MSE & Windows Defender plötzlich inaktiv

Meradock · 31.05.2013, 02:14

Hallo alle zusammen,

ich hatte eigentlich bereits einen ellenlangen Text geschrieben aber mein Laptop meinte es müsse mal streiken und nu is der ganze Text weg. Da es aber bereits 10 vor 3 is hält sich meine Lust den Text nochmal so zu schreiben in grenzen, ich hoffe es ist deswegen ok wenn ich es nur in Stichworten erkläre. (Ist warscheinlich auch Informativer).

-MSE und Windows Defender nicht mehr erreichbar
-Keinerlei Benachrichtigung durch das Sicherheitscenter
-Beim Versuch die beiden Dateien abzurufen: ,,Ungültiger Dateipfad''
-Versucht man etwas runterlzuladen:
-Chrome: Antiviren scan fehlgeschlagen
-Firefox: Angeblich runtergeladen doch kann man die Datei per Fox selber nicht öffnen noch befindet sie sich auf dem PC.
-Internet Expl.: Datei wird sofort als Virus ,,erkannt'' und der download abgebrochen
-Anti Malewarebites findet nichts. Spybot 2 nur 08/15 Cookies.
-Avast, welches über Dropbox gezogen wurde, konnte weder durch einen Komplett Scan
welcher ewig dauerte was finden noch beim boot scan welcher noch länger dauerte.
- Mein Savegame von Euro Truck 2 ist auch urplötzlich verschwunden vielleicht hängt das zusammen. (Ich musste sogar die Serien Nummer neu eingeben wie beim allerersten Start)
-Letzer mit dem PC runtergeladenen Datei ist mHotspot wessen installation aus mir unerfindlichen gründen zwei mal fehlgeschlagen ist.

OTL Log:

Code:

ATTFilter

OTL logfile created on: 30.05.2013 23:34:28 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = G:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 72,86% Memory free
6,22 Gb Paging File | 4,64 Gb Available in Paging File | 74,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 293,33 Gb Total Space | 51,49 Gb Free Space | 17,55% Space Free | Partition Type: NTFS
Drive D: | 293,08 Gb Total Space | 76,96 Gb Free Space | 26,26% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 898,59 Gb Free Space | 96,47% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.30 23:23:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.05.06 20:12:57 | 004,284,976 | ---- | M] () -- C:\Programme\Pando Networks\Media Booster\PMB.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2012.11.16 22:45:20 | 000,453,632 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012.11.16 22:44:46 | 000,217,088 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012.11.13 15:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012.11.13 15:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012.11.13 15:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 15:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 15:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.01.14 13:56:42 | 000,248,832 | ---- | M] () -- C:\Programme\Razer\DeathAdder\razerhid.exe
PRC - [2011.12.28 17:29:18 | 000,218,112 | ---- | M] () -- C:\Programme\Razer\DeathAdder\razertra.exe
PRC - [2011.04.14 12:48:32 | 001,758,208 | ---- | M] () -- C:\Programme\Razer\DeathAdder\vdDaemon.exe
PRC - [2011.04.13 12:46:28 | 000,110,592 | ---- | M] () -- C:\Programme\Razer\Razer Lycosa\razertra.exe
PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.03.21 22:01:46 | 000,233,984 | ---- | M] (Razer USA Ltd.) -- C:\Programme\Razer\Razer Lycosa\razerhid.exe
PRC - [2010.10.08 07:18:42 | 000,726,288 | ---- | M] () -- C:\Programme\ShrewSoft\VPN Client\iked.exe
PRC - [2010.10.08 07:18:42 | 000,541,968 | ---- | M] () -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe
PRC - [2010.10.08 07:18:42 | 000,054,544 | ---- | M] () -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe
PRC - [2010.06.14 17:10:32 | 000,153,672 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\Gaming Software\LWEMon.exe
PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009.05.01 18:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) -- C:\Programme\maxdome\DCBin\DCService.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.06.06 19:17:16 | 000,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe
PRC - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.03.05 00:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.09 19:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2008.01.09 19:43:26 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
PRC - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007.12.19 12:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Programme\Razer\DeathAdder\razerofa.exe
PRC - [2007.10.17 11:38:20 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007.09.06 12:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2006.11.27 15:21:16 | 001,587,224 | ---- | M] (Hagel Technologies Ltd) -- C:\Programme\DU Meter\DUMeter.exe
PRC - [2005.08.31 10:51:20 | 001,691,648 | ---- | M] () -- C:\Programme\NETGEAR\WG311v3\WG311v3.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.27 00:25:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3da65115bf9debbf564861f6b123a2e4\System.Configuration.ni.dll
MOD - [2013.05.16 15:01:48 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e9ea3e70247b4aa4a8b260426db3aa6b\System.Windows.Forms.ni.dll
MOD - [2013.05.06 20:12:57 | 004,284,976 | ---- | M] () -- C:\Programme\Pando Networks\Media Booster\PMB.exe
MOD - [2013.03.19 17:52:16 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15e2d7f51f15830591727d6d6a1e4032\System.ServiceProcess.ni.dll
MOD - [2013.02.13 04:38:06 | 000,100,688 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2013.01.12 01:37:40 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll
MOD - [2013.01.11 16:15:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll
MOD - [2013.01.11 16:15:17 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013.01.11 16:14:49 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013.01.11 16:13:41 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013.01.11 16:13:34 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2012.11.16 21:37:32 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2012.11.13 15:06:32 | 000,158,624 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012.11.13 15:06:30 | 000,108,960 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 15:06:28 | 000,554,400 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 15:06:28 | 000,528,288 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.11.13 15:06:28 | 000,416,160 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012.01.14 13:56:42 | 000,248,832 | ---- | M] () -- C:\Programme\Razer\DeathAdder\razerhid.exe
MOD - [2011.12.28 17:29:18 | 000,218,112 | ---- | M] () -- C:\Programme\Razer\DeathAdder\razertra.exe
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.04.14 12:48:32 | 001,758,208 | ---- | M] () -- C:\Programme\Razer\DeathAdder\vdDaemon.exe
MOD - [2011.04.13 12:46:28 | 000,110,592 | ---- | M] () -- C:\Programme\Razer\Razer Lycosa\razertra.exe
MOD - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2009.03.30 06:42:12 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.03.05 00:38:16 | 000,227,888 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2008.01.09 19:43:26 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
MOD - [2008.01.09 19:43:12 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
MOD - [2008.01.09 19:42:54 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
MOD - [2007.12.19 19:09:40 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll
MOD - [2007.12.19 19:09:38 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
MOD - [2007.12.19 19:08:56 | 000,010,752 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Presenter.resources.dll
MOD - [2007.12.19 19:08:54 | 000,155,648 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
MOD - [2007.12.19 19:08:28 | 003,420,160 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
MOD - [2007.12.19 19:08:10 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
MOD - [2007.10.17 11:38:22 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\de\ePerformance.Plugin.resources.dll
MOD - [2007.10.17 11:38:20 | 000,045,056 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll
MOD - [2007.10.17 11:38:00 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll
MOD - [2007.10.17 11:38:00 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll
MOD - [2007.10.17 11:37:58 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll
MOD - [2007.10.17 10:55:10 | 000,020,480 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll
MOD - [2007.10.17 10:55:10 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\MemCheck.Interface.dll
MOD - [2007.02.13 06:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
MOD - [2005.08.31 10:51:20 | 001,691,648 | ---- | M] () -- C:\Programme\NETGEAR\WG311v3\WG311v3.exe
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2013.05.30 12:47:41 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.27 17:47:31 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.09 19:47:08 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.01 12:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] () [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] () [Auto | Stopped] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.11.16 22:44:46 | 000,217,088 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.10.08 07:18:42 | 000,726,288 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\iked.exe -- (iked)
SRV - [2010.10.08 07:18:42 | 000,541,968 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd)
SRV - [2010.10.08 07:18:42 | 000,054,544 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe -- (dtpd)
SRV - [2010.04.05 21:55:01 | 000,116,104 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009.05.01 18:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) [Auto | Running] -- C:\Program Files\maxdome\DCBin\DCService.exe -- (Prosieben)
SRV - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] () [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.10.17 11:38:20 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [File_System | On_Demand | Stopped] --  -- (StarOpen)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motodrv.sys -- (MotDev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\jatmlano.sys -- (jatmlano)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\glliotwa.sys -- (glliotwa)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013.05.09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013.05.09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013.05.09 10:59:10 | 000,174,664 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013.05.09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013.05.09 10:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013.05.09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013.05.09 10:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013.05.09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013.05.08 12:40:38 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013.01.20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012.11.16 23:07:06 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012.11.16 23:07:06 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012.11.16 21:38:48 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012.02.23 14:31:36 | 000,083,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2011.03.28 15:00:26 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.03.28 15:00:26 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.03.18 18:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2010.10.01 01:16:40 | 000,010,240 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VKbms.sys -- (VKbms)
DRV - [2010.09.25 13:55:46 | 000,006,656 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf)
DRV - [2010.09.08 11:39:30 | 000,023,680 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Lycosa.sys -- (LycoFltr)
DRV - [2010.09.02 09:18:48 | 000,017,920 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\System32\drivers\vfilter.sys -- (vflt)
DRV - [2010.09.02 09:18:48 | 000,013,824 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\virtualnet.sys -- (vnet)
DRV - [2010.06.23 10:23:44 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.05.06 11:21:36 | 000,105,488 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010.04.27 17:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2010.04.27 17:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2010.04.27 17:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2010.04.27 15:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2010.03.23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2010.01.18 20:42:10 | 000,639,224 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009.10.07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.06.10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.04.30 23:01:36 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009.04.30 22:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2009.04.30 22:55:34 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2009.04.21 18:58:42 | 000,011,136 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\danew.sys -- (danewFltr)
DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.06.07 12:13:40 | 000,145,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008.06.07 12:13:40 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008.04.28 11:02:42 | 000,042,528 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.02.27 07:05:00 | 007,629,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.01.21 04:23:27 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mf.sys -- (mf)
DRV - [2007.11.18 04:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.11.06 10:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007.11.06 10:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
DRV - [2007.10.16 17:14:24 | 000,256,512 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MRVW13B.sys -- (MRV6X32P)
DRV - [2007.08.17 15:14:44 | 000,891,392 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2007.07.07 15:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007.07.03 04:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.12.19 05:52:36 | 000,081,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NmPar.sys -- (NmPar)
DRV - [2005.04.24 23:43:58 | 000,013,225 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Razerlow.sys -- (Razerlow)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cbfc8dcb-a1de-46d3-bd02-713284245b57&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/05/2013&type=hp1000
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2905338
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cbfc8dcb-a1de-46d3-bd02-713284245b57&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/05/2013&type=hp1000
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cbfc8dcb-a1de-46d3-bd02-713284245b57&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/05/2013&type=hp1000
IE - HKCU\..\SearchScopes,DefaultScope = {7D0C1DAB-02AF-40D8-9B75-3017FF3F8A02}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cbfc8dcb-a1de-46d3-bd02-713284245b57&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/05/2013&type=hp1000
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=2CEC00184D70F293
IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://plusnetwork.com/?sp=brw&q={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{7D0C1DAB-02AF-40D8-9B75-3017FF3F8A02}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GPEA_de
IE - HKCU\..\SearchScopes\{8DAEEE47-1412-4DE2-A7BB-DA58BFB48C95}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2905338
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cbfc8dcb-a1de-46d3-bd02-713284245b57&searchtype=hp&fr=linkury-tb&installDate=08/05/2013&type=hp1000"
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.172
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.05.30 12:23:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.05.30 12:44:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.30 12:47:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.30 12:47:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.30 12:47:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.30 12:47:29 | 000,000,000 | ---D | M]
 
[2012.04.10 22:47:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.05.30 22:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ku7niwue.default\extensions
[2013.05.30 09:44:45 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ku7niwue.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.04.20 10:43:30 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ku7niwue.default\extensions\ich@maltegoetz.de
[2013.04.17 15:50:46 | 000,201,930 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ku7niwue.default\extensions\hdvc@hdvc.com.xpi
[2013.05.11 12:43:20 | 000,002,507 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ku7niwue.default\searchplugins\Web Search.xml
[2013.05.30 01:46:45 | 000,002,112 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ku7niwue.default\searchplugins\wot-safe-search.xml
[2013.05.30 12:47:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.30 12:47:43 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.05.30 12:23:17 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013.05.30 12:44:11 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7FWVI_deDE521
CHR - default_search_provider: suggest_url = ,
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.1_0\
CHR - Extension: Plants vs. Zombies HD = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahdfeknjbgfbkmemaoffkebceonhcjfd\1.0.0_0\
CHR - Extension: WOT = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.12_0\
CHR - Extension: AdBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: avast! Online Security = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.7_0\
CHR - Extension: Into The Mist = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh\1_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: Wolf Toss = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjlncddmdljpioccbmempchonhlifakc\1.1.2.6_0\
 
