-        c:\windows\SysWow64\cryptsvc.dll
2013-06-12 15:08 . 2013-05-13 04:45        1160192        ----a-w-        c:\windows\SysWow64\crypt32.dll
2013-06-12 15:08 . 2013-05-13 04:45        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll
2013-06-12 15:08 . 2013-05-13 03:08        43008        ----a-w-        c:\windows\SysWow64\certenc.dll
2013-06-12 15:08 . 2013-04-25 23:30        1505280        ----a-w-        c:\windows\SysWow64\d3d11.dll
2013-06-12 15:08 . 2013-03-31 22:52        1887232        ----a-w-        c:\windows\system32\d3d11.dll
2013-06-10 15:49 . 2013-06-10 15:49        --------        d-----w-        c:\users\R65\AppData\Local\Samsung
2013-06-10 15:49 . 2013-06-10 15:49        --------        d-----w-        c:\users\R65\AppData\Roaming\Samsung
2013-06-10 15:46 . 2013-06-10 15:46        --------        d-----w-        c:\program files (x86)\MyFree Codec
2013-06-10 15:38 . 2013-04-18 17:08        4659712        ----a-w-        c:\windows\SysWow64\Redemption.dll
2013-06-10 15:38 . 2013-04-18 17:06        821824        ----a-w-        c:\windows\SysWow64\dgderapi.dll
2013-06-10 15:38 . 2013-06-10 15:47        --------        d-----w-        c:\program files (x86)\Samsung
2013-06-10 15:38 . 2013-06-10 15:47        --------        d-----w-        c:\programdata\Samsung
2013-06-10 15:13 . 2013-06-10 15:13        --------        d-----w-        c:\users\R65\AppData\Local\Downloaded Installations
2013-06-08 11:25 . 2013-06-08 11:25        --------        d-----w-        c:\program files\iPod
2013-06-08 11:25 . 2013-06-08 11:25        --------        d-----w-        c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-08 11:25 . 2013-06-08 11:25        --------        d-----w-        c:\program files\iTunes
2013-06-08 11:25 . 2013-06-08 11:25        --------        d-----w-        c:\program files (x86)\iTunes
2013-06-04 07:15 . 2013-06-04 07:15        103448        ----a-w-        c:\windows\system32\drivers\ssudbus.sys
2013-06-04 07:15 . 2013-06-04 07:15        203672        ----a-w-        c:\windows\system32\drivers\ssudmdm.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 18:01 . 2011-04-05 10:20        75825640        ----a-w-        c:\windows\system32\MRT.exe
2013-06-12 16:19 . 2012-05-19 13:02        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 16:19 . 2011-06-24 13:24        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-07 15:24 . 2013-05-07 15:24        83160        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2013-04-18 17:07 . 2013-04-18 17:07        90112        ----a-w-        c:\windows\MAMCityDownload.ocx
2013-04-18 17:07 . 2013-04-18 17:07        330240        ----a-w-        c:\windows\MASetupCaller.dll
2013-04-18 17:07 . 2013-04-18 17:07        30568        ----a-w-        c:\windows\MusiccityDownload.exe
2013-04-18 17:06 . 2013-04-18 17:06        974848        ----a-w-        c:\windows\SysWow64\cis-2.4.dll
2013-04-18 17:06 . 2013-04-18 17:06        81920        ----a-w-        c:\windows\SysWow64\issacapi_bs-2.3.dll
2013-04-18 17:06 . 2013-04-18 17:06        65536        ----a-w-        c:\windows\SysWow64\issacapi_pe-2.3.dll
2013-04-18 17:06 . 2013-04-18 17:06        57344        ----a-w-        c:\windows\SysWow64\MTXSYNCICON.dll
2013-04-18 17:06 . 2013-04-18 17:06        57344        ----a-w-        c:\windows\SysWow64\MK_Lyric.dll
2013-04-18 17:06 . 2013-04-18 17:06        57344        ----a-w-        c:\windows\SysWow64\issacapi_se-2.3.dll
2013-04-18 17:06 . 2013-04-18 17:06        569344        ----a-w-        c:\windows\SysWow64\muzdecode.ax
2013-04-18 17:06 . 2013-04-18 17:06        491520        ----a-w-        c:\windows\SysWow64\muzapp.dll
2013-04-18 17:06 . 2013-04-18 17:06        49152        ----a-w-        c:\windows\SysWow64\MaJGUILib.dll
2013-04-18 17:06 . 2013-04-18 17:06        45320        ----a-w-        c:\windows\SysWow64\MAMACExtract.dll
2013-04-18 17:06 . 2013-04-18 17:06        45056        ----a-w-        c:\windows\SysWow64\MaXMLProto.dll
2013-04-18 17:06 . 2013-04-18 17:06        45056        ----a-w-        c:\windows\SysWow64\MACXMLProto.dll
2013-04-18 17:06 . 2013-04-18 17:06        40960        ----a-w-        c:\windows\SysWow64\MTTELECHIP.dll
2013-04-18 17:06 . 2013-04-18 17:06        352256        ----a-w-        c:\windows\SysWow64\MSLUR71.dll
2013-04-18 17:06 . 2013-04-18 17:06        258048        ----a-w-        c:\windows\SysWow64\muzoggsp.ax
2013-04-18 17:06 . 2013-04-18 17:06        245760        ----a-w-        c:\windows\SysWow64\MSCLib.dll
2013-04-18 17:06 . 2013-04-18 17:06        24576        ----a-w-        c:\windows\SysWow64\MASetupCleaner.exe
2013-04-18 17:06 . 2013-04-18 17:06        200704        ----a-w-        c:\windows\SysWow64\muzwmts.dll
2013-04-18 17:06 . 2013-04-18 17:06        172032        ----a-w-        c:\windows\SysWow64\muzapp.exe
2013-04-18 17:06 . 2013-04-18 17:06        155648        ----a-w-        c:\windows\SysWow64\MSFLib.dll
2013-04-18 17:06 . 2013-04-18 17:06        143360        ----a-w-        c:\windows\SysWow64\3DAudio.ax
2013-04-18 17:06 . 2013-04-18 17:06        135168        ----a-w-        c:\windows\SysWow64\muzaf1.dll
2013-04-18 17:06 . 2013-04-18 17:06        131072        ----a-w-        c:\windows\SysWow64\muzmpgsp.ax
2013-04-18 17:06 . 2013-04-18 17:06        122880        ----a-w-        c:\windows\SysWow64\muzeffect.ax
2013-04-18 17:06 . 2013-04-18 17:06        118784        ----a-w-        c:\windows\SysWow64\MaDRM.dll
2013-04-18 17:06 . 2013-04-18 17:06        110592        ----a-w-        c:\windows\SysWow64\muzmp4sp.ax
2013-04-13 05:49 . 2013-05-16 14:34        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 14:34        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 14:34        308736        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 14:34        111104        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 14:34        474624        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 14:34        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 18:16        1656680        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-16 14:34        265064        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-16 14:34        983400        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-16 14:34        3153920        ----a-w-        c:\windows\system32\win32k.sys
2013-04-06 08:58 . 2013-04-07 08:36        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2013-04-06 08:58 . 2013-04-07 08:36        130016        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2013-04-06 08:58 . 2013-04-07 08:36        100712        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2013-04-04 12:50 . 2012-07-19 19:59        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2003-03-21 12:45 . 2011-12-14 08:27        250544        ----a-w-        c:\program files (x86)\Common Files\keyhelp.ocx
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\R65\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\R65\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\R65\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="d:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 719672]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]
"Facebook Update"="c:\users\R65\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-17 138096]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-08-03 1086376]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-04-23 1561968]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2013-04-18 578560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-19 170624]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-10-09 6937216]
"BCSSync"="d:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-04-23 311152]
.
c:\users\R65\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\R65\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys;c:\windows\SYSNATIVE\DRIVERS\ipswuio.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;d:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys;d:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys;c:\windows\SYSNATIVE\drivers\acedrv11.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys;c:\program files\ATKGFNEX\ASMMAP64.sys [x]
S2 DBService;DATA BECKER Update Service;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-19 14:29        1165776        ----a-w-        c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-19 16:19]
.
2013-06-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4052187697-802691591-208067248-1000Core.job
- c:\users\R65\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-03 20:50]
.
2013-06-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4052187697-802691591-208067248-1000UA.job
- c:\users\R65\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-03 20:50]
.
2013-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-04 18:01]
.
2013-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-04 18:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\R65\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\R65\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\R65\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\R65\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-05 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-05 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-05 365592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-28 16336488]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-08-12 323072]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: An OneNote s&enden - d:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\R65\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - d:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe /f=srs_premium_sound_nopreset.zip /h
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-22  23:21:19
ComboFix-quarantined-files.txt  2013-06-22 21:21
.
Vor Suchlauf: 15 Verzeichnis(se), 36.937.355.264 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 37.653.266.432 Bytes frei
.
- - End Of File - - 66A7D729E4E95D435C9E65147332C827
A36C5E4F47E84449FF07ED3517B43A31
FRST