O1 HOSTS File: ([2013.04.26 13:32:31 | 000,446,483 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 15355 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {EF7BD87A-8024-11E2-F316-F3E56188709B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DeathAdder] C:\Programme\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [DivXMediaServer] C:\Programme\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DU Meter] C:\Programme\DU Meter\DUMeter.exe (Hagel Technologies Ltd)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Lycosa] C:\Program Files\Razer\Razer Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 78.42.43.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FC76DB2-719C-4570-9177-8E5A30E0FE49}: DhcpNameServer = 82.212.62.62 78.42.43.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E45008F6-11F7-4F25-938D-365D04F56BF1}: DhcpNameServer = 192.168.2.9
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) -  File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.09.15 06:12:14 | 000,000,080 | -H-- | M] () - G:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1
[2013.05.30 12:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.05.30 12:23:39 | 000,368,944 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.05.30 12:23:39 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.05.30 12:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.05.30 12:23:37 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.05.30 12:23:37 | 000,049,760 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013.05.30 12:23:36 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.05.30 12:23:34 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.05.30 12:23:34 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.05.30 12:23:03 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.05.30 12:22:33 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.05.30 12:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.05.27 17:55:17 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Desmume
[2013.05.27 17:21:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DealPly
[2013.05.27 17:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.05.27 17:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013.05.27 17:01:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.05.27 17:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.05.27 17:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.05.26 19:45:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2013.05.16 15:03:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple Computer
[2013.05.15 15:02:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\My Games
[2013.05.15 15:02:09 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\My Games
[2013.05.12 16:44:05 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Downloads
[2013.05.10 22:27:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple
[2013.05.09 20:06:13 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Criterion Games
[2013.05.09 15:38:24 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\SimCity
[2013.05.09 15:36:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Origin
[2013.05.09 01:14:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\DDMSettings
[2013.05.08 12:42:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013.05.08 12:40:37 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2013.05.08 12:40:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2013.05.08 12:40:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenCandy
[2013.05.08 12:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2013.05.08 12:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2013.05.07 12:30:13 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\PCSX2
[2013.05.06 21:51:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia
[2013.05.06 21:50:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla
[2013.05.06 21:18:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DivX
[2013.05.06 21:03:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Adobe
[2013.05.06 20:13:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PMB Files
[2013.05.06 20:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013.05.06 20:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2013.05.06 20:12:43 | 000,000,000 | ---D | C] -- C:\Users\***\.swt
[2013.05.06 18:57:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LolClient
[2013.05.05 22:16:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Chromium
[2013.05.05 21:57:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Curse Advertising
[2013.05.05 21:50:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Deployment
[2013.05.05 21:50:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ATI
[2013.05.05 21:50:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ATI
[2013.05.05 21:50:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Apple Computer
[2013.05.04 23:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Solveig Multimedia
[2013.05.04 23:18:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Solveig Multimedia
[2013.05.04 23:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\Solveig Multimedia
[2013.05.04 21:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2013.05.03 21:07:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TERA
[2013.05.03 18:59:45 | 000,000,000 | ---D | C] -- C:\Program Files\Rockstar Games
[2013.05.01 13:23:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snail Games USA
[2013.05.01 12:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\WuShu_0.0.1.034
[2013.05.01 12:46:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AgeofWushu_download
[2011.01.22 12:10:43 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\***\AppData\Roaming\pcouffin.sys
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.30 23:33:21 | 000,714,522 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.30 23:33:21 | 000,660,024 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.30 23:33:21 | 000,161,418 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.30 23:33:21 | 000,132,846 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.30 23:30:27 | 000,000,156 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.05.30 23:05:50 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.30 23:05:50 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.05.30 23:05:35 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.30 23:05:35 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.30 23:05:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.30 22:47:28 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.30 20:26:03 | 000,373,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.30 16:03:05 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.30 14:13:02 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013.05.30 12:44:13 | 000,001,438 | ---- | M] () -- C:\Users\***\Desktop\DivX Movies.lnk
[2013.05.30 12:43:49 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2013.05.30 12:43:16 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2013.05.30 12:41:12 | 000,000,000 | ---- | M] () -- C:\END
[2013.05.30 12:29:15 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.05.30 12:23:39 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.05.30 11:22:06 | 117,478,104 | ---- | M] () -- C:\Users\***\Desktop\avast_free_antivirus_setup.exe
[2013.05.30 11:04:45 | 000,000,716 | ---- | M] () -- C:\Users\***\Documents\cc_20130530_110437.reg
[2013.05.30 11:03:50 | 000,000,566 | ---- | M] () -- C:\Users\***\Documents\cc_20130530_110348.reg
[2013.05.30 11:02:30 | 000,001,178 | ---- | M] () -- C:\Users\***\Documents\cc_20130530_110214.reg
[2013.05.30 11:00:12 | 000,043,708 | ---- | M] () -- C:\Users\***\Documents\cc_20130530_110002.reg
[2013.05.30 09:42:48 | 000,001,596 | ---- | M] () -- C:\Windows\wininit.ini
[2013.05.29 01:11:21 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.05.27 18:04:14 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.05.27 17:03:26 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.05.27 17:01:19 | 000,001,502 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.05.26 19:45:37 | 000,000,318 | ---- | M] () -- C:\Users\***\Desktop\Curse Client.appref-ms
[2013.05.15 19:39:33 | 000,000,832 | ---- | M] () -- C:\Users\***\Desktop\Wow.exe - Verknüpfung.lnk
[2013.05.09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.05.09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.05.09 10:59:10 | 000,174,664 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.05.09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.05.09 10:59:10 | 000,049,376 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.05.09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.05.09 10:59:09 | 000,049,760 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013.05.09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.05.09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.05.09 10:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.05.08 12:40:38 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2013.05.06 21:24:39 | 000,096,768 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.05 21:53:38 | 000,000,985 | ---- | M] () -- C:\Users\***\Desktop\Dropbox.lnk
[2013.05.01 04:21:00 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.30 23:30:22 | 000,000,156 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.05.30 12:44:13 | 000,001,438 | ---- | C] () -- C:\Users\***\Desktop\DivX Movies.lnk
[2013.05.30 12:43:49 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2013.05.30 12:43:16 | 000,000,961 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2013.05.30 12:41:12 | 000,000,000 | ---- | C] () -- C:\END
[2013.05.30 12:23:39 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.05.30 12:23:36 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.05.30 12:23:35 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.05.30 12:20:53 | 117,478,104 | ---- | C] () -- C:\Users\***\Desktop\avast_free_antivirus_setup.exe
[2013.05.30 11:04:38 | 000,000,716 | ---- | C] () -- C:\Users\***\Documents\cc_20130530_110437.reg
[2013.05.30 11:03:49 | 000,000,566 | ---- | C] () -- C:\Users\***\Documents\cc_20130530_110348.reg
[2013.05.30 11:02:16 | 000,001,178 | ---- | C] () -- C:\Users\***\Documents\cc_20130530_110214.reg
[2013.05.30 11:00:04 | 000,043,708 | ---- | C] () -- C:\Users\***\Documents\cc_20130530_110002.reg
[2013.05.27 17:03:26 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.05.27 17:01:19 | 000,001,502 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.05.15 19:39:35 | 000,000,832 | ---- | C] () -- C:\Users\***\Desktop\Wow.exe - Verknüpfung.lnk
[2013.05.05 21:53:38 | 000,000,985 | ---- | C] () -- C:\Users\***\Desktop\Dropbox.lnk
[2012.03.06 19:59:32 | 000,618,823 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012.02.25 17:46:01 | 000,001,596 | ---- | C] () -- C:\Windows\wininit.ini
[2012.02.23 17:45:50 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2012.02.23 17:45:50 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2012.02.23 17:45:50 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2011.10.25 22:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.09.14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.07.27 21:49:20 | 002,601,752 | ---- | C] () -- C:\Windows\System32\pbsvc_moh.exe
[2011.01.22 12:10:43 | 000,087,608 | ---- | C] () -- C:\Users\***\AppData\Roaming\inst.exe
[2011.01.22 12:10:43 | 000,007,887 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.cat
[2011.01.22 12:10:43 | 000,001,144 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.inf
[2010.12.29 23:38:25 | 000,138,056 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2009.10.23 21:55:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.07.15 23:07:44 | 000,096,768 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.05.14 13:14:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2013.05.05 21:47:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.spoutcraft
[2013.05.06 21:20:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Applian FLV and Media Player
[2013.05.05 21:47:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2013.05.05 22:00:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Curse Advertising
[2013.05.30 10:55:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2013.05.30 10:55:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Pro
[2013.05.27 17:21:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DealPly
[2013.05.05 21:47:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeepBurner
[2013.05.30 23:09:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2013.05.05 21:47:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeFLVConverter
[2013.05.05 21:47:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gslist
[2013.05.05 21:47:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2013.05.06 18:57:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2011.11.21 16:11:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Minecraft Backup Tool
[2010.01.06 10:15:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\My Games
[2012.01.19 18:46:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NationRed
[2013.05.08 12:40:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy
[2011.01.22 00:52:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2013.03.24 23:24:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin
[2013.04.09 19:07:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Play withSIX
[2011.03.16 19:43:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PunkBuster
[2012.03.09 20:27:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Razer
[2012.07.25 23:35:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\six-updater
[2012.07.10 16:52:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\six-zsync
[2013.05.04 23:28:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Solveig Multimedia
[2012.05.24 21:23:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SpeedSim
[2009.08.15 15:43:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\temp
[2011.10.02 18:13:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2013.05.03 21:07:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TERA
[2013.04.27 16:58:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\The Creative Assembly
[2010.01.05 13:08:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thinstall
[2013.05.30 10:55:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2011.02.20 18:13:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ts3overlay
[2012.03.21 18:56:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2009.07.15 22:50:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Turbine
[2012.02.03 16:51:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft
[2012.06.03 20:05:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Unity
[2013.05.30 10:55:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent
[2011.01.22 12:10:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vso
[2011.05.28 22:25:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\wargaming.net
 
========== Purity Check ==========
 
 

< End of report >

Ich weiß dass ihr noch die OTL Extras haben wollt aber aus irgendeinem Grund ist die Textdatei verschwunden

. Sollte sie aber zur Lösung des Problems unabdingbarsein werde ich den Scan wiederholen und darauf aufpassen auch die Extras Textdatei zu speichern.

Wegen der GMER Text Datei: Der Scan war abgeschlossen als ich aber auf Save geklickt habe wurde mein Bildschirm Schwarz und außer meiner Maus die sich ganz normal bewegen konnte konnte ich nichts sehen und es passierte auch nichts selbst wenn ich versucht habe den Taskmanager zu öffnen oder Alt+F4. Sollte dieser Scanlog genauso unersetzlich sein werde ich den scan wenn ich wieder aufwache wiederholen.

Das sollten nun alle Informationen sein. Ich hoffe Ihr könnt mir helfen

Grüße
Meradock

aharonov · 31.05.2013, 02:51

Hallo Meradock und

Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten.

Eins vorneweg: Ich kann dir keine Garantien geben, dass ich alles finden werde. Bei schwerwiegenden Infektionen ist ein Formatieren und Neuinstallieren meist der schnellere und immer der sicherere Weg.
Wenn du dich für eine Bereinigung entscheidest, dann sollten wir gründlich vorgehen. Bleib also dran, bis ich dir eindeutig mitteile, dass wir fertig sind.
Auch wenn die auffälligen Symptome schon früh verschwinden, bedeutet das nicht, dass dein Rechner dann schon sauber und sicher ist.

Hinweise zum Ablauf

Du bekommst von mir jeweils eine individuell auf dich abgestimmte schrittweise Anleitung.
- Lese diese Anweisungen immer zuerst vollständig durch und frag bei Unklarheiten nach, bevor du beginnst.
- Arbeite die Anleitungen dann sorgfältig und in der angegebenen Reihenfolge ab und poste deine Rückmeldungen und Logfiles erst zum Schluss gesammelt in einer Antwort.
- Füge den Inhalt der Logfiles wenn immer möglich innerhalb von Code-Tags in deine Antwort ein.
- Sollten Probleme auftauchen, dann brich an dieser Stelle ab und schildere sie so gut wie möglich.

Es ist wichtig für mich, dass sich der Zustand deines Systems nicht plötzlich unvorhersehbar ändert:
- Lasse keine Scanner oder Tools ohne Aufforderung laufen. Lösche nichts auf eigene Faust.
- Installiere oder deinstalliere während der Bereinigung keine Software.

Los geht's:

Hattest du kürzlich Malwarebefall, welcher entfernt wurde?

Schritt 1

Downloade dir bitte Farbar Recovery Scan Tool 32-Bit und speichere es auf den Desktop.

Starte die FRST.exe.
Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden zwei Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.

Bitte poste in deiner nächsten Antwort:

Logs von FRST

Meradock · 31.05.2013, 10:05

Hey Leo! Danke für deine Antwort!

Ich wüsste mal von keiner Maleware die ich kürzlich entfernt habe.
Edit: Ich hab was doch glatt vergessen

. Ich habe gestern oder vorgestern Dealply auf meinem PC gefunden und dieses entfernt

FRST Log:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-05-2013
Ran by *** (administrator) on 31-05-2013 10:50:45
Running from G:\
Windows Vista (TM) Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
() C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Windows\system32\PnkBstrA.exe
(Entriq, Inc.) C:\Program Files\maxdome\DCBin\DCService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Acer\Empowering Technology\SysMonitor.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(NVIDIA Corporation) C:\Windows\System32\nvraidservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Razer USA Ltd.) C:\Program Files\Razer\Razer Lycosa\razerhid.exe
() C:\Program Files\Razer\DeathAdder\razerhid.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hagel Technologies Ltd) C:\Program Files\DU Meter\DUMeter.exe
(Apple Inc.) D:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
() C:\Program Files\Razer\DeathAdder\razertra.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
() C:\Program Files\Pando Networks\Media Booster\PMB.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Razer Inc.) C:\Program Files\Razer\DeathAdder\razerofa.exe
() C:\Program Files\NETGEAR\WG311v3\WG311v3.exe
(Dropbox, Inc.) C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files\Razer\DeathAdder\vdDaemon.exe
(Acer Inc.) C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
() C:\Program Files\Razer\Razer Lycosa\razertra.exe
() C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
(Microsoft Corporation) C:\Windows\system32\conime.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe [326176 2008-01-09] ()
HKLM\...\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-03-05] (Egis Incorporated)
HKLM\...\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe [203296 2008-06-06] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10082920 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-10-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [153672 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [Lycosa] "C:\Program Files\Razer\Razer Lycosa\razerhid.exe" [233984 2011-03-21] (Razer USA Ltd.)
HKLM\...\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe [248832 2012-01-14] ()
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [2793304 2009-10-14] ()
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [92704 2008-02-27] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [8497696 2008-02-27] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [88608 2008-02-27] (NVIDIA Corporation)
HKLM\...\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe [1587224 2006-11-27] (Hagel Technologies Ltd)
HKLM\...\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" [x]
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-13] ()
HKLM\...\Winlogon: [System] 
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup [221184 2004-06-16] (InstallShield Software Corporation)
HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-08-13] (Google Inc.)
HKCU\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [18643560 2013-03-01] (Skype Technologies S.A.)
HKCU\...\Run: [Spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [3713032 2012-11-13] (Safer-Networking Ltd.)
HKCU\...\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe [4284976 2013-05-06] ()
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\Default\...\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe [x]
HKU\Default User\...\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe [x]
HKU\***Admin\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKU\***Admin\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [x]
HKU\***Admin\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-21] (Microsoft Corporation)
HKU\***Admin\...\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode [x]
HKU\***Admin\...\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent [x]
HKU\***Admin\...\Run: [EA Core] "D:\Program Files\Electronic Arts\EADM\Core.exe" -silent [x]
HKU\***Admin\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-21] (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\maxdome Download Manager.lnk
ShortcutTarget: maxdome Download Manager.lnk -> C:\Program Files\maxdome\DCBin\DCTrayApp.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk
ShortcutTarget: NETGEAR WG311v3 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WG311v3\WG311v3.exe ()
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cbfc8dcb-a1de-46d3-bd02-713284245b57&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/05/2013&type=hp1000
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2905338
HKCU SearchScopes: DefaultScope {7D0C1DAB-02AF-40D8-9B75-3017FF3F8A02} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GPEA_de
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cbfc8dcb-a1de-46d3-bd02-713284245b57&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/05/2013&type=hp1000
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=2CEC00184D70F293
SearchScopes: HKCU - {4327FABE-3C22-4689-8DBF-D226CF777FE9} URL = hxxp://plusnetwork.com/?sp=brw&q={searchTerms}
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {7D0C1DAB-02AF-40D8-9B75-3017FF3F8A02} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GPEA_de
SearchScopes: HKCU - {8DAEEE47-1412-4DE2-A7BB-DA58BFB48C95} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2905338
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name - {EF7BD87A-8024-11E2-F316-F3E56188709B} -  No File
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKLM - No Name - {855F3B16-6D32-4FE6-8A56-BBB695989046} -  No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU -No Name - {542E4D79-1970-4E95-9862-FDB96F61B280} -  No File
Toolbar: HKCU -Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
PDF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [19968] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 82.212.62.62 78.42.43.62