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2013
Ran by R65 (administrator) on 22-06-2013 23:24:34
Running from C:\Users\R65\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(ASUS) C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
(DATA BECKER GmbH & Co KG) C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) D:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Microsoft Corporation) C:\Windows\system32\presentationsettings.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16336488 2009-08-28] (NVIDIA Corporation)
HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-08-12] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.)
HKCU\...\Run: [OfficeSyncProcess] "D:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [x]
HKCU\...\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [435672 2011-11-14] (TomTom)
HKCU\...\Run: [Facebook Update] "C:\Users\R65\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-17] (Facebook Inc.)
HKCU\...\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray [1086376 2012-08-03] (Nokia)
HKCU\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [1561968 2013-04-23] (Samsung)
HKCU\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [578560 2013-04-18] (Samsung Electronics)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6937216 2009-10-09] (ASUS)
HKLM-x32\...\Run: [BCSSync] "D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.)
Startup: C:\Users\R65\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\R65\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {34CFF45B-7154-4AF9-A87D-897D2AFCD1F6} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {459FA174-3829-4446-9094-4B2629215F1E} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {7B9E3889-F9BF-4C39-AF02-376EF56F31C8} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=96fc5f97-4dd5-4a17-9b48-40ddf9eeda28&apn_sauid=10412A3B-7C5F-477A-A9DF-62E352D2ADB4
SearchScopes: HKCU - {92C98AF0-6946-4FA5-830E-1E3AA43B8728} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {CEF7FB2F-9495-45A1-8550-3831422F36ED} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL No File
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - D:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Ask) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Microsoft Office 2010) - D:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - D:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File

==================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-04-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-04-06] (Avira Operations GmbH & Co. KG)
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
R2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [187456 2013-03-13] (DATA BECKER GmbH & Co KG)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [30785672 2012-09-20] (Microsoft Corporation)
S2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57966424 2010-09-17] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R3 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [430424 2010-09-17] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-06] (Avira Operations GmbH & Co. KG)
S2 DgiVecp; C:\Windows\SysWow64\Drivers\DgiVecp.sys [41984 2004-05-17] (DeviceGuys, Inc.)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-03] ()
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-03] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 PcaSp60; C:\Windows\SysWow64\DRIVERS\PcaSp60.sys [38912 2010-05-19] (Printing Communications Assoc., Inc. (PCAUSA))
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-07-17] ()
S3 VSPerfDrv100; D:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-17] (Microsoft Corporation)
S3 VSPerfDrv100; D:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-17] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S2 DgiVecp; System32\Drivers\DgiVecp.sys [x]
S3 ipswuio; System32\DRIVERS\ipswuio.sys [x]
S3 massfilter; system32\drivers\massfilter.sys [x]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-22 23:24 - 2013-06-22 20:22 - 01931364 ____A (Farbar) C:\Users\R65\Desktop\FRST64.exe
2013-06-22 23:21 - 2013-06-22 23:21 - 00027049 ____A C:\ComboFix.txt
2013-06-22 22:53 - 2013-06-22 22:53 - 05082201 ____R (Swearware) C:\Users\R65\Desktop\ComboFix.exe
2013-06-22 22:43 - 2013-06-22 22:44 - 00006270 ____A C:\AdwCleaner[S1].txt
2013-06-22 22:42 - 2013-06-22 22:42 - 00648201 ____A C:\Users\R65\Desktop\adwcleaner.exe
2013-06-22 21:20 - 2013-06-22 21:20 - 00000000 ____D C:\FRST
2013-06-22 16:22 - 2013-06-22 17:07 - 00000004 ____A C:\Users\R65\AppData\Roaming\skype.ini
2013-06-21 22:41 - 2013-06-21 22:41 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-21 22:41 - 2013-06-21 22:41 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-21 22:41 - 2013-06-21 22:41 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-21 22:40 - 2013-06-21 22:40 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-21 22:40 - 2013-06-21 22:40 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-21 22:40 - 2013-06-21 22:40 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-21 22:40 - 2013-06-21 22:40 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-21 22:40 - 2013-06-21 22:40 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-21 22:40 - 2013-06-21 22:40 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-21 22:40 - 2013-06-21 22:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-21 22:40 - 2013-06-21 22:40 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-21 22:40 - 2013-06-21 22:40 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-21 22:40 - 2013-06-21 22:40 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-21 22:30 - 2013-06-21 22:49 - 00010557 ____A C:\Windows\IE10_main.log
2013-06-12 17:14 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 17:09 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 17:09 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 17:09 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 17:09 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 17:09 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 17:09 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 17:08 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 17:08 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 17:08 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 17:08 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 17:08 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 17:08 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 17:08 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 17:08 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 17:08 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 17:08 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 17:08 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 17:08 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-10 20:53 - 2013-06-10 20:53 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-06-10 17:49 - 2013-06-10 17:49 - 00002002 ____A C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2013-06-10 17:49 - 2013-06-10 17:49 - 00001992 ____A C:\Users\Public\Desktop\Samsung Kies.lnk
2013-06-10 17:49 - 2013-06-10 17:49 - 00000000 ____D C:\Users\R65\Documents\samsung
2013-06-10 17:49 - 2013-06-10 17:49 - 00000000 ____D C:\Users\R65\AppData\Roaming\Samsung
2013-06-10 17:49 - 2013-06-10 17:49 - 00000000 ____D C:\Users\R65\AppData\Local\Samsung
2013-06-10 17:49 - 2013-06-10 17:49 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2013-06-10 17:46 - 2013-06-10 17:46 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2013-06-10 17:38 - 2013-06-10 17:47 - 00000000 ____D C:\ProgramData\Samsung
2013-06-10 17:38 - 2013-06-10 17:47 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-06-10 17:38 - 2013-04-18 19:08 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2013-06-10 17:38 - 2013-04-18 19:06 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2013-06-10 17:13 - 2013-06-10 17:13 - 00000000 ____D C:\Users\R65\AppData\Local\Downloaded Installations
2013-06-10 16:54 - 2013-06-10 16:54 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-06-08 13:25 - 2013-06-08 13:25 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-08 13:25 - 2013-06-08 13:25 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-08 13:25 - 2013-06-08 13:25 - 00000000 ____D C:\Program Files\iTunes
2013-06-08 13:25 - 2013-06-08 13:25 - 00000000 ____D C:\Program Files\iPod
2013-06-08 13:25 - 2013-06-08 13:25 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-04 09:15 - 2013-06-04 09:15 - 00203672 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2013-06-04 09:15 - 2013-06-04 09:15 - 00103448 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys