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ku7niwue.default
FF SearchEngine: Web Search
FF Homepage: hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cbfc8dcb-a1de-46d3-bd02-713284245b57&searchtype=hp&fr=linkury-tb&installDate=08/05/2013&type=hp1000
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @esn.me/esnsonar,version=0.70.4 - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin: @esn/esnlaunch,version=1.122.0 - C:\Program Files\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ku7niwue.default\Extensions\ich@maltegoetz.de
FF Extension: WOT - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ku7niwue.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: hdvc - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ku7niwue.default\Extensions\hdvc@hdvc.com.xpi

Chrome: 
=======
CHR HomePage: hxxp://www.google.de/
CHR RestoreOnStartup: "hxxp://www1.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=2CEC00184D70F293", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cbfc8dcb-a1de-46d3-bd02-713284245b57&searchtype=hp&fr=linkury-tb&installDate={installDate}&type=hp1000", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cbfc8dcb-a1de-46d3-bd02-713284245b57&searchtype=hp&fr=linkury-tb&installDate=08/05/2013&type=hp1000"
CHR DefaultSearchURL: (Google) - hxxp://www.google.de/search?q={searchTerms}&rlz=1I7FWVI_deDE521
CHR DefaultSuggestURL: (Google) -       "suggest_url": "",
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Sonar API) - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Unity Player) - C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (iTunes Application Detector) - D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (ProxTube) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.1_0
CHR Extension: (Plants vs. Zombies HD) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahdfeknjbgfbkmemaoffkebceonhcjfd\1.0.0_0
CHR Extension: (WOT) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.12_0
CHR Extension: (AdBlock) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0
CHR Extension: (avast! Online Security) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.7_0
CHR Extension: (Into The Mist) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh\1_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR Extension: (Wolf Toss) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjlncddmdljpioccbmempchonhlifakc\1.1.2.6_0

========================== Services (Whitelisted) =================

R2 AcerMemUsageCheckService; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672 2007-10-17] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2013-04-09] ()
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-03-23] (Cisco Systems, Inc.)
R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [54544 2010-10-08] ()
R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [500784 2008-03-05] (Egis Incorporated)
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.)
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] ()
S2 gupdate1ca1c295e7c559a; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-08-13] (Google Inc.)
S4 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [726288 2010-10-08] ()
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [541968 2010-10-08] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] ()
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2012-11-22] ()
R2 Prosieben; C:\Program Files\maxdome\DCBin\DCService.exe [77032 2009-05-01] (Entriq, Inc.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] ()
S2 ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [765736 2013-05-09] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [368944 2013-05-09] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [174664 2013-05-09] ()
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-03-28] ()
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-03-23] (Cisco Systems, Inc.)
R3 danewFltr; C:\Windows\System32\drivers\danew.sys [11136 2009-04-21] (Razer (Asia-Pacific) Pte Ltd)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-05-08] (DT Soft Ltd)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [6656 2010-09-25] (Windows (R) Win 7 DDK provider)
S3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2010-06-23] (Windows (R) Win 7 DDK provider)
R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-03] (Acer, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-03-28] ()
R3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25752 2009-10-07] ()
R3 LycoFltr; C:\Windows\System32\Drivers\Lycosa.sys [23680 2010-09-08] (Razer USA Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 mf; C:\Windows\System32\DRIVERS\mf.sys [109056 2008-01-21] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
R3 MRV6X32P; C:\Windows\System32\DRIVERS\MRVW13B.sys [256512 2007-10-16] (Marvell Semiconductor, Inc)
R3 NmPar; C:\Windows\System32\DRIVERS\NmPar.sys [81408 2006-12-19] (Windows (R) Codename Longhorn DDK provider)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13976 2009-04-30] (Logitech Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [639224 2010-01-18] (Duplex Secure Ltd.)
R1 vflt; C:\Windows\System32\DRIVERS\vfilter.sys [17920 2010-09-02] (Shrew Soft Inc)
R3 VKbms; C:\Windows\System32\DRIVERS\VKbms.sys [10240 2010-10-01] (Windows (R) Win 7 DDK provider)
S3 vnet; C:\Windows\System32\DRIVERS\virtualnet.sys [13824 2010-09-02] (Shrew Soft Inc)
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
R3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
R2 zntport; C:\Windows\system32\drivers\zntport.sys [6080 2007-11-06] (Zeal SoftStudio)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S1 glliotwa; \??\C:\Windows\system32\drivers\glliotwa.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 jatmlano; \??\C:\Users\***\AppData\Local\Temp\jatmlano.sys [x]
S3 motccgp; system32\DRIVERS\motccgp.sys [x]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [x]
S3 MotDev; system32\DRIVERS\motodrv.sys [x]
S3 motmodem; system32\DRIVERS\motmodem.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 StarOpen; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-31 10:50 - 2013-05-31 10:50 - 00000000 ____D C:\FRST
2013-05-30 23:30 - 2013-05-30 23:30 - 00000156 ____A C:\Users\***\defogger_reenable
2013-05-30 22:30 - 2013-05-31 10:38 - 00003804 ____A C:\Windows\PFRO.log
2013-05-30 12:47 - 2013-05-30 12:47 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-30 12:44 - 2013-05-30 12:44 - 00001438 ____A C:\Users\***\Desktop\DivX Movies.lnk
2013-05-30 12:43 - 2013-05-30 12:43 - 00000961 ____A C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-05-30 12:43 - 2013-05-30 12:43 - 00000921 ____A C:\Users\Public\Desktop\DivX Plus Player.lnk
2013-05-30 12:41 - 2013-05-30 12:41 - 00000000 ____A C:\END
2013-05-30 12:23 - 2013-05-30 12:23 - 00001833 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-05-30 12:23 - 2013-05-30 12:23 - 00000000 ____A C:\Windows\setuperr.log
2013-05-30 12:23 - 2013-05-30 12:23 - 00000000 ____A C:\Windows\setupact.log
2013-05-30 12:23 - 2013-05-09 10:59 - 00765736 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-05-30 12:23 - 2013-05-09 10:59 - 00368944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-05-30 12:23 - 2013-05-09 10:59 - 00174664 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-05-30 12:23 - 2013-05-09 10:59 - 00066336 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-05-30 12:23 - 2013-05-09 10:59 - 00056080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-05-30 12:23 - 2013-05-09 10:59 - 00049760 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2013-05-30 12:23 - 2013-05-09 10:59 - 00049376 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-05-30 12:23 - 2013-05-09 10:59 - 00029816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-05-30 12:23 - 2013-05-09 10:58 - 00229648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-05-30 12:23 - 2013-05-09 10:58 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-05-30 12:22 - 2013-05-30 12:22 - 00000000 ____D C:\Program Files\AVAST Software
2013-05-30 12:21 - 2013-05-30 12:22 - 00000000 ____D C:\ProgramData\AVAST Software
2013-05-30 12:20 - 2013-05-30 11:22 - 117478104 ____A C:\Users\***\Desktop\avast_free_antivirus_setup.exe
2013-05-30 11:04 - 2013-05-30 11:04 - 00000716 ____A C:\Users\***\Documents\cc_20130530_110437.reg
2013-05-30 11:03 - 2013-05-30 11:03 - 00000566 ____A C:\Users\***\Documents\cc_20130530_110348.reg
2013-05-30 11:02 - 2013-05-30 11:02 - 00001178 ____A C:\Users\***\Documents\cc_20130530_110214.reg
2013-05-30 11:00 - 2013-05-30 11:00 - 00043708 ____A C:\Users\***\Documents\cc_20130530_110002.reg
2013-05-27 17:59 - 2013-05-27 18:00 - 02105014 ____A C:\Users\***\Downloads\NO$GBA.rar
2013-05-27 17:55 - 2013-05-27 17:55 - 00000000 ____D C:\Users\***\Desktop\Desmume
2013-05-27 17:54 - 2013-05-27 17:54 - 02281321 ____A C:\Users\***\Downloads\desmume-0.9.9-win32.zip
2013-05-27 17:49 - 2013-05-27 17:49 - 00393024 ____A (Softonic                                        ) C:\Users\***\Downloads\SoftonicDownloader_for_winds.exe
2013-05-27 17:38 - 2013-05-27 17:39 - 91550857 ____A C:\Users\***\Downloads\POKEW2.rar
2013-05-27 17:38 - 2013-05-27 17:38 - 00066936 ____A C:\Users\***\Downloads\Dicastia.rar
2013-05-27 17:36 - 2013-05-27 17:36 - 00000482 ____A C:\Users\***\Downloads\FIX WHITE.rar
2013-05-27 17:21 - 2013-05-27 17:21 - 00000000 ____D C:\Users\***\AppData\Roaming\DealPly
2013-05-27 17:03 - 2013-05-27 17:03 - 00001730 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-05-27 17:03 - 2013-05-27 17:03 - 00000000 ____D C:\Program Files\QuickTime
2013-05-27 17:01 - 2013-05-27 17:01 - 00001502 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-05-27 17:00 - 2013-05-27 17:01 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-05-27 17:00 - 2013-05-27 17:00 - 00000000 ____D C:\Program Files\iPod
2013-05-27 00:55 - 2013-05-27 00:55 - 00001280 ____A C:\Users\***\Downloads\XXXX_-_Pok_mon_-_White_Version_2_USA_PATCHED_Mawile_.rar.torrent
2013-05-16 15:03 - 2013-05-16 15:03 - 00000000 ____D C:\Users\***\AppData\Local\Apple Computer
2013-05-16 12:57 - 2013-05-05 21:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 12:57 - 2013-05-05 21:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-16 12:41 - 2013-04-05 00:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-16 12:41 - 2013-04-05 00:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-16 12:41 - 2013-04-05 00:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-16 12:41 - 2013-04-05 00:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-16 12:41 - 2013-04-05 00:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-16 12:41 - 2013-04-05 00:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-16 12:41 - 2013-04-04 23:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-16 12:41 - 2013-04-04 23:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-16 12:41 - 2013-04-04 23:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-16 12:41 - 2013-04-04 23:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-16 12:41 - 2013-04-04 23:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-16 12:41 - 2013-04-04 23:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-16 12:41 - 2013-04-04 23:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-16 12:41 - 2013-04-04 23:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 19:43 - 2013-05-15 19:43 - 03327619 ____A C:\Users\***\Downloads\FuBar.rar
2013-05-15 19:43 - 2013-05-15 19:43 - 00549150 ____A C:\Users\***\Downloads\Prat.rar
2013-05-15 19:43 - 2013-05-15 19:43 - 00442190 ____A C:\Users\***\Downloads\Gatherer.rar
2013-05-15 19:42 - 2013-05-15 19:42 - 03067145 ____A C:\Users\***\Downloads\AuctioneerFullSuite-5.0.PRE.2953.rar
2013-05-15 19:42 - 2013-05-15 19:42 - 00202100 ____A C:\Users\***\Downloads\MobInfo2.rar
2013-05-15 19:42 - 2013-05-15 19:42 - 00182381 ____A C:\Users\***\Downloads\Chatter.rar
2013-05-15 19:42 - 2013-05-15 19:42 - 00129837 ____A C:\Users\***\Downloads\Postal-r82138.1.zip
2013-05-15 19:42 - 2013-05-15 19:42 - 00024160 ____A C:\Users\***\Downloads\TheBurningTrade-release-0803.zip
2013-05-15 19:41 - 2013-05-15 19:41 - 04850713 ____A C:\Users\***\Downloads\Comix.rar
2013-05-15 19:41 - 2013-05-15 19:41 - 01961581 ____A C:\Users\***\Downloads\Bejeweled.zip
2013-05-15 19:41 - 2013-05-15 19:41 - 00353811 ____A C:\Users\***\Downloads\Outfitter.rar
2013-05-15 19:41 - 2013-05-15 19:41 - 00180476 ____A C:\Users\***\Downloads\PallyPower.rar
2013-05-15 19:40 - 2013-05-15 19:40 - 04004876 ____A C:\Users\***\Downloads\QuestHelper.rar
2013-05-15 19:40 - 2013-05-15 19:40 - 02429855 ____A C:\Users\***\Downloads\MobMap.zip
2013-05-15 19:40 - 2013-05-15 19:40 - 00096311 ____A C:\Users\***\Downloads\Ace2.rar
2013-05-15 19:39 - 2013-05-15 19:39 - 00000832 ____A C:\Users\***\Desktop\Wow.exe - Verknüpfung.lnk
2013-05-15 15:02 - 2013-05-15 15:02 - 00000000 ____D C:\Users\***\Documents\My Games
2013-05-15 15:02 - 2013-05-15 15:02 - 00000000 ____D C:\Users\***\AppData\Local\My Games
2013-05-15 10:20 - 2013-04-15 16:20 - 00638328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 10:20 - 2013-04-13 12:56 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 10:20 - 2013-04-09 03:36 - 02049024 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-14 12:04 - 2013-05-14 12:04 - 00011157 ____A C:\Users\***\Downloads\b2b (1).torrent
2013-05-14 12:03 - 2013-05-14 12:04 - 00011157 ____A C:\Users\***\Downloads\b2b.torrent
2013-05-12 04:15 - 2013-05-12 04:16 - 27862207 ____A C:\Users\***\Downloads\Wallpaper collection 3 - Imgur.zip
2013-05-10 22:27 - 2013-05-10 22:27 - 00000000 ____D C:\Users\***\AppData\Local\Apple
2013-05-09 20:06 - 2013-05-09 20:06 - 00000000 ____D C:\Users\***\Documents\Criterion Games
2013-05-09 15:38 - 2013-05-09 15:38 - 00000000 ____D C:\Users\***\Documents\SimCity
2013-05-09 15:36 - 2013-05-09 15:36 - 00000000 ____D C:\Users\***\AppData\Local\Origin
2013-05-09 01:14 - 2013-05-09 01:14 - 00000000 ____D C:\Users\***\AppData\Local\DDMSettings
2013-05-08 12:40 - 2013-05-30 10:55 - 00000000 ____D C:\Users\***\AppData\Roaming\DAEMON Tools Lite
2013-05-08 12:40 - 2013-05-08 12:40 - 00242240 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2013-05-08 12:40 - 2013-05-08 12:40 - 00000000 ____D C:\Users\***\AppData\Roaming\OpenCandy
2013-05-08 12:40 - 2013-05-08 12:40 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2013-05-08 12:37 - 2013-05-08 12:44 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-05-08 12:37 - 2013-05-08 12:37 - 13901152 ____A (Disc Soft Ltd) C:\Users\***\Downloads\DTLite4471-0333.exe
2013-05-07 12:39 - 2013-05-07 15:56 - 2051461517 ____A C:\Users\***\Downloads\KingdomHearts_0.7z
2013-05-07 12:33 - 2013-05-07 12:34 - 10031422 ____A C:\Users\***\Downloads\Playstation-2-Bios-Pack.7z
2013-05-07 12:30 - 2013-05-07 12:30 - 00000000 ____D C:\Users\***\Documents\PCSX2
2013-05-07 12:26 - 2013-05-07 12:26 - 08945660 ____A C:\Users\***\Downloads\pcsx2-1.0.0-r5350-setup.exe
2013-05-07 11:19 - 2013-05-07 11:19 - 00155827 ____A C:\Users\***\Downloads\proxtube.crx
2013-05-06 21:51 - 2013-05-06 21:51 - 00000000 ____D C:\Users\***\AppData\Local\Macromedia
2013-05-06 21:50 - 2013-05-06 21:50 - 00000000 ____D C:\Users\***\AppData\Local\Mozilla
2013-05-06 21:18 - 2013-05-06 21:18 - 00000000 ____D C:\Users\***\AppData\Roaming\DivX
2013-05-06 21:06 - 2013-05-06 21:06 - 09232280 ____A (Wargaming.net                                               ) C:\Users\***\Downloads\WoT_internet_install_na.exe
2013-05-06 21:03 - 2013-05-30 12:39 - 00000000 ____D C:\Users\***\AppData\Local\Adobe
2013-05-06 20:13 - 2013-05-31 10:51 - 00000000 ____D C:\Users\***\AppData\Local\PMB Files
2013-05-06 20:13 - 2013-05-30 22:44 - 00000000 ____D C:\ProgramData\PMB Files
2013-05-06 20:12 - 2013-05-06 20:12 - 00000000 ____D C:\Users\***\.swt
2013-05-06 20:12 - 2013-05-06 20:12 - 00000000 ____D C:\Program Files\Pando Networks
2013-05-06 20:10 - 2013-05-06 20:10 - 03461416 ____A C:\Users\***\Downloads\LeagueofLegends.exe
2013-05-06 18:57 - 2013-05-06 18:57 - 00000000 ____D C:\Users\***\AppData\Roaming\LolClient
2013-05-05 22:16 - 2013-05-05 22:16 - 00000000 ____D C:\Users\***\AppData\Local\Chromium
2013-05-05 21:57 - 2013-05-05 22:00 - 00000000 ____D C:\Users\***\AppData\Roaming\Curse Advertising
2013-05-05 21:53 - 2013-05-05 21:53 - 00000985 ____A C:\Users\***\Desktop\Dropbox.lnk
2013-05-05 21:50 - 2013-05-31 10:40 - 00000000 ____D C:\Users\***\AppData\Local\Deployment
2013-05-05 21:50 - 2013-05-30 20:29 - 00091480 ____A C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-05 21:50 - 2013-05-28 16:01 - 00000000 ____D C:\Users\***\AppData\Roaming\Apple Computer
2013-05-05 21:50 - 2013-05-05 21:50 - 00000000 ____D C:\Users\***\AppData\Roaming\ATI
2013-05-05 21:50 - 2013-05-05 21:50 - 00000000 ____D C:\Users\***\AppData\Local\ATI
2013-05-05 20:25 - 2013-05-05 20:25 - 00091480 ____A C:\Users\***.***-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-05 20:25 - 2013-05-05 20:25 - 00000000 ____D C:\Users\***.***-PC\AppData\Roaming\ATI
2013-05-05 20:25 - 2013-05-05 20:25 - 00000000 ____D C:\Users\***.***-PC\AppData\Roaming\Apple Computer
2013-05-05 20:25 - 2013-05-05 20:25 - 00000000 ____D C:\Users\***.***-PC\AppData\Local\ATI
2013-05-05 20:24 - 2013-05-05 21:48 - 00000000 ____D C:\users\***.***-PC
2013-05-05 20:24 - 2009-12-09 17:41 - 00000000 ____D C:\Users\***.***-PC\AppData\Roaming\Macromedia
2013-05-05 18:13 - 2013-05-05 18:13 - 00000000 ____D C:\Users\***Admin\AppData\Roaming\DAEMON Tools Pro
2013-05-05 18:12 - 2013-05-05 18:12 - 00000000 ____D C:\Users\***Admin\AppData\Roaming\Apple Computer
2013-05-05 18:12 - 2013-05-05 18:12 - 00000000 ____D C:\Users\***Admin\AppData\Local\Apps\2.0
2013-05-04 23:28 - 2013-05-04 23:28 - 00000000 ____D C:\Program Files\Common Files\Solveig Multimedia
2013-05-04 23:18 - 2013-05-04 23:28 - 00000000 ____D C:\Users\***\AppData\Roaming\Solveig Multimedia
2013-05-04 23:17 - 2013-05-04 23:28 - 00000000 ____D C:\Program Files\Solveig Multimedia
2013-05-03 21:07 - 2013-05-03 21:07 - 00000000 ____D C:\Users\***\AppData\Roaming\TERA
2013-05-03 18:59 - 2013-05-03 18:59 - 00000000 ____D C:\Program Files\Rockstar Games
2013-05-03 18:58 - 2013-05-03 18:59 - 16242632 ____A (Rockstar Games) C:\Users\***\Downloads\Social Club v1.1.0.1 Setup.exe
2013-05-01 12:47 - 2013-05-01 12:47 - 00000000 ____D C:\Program Files\Common Files\WuShu_0.0.1.034
2013-05-01 12:46 - 2013-05-01 12:47 - 00000000 ____D C:\Program Files\Common Files\AgeofWushu_download
2013-05-01 12:44 - 2013-05-01 12:44 - 01905904 ____A C:\Users\***\Downloads\AgeofWushu_download.exe
2013-05-01 03:59 - 2013-05-01 03:59 - 00094208 ____A (Apple Inc.) C:\Windows\System32\QuickTimeVR.qtx
2013-05-01 03:59 - 2013-05-01 03:59 - 00069632 ____A (Apple Inc.) C:\Windows\System32\QuickTime.qts