==================== One Month Modified Files and Folders =======

2013-06-22 23:21 - 2013-06-22 23:21 - 00027049 ____A C:\ComboFix.txt
2013-06-22 23:21 - 2012-07-18 12:11 - 00000000 ____D C:\Qoobox
2013-06-22 23:18 - 2012-05-19 15:02 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-22 23:15 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-22 22:56 - 2009-07-14 06:45 - 00016704 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-22 22:56 - 2009-07-14 06:45 - 00016704 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-22 22:55 - 2011-11-03 17:45 - 00001130 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4052187697-802691591-208067248-1000UA.job
2013-06-22 22:55 - 2011-11-03 17:45 - 00001108 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4052187697-802691591-208067248-1000Core.job
2013-06-22 22:53 - 2013-06-22 22:53 - 05082201 ____R (Swearware) C:\Users\R65\Desktop\ComboFix.exe
2013-06-22 22:53 - 2011-04-04 18:40 - 01977485 ____A C:\Windows\WindowsUpdate.log
2013-06-22 22:53 - 2009-12-01 06:49 - 00766802 ____A C:\Windows\System32\perfh007.dat
2013-06-22 22:53 - 2009-12-01 06:49 - 00174656 ____A C:\Windows\System32\perfc007.dat
2013-06-22 22:53 - 2009-07-14 07:13 - 01808826 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-22 22:50 - 2011-07-13 15:28 - 00000000 ____D C:\Users\R65\AppData\Roaming\Dropbox
2013-06-22 22:45 - 2011-04-04 20:01 - 00001100 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-22 22:45 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-22 22:45 - 2009-07-14 06:51 - 00217661 ____A C:\Windows\setupact.log
2013-06-22 22:44 - 2013-06-22 22:43 - 00006270 ____A C:\AdwCleaner[S1].txt
2013-06-22 22:42 - 2013-06-22 22:42 - 00648201 ____A C:\Users\R65\Desktop\adwcleaner.exe
2013-06-22 22:27 - 2011-04-04 20:01 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-22 21:20 - 2013-06-22 21:20 - 00000000 ____D C:\FRST
2013-06-22 20:22 - 2013-06-22 23:24 - 01931364 ____A (Farbar) C:\Users\R65\Desktop\FRST64.exe
2013-06-22 17:07 - 2013-06-22 16:22 - 00000004 ____A C:\Users\R65\AppData\Roaming\skype.ini
2013-06-22 15:36 - 2011-06-09 18:33 - 00000000 ____D C:\Users\R65\Documents\Outlook-Dateien
2013-06-22 10:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-21 22:49 - 2013-06-21 22:30 - 00010557 ____A C:\Windows\IE10_main.log
2013-06-21 22:41 - 2013-06-21 22:41 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-21 22:41 - 2013-06-21 22:41 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-21 22:41 - 2013-06-21 22:41 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-21 22:40 - 2013-06-21 22:40 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-21 22:40 - 2013-06-21 22:40 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-21 22:40 - 2013-06-21 22:40 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-21 22:40 - 2013-06-21 22:40 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-21 22:40 - 2013-06-21 22:40 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-21 22:40 - 2013-06-21 22:40 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-21 22:40 - 2013-06-21 22:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-21 22:40 - 2013-06-21 22:40 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-21 22:40 - 2013-06-21 22:40 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-21 22:40 - 2013-06-21 22:40 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-12 20:01 - 2011-04-05 12:20 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 18:19 - 2012-05-19 15:02 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 18:19 - 2011-06-24 15:24 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 16:48 - 2011-04-05 17:54 - 00001910 ____A C:\Windows\System32\AutoRunFilter.ini
2013-06-10 20:53 - 2013-06-10 20:53 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-06-10 18:03 - 2011-04-05 08:58 - 01829236 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-10 17:49 - 2013-06-10 17:49 - 00002002 ____A C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2013-06-10 17:49 - 2013-06-10 17:49 - 00001992 ____A C:\Users\Public\Desktop\Samsung Kies.lnk
2013-06-10 17:49 - 2013-06-10 17:49 - 00000000 ____D C:\Users\R65\Documents\samsung
2013-06-10 17:49 - 2013-06-10 17:49 - 00000000 ____D C:\Users\R65\AppData\Roaming\Samsung
2013-06-10 17:49 - 2013-06-10 17:49 - 00000000 ____D C:\Users\R65\AppData\Local\Samsung
2013-06-10 17:49 - 2013-06-10 17:49 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2013-06-10 17:47 - 2013-06-10 17:38 - 00000000 ____D C:\ProgramData\Samsung
2013-06-10 17:47 - 2013-06-10 17:38 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-06-10 17:46 - 2013-06-10 17:46 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2013-06-10 17:38 - 2011-04-05 17:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-10 17:13 - 2013-06-10 17:13 - 00000000 ____D C:\Users\R65\AppData\Local\Downloaded Installations
2013-06-10 16:54 - 2013-06-10 16:54 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-06-08 13:25 - 2013-06-08 13:25 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-08 13:25 - 2013-06-08 13:25 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-08 13:25 - 2013-06-08 13:25 - 00000000 ____D C:\Program Files\iTunes
2013-06-08 13:25 - 2013-06-08 13:25 - 00000000 ____D C:\Program Files\iPod
2013-06-08 13:25 - 2013-06-08 13:25 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-04 09:15 - 2013-06-04 09:15 - 00203672 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2013-06-04 09:15 - 2013-06-04 09:15 - 00103448 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2013-06-02 19:17 - 2011-07-13 15:30 - 00001008 ____A C:\Users\R65\Desktop\Dropbox.lnk

Files to move or delete:
====================
C:\Users\R65\AppData\Roaming\skype.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2011-12-01 18:47

==================== End Of Log ============================
--- --- ---

--- --- ---


Das ist der einzige FRST Log der auf dem Desktop gespeichert wurde!? Hab ich was falsch gemacht????

aharonov 22.06.2013 21:40
Ach sorry, ich hab dir den falschen Baustein gegeben.
Wiederhole bitten den FRST-Scan so:
(Dann sollte es 2 Logs geben.)


Starte noch einmal FRST.
  • Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.

rosjen 23.06.2013 08:37
Kein Problem. Danke für die schnelle Antwort.
Hier nun die Logfiles

FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2013
Ran by R65 (administrator) on 23-06-2013 10:31:35
Running from C:\Users\R65\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DATA BECKER GmbH & Co KG) C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) D:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(Dropbox, Inc.) C:\Users\R65\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ASUS) C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Microsoft Corporation) C:\Windows\system32\presentationsettings.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16336488 2009-08-28] (NVIDIA Corporation)
HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-08-12] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.)
HKCU\...\Run: [OfficeSyncProcess] "D:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [x]
HKCU\...\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [435672 2011-11-14] (TomTom)
HKCU\...\Run: [Facebook Update] "C:\Users\R65\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-17] (Facebook Inc.)
HKCU\...\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray [1086376 2012-08-03] (Nokia)
HKCU\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [1561968 2013-04-23] (Samsung)
HKCU\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [578560 2013-04-18] (Samsung Electronics)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6937216 2009-10-09] (ASUS)
HKLM-x32\...\Run: [BCSSync] "D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.)
Startup: C:\Users\R65\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\R65\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {34CFF45B-7154-4AF9-A87D-897D2AFCD1F6} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {459FA174-3829-4446-9094-4B2629215F1E} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {7B9E3889-F9BF-4C39-AF02-376EF56F31C8} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=96fc5f97-4dd5-4a17-9b48-40ddf9eeda28&apn_sauid=10412A3B-7C5F-477A-A9DF-62E352D2ADB4
SearchScopes: HKCU - {92C98AF0-6946-4FA5-830E-1E3AA43B8728} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {CEF7FB2F-9495-45A1-8550-3831422F36ED} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL No File
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - D:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Ask) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Microsoft Office 2010) - D:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - D:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File