==================== One Month Modified Files and Folders ========

2013-05-31 10:51 - 2013-05-06 20:13 - 00000000 ____D C:\Users\***\AppData\Local\PMB Files
2013-05-31 10:50 - 2013-05-31 10:50 - 00000000 ____D C:\FRST
2013-05-31 10:47 - 2013-01-13 13:42 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-31 10:46 - 2008-01-21 09:16 - 01664538 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-31 10:40 - 2013-05-05 21:50 - 00000000 ____D C:\Users\***\AppData\Local\Deployment
2013-05-31 10:40 - 2009-10-23 21:54 - 00000000 ____D C:\Users\***\AppData\Roaming\Skype
2013-05-31 10:39 - 2013-03-18 21:49 - 00000620 ____A C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-05-31 10:39 - 2012-10-15 23:38 - 00000000 ____D C:\Users\***\AppData\Roaming\Dropbox
2013-05-31 10:39 - 2009-08-13 17:29 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-31 10:38 - 2013-05-30 22:30 - 00003804 ____A C:\Windows\PFRO.log
2013-05-31 10:38 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-31 10:38 - 2006-11-02 14:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-31 10:38 - 2006-11-02 14:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-31 03:18 - 2012-05-12 10:13 - 02078697 ____A C:\Windows\WindowsUpdate.log
2013-05-31 03:18 - 2006-11-02 15:01 - 00032582 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-31 03:03 - 2009-08-13 17:29 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-30 23:30 - 2013-05-30 23:30 - 00000156 ____A C:\Users\***\defogger_reenable
2013-05-30 23:30 - 2009-07-12 12:06 - 00000000 ____D C:\users\***
2013-05-30 23:09 - 2012-10-15 23:42 - 00000000 ___RD C:\Users\***\Dropbox
2013-05-30 23:05 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\LogFiles
2013-05-30 22:44 - 2013-05-06 20:13 - 00000000 ____D C:\ProgramData\PMB Files
2013-05-30 22:44 - 2013-01-17 23:43 - 00000000 ____D C:\Users\***\Documents\Euro Truck Simulator 2
2013-05-30 22:44 - 2012-05-03 17:40 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-30 22:44 - 2011-04-21 16:10 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-05-30 22:44 - 2010-06-20 15:40 - 00000000 ____D C:\Program Files\Steam
2013-05-30 22:44 - 2010-05-03 21:40 - 00000000 ____D C:\ProgramData\DivX
2013-05-30 22:44 - 2009-07-29 21:21 - 00000000 ____D C:\Program Files\DivX
2013-05-30 22:44 - 2009-07-29 21:21 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2013-05-30 22:44 - 2009-07-14 09:54 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-05-30 22:44 - 2009-07-12 19:00 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-05-30 22:44 - 2006-11-02 14:37 - 00000000 ____D C:\Program Files\Windows Defender
2013-05-30 22:44 - 2006-11-02 13:18 - 00000000 __RSD C:\Windows\Media
2013-05-30 22:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\spool
2013-05-30 22:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\Msdtc
2013-05-30 22:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\registration
2013-05-30 20:29 - 2013-05-05 21:50 - 00091480 ____A C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-30 20:26 - 2006-11-02 14:47 - 00373664 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-30 17:20 - 2009-08-28 15:46 - 00000000 ____D C:\Program Files\mIRC
2013-05-30 14:13 - 2009-08-13 17:17 - 00001052 ____A C:\Windows\Tasks\Google Software Updater.job
2013-05-30 12:47 - 2013-05-30 12:47 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-30 12:44 - 2013-05-30 12:44 - 00001438 ____A C:\Users\***\Desktop\DivX Movies.lnk
2013-05-30 12:43 - 2013-05-30 12:43 - 00000961 ____A C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-05-30 12:43 - 2013-05-30 12:43 - 00000921 ____A C:\Users\Public\Desktop\DivX Plus Player.lnk
2013-05-30 12:41 - 2013-05-30 12:41 - 00000000 ____A C:\END
2013-05-30 12:40 - 2009-07-12 12:19 - 00000000 ____D C:\Users\***\AppData\Roaming\Adobe
2013-05-30 12:39 - 2013-05-06 21:03 - 00000000 ____D C:\Users\***\AppData\Local\Adobe
2013-05-30 12:39 - 2010-04-01 10:07 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-05-30 12:29 - 2006-11-02 12:23 - 00002577 ____A C:\Windows\System32\config.nt
2013-05-30 12:23 - 2013-05-30 12:23 - 00001833 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-05-30 12:23 - 2013-05-30 12:23 - 00000000 ____A C:\Windows\setuperr.log
2013-05-30 12:23 - 2013-05-30 12:23 - 00000000 ____A C:\Windows\setupact.log
2013-05-30 12:22 - 2013-05-30 12:22 - 00000000 ____D C:\Program Files\AVAST Software
2013-05-30 12:22 - 2013-05-30 12:21 - 00000000 ____D C:\ProgramData\AVAST Software
2013-05-30 11:22 - 2013-05-30 12:20 - 117478104 ____A C:\Users\***\Desktop\avast_free_antivirus_setup.exe
2013-05-30 11:04 - 2013-05-30 11:04 - 00000716 ____A C:\Users\***\Documents\cc_20130530_110437.reg
2013-05-30 11:03 - 2013-05-30 11:03 - 00000566 ____A C:\Users\***\Documents\cc_20130530_110348.reg
2013-05-30 11:02 - 2013-05-30 11:02 - 00001178 ____A C:\Users\***\Documents\cc_20130530_110214.reg
2013-05-30 11:00 - 2013-05-30 11:00 - 00043708 ____A C:\Users\***\Documents\cc_20130530_110002.reg
2013-05-30 10:55 - 2013-05-08 12:40 - 00000000 ____D C:\Users\***\AppData\Roaming\DAEMON Tools Lite
2013-05-30 10:55 - 2013-01-18 16:34 - 00000000 ____D C:\Users\***\AppData\Roaming\uTorrent
2013-05-30 10:55 - 2012-03-26 16:58 - 00000000 ____D C:\Users\***\AppData\Roaming\DAEMON Tools Pro
2013-05-30 10:55 - 2010-04-13 22:22 - 00000000 ____D C:\Users\***\AppData\Roaming\TS3Client
2013-05-30 10:45 - 2009-07-24 08:35 - 00000000 ____D C:\Windows\Minidump
2013-05-30 09:42 - 2012-02-25 17:46 - 00001596 ____A C:\Windows\wininit.ini
2013-05-29 01:11 - 2013-03-18 21:50 - 00000616 ____A C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-05-28 16:01 - 2013-05-05 21:50 - 00000000 ____D C:\Users\***\AppData\Roaming\Apple Computer
2013-05-28 11:45 - 2009-08-13 17:18 - 00000000 ____D C:\Users\***\AppData\Local\Google
2013-05-27 18:04 - 2013-02-07 00:43 - 00001975 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-05-27 18:00 - 2013-05-27 17:59 - 02105014 ____A C:\Users\***\Downloads\NO$GBA.rar
2013-05-27 17:55 - 2013-05-27 17:55 - 00000000 ____D C:\Users\***\Desktop\Desmume
2013-05-27 17:54 - 2013-05-27 17:54 - 02281321 ____A C:\Users\***\Downloads\desmume-0.9.9-win32.zip
2013-05-27 17:49 - 2013-05-27 17:49 - 00393024 ____A (Softonic                                        ) C:\Users\***\Downloads\SoftonicDownloader_for_winds.exe
2013-05-27 17:49 - 2006-11-02 13:18 - 00000000 ___RD C:\users\Public
2013-05-27 17:47 - 2012-04-01 07:46 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-27 17:47 - 2011-05-14 10:14 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-27 17:39 - 2013-05-27 17:38 - 91550857 ____A C:\Users\***\Downloads\POKEW2.rar
2013-05-27 17:38 - 2013-05-27 17:38 - 00066936 ____A C:\Users\***\Downloads\Dicastia.rar
2013-05-27 17:36 - 2013-05-27 17:36 - 00000482 ____A C:\Users\***\Downloads\FIX WHITE.rar
2013-05-27 17:21 - 2013-05-27 17:21 - 00000000 ____D C:\Users\***\AppData\Roaming\DealPly
2013-05-27 17:03 - 2013-05-27 17:03 - 00001730 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-05-27 17:03 - 2013-05-27 17:03 - 00000000 ____D C:\Program Files\QuickTime
2013-05-27 17:01 - 2013-05-27 17:01 - 00001502 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-05-27 17:01 - 2013-05-27 17:00 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-05-27 17:00 - 2013-05-27 17:00 - 00000000 ____D C:\Program Files\iPod
2013-05-27 00:55 - 2013-05-27 00:55 - 00001280 ____A C:\Users\***\Downloads\XXXX_-_Pok_mon_-_White_Version_2_USA_PATCHED_Mawile_.rar.torrent
2013-05-27 00:30 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-26 19:45 - 2012-12-18 17:46 - 00000318 ____A C:\Users\***\Desktop\Curse Client.appref-ms
2013-05-16 15:09 - 2010-11-16 15:58 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-05-16 15:03 - 2013-05-16 15:03 - 00000000 ____D C:\Users\***\AppData\Local\Apple Computer
2013-05-16 12:44 - 2006-11-02 12:24 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-05-15 19:43 - 2013-05-15 19:43 - 03327619 ____A C:\Users\***\Downloads\FuBar.rar
2013-05-15 19:43 - 2013-05-15 19:43 - 00549150 ____A C:\Users\***\Downloads\Prat.rar
2013-05-15 19:43 - 2013-05-15 19:43 - 00442190 ____A C:\Users\***\Downloads\Gatherer.rar
2013-05-15 19:42 - 2013-05-15 19:42 - 03067145 ____A C:\Users\***\Downloads\AuctioneerFullSuite-5.0.PRE.2953.rar
2013-05-15 19:42 - 2013-05-15 19:42 - 00202100 ____A C:\Users\***\Downloads\MobInfo2.rar
2013-05-15 19:42 - 2013-05-15 19:42 - 00182381 ____A C:\Users\***\Downloads\Chatter.rar
2013-05-15 19:42 - 2013-05-15 19:42 - 00129837 ____A C:\Users\***\Downloads\Postal-r82138.1.zip
2013-05-15 19:42 - 2013-05-15 19:42 - 00024160 ____A C:\Users\***\Downloads\TheBurningTrade-release-0803.zip
2013-05-15 19:41 - 2013-05-15 19:41 - 04850713 ____A C:\Users\***\Downloads\Comix.rar
2013-05-15 19:41 - 2013-05-15 19:41 - 01961581 ____A C:\Users\***\Downloads\Bejeweled.zip
2013-05-15 19:41 - 2013-05-15 19:41 - 00353811 ____A C:\Users\***\Downloads\Outfitter.rar
2013-05-15 19:41 - 2013-05-15 19:41 - 00180476 ____A C:\Users\***\Downloads\PallyPower.rar
2013-05-15 19:40 - 2013-05-15 19:40 - 04004876 ____A C:\Users\***\Downloads\QuestHelper.rar
2013-05-15 19:40 - 2013-05-15 19:40 - 02429855 ____A C:\Users\***\Downloads\MobMap.zip
2013-05-15 19:40 - 2013-05-15 19:40 - 00096311 ____A C:\Users\***\Downloads\Ace2.rar
2013-05-15 19:39 - 2013-05-15 19:39 - 00000832 ____A C:\Users\***\Desktop\Wow.exe - Verknüpfung.lnk
2013-05-15 15:02 - 2013-05-15 15:02 - 00000000 ____D C:\Users\***\Documents\My Games
2013-05-15 15:02 - 2013-05-15 15:02 - 00000000 ____D C:\Users\***\AppData\Local\My Games
2013-05-14 23:29 - 2009-08-11 14:11 - 00000000 ____D C:\Users\***\AppData\Local\Activision
2013-05-14 16:37 - 2013-04-10 21:54 - 00000000 ____D C:\Users\***\Documents\Cities In Motion
2013-05-14 13:14 - 2011-11-20 20:18 - 00000000 ____D C:\Users\***\AppData\Roaming\.minecraft
2013-05-14 12:04 - 2013-05-14 12:04 - 00011157 ____A C:\Users\***\Downloads\b2b (1).torrent
2013-05-14 12:04 - 2013-05-14 12:03 - 00011157 ____A C:\Users\***\Downloads\b2b.torrent
2013-05-14 12:04 - 2013-01-18 16:35 - 00000000 ____D C:\Program Files\uTorrent
2013-05-12 13:12 - 2011-03-30 18:01 - 00000000 ____D C:\Program Files\Yuna Software
2013-05-12 04:16 - 2013-05-12 04:15 - 27862207 ____A C:\Users\***\Downloads\Wallpaper collection 3 - Imgur.zip
2013-05-10 22:27 - 2013-05-10 22:27 - 00000000 ____D C:\Users\***\AppData\Local\Apple
2013-05-09 20:06 - 2013-05-09 20:06 - 00000000 ____D C:\Users\***\Documents\Criterion Games
2013-05-09 15:38 - 2013-05-09 15:38 - 00000000 ____D C:\Users\***\Documents\SimCity
2013-05-09 15:36 - 2013-05-09 15:36 - 00000000 ____D C:\Users\***\AppData\Local\Origin
2013-05-09 13:56 - 2010-01-29 19:21 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-05-09 13:56 - 2010-01-06 09:05 - 00000000 ____D C:\Users\***\Desktop\Spiele Ordner
2013-05-09 10:59 - 2013-05-30 12:23 - 00765736 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-05-09 10:59 - 2013-05-30 12:23 - 00368944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-05-09 10:59 - 2013-05-30 12:23 - 00174664 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-05-09 10:59 - 2013-05-30 12:23 - 00066336 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-05-09 10:59 - 2013-05-30 12:23 - 00056080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-05-09 10:59 - 2013-05-30 12:23 - 00049760 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2013-05-09 10:59 - 2013-05-30 12:23 - 00049376 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-05-09 10:59 - 2013-05-30 12:23 - 00029816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-05-09 10:58 - 2013-05-30 12:23 - 00229648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-05-09 10:58 - 2013-05-30 12:23 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-05-09 01:14 - 2013-05-09 01:14 - 00000000 ____D C:\Users\***\AppData\Local\DDMSettings
2013-05-08 12:44 - 2013-05-08 12:37 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-05-08 12:40 - 2013-05-08 12:40 - 00242240 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2013-05-08 12:40 - 2013-05-08 12:40 - 00000000 ____D C:\Users\***\AppData\Roaming\OpenCandy
2013-05-08 12:40 - 2013-05-08 12:40 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2013-05-08 12:37 - 2013-05-08 12:37 - 13901152 ____A (Disc Soft Ltd) C:\Users\***\Downloads\DTLite4471-0333.exe
2013-05-07 15:56 - 2013-05-07 12:39 - 2051461517 ____A C:\Users\***\Downloads\KingdomHearts_0.7z
2013-05-07 12:34 - 2013-05-07 12:33 - 10031422 ____A C:\Users\***\Downloads\Playstation-2-Bios-Pack.7z
2013-05-07 12:30 - 2013-05-07 12:30 - 00000000 ____D C:\Users\***\Documents\PCSX2
2013-05-07 12:28 - 2011-02-20 17:54 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-05-07 12:28 - 2011-02-20 17:54 - 00000000 ____D C:\Windows\System32\directx
2013-05-07 12:26 - 2013-05-07 12:26 - 08945660 ____A C:\Users\***\Downloads\pcsx2-1.0.0-r5350-setup.exe
2013-05-07 11:19 - 2013-05-07 11:19 - 00155827 ____A C:\Users\***\Downloads\proxtube.crx
2013-05-07 10:50 - 2009-07-29 17:23 - 00000000 ____D C:\Program Files\Common Files\Blizzard Entertainment
2013-05-06 21:51 - 2013-05-06 21:51 - 00000000 ____D C:\Users\***\AppData\Local\Macromedia
2013-05-06 21:50 - 2013-05-06 21:50 - 00000000 ____D C:\Users\***\AppData\Local\Mozilla
2013-05-06 21:24 - 2009-07-15 23:07 - 00096768 ____A C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-06 21:20 - 2012-01-11 15:20 - 00000000 ____D C:\Users\***\AppData\Roaming\Applian FLV and Media Player
2013-05-06 21:18 - 2013-05-06 21:18 - 00000000 ____D C:\Users\***\AppData\Roaming\DivX
2013-05-06 21:06 - 2013-05-06 21:06 - 09232280 ____A (Wargaming.net                                               ) C:\Users\***\Downloads\WoT_internet_install_na.exe
2013-05-06 20:53 - 2008-03-21 15:33 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-05-06 20:12 - 2013-05-06 20:12 - 00000000 ____D C:\Users\***\.swt
2013-05-06 20:12 - 2013-05-06 20:12 - 00000000 ____D C:\Program Files\Pando Networks
2013-05-06 20:10 - 2013-05-06 20:10 - 03461416 ____A C:\Users\***\Downloads\LeagueofLegends.exe
2013-05-06 18:57 - 2013-05-06 18:57 - 00000000 ____D C:\Users\***\AppData\Roaming\LolClient
2013-05-06 16:50 - 2011-12-21 12:51 - 00000000 ____D C:\Users\***\Documents\Rockstar Games
2013-05-05 22:16 - 2013-05-05 22:16 - 00000000 ____D C:\Users\***\AppData\Local\Chromium
2013-05-05 22:00 - 2013-05-05 21:57 - 00000000 ____D C:\Users\***\AppData\Roaming\Curse Advertising
2013-05-05 21:53 - 2013-05-05 21:53 - 00000985 ____A C:\Users\***\Desktop\Dropbox.lnk
2013-05-05 21:50 - 2013-05-05 21:50 - 00000000 ____D C:\Users\***\AppData\Roaming\ATI
2013-05-05 21:50 - 2013-05-05 21:50 - 00000000 ____D C:\Users\***\AppData\Local\ATI
2013-05-05 21:48 - 2013-05-05 20:24 - 00000000 ____D C:\users\***.***-PC
2013-05-05 21:47 - 2013-04-09 19:07 - 00000000 ____D C:\Users\***\AppData\Local\Play withSIX
2013-05-05 21:47 - 2013-01-13 00:13 - 00000000 ____D C:\Users\***\Documents\StarCraft II
2013-05-05 21:47 - 2012-12-07 16:16 - 00000000 ____D C:\Users\***\Desktop\Hochschule
2013-05-05 21:47 - 2012-12-02 20:09 - 00000000 ____D C:\users\hedev
2013-05-05 21:47 - 2012-11-05 19:54 - 00000000 ____D C:\Users\***\Downloads\V.For.Vendetta[2005]DvDrip[Eng]-aXXo
2013-05-05 21:47 - 2012-10-28 08:47 - 00000000 ____D C:\Users\***\{0710efab-797e-4470-9aa7-eb2d364bee34}
2013-05-05 21:47 - 2012-10-26 19:18 - 00000000 ____D C:\Users\***\Documents\FUSSBALL MANAGER 13
2013-05-05 21:47 - 2012-09-09 17:06 - 00000000 ____D C:\Users\***\Documents\Electronic Arts
2013-05-05 21:47 - 2012-07-25 23:36 - 00000000 ____D C:\Users\***\AppData\Roaming\gslist
2013-05-05 21:47 - 2012-07-10 23:52 - 00000000 ____D C:\Users\***\AppData\Local\SIX_Projects
2013-05-05 21:47 - 2012-07-09 21:58 - 00000000 ____D C:\Users\***\Documents\ArmA 2
2013-05-05 21:47 - 2012-06-03 19:51 - 00000000 ____D C:\Users\***\AppData\Local\Unity
2013-05-05 21:47 - 2012-03-17 16:48 - 00000000 ____D C:\Users\***\Documents\BioWare
2013-05-05 21:47 - 2012-01-25 01:09 - 00000000 ____D C:\Users\***\AppData\Roaming\.spoutcraft
2013-05-05 21:47 - 2011-12-26 10:33 - 00000000 ____D C:\Users\***\Documents\My Curse
2013-05-05 21:47 - 2011-11-21 16:10 - 00000000 ____D C:\Users\***\Downloads\Minecraft Backup Tool Source v1.0.4
2013-05-05 21:47 - 2011-10-22 23:06 - 00000000 ____D C:\Users\***\Documents\Sammelordner
2013-05-05 21:47 - 2011-10-05 21:55 - 00000000 ____D C:\Users\***\AppData\Local\Turbine
2013-05-05 21:47 - 2011-06-28 22:45 - 00000000 ____D C:\Users\***\AppData\Local\Rockstar Games
2013-05-05 21:47 - 2011-03-23 19:40 - 00000000 ____D C:\Users\***\AppData\Roaming\Intelli-studio
2013-05-05 21:47 - 2010-11-16 16:03 - 00000000 ____D C:\Users\***\AppData\Roaming\Canon
2013-05-05 21:47 - 2010-11-10 01:29 - 00000000 ____D C:\Users\***\AppData\Roaming\FreeFLVConverter
2013-05-05 21:47 - 2010-11-06 08:10 - 00000000 ____D C:\Users\***\AppData\Roaming\gtk-2.0
2013-05-05 21:47 - 2010-08-26 10:14 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-05-05 21:47 - 2010-07-03 23:25 - 00000000 ____D C:\Users\***\Downloads\Cover
2013-05-05 21:47 - 2010-01-18 20:50 - 00000000 ____D C:\Users\***\AppData\Roaming\DeepBurner
2013-05-05 21:47 - 2009-10-26 17:56 - 00000000 ____D C:\Users\***\AppData\Roaming\dvdcss
2013-05-05 21:47 - 2009-08-20 11:37 - 00000000 ____D C:\Users\***\AppData\Local\PunkBuster
2013-05-05 21:47 - 2009-07-29 19:16 - 00000000 ____D C:\users\***Admin
2013-05-05 21:47 - 2009-07-12 12:07 - 00000000 ____D C:\Users\***\AppData\Roaming\Macromedia
2013-05-05 21:47 - 2009-07-12 12:06 - 00000000 ____D C:\Users\***\AppData\Local\VirtualStore
2013-05-05 21:47 - 2006-11-02 12:22 - 59506688 ____A C:\Windows\System32\config\software_previous
2013-05-05 21:47 - 2006-11-02 12:22 - 38273024 ____A C:\Windows\System32\config\components_previous
2013-05-05 21:47 - 2006-11-02 12:22 - 33292288 ____A C:\Windows\System32\config\system_previous
2013-05-05 21:47 - 2006-11-02 12:22 - 05242880 ____A C:\Windows\System32\config\default_previous
2013-05-05 21:47 - 2006-11-02 12:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2013-05-05 21:47 - 2006-11-02 12:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2013-05-05 21:46 - 2013-02-05 21:16 - 00000000 ____D C:\Users\***\.towns
2013-05-05 21:46 - 2012-12-20 16:43 - 00000000 ____D C:\Users\***\AppData\Local\CCP
2013-05-05 21:46 - 2012-07-09 21:58 - 00000000 ____D C:\Users\***\AppData\Local\ArmA 2 OA
2013-05-05 21:46 - 2012-01-22 16:46 - 00000000 ____D C:\Users\***\AppData\Local\Electronic_Arts_Inc
2013-05-05 21:46 - 2011-12-15 00:55 - 00000000 ____D C:\Users\***\AppData\Local\Messenger_Plus_Live
2013-05-05 21:46 - 2011-08-23 18:21 - 00000000 ____D C:\Users\***\AppData\Local\2K Games
2013-05-05 21:46 - 2010-10-15 19:48 - 00000000 ____D C:\Users\***\AppData\Local\Downloaded Installations
2013-05-05 21:46 - 2010-01-06 09:15 - 00000000 ____D C:\Users\***\AppData\Local\Apps\2.0
2013-05-05 21:46 - 2009-07-31 19:57 - 00000000 ____D C:\Users\***\AppData\Local\Acer HomeMedia
2013-05-05 21:46 - 2009-07-24 09:00 - 00000000 ____D C:\Users\***\AppData\Local\Acer Arcade Live
2013-05-05 21:46 - 2009-07-16 18:52 - 00000000 ____D C:\Users\***\AppData\Local\Microsoft Games
2013-05-05 21:25 - 2013-05-16 12:57 - 12324864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-05 21:12 - 2013-05-16 12:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-05 20:25 - 2013-05-05 20:25 - 00091480 ____A C:\Users\***.***-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-05 20:25 - 2013-05-05 20:25 - 00000000 ____D C:\Users\***.***-PC\AppData\Roaming\ATI
2013-05-05 20:25 - 2013-05-05 20:25 - 00000000 ____D C:\Users\***.***-PC\AppData\Roaming\Apple Computer
2013-05-05 20:25 - 2013-05-05 20:25 - 00000000 ____D C:\Users\***.***-PC\AppData\Local\ATI
2013-05-05 18:13 - 2013-05-05 18:13 - 00000000 ____D C:\Users\***Admin\AppData\Roaming\DAEMON Tools Pro
2013-05-05 18:12 - 2013-05-05 18:12 - 00000000 ____D C:\Users\***Admin\AppData\Roaming\Apple Computer
2013-05-05 18:12 - 2013-05-05 18:12 - 00000000 ____D C:\Users\***Admin\AppData\Local\Apps\2.0
2013-05-05 18:12 - 2009-07-29 19:16 - 00091480 ____A C:\Users\***Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-05 17:57 - 2012-11-30 19:26 - 00000000 ____D C:\ProgramData\LogiShrd
2013-05-04 23:28 - 2013-05-04 23:28 - 00000000 ____D C:\Program Files\Common Files\Solveig Multimedia
2013-05-04 23:28 - 2013-05-04 23:18 - 00000000 ____D C:\Users\***\AppData\Roaming\Solveig Multimedia
2013-05-04 23:28 - 2013-05-04 23:17 - 00000000 ____D C:\Program Files\Solveig Multimedia
2013-05-03 21:07 - 2013-05-03 21:07 - 00000000 ____D C:\Users\***\AppData\Roaming\TERA
2013-05-03 21:07 - 2013-04-11 22:11 - 00000000 ____D C:\Program Files\TERA
2013-05-03 18:59 - 2013-05-03 18:59 - 00000000 ____D C:\Program Files\Rockstar Games
2013-05-03 18:59 - 2013-05-03 18:58 - 16242632 ____A (Rockstar Games) C:\Users\***\Downloads\Social Club v1.1.0.1 Setup.exe
2013-05-02 17:28 - 2009-10-03 12:02 - 00238872 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-01 12:47 - 2013-05-01 12:47 - 00000000 ____D C:\Program Files\Common Files\WuShu_0.0.1.034
2013-05-01 12:47 - 2013-05-01 12:46 - 00000000 ____D C:\Program Files\Common Files\AgeofWushu_download
2013-05-01 12:44 - 2013-05-01 12:44 - 01905904 ____A C:\Users\***\Downloads\AgeofWushu_download.exe
2013-05-01 04:21 - 2013-03-18 21:50 - 00000446 ____A C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-05-01 03:59 - 2013-05-01 03:59 - 00094208 ____A (Apple Inc.) C:\Windows\System32\QuickTimeVR.qtx
2013-05-01 03:59 - 2013-05-01 03:59 - 00069632 ____A (Apple Inc.) C:\Windows\System32\QuickTime.qts