==================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-04-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-04-06] (Avira Operations GmbH & Co. KG)
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
R2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [187456 2013-03-13] (DATA BECKER GmbH & Co KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [30785672 2012-09-20] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57966424 2010-09-17] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R3 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [430424 2010-09-17] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-06] (Avira Operations GmbH & Co. KG)
S2 DgiVecp; C:\Windows\SysWow64\Drivers\DgiVecp.sys [41984 2004-05-17] (DeviceGuys, Inc.)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-03] ()
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-03] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 PcaSp60; C:\Windows\SysWow64\DRIVERS\PcaSp60.sys [38912 2010-05-19] (Printing Communications Assoc., Inc. (PCAUSA))
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-07-17] ()
S3 VSPerfDrv100; D:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-17] (Microsoft Corporation)
S3 VSPerfDrv100; D:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-17] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S2 DgiVecp; System32\Drivers\DgiVecp.sys [x]
S3 ipswuio; System32\DRIVERS\ipswuio.sys [x]
S3 massfilter; system32\drivers\massfilter.sys [x]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-22 23:24 - 2013-06-22 20:22 - 01931364 ____A (Farbar) C:\Users\R65\Desktop\FRST64.exe
2013-06-22 23:21 - 2013-06-22 23:21 - 00027049 ____A C:\ComboFix.txt
2013-06-22 22:53 - 2013-06-22 22:53 - 05082201 ____R (Swearware) C:\Users\R65\Desktop\ComboFix.exe
2013-06-22 22:43 - 2013-06-22 22:44 - 00006270 ____A C:\AdwCleaner[S1].txt
2013-06-22 22:42 - 2013-06-22 22:42 - 00648201 ____A C:\Users\R65\Desktop\adwcleaner.exe
2013-06-22 21:20 - 2013-06-22 21:20 - 00000000 ____D C:\FRST
2013-06-22 16:22 - 2013-06-22 17:07 - 00000004 ____A C:\Users\R65\AppData\Roaming\skype.ini
2013-06-21 22:41 - 2013-06-21 22:41 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-21 22:41 - 2013-06-21 22:41 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-21 22:41 - 2013-06-21 22:41 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-21 22:40 - 2013-06-21 22:40 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-21 22:40 - 2013-06-21 22:40 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-21 22:40 - 2013-06-21 22:40 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-21 22:40 - 2013-06-21 22:40 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-21 22:40 - 2013-06-21 22:40 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-21 22:40 - 2013-06-21 22:40 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-21 22:40 - 2013-06-21 22:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-21 22:40 - 2013-06-21 22:40 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-21 22:40 - 2013-06-21 22:40 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-21 22:40 - 2013-06-21 22:40 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-21 22:30 - 2013-06-21 22:49 - 00010557 ____A C:\Windows\IE10_main.log
2013-06-12 17:14 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 17:09 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 17:09 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 17:09 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 17:09 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 17:09 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 17:09 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 17:08 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 17:08 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 17:08 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 17:08 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 17:08 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 17:08 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 17:08 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 17:08 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 17:08 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 17:08 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 17:08 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 17:08 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-10 20:53 - 2013-06-10 20:53 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-06-10 17:49 - 2013-06-10 17:49 - 00002002 ____A C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2013-06-10 17:49 - 2013-06-10 17:49 - 00001992 ____A C:\Users\Public\Desktop\Samsung Kies.lnk
2013-06-10 17:49 - 2013-06-10 17:49 - 00000000 ____D C:\Users\R65\Documents\samsung
2013-06-10 17:49 - 2013-06-10 17:49 - 00000000 ____D C:\Users\R65\AppData\Roaming\Samsung
2013-06-10 17:49 - 2013-06-10 17:49 - 00000000 ____D C:\Users\R65\AppData\Local\Samsung
2013-06-10 17:49 - 2013-06-10 17:49 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2013-06-10 17:46 - 2013-06-10 17:46 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2013-06-10 17:38 - 2013-06-10 17:47 - 00000000 ____D C:\ProgramData\Samsung
2013-06-10 17:38 - 2013-06-10 17:47 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-06-10 17:38 - 2013-04-18 19:08 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2013-06-10 17:38 - 2013-04-18 19:06 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2013-06-10 17:13 - 2013-06-10 17:13 - 00000000 ____D C:\Users\R65\AppData\Local\Downloaded Installations
2013-06-10 16:54 - 2013-06-10 16:54 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-06-08 13:25 - 2013-06-08 13:25 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-08 13:25 - 2013-06-08 13:25 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-08 13:25 - 2013-06-08 13:25 - 00000000 ____D C:\Program Files\iTunes
2013-06-08 13:25 - 2013-06-08 13:25 - 00000000 ____D C:\Program Files\iPod
2013-06-08 13:25 - 2013-06-08 13:25 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-04 09:15 - 2013-06-04 09:15 - 00203672 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2013-06-04 09:15 - 2013-06-04 09:15 - 00103448 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys

==================== One Month Modified Files and Folders =======

2013-06-23 10:27 - 2011-04-04 20:01 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-23 10:18 - 2012-05-19 15:02 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-23 10:02 - 2011-07-13 15:28 - 00000000 ____D C:\Users\R65\AppData\Roaming\Dropbox
2013-06-23 10:01 - 2009-07-14 06:45 - 00016704 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-23 10:01 - 2009-07-14 06:45 - 00016704 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-23 09:59 - 2011-04-04 20:01 - 00001100 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-23 09:53 - 2011-04-04 21:13 - 00222634 ____A C:\Windows\PFRO.log
2013-06-23 09:53 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-23 09:53 - 2009-07-14 06:51 - 00217717 ____A C:\Windows\setupact.log
2013-06-22 23:38 - 2011-04-04 18:40 - 02051000 ____A C:\Windows\WindowsUpdate.log
2013-06-22 23:21 - 2013-06-22 23:21 - 00027049 ____A C:\ComboFix.txt
2013-06-22 23:21 - 2012-07-18 12:11 - 00000000 ____D C:\Qoobox
2013-06-22 23:15 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-22 22:55 - 2011-11-03 17:45 - 00001130 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4052187697-802691591-208067248-1000UA.job
2013-06-22 22:55 - 2011-11-03 17:45 - 00001108 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4052187697-802691591-208067248-1000Core.job
2013-06-22 22:53 - 2013-06-22 22:53 - 05082201 ____R (Swearware) C:\Users\R65\Desktop\ComboFix.exe
2013-06-22 22:53 - 2009-12-01 06:49 - 00766802 ____A C:\Windows\System32\perfh007.dat
2013-06-22 22:53 - 2009-12-01 06:49 - 00174656 ____A C:\Windows\System32\perfc007.dat
2013-06-22 22:53 - 2009-07-14 07:13 - 01808826 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-22 22:44 - 2013-06-22 22:43 - 00006270 ____A C:\AdwCleaner[S1].txt
2013-06-22 22:42 - 2013-06-22 22:42 - 00648201 ____A C:\Users\R65\Desktop\adwcleaner.exe
2013-06-22 21:20 - 2013-06-22 21:20 - 00000000 ____D C:\FRST
2013-06-22 20:22 - 2013-06-22 23:24 - 01931364 ____A (Farbar) C:\Users\R65\Desktop\FRST64.exe
2013-06-22 17:07 - 2013-06-22 16:22 - 00000004 ____A C:\Users\R65\AppData\Roaming\skype.ini
2013-06-22 15:36 - 2011-06-09 18:33 - 00000000 ____D C:\Users\R65\Documents\Outlook-Dateien
2013-06-22 10:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-21 22:49 - 2013-06-21 22:30 - 00010557 ____A C:\Windows\IE10_main.log
2013-06-21 22:41 - 2013-06-21 22:41 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-21 22:41 - 2013-06-21 22:41 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-21 22:41 - 2013-06-21 22:41 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-21 22:41 - 2013-06-21 22:41 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-21 22:40 - 2013-06-21 22:40 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-21 22:40 - 2013-06-21 22:40 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-21 22:40 - 2013-06-21 22:40 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-21 22:40 - 2013-06-21 22:40 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-21 22:40 - 2013-06-21 22:40 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-21 22:40 - 2013-06-21 22:40 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-21 22:40 - 2013-06-21 22:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-21 22:40 - 2013-06-21 22:40 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-21 22:40 - 2013-06-21 22:40 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-21 22:40 - 2013-06-21 22:40 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-21 22:40 - 2013-06-21 22:40 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-21 22:40 - 2013-06-21 22:40 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-12 20:01 - 2011-04-05 12:20 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 18:19 - 2012-05-19 15:02 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 18:19 - 2011-06-24 15:24 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 16:48 - 2011-04-05 17:54 - 00001910 ____A C:\Windows\System32\AutoRunFilter.ini
2013-06-10 20:53 - 2013-06-10 20:53 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-06-10 18:03 - 2011-04-05 08:58 - 01829236 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-10 17:49 - 2013-06-10 17:49 - 00002002 ____A C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2013-06-10 17:49 - 2013-06-10 17:49 - 00001992 ____A C:\Users\Public\Desktop\Samsung Kies.lnk
2013-06-10 17:49 - 2013-06-10 17:49 - 00000000 ____D C:\Users\R65\Documents\samsung
2013-06-10 17:49 - 2013-06-10 17:49 - 00000000 ____D C:\Users\R65\AppData\Roaming\Samsung
2013-06-10 17:49 - 2013-06-10 17:49 - 00000000 ____D C:\Users\R65\AppData\Local\Samsung
2013-06-10 17:49 - 2013-06-10 17:49 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2013-06-10 17:47 - 2013-06-10 17:38 - 00000000 ____D C:\ProgramData\Samsung
2013-06-10 17:47 - 2013-06-10 17:38 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-06-10 17:46 - 2013-06-10 17:46 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2013-06-10 17:38 - 2011-04-05 17:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-10 17:13 - 2013-06-10 17:13 - 00000000 ____D C:\Users\R65\AppData\Local\Downloaded Installations
2013-06-10 16:54 - 2013-06-10 16:54 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-06-08 13:25 - 2013-06-08 13:25 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-08 13:25 - 2013-06-08 13:25 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-08 13:25 - 2013-06-08 13:25 - 00000000 ____D C:\Program Files\iTunes
2013-06-08 13:25 - 2013-06-08 13:25 - 00000000 ____D C:\Program Files\iPod
2013-06-08 13:25 - 2013-06-08 13:25 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-04 09:15 - 2013-06-04 09:15 - 00203672 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2013-06-04 09:15 - 2013-06-04 09:15 - 00103448 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2013-06-02 19:17 - 2011-07-13 15:30 - 00001008 ____A C:\Users\R65\Desktop\Dropbox.lnk

Files to move or delete:
====================
C:\Users\R65\AppData\Roaming\skype.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2011-12-01 18:47