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-113361981-1870090669-3917253512-1000\$92f17601971574f9aaac66ad5eb4df25

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$92f17601971574f9aaac66ad5eb4df25

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client


Last Boot: 2013-05-31 10:45

==================== End Of Log ============================

Addition Log:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-05-2013
Ran by *** at 2013-05-31 10:51:26 Run:
Running from G:\
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

µTorrent (Version: 3.2.3.28705)
7-Zip 9.20
Acer eDataSecurity Management (Version: 2.8.4360)
Acer Empowering Technology (Version: 2.5.4301)
Acer ePerformance Management (Version: 2.5.4002)
Acer eSettings Management (Version: 2.5.4302)
Adobe AIR (Version: 3.7.0.1860)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7)
Age of Wushu (Version: 0.0.1.034)
AMD APP SDK Runtime (Version: 2.5.793.1)
AMD Catalyst Install Manager (Version: 8.0.877.0)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Applian FLV and Media Player 3.1.1.12 (Version: 3.1.1.12)
Application Profiles (Version: 2.0.4331.36041)
Application Profiles (Version: 2.0.4399.36214)
ATI Catalyst Registration (Version: 3.00.0000)
avast! Free Antivirus (Version: 8.0.1489.0)
BattlEye for OA Uninstall
Bonjour (Version: 3.0.0.10)
Call of Duty(R) - World at War(TM) 1.1 Patch
Call of Duty(R) - World at War(TM) 1.2 Patch
Call of Duty(R) - World at War(TM) 1.3 Patch
Call of Duty(R) - World at War(TM) 1.4 Patch
Call of Duty(R) - World at War(TM) 1.4 Patch (Version: 1.4)
Call of Duty(R) - World at War(TM) 1.4.1 Patch
Call of Duty(R) - World at War(TM) 1.5 Patch
Call of Duty(R) - World at War(TM) 1.5 Patch (Version: 1.5)
Call of Duty(R) - World at War(TM) 1.6 Patch
Call of Duty(R) - World at War(TM) 1.6 Patch (Version: 1.6)
Call of Duty(R) - World at War(TM) 1.7 Patch
Call of Duty(R) - World at War(TM) 1.7 Patch (Version: 1.7)
Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch (Version: 1.1)
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch (Version: 1.2)
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch (Version: 1.3)
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch (Version: 1.4)
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch (Version: 1.5)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (Version: 1.6)
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (Version: 1.7)
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MG5100 series Benutzerregistrierung
Canon MG5100 series MP Drivers
Canon MP Navigator EX 4.0
Canon My Printer
Canon Solution Menu EX
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2011.1025.2231.38573)
Catalyst Control Center (Version: 2012.1116.1515.27190)
Catalyst Control Center Graphics Previews Common (Version: 2011.1025.2231.38573)
Catalyst Control Center Graphics Previews Common (Version: 2012.1116.1515.27190)
Catalyst Control Center InstallProxy (Version: 2012.1116.1515.27190)
Catalyst Control Center Localization All (Version: 2012.1116.1515.27190)
CCC Help Chinese Standard (Version: 2012.1116.1514.27190)
CCC Help Chinese Traditional (Version: 2012.1116.1514.27190)
CCC Help Czech (Version: 2012.1116.1514.27190)
CCC Help Danish (Version: 2012.1116.1514.27190)
CCC Help Dutch (Version: 2012.1116.1514.27190)
CCC Help English (Version: 2011.1025.2230.38573)
CCC Help English (Version: 2012.1116.1514.27190)
CCC Help Finnish (Version: 2012.1116.1514.27190)
CCC Help French (Version: 2012.1116.1514.27190)
CCC Help German (Version: 2012.1116.1514.27190)
CCC Help Greek (Version: 2012.1116.1514.27190)
CCC Help Hungarian (Version: 2012.1116.1514.27190)
CCC Help Italian (Version: 2012.1116.1514.27190)
CCC Help Japanese (Version: 2012.1116.1514.27190)
CCC Help Korean (Version: 2012.1116.1514.27190)
CCC Help Norwegian (Version: 2012.1116.1514.27190)
CCC Help Polish (Version: 2012.1116.1514.27190)
CCC Help Portuguese (Version: 2012.1116.1514.27190)
CCC Help Russian (Version: 2012.1116.1514.27190)
CCC Help Spanish (Version: 2012.1116.1514.27190)
CCC Help Swedish (Version: 2012.1116.1514.27190)
CCC Help Thai (Version: 2012.1116.1514.27190)
CCC Help Turkish (Version: 2012.1116.1514.27190)
ccc-utility (Version: 2011.1025.2231.38573)
ccc-utility (Version: 2012.1116.1515.27190)
CCleaner (Version: 4.00)
Cisco Systems VPN Client 5.0.07.0290 (Version: 5.0.6)
Cities in Motion
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
CPUID CPU-Z 1.62
Curse Client (Version: 5.1.1.792)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.47.1.0333)
DayZ Commander (Version: 0.9.121)
Dead Space™ 3 (Version: 1.0.0.0)
Defraggler (Version: 2.14)
Diablo III (Version: 1.0.7.15295)
DivX Converter (Version: 7.1.0)
DivX Plus DirectShow Filters
DivX-Setup (Version: 2.6.1.44)
Dropbox (Version: 1.6.18)
DU Meter (Version: 3.50 Build R2822)
ESN Sonar (Version: 0.70.4)
Euro Truck Simulator 2 (Version: 1.1.1)
FLV Player 2.0 (build 25) (Version: 2.0 (build 25))
Free YouTube Downloader 3.5.136
FUSSBALL MANAGER 13 (Version: 1.0.0.0)
Google Chrome (Version: 27.0.1453.94)
Google Earth (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.145)
Google Updater (Version: 2.4.2432.1652)
ICQ7.6 (Version: 7.6)
iTunes (Version: 11.0.3.42)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Junk Mail filter update (Version: 15.4.3502.0922)
L.A. Noire
League of Legends (Version: 1.3)
LightScribe  1.4.142.1 (Version: 1.4.142.1)
Logitech Gaming Software 5.10 (Version: 5.10.127)
Logitech Vid HD (Version: 7.2 (7230))
Logitech Webcam Software (Version: 12.10.1113)
Logitech Webcam Software-Treiberpaket (Version: 12.10.1110)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Mass Effect (Version: 1.02)
Mass Effect 2 (Version: 1.02)
Mass Effect™ 3 (Version: 1.0.0.0)
maxdome Download Manager 4.1.300.78 (Version: 4.1.30078)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 3.5 Language Pack - DEU
Microsoft .NET Framework 3.5 Language Pack - deu (Version: 3.5.21022)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 08.05.0822)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
mIRC (Version: 6.35)
MosChip Multi-IO Controller
MotoHelper MergeModules (Version: 1.0.0)
MotoHelper MergeModules (Version: 1.2.0)
Mozilla Firefox 21.0 (x86 de) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSI to redistribute MS VS2005 CRT libraries (Version: 8.0.50727.42)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MSXML4 Parser (Version: 1.0.0)
Need for Speed: Hot Pursuit
NETGEAR WG311v3 PCI Adapter (Version: 1.00)
NTI Backup NOW! 4.7 (Version: 1.00.0000)
NTI CD & DVD-Maker (Version: 7)
NVIDIA Drivers
NVIDIA PhysX (Version: 9.11.1107)
OpenOffice.org 3.2 (Version: 3.2.9502)
Origin (Version: 8.5.0.4554)
Pando Media Booster (Version: 2.6.0.9)
PCSX2 - Playstation 2 Emulator
PDF Creator (Remove Only)
Play withSIX (Version: 1.30.0434)
PunkBuster Services (Version: 0.991)
Quantum of Solace(TM) 1.1 Patch
QuickTime (Version: 7.74.80.86)
Razer DeathAdder(TM) Mouse (Version: 3.05)
Razer Lycosa (Version: 3.02)
Realtek High Definition Audio Driver (Version: 6.0.1.6392)
Revo Uninstaller 1.94 (Version: 1.94)
Rockstar Games Social Club (Version: 1.1.0.1)
SAMSUNG Intelli-studio
Segoe UI (Version: 15.4.2271.0615)
Shrew Soft VPN Client
Sid Meier's Civilization V
SimCity™ (Version: 1.0.0.0)
Six Updater (Version: 2.09.7038)
Skype web features (Version: 1.0.3971)
Skype™ 6.3 (Version: 6.3.105)
SpeedFan (remove only)
SpeedSim (Version: 0.9.8.1b)
Spybot - Search & Destroy (Version: 2.0.12)
SSH Secure Shell
StarCraft II (Version: 2.0.7.25293)
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
TeamSpeak 3 Client (Version: 3.0.10.1)
TERA (Version: 19.04.02.03.hf3)
The Day After patch 1.2 (Version: )
The Lord of the Rings FREE Trial  (Version: 1.00.0000)
Total War: SHOGUN 2
TS3 Overlay (Version: 2.0.18)
Ubisoft Game Launcher (Version: 1.0.0.0)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Warcraft III
Warcraft III: All Products
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR
World of Tanks