==================== End Of Log ============================
--- --- ---


Addition
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-06-2013
Ran by R65 at 2013-06-23 10:32:46
Running from C:\Users\R65\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
AAVUpdateManager (x32 Version: 18.00.0000)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.0) - Deutsch (x32 Version: 10.1.0)
Alcor Micro USB Card Reader (x32 Version: 1.3.17.25001)
ALDI NORD Bestellsoftware 4.9 (x32 Version: 4.9)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
ASUS MultiFrame (x32 Version: 1.0.0019)
ASUS Power4Gear Hybrid (Version: 1.1.25)
ASUS SmartLogon (x32 Version: 1.0.0007)
ASUS Virtual Camera (x32 Version: 1.0.19)
ASUS Wireless Router RT-N56U Manuals (x32 Version: 1.00.000)
ATK Generic Function Service (x32 Version: 1.00.0008)
ATK Hotkey (x32 Version: 1.0.0052)
ATK Media (x32 Version: 2.0.0006)
ATKOSD2 (x32 Version: 7.0.0007)
Auslogics Disk Defrag (x32 Version: version 3.1)
Avira Free Antivirus (x32 Version: 13.0.0.3640)
BDA (x32)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.20)
ControlDeck (x32 Version: 1.0.4)
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240)
DATA BECKER Stream Catcher 2 FREE (x32)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dotfuscator Software Services - Community Edition - DEU (x32 Version: 5.0.2300.0)
Dotfuscator Software Services - Community Edition (x32 Version: 5.0.2300.0)
Dropbox (HKCU Version: 2.0.22)
ETDWare PS/2-x64 7.0.5.9_WHQL
Express Gate (x32 Version: 1.2.13.21)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Fast Boot (Version: 1.0.4)
Free YouTube Download version 3.1.42.1212 (x32 Version: 3.1.42.1212)
Google Chrome (x32 Version: 27.0.1453.116)
Google Earth Plug-in (x32 Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.145)
HotPotatoes v 6.3.0.4 (x32)
iTunes (Version: 11.0.4.4)
Java Auto Updater (x32 Version: 2.0.5.1)
Java(TM) 6 Update 26 (x32 Version: 6.0.260)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30320)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft ASP.NET MVC 2 - DEU (x32 Version: 2.0.50331.0)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU (x32 Version: 2.0.50331.0)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (x32 Version: 2.0.50217.0)
Microsoft ASP.NET MVC 2 (x32 Version: 2.0.50217.0)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319)
Microsoft MapPoint Europa 2010 (x32 Version: 17.0.22.1400)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1) (x32)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access database engine 2007 (German) (x32 Version: 12.0.6425.1000)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Project MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Project Professional 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Visio 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Visio MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Project 2010 Service Pack 1 (SP1) (x32)
Microsoft Project Professional 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Silverlight 3 SDK - Deutsch (x32 Version: 3.0.40818.0)
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser (x32 Version: 10.2.4000.0)
Microsoft SQL Server 2008 Common Files (Version: 10.2.4000.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.2.4000.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.2.4000.0)
Microsoft SQL Server 2008 Native Client (Version: 10.2.4000.0)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Management Objects (x64) (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.2.4000.0)
Microsoft SQL Server Compact 3.5 SP2 DEU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (Version: 3.5.8080.0)
Microsoft SQL Server Database Publishing Wizard 1.4 (x32 Version: 10.1.2512.8)
Microsoft SQL Server System CLR Types (x32 Version: 10.50.1447.4)
Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1447.4)
Microsoft SQL Server VSS Writer (Version: 10.2.4000.0)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) de (Version: 1.0.3010.0)
Microsoft Sync Framework SDK v1.0 SP1 de (x32 Version: 1.0.3010.0)
Microsoft Sync Framework Services v1.0 SP1 (x64) de (Version: 1.0.3010.0)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de (Version: 2.0.3010.0)
Microsoft Team Foundation Server 2010 Object Model - DEU (Version: 10.0.30319)
Microsoft Team Foundation Server 2010-Objektmodell - DEU (Version: 10.0.30319)
Microsoft Visio 2010 Service Pack 1 (SP1) (x32)
Microsoft Visio Professional 2010 (x32 Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (x32 Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable Package (x32 Version: 1.0.0)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft Visual F# 2.0 Runtime (x32 Version: 10.0.30319)
Microsoft Visual F# 2.0 Runtime Language Pack - DEU (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (Version: 10.0.30319)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.30319)
Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU (Version: 10.0.30319)
Microsoft Visual Studio 2010 Performance Collection Tools - DEU (Version: 10.0.30319)
Microsoft Visual Studio 2010 SharePoint Developer Tools (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.40303)
Microsoft Visual Studio 2010 Ultimate - DEU (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (Version: 10.0.40303)
Microsoft Visual Studio Macro Tools - DEU Language Pack (x32 Version: 9.0.30729)
Microsoft Visual Studio Macro Tools (x32 Version: 9.0.30729)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1)
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (x32 Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (x32 Version: 1.0.1.2)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyFreeCodec (HKCU)
MyTomTom 3.1.0.530 (x32 Version: 3.1.0.530)
NB Probe (x32)
Net4Switch (x32 Version: 1.00.0019)
Nokia Connectivity Cable Driver (x32 Version: 7.1.78.0)
Nokia Suite (x32 Version: 3.5.34.0)
NVIDIA Drivers (Version: 1.3)
PC Connectivity Solution (x32 Version: 12.0.32.0)
PDF Architect (x32 Version: 1.0.41.8362)
PDFCreator (x32 Version: 1.6.0)
Pointofix (x32)
Protect Disc License Helper 1.0.118 (x32 Version: 1.0.118)
ProtectDisc Driver, Version 11 (x32 Version: 11.0.0.11)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5936)
Samsung Kies (x32 Version: 2.5.3.13043_14)
Samsung ML-1610 Series (x32)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.23.0)
Service Pack 2 für SQL Server 2008 (KB 2285068) (64-bit) (Version: 10.2.4000.0)
Sql Server Customer Experience Improvement Program (Version: 10.2.4000.0)
SRS Premium Sound Control Panel (Version: 1.8.1200)
Steuer-Spar-Erklärung 2012 (x32 Version: 17.11)
Unterstützungsdateien für Microsoft SQL Server 2008-Setup  (Version: 10.2.4000.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553092) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
USB 2.0 UVC 0.3M WebCam
Visual Studio 2010 Prerequisites - English (Version: 10.0.30319)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (x32 Version: 4.0.8080.0)
Visual Studio C++ 10.0 Runtime (x32 Version: 10.0.0)
VLC media player 1.1.5 (x32 Version: 1.1.5)
Web Deployment Tool (Version: 1.1.0618)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0)
WinFlash (x32 Version: 2.29.0)
Wireless Console 3 (x32 Version: 3.0.13)
Yahoo! Detect (x32)

==================== Restore Points  =========================

10-06-2013 15:30:49 Installed Samsung Kies
10-06-2013 15:37:11 Installed Samsung Kies
12-06-2013 18:00:09 Windows Update
21-06-2013 20:29:59 Windows Update

==================== Scheduled Tasks (whitelisted) =============

Task: {086E8036-E174-4B87-B00D-F0510AD947A1} - System32\Tasks\P4G Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {0C26376A-1F4A-42C1-8912-C190294E066E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)
Task: {0C8D0B0C-9C58-489A-94D6-6F0A8D323E04} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {383DC6D7-6AD6-4452-BD1C-B8B3579F4F28} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-04] (Google Inc.)
Task: {3A26C3D3-DCF0-410D-8DBD-03DCAC729D6B} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-09-24] ()
Task: {3F174C7E-1D79-4945-A952-A3EED0FA3B0F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4052187697-802691591-208067248-1000Core => C:\Users\R65\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-17] (Facebook Inc.)
Task: {4684829E-A3D4-4278-9E8A-9A6176C5E514} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-04] (Google Inc.)
Task: {4A99A980-4264-4857-9B5C-B0AEC8079B53} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4D465116-C368-4DF9-9EB0-AA8141AD9C67} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4052187697-802691591-208067248-1000UA => C:\Users\R65\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-17] (Facebook Inc.)
Task: {5093B3FE-9062-4AA5-9A11-C0DF76185572} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-18] (ASUS)
Task: {5570F39A-415D-4E6F-8458-37BE6C831627} - System32\Tasks\Net4Switch => C:\Program Files\ASUS\Net4Switch\Net4Switch.exe [2007-11-20] (ASUS)
Task: {6A1B0768-FB95-4043-BABF-63F6EA4FA275} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2009-10-22] ()
Task: {8FD29B8E-203C-4E94-AA4A-4D3956137736} - System32\Tasks\PresentationSettingsTurnOff_JENNY_R65 => C:\Windows\system32\PresentationSettings.exe [2010-11-20] (Microsoft Corporation)
Task: {92B868E9-7357-4D5C-90E5-49D5B520031F} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {9B2575C2-F5C9-43E4-BCD7-EE3436B5B07E} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {CE3C9976-64C0-4F5C-8947-35A0913CCECA} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4052187697-802691591-208067248-1000
Task: {E2F3D622-EB53-43B1-B284-A33ADC6877BC} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-11-06] (ATK)
Task: {EEBF1DF3-BACC-45B0-B442-4D60EE481B6A} - System32\Tasks\P4GIntlCtrl => C:\Program Files\P4G\IntlCtrl.exe [2009-09-22] (TODO: <Company name>)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/22/2013 05:07:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 24586

Error: (06/22/2013 05:07:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 24586

Error: (06/22/2013 05:07:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/22/2013 05:06:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7628

Error: (06/22/2013 05:06:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7628

Error: (06/22/2013 05:06:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/22/2013 05:06:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5616

Error: (06/22/2013 05:06:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5616

Error: (06/22/2013 05:06:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/22/2013 05:06:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4368


System errors:
=============
Error: (06/22/2013 11:15:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (06/22/2013 11:12:09 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (06/22/2013 11:12:09 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (06/22/2013 11:06:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (06/22/2013 10:48:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SQL Server (SQLEXPRESS)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/22/2013 10:48:08 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst SQL Server (SQLEXPRESS) erreicht.

Error: (06/22/2013 10:47:16 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "MBAMService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/22/2013 10:47:16 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMService erreicht.

Error: (06/22/2013 10:46:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/22/2013 10:46:46 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMScheduler erreicht.


Microsoft Office Sessions:
=========================
Error: (06/22/2013 05:07:08 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 24586

Error: (06/22/2013 05:07:08 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 24586

Error: (06/22/2013 05:07:08 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/22/2013 05:06:51 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7628

Error: (06/22/2013 05:06:51 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7628

Error: (06/22/2013 05:06:51 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/22/2013 05:06:49 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5616

Error: (06/22/2013 05:06:49 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5616

Error: (06/22/2013 05:06:49 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/22/2013 05:06:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4368


CodeIntegrity Errors:
===================================
  Date: 2013-06-22 23:12:09.875
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-22 23:12:09.625
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-22 23:12:09.373
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-22 23:12:09.121
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-18 13:14:04.314
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-18 13:14:04.226
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 40%
Total physical RAM: 4061.02 MB
Available physical RAM: 2425.25 MB
Total Pagefile: 8120.23 MB
Available Pagefile: 5954.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:93.96 GB) (Free:34.95 GB) NTFS (Disk=0 Partition=2)
Drive d: (DATA) (Fixed) (Total:204.03 GB) (Free:186.46 GB) NTFS (Disk=0 Partition=3)
Drive f: (ROSE) (Removable) (Total:3.71 GB) (Free:3.71 GB) FAT32 (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 2743A24D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=94 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=204 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================

Alles gar nicht so schwierig ;-)
Was machen wir nun?

aharonov 23.06.2013 14:21
Jetzt kommt noch eine letzte Kontrolle und das Schliessen vorhandener Sicherheitslücken.. :)


Schritt 1

Drücke die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und schreibe "notepad" in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument:
Code:
SearchScopes: HKCU - {7B9E3889-F9BF-4C39-AF02-376EF56F31C8} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=96fc5f97-4dd5-4a17-9b48-40ddf9eeda28&apn_sauid=10412A3B-7C5F-477A-A9DF-62E352D2ADB4
C:\Users\R65\AppData\Roaming\skype.ini
Speichere dieses dann bitte unter dem Dateinamen Fixlist.txt ebenfalls auf deinen Desktop neben FRST.
  • Starte nun FRST und klicke den Fix Button.
  • Das Tool erstellt eine Fixlog.txt. Poste mir deren Inhalt.



Schritt 2

Lade dir TFC (von Oldtimer) herunter und speichere es auf den Desktop.
  • Öffne die TFC.exe.
    Vista und Win 7 User mit Rechtsklick "als Administrator starten".
  • Schliesse alle anderen Programme.
  • Drücke auf den Button Start.
  • Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.



Schritt 3
  • Öffne das Programm Malwarebytes Anti-Malware.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke auf Aktualisierung --> Suche nach Aktualisierung.
  • Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
  • Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.



Schritt 4


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Schritt 5

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von FRST
  • Log von MBAM
  • Log von ESET
  • Log von SecurityCheck

aharonov 29.06.2013 14:38
Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.

aharonov 30.06.2013 19:26
Fehlende Rückmeldung
Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten.
Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:17 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131