==================== Restore Points  =========================

16-05-2013 10:39:22 Windows Update
26-05-2013 17:38:32 Windows Update
28-05-2013 15:19:30 Geplanter Prüfpunkt
30-05-2013 01:52:12 Geplanter Prüfpunkt
30-05-2013 07:51:08 Revo Uninstaller's restore point - Call of Duty: Black Ops
30-05-2013 10:22:12 avast! Free Antivirus Setup
30-05-2013 14:32:07 Wiederherstellungsvorgang
30-05-2013 18:56:40 Wiederherstellungsvorgang
30-05-2013 19:30:53 Wiederherstellungsvorgang
30-05-2013 19:46:01 Wiederherstellungsvorgang
30-05-2013 20:08:21 Wiederherstellungsvorgang

==================== Hosts content: ==========================

127.0.0.1	localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com

There are 1000 more lines starting with "127.0.0.1"


==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/31/2013 00:08:56 AM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (05/30/2013 11:47:44 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung gmer_2.1.19163.exe, Version 2.1.19163.0, Zeitstempel 0x515d31f0, fehlerhaftes Modul gmer_2.1.19163.exe, Version 2.1.19163.0, Zeitstempel 0x515d31f0, Ausnahmecode 0xc0000005, Fehleroffset 0x00012288,
Prozess-ID 0x1fb8, Anwendungsstartzeit gmer_2.1.19163.exe0.

Error: (05/30/2013 10:46:38 PM) (Source: System Restore) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Windows Update). Zusätzliche Informationen: .

Error: (05/30/2013 10:35:55 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (05/30/2013 10:29:16 PM) (Source: System Restore) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Windows Update). Zusätzliche Informationen: .

Error: (05/30/2013 10:08:27 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service NisSrv since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (05/30/2013 10:05:39 PM) (Source: System Restore) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Windows Update). Zusätzliche Informationen: .

Error: (05/30/2013 09:46:27 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service NisSrv since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (05/30/2013 09:44:57 PM) (Source: System Restore) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Windows Update). Zusätzliche Informationen: .

Error: (05/30/2013 09:30:59 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service NisSrv since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.


System errors:
=============
Error: (05/31/2013 10:39:46 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070006

Error: (05/31/2013 10:39:19 AM) (Source: Service Control Manager) (User: )
Description: Windows-Defender%%5

Error: (05/31/2013 10:39:19 AM) (Source: Service Control Manager) (User: )
Description: Microsoft Antimalware Service%%5

Error: (05/31/2013 02:28:38 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070006

Error: (05/31/2013 02:28:19 AM) (Source: Service Control Manager) (User: )
Description: Windows-Defender%%5

Error: (05/31/2013 02:28:19 AM) (Source: Service Control Manager) (User: )
Description: Microsoft Antimalware Service%%5

Error: (05/31/2013 02:28:04 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 31.05.2013 um 02:26:49 unerwartet heruntergefahren.

Error: (05/31/2013 02:20:51 AM) (Source: disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk6\DR7.

Error: (05/31/2013 02:15:47 AM) (Source: disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk6\DR7.

Error: (05/31/2013 02:15:43 AM) (Source: disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk6\DR7.


Microsoft Office Sessions:
=========================
Error: (05/31/2013 00:08:56 AM) (Source: Perflib)(User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (05/30/2013 11:47:44 PM) (Source: Application Error)(User: )
Description: gmer_2.1.19163.exe2.1.19163.0515d31f0gmer_2.1.19163.exe2.1.19163.0515d31f0c0000005000122881fb801ce5d7eba0a10d1

Error: (05/30/2013 10:46:38 PM) (Source: System Restore)(User: )
Description: Windows Update

Error: (05/30/2013 10:35:55 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (05/30/2013 10:29:16 PM) (Source: System Restore)(User: )
Description: Windows Update

Error: (05/30/2013 10:08:27 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service NisSrv since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (05/30/2013 10:05:39 PM) (Source: System Restore)(User: )
Description: Windows Update

Error: (05/30/2013 09:46:27 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service NisSrv since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (05/30/2013 09:44:57 PM) (Source: System Restore)(User: )
Description: Windows Update

Error: (05/30/2013 09:30:59 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service NisSrv since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.


CodeIntegrity Errors:
===================================
  Date: 2013-05-31 10:51:08.063
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-31 10:51:07.829
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-31 10:51:07.595
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-31 10:51:07.361
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-30 23:38:11.439
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-30 23:38:11.205
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-30 23:38:10.971
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-30 23:38:10.737
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-30 23:38:10.503
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-30 23:38:10.238
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 34%
Total physical RAM: 3070.32 MB
Available physical RAM: 2008.05 MB
Total Pagefile: 6362.72 MB
Available Pagefile: 4759.08 MB
Total Virtual: 3071.88 MB
Available Virtual: 2929.19 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:293.33 GB) (Free:51.15 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:293.08 GB) (Free:76.96 GB) NTFS
Drive g: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:898.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 4CD01D16)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=293 GB) - (Type=06)
Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows Vista) (Size: 932 GB) (Disk ID: 934BDD79)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

aharonov · 31.05.2013, 10:57

Hallo,

ja du hast noch ZeroAccess drauf. Deswegen sind MSE und der Defender inaktiv..

Schritt 1

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Bitte poste in deiner nächsten Antwort:

Log von Combofix

Meradock · 31.05.2013, 12:16

So hier ist die log datei. Während dem Scan gab es keinerlei probleme:

Code:

ATTFilter

ComboFix 13-05-31.01 - *** 31.05.2013  12:55:38.3.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1856 [GMT 2:00]
ausgeführt von:: G:\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\AppData\Roaming\inst.exe
c:\users\***\AppData\Roaming\Microsoft\Windows\Recent\fhhn.pcf.URL
c:\users\***\AppData\Roaming\mIRC\logs\status.log
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\TEMP\logishrd\LVPrcInj06.dll
c:\windows\wininit.ini
G:\autorun.inf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-28 bis 2013-05-31  ))))))))))))))))))))))))))))))
.
.
2013-05-31 11:04 . 2013-05-31 11:07	--------	d-----w-	c:\users\***\AppData\Local\temp
2013-05-31 11:04 . 2013-05-31 11:04	--------	d-----w-	c:\users\Public\AppData\Local\temp
2013-05-31 11:04 . 2013-05-31 11:04	--------	d-----w-	c:\users\hedev\AppData\Local\temp
2013-05-31 11:04 . 2013-05-31 11:04	--------	d-----w-	c:\users\***Admin\AppData\Local\temp
2013-05-31 11:04 . 2013-05-31 11:04	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-31 11:04 . 2013-05-31 11:04	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2013-05-31 08:50 . 2013-05-31 08:50	--------	d-----w-	C:\FRST
2013-05-30 10:23 . 2013-05-09 08:59	368944	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-05-30 10:23 . 2013-05-09 08:59	29816	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-05-30 10:23 . 2013-05-09 08:59	56080	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-05-30 10:23 . 2013-05-09 08:59	49760	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2013-05-30 10:23 . 2013-05-09 08:59	765736	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-05-30 10:23 . 2013-05-09 08:59	174664	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-05-30 10:23 . 2013-05-09 08:59	49376	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-05-30 10:23 . 2013-05-09 08:59	66336	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-05-30 10:23 . 2013-05-09 08:58	229648	----a-w-	c:\windows\system32\aswBoot.exe
2013-05-30 10:23 . 2013-05-09 08:58	41664	----a-w-	c:\windows\avastSS.scr
2013-05-30 10:22 . 2013-05-30 10:22	--------	d-----w-	c:\program files\AVAST Software
2013-05-30 10:21 . 2013-05-30 10:22	--------	d-----w-	c:\programdata\AVAST Software
2013-05-27 15:21 . 2013-05-27 15:21	--------	d-----w-	c:\users\***\AppData\Roaming\DealPly
2013-05-27 15:03 . 2013-05-27 15:03	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-27 15:03 . 2013-05-27 15:03	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-27 15:03 . 2013-05-27 15:03	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-27 15:03 . 2013-05-27 15:03	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-27 15:03 . 2013-05-27 15:03	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-05-27 15:03 . 2013-05-27 15:03	--------	d-----w-	c:\program files\QuickTime
2013-05-27 15:00 . 2013-05-27 15:00	--------	d-----w-	c:\program files\iPod
2013-05-27 15:00 . 2013-05-27 15:01	--------	d-----w-	c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-05-26 18:23 . 2013-05-26 17:40	724464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F72FC9DF-09FB-4C82-8B23-79F55DCE5E54}\gapaengine.dll
2013-05-26 17:47 . 2013-05-13 06:19	7016152	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{564D8A7B-7C35-4B24-9B65-19725CA3621C}\mpengine.dll
2013-05-16 13:12 . 2013-05-13 06:19	7016152	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-16 13:03 . 2013-05-16 13:03	--------	d-----w-	c:\users\***\AppData\Local\Apple Computer
2013-05-16 10:57 . 2013-05-05 19:12	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-05-15 13:02 . 2013-05-15 13:02	--------	d-----w-	c:\users\***\AppData\Local\My Games
2013-05-15 08:20 . 2013-04-15 14:20	638328	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 08:20 . 2013-04-13 10:56	37376	----a-w-	c:\windows\system32\cdd.dll
2013-05-15 08:20 . 2013-04-09 01:36	2049024	----a-w-	c:\windows\system32\win32k.sys
2013-05-10 20:27 . 2013-05-10 20:27	--------	d-----w-	c:\users\***\AppData\Local\Apple
2013-05-10 07:57 . 2013-05-10 07:57	187456	----a-w-	c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-05-09 13:36 . 2013-05-09 13:36	--------	d-----w-	c:\users\***\AppData\Local\Origin
2013-05-08 23:14 . 2013-05-08 23:14	--------	d-----w-	c:\users\***\AppData\Local\DDMSettings
2013-05-08 10:40 . 2013-05-08 10:40	242240	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2013-05-08 10:40 . 2013-05-30 08:55	--------	d-----w-	c:\users\***\AppData\Roaming\DAEMON Tools Lite
2013-05-08 10:40 . 2013-05-08 10:40	--------	d-----w-	c:\program files\DAEMON Tools Lite
2013-05-08 10:40 . 2013-05-08 10:40	--------	d-----w-	c:\users\***\AppData\Roaming\OpenCandy
2013-05-08 10:37 . 2013-05-08 10:44	--------	d-----w-	c:\programdata\DAEMON Tools Lite
2013-05-06 19:51 . 2013-05-06 19:51	--------	d-----w-	c:\users\***\AppData\Local\Macromedia
2013-05-06 19:50 . 2013-05-06 19:50	--------	d-----w-	c:\users\***\AppData\Local\Mozilla
2013-05-06 19:18 . 2013-05-06 19:18	--------	d-----w-	c:\users\***\AppData\Roaming\DivX
2013-05-06 19:03 . 2013-05-30 10:39	--------	d-----w-	c:\users\***\AppData\Local\Adobe
2013-05-06 18:13 . 2013-05-31 11:04	--------	d-----w-	c:\users\***\AppData\Local\PMB Files
2013-05-06 18:13 . 2013-05-30 20:44	--------	d-----w-	c:\programdata\PMB Files
2013-05-06 18:12 . 2013-05-06 18:12	--------	d-----w-	c:\program files\Pando Networks
2013-05-06 18:12 . 2013-05-06 18:12	--------	d-----w-	c:\users\***\.swt
2013-05-06 16:57 . 2013-05-06 16:57	--------	d-----w-	c:\users\***\AppData\Roaming\LolClient
2013-05-05 20:16 . 2013-05-05 20:16	--------	d-----w-	c:\users\***\AppData\Local\Chromium
2013-05-05 19:57 . 2013-05-05 20:00	--------	d-----w-	c:\users\***\AppData\Roaming\Curse Advertising
2013-05-05 19:50 . 2013-05-31 08:40	--------	d-----w-	c:\users\***\AppData\Local\Deployment
2013-05-05 19:50 . 2013-05-05 19:50	--------	d-----w-	c:\users\***\AppData\Roaming\ATI
2013-05-05 19:50 . 2013-05-05 19:50	--------	d-----w-	c:\users\***\AppData\Local\ATI
2013-05-05 19:50 . 2013-05-28 14:01	--------	d-----w-	c:\users\***\AppData\Roaming\Apple Computer
2013-05-05 18:24 . 2013-05-05 19:48	--------	d-----w-	c:\users\***.***-PC
2013-05-05 16:13 . 2013-05-05 16:13	--------	d-----w-	c:\users\***Admin\AppData\Roaming\DAEMON Tools Pro
2013-05-05 16:12 . 2013-05-05 16:12	--------	d-----w-	c:\users\***Admin\AppData\Roaming\Apple Computer
2013-05-05 16:12 . 2013-05-05 16:12	--------	d-----w-	c:\users\***Admin\AppData\Local\Apps
2013-05-04 21:28 . 2013-05-04 21:28	--------	d-----w-	c:\program files\Common Files\Solveig Multimedia
2013-05-04 21:18 . 2013-05-04 21:28	--------	d-----w-	c:\users\***\AppData\Roaming\Solveig Multimedia
2013-05-04 21:17 . 2013-05-04 21:28	--------	d-----w-	c:\program files\Solveig Multimedia
2013-05-03 19:07 . 2013-05-03 19:07	--------	d-----w-	c:\users\***\AppData\Roaming\TERA
2013-05-03 16:59 . 2013-05-03 16:59	--------	d-----w-	c:\program files\Rockstar Games
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-27 15:47 . 2012-04-01 05:46	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-05-27 15:47 . 2011-05-14 08:14	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-11 09:51 . 2009-08-18 09:24	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:28 . 2009-10-03 10:02	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59	69632	----a-w-	c:\windows\system32\QuickTime.qts
2013-04-24 10:41 . 2011-05-20 12:28	706640	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-04 12:50 . 2012-05-01 11:19	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-04-04 03:35 . 2013-04-22 18:52	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-03-23 01:09 . 2013-03-23 01:09	354656	----a-w-	c:\windows\system32\DivXControlPanelApplet.cpl
2013-03-18 19:32 . 2012-07-15 07:54	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-03-18 19:32 . 2010-04-20 18:40	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-03-11 13:25 . 2013-04-10 21:38	3603816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25 . 2013-04-10 21:38	3551080	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-09 03:45 . 2013-04-10 21:38	49152	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-09 01:28 . 2013-04-10 21:38	64000	----a-w-	c:\windows\system32\smss.exe
2013-03-08 03:53 . 2013-04-10 21:38	376320	----a-w-	c:\windows\system32\winsrv.dll
2013-03-08 03:52 . 2013-04-10 21:38	2067968	----a-w-	c:\windows\system32\mstscax.dll
2013-03-03 19:07 . 2013-04-10 21:38	1082232	----a-w-	c:\windows\system32\drivers\ntfs.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58	121968	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 22:38	121392	----a-w-	c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-13 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-03-01 18643560]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2013-05-06 4284976]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-09 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-06-06 203296]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-09 10082920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-25 343168]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
"Lycosa"="c:\program files\Razer\Razer Lycosa\razerhid.exe" [2011-03-21 233984]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2012-01-14 248832]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-02-27 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-27 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-27 88608]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2006-11-27 1587224]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-8-27 0]
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-21 535336]
maxdome Download Manager.lnk - c:\program files\maxdome\DCBin\DCTrayApp.exe [2009-5-1 88808]
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\WG311v3.exe [2005-8-31 1691648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ASETRES.EXE]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ASETRES.EXE
backup=c:\windows\pss\ASETRES.EXE.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06	958576	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 19:43	59720	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-03-25 02:50	2516296	----a-w-	c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2010-04-02 09:18	1185112	----a-w-	c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-02-13 02:37	1263952	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-05-15 12:59	152392	----a-w-	d:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 11:36	2793304	----a-w-	c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2013-05-06 18:12	4284976	----a-w-	c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 01:59	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32	253816	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2013-05-14 10:04	802136	----a-w-	c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 19:48	57344	----a-w-	c:\acer\WR_PopUp\WarReg_PopUp.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe"
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-27 16:03	1165776	----a-w-	c:\program files\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 15:47]
.
2013-05-31 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-03-18 13:08]
.
2013-05-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-13 11:36]
.
2013-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-13 15:18]
.
2013-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-13 15:18]
.
2013-05-28 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-03-18 13:07]
.
2013-05-01 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-03-18 13:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.bing.com
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cbfc8dcb-a1de-46d3-bd02-713284245b57&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/05/2013&type=hp1000
IE: Free YouTube Download - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 82.212.62.62 78.42.43.62
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ku7niwue.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cbfc8dcb-a1de-46d3-bd02-713284245b57&searchtype=hp&fr=linkury-tb&installDate=08/05/2013&type=hp1000
FF - ExtSQL: 2013-04-17 15:50; hdvc@hdvc.com; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ku7niwue.default\extensions\hdvc@hdvc.com.xpi
FF - ExtSQL: 2013-05-30 12:23; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - user.js: extentions.y2layers.installId - b9d666f9-cae7-4b72-9737-a418fa22ffdf
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 2cec11f300000000000000184d70f293
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15816
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.1614:43
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{542E4D79-1970-4E95-9862-FDB96F61B280} - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-Corel File Shell Monitor - d:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
MSConfigStartUp-Corel Photo Downloader - c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
MSConfigStartUp-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTAgent.exe
MSConfigStartUp-HTC Sync Loader - c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MSConfigStartUp-ICQ - c:\program files\ICQ7.4\ICQ.exe
MSConfigStartUp-mumservice - c:\program files\Motorola\Software Update\mumservice.exe
MSConfigStartUp-PlusService - c:\program files\Yuna Software\Messenger Plus!\PlusService.exe
MSConfigStartUp-RGSC - d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-05-31 13:07
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Prosieben]
"ImagePath"="\"c:\program files\maxdome\DCBin\DCService.exe\" /accountid:Prosieben"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-113361981-1870090669-3917253512-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2C6FAC9C-62BF-9B53-3057-B2D55CEDEB82}*]
"hacjjmahmjoedbgi"=hex:6a,61,61,68,65,61,6a,65,61,6e,6a,64,6f,67,66,62,68,63,
   66,6e,00,00
"iaanholfdecfpgkbkf"=hex:63,61,6c,67,68,61,00,7f
"iamjpnokkjnkccjlgm"=hex:6a,61,61,68,65,61,6a,65,61,6e,6a,64,6f,67,66,62,68,63,
   66,6e,00,00
"dbhgldopkiloffefaimeeaklepgfbkjcgkondhok"=hex:68,61,68,68,67,70,6a,62,65,68,
   6f,69,69,64,6a,68,00,00
"jbhgldopkiloffefaimefpingiihegoighjnachphpbpjkkkojme"=hex:68,61,68,68,67,70,
   6a,62,65,68,6f,69,69,64,6a,68,00,00
"dbhgldopkiloffefaimehpnnakiogkcijlmedhnn"=hex:62,61,63,64,00,00
.
[HKEY_USERS\S-1-5-21-113361981-1870090669-3917253512-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:40,74,fe,b5,2b,cf,4f,42,0a,1e,0c,ef,b1,c0,19,90,a8,1e,77,19,57,18,76,
   0c,d2,66,f3,62,e3,29,c1,27,1c,6a,71,9c,e5,01,8b,2d,2e,36,ef,ab,56,e2,29,81,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-113361981-1870090669-3917253512-1000\Software\SecuROM\License information*]
"datasecu"=hex:21,48,92,51,8e,12,2a,c3,93,c6,a0,99,33,d9,19,a3,cb,d7,6c,50,99,
   19,6b,62,6c,38,15,c3,81,de,a7,5c,d9,f9,a0,ba,33,4d,9f,19,4d,f7,d3,b5,66,6f,\
"rkeysecu"=hex:30,4a,4e,b9,c4,ae,fe,5a,11,7b,bd,e6,50,51,bf,93
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(8036)
c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atiesrxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\atieclxx.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\ShrewSoft\VPN Client\dtpd.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\ShrewSoft\VPN Client\iked.exe
c:\program files\ShrewSoft\VPN Client\ipsecd.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\maxdome\DCBin\DCService.exe
c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-31  13:12:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-05-31 11:12
ComboFix2.txt  2010-08-26 12:47
.
Vor Suchlauf: 21 Verzeichnis(se), 81.253.416.960 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 81.001.074.688 Bytes frei
.
- - End Of File - - E14E9881FE0BDD5BFB161E73736C6DF7

aharonov · 31.05.2013, 12:23

Ok, weiter:

Schritt 1

Drücke die

+ R Taste und schreibe "notepad" in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument:

Code:

ATTFilter

DeleteJunctionsInDirectory: C:\Program Files\Windows Defender
DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client

Speichere dieses dann bitte unter dem Dateinamen Fixlist.txt ebenfalls auf deinen Desktop neben FRST.

Starte nun FRST.exe und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt. Poste mir deren Inhalt.
Starte danach den Rechner neu auf.

Schritt 2

Downloade dir bitte

Farbar Service Scanner

Starte das Tool mit Doppelklick auf die FSS.exe
Gehe sicher, dass folgende Optionen angehakt sind.
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Other Services
Klicke auf Scan.
Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

Bitte poste in deiner nächsten Antwort:

Fixlog von FRST
Log von FSS

Meradock · 31.05.2013, 13:18

So hier sind die Logs:
Fixlog:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-05-2013
Ran by *** at 2013-05-31 13:46:18 Run:1
Running from C:\Users\***\Desktop
Boot Mode: Normal

==============================================

"C:\Program Files\Windows Defender" => Deleting junctions and unlocking files completed successfully.
"C:\Program Files\Microsoft Security Client\Backup" => Failed to delete reparsepoint. Reboot and run the fix again.
"C:\Program Files\Microsoft Security Client\de-de" => Failed to delete reparsepoint. Reboot and run the fix again.
"C:\Program Files\Microsoft Security Client" => Deleting junctions and unlocking files completed successfully.

==== End of Fixlog ====

FSS:

Code:

ATTFilter

Farbar Service Scanner Version: 25-05-2013
Ran by *** (administrator) on 31-05-2013 at 14:14:49
Running from "G:\"
Windows Vista (TM) Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. 
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. 
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-02-14 02:00] - [2013-01-04 13:28] - 0914792 ____A (Microsoft Corporation) 3535CD93F944C00F098E73E12EE7FEB6

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

aharonov · 31.05.2013, 13:27

Da muss ein Schritt nochmals ausgeführt werden.
Starte bitte den Rechner neu auf mach nochmals das:
(Hast du den Rechner bewusst vom Internet getrennt gehabt während des FSS-Scans?)

Drücke die

+ R Taste und schreibe "notepad" in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument:

Code:

ATTFilter

DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client

Speichere dieses dann bitte unter dem Dateinamen Fixlist.txt ebenfalls auf deinen Desktop neben FRST.

Starte nun FRST.exe und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt. Poste mir deren Inhalt.
Starte danach den Rechner neu auf.

Meradock · 31.05.2013, 14:26

Ich bezieh mein Interner durch Lan und da ich an meinem PC nicht downloaden konnte hab ich das an meinem Laptop gemacht und die Daten dann per Externe Festplatte ,,rübergeschifft''

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-05-2013
Ran by *** at 2013-05-31 14:47:49 Run:2
Running from C:\Users\***\Desktop
Boot Mode: Normal

==============================================

"C:\Program Files\Microsoft Security Client\Backup" => Failed to delete reparsepoint. Reboot and run the fix again.
"C:\Program Files\Microsoft Security Client\de-de" => Failed to delete reparsepoint. Reboot and run the fix again.
"C:\Program Files\Microsoft Security Client" => Deleting junctions and unlocking files completed successfully.

==== End of Fixlog ====

Das gleich wie vorhin. Lass mich raten rebooten und nochmal fixen?^^

aharonov · 31.05.2013, 14:50

Hi,

erneuts Wiederholen wird wohl auch nichts ändern.
Mach stattdessen mal das Folgende:

Schritt 1

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

%SystemDrive%\*. /RP /s

Schliesse bitte alle anderen Programme.
Klicke nun auf None (deutsch "Nichts") und danach auf den Scan Button.
Kopiere danach den Inhalt der OTL.txt hier in deinen Thread.

Bitte poste in deiner nächsten Antwort:

Log von OTL

Meradock · 31.05.2013, 15:01

Code:

ATTFilter

OTL logfile created on: 31.05.2013 15:57:51 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = G:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 67,11% Memory free
6,22 Gb Paging File | 4,51 Gb Available in Paging File | 72,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 293,33 Gb Total Space | 81,36 Gb Free Space | 27,74% Space Free | Partition Type: NTFS
Drive D: | 293,08 Gb Total Space | 76,83 Gb Free Space | 26,21% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 898,60 Gb Free Space | 96,47% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Custom Scans ==========
 
< %SystemDrive%\*. /RP /s >
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Documents and Settings] -> C:\Users -> Junction
[C:\Dokumente und Einstellungen] -> C:\Users -> Junction
[C:\Program Files\Gemeinsame Dateien] -> C:\Program Files\Common Files -> Junction
[C:\Program Files\Microsoft Security Client\Backup\systemprofile\Startmenü] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Program Files\Microsoft Security Client\Backup] ->  -> Unknown point type
[C:\Program Files\Microsoft Security Client\de-de\systemprofile\Startmenü] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Program Files\Microsoft Security Client\de-de] ->  -> Unknown point type
[C:\Program Files\Windows NT\Zubehör] -> C:\Program Files\Windows NT\Accessories -> Junction
[C:\ProgramData\Anwendungsdaten] -> C:\ProgramData -> Junction
[C:\ProgramData\Application Data] -> C:\ProgramData -> Junction
[C:\ProgramData\Desktop] -> C:\Users\Public\Desktop -> Junction
[C:\ProgramData\Documents] -> C:\Users\Public\Documents -> Junction
[C:\ProgramData\Dokumente] -> C:\Users\Public\Documents -> Junction
[C:\ProgramData\Favoriten] -> C:\Users\Public\Favorites -> Junction
[C:\ProgramData\Favorites] -> C:\Users\Public\Favorites -> Junction
[C:\ProgramData\Microsoft\Windows\Start Menu\Programme] -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs -> Junction
[C:\ProgramData\Start Menu] -> C:\ProgramData\Microsoft\Windows\Start Menu -> Junction
[C:\ProgramData\Startmenü] -> C:\ProgramData\Microsoft\Windows\Start Menu -> Junction
[C:\ProgramData\Templates] -> C:\ProgramData\Microsoft\Windows\Templates -> Junction
[C:\ProgramData\Vorlagen] -> C:\ProgramData\Microsoft\Windows\Templates -> Junction
[C:\Programme] -> C:\Program Files -> Junction
[C:\Users\All Users\Anwendungsdaten] -> C:\ProgramData -> Junction
[C:\Users\All Users\Application Data] -> C:\ProgramData -> Junction
[C:\Users\All Users\Desktop] -> C:\Users\Public\Desktop -> Junction
[C:\Users\All Users\Documents] -> C:\Users\Public\Documents -> Junction
[C:\Users\All Users\Dokumente] -> C:\Users\Public\Documents -> Junction
[C:\Users\All Users\Favoriten] -> C:\Users\Public\Favorites -> Junction
[C:\Users\All Users\Favorites] -> C:\Users\Public\Favorites -> Junction
[C:\Users\All Users\Microsoft\Windows\Start Menu\Programme] -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs -> Junction
[C:\Users\All Users\Start Menu] -> C:\ProgramData\Microsoft\Windows\Start Menu -> Junction
[C:\Users\All Users\Startmenü] -> C:\ProgramData\Microsoft\Windows\Start Menu -> Junction
[C:\Users\All Users\Templates] -> C:\ProgramData\Microsoft\Windows\Templates -> Junction
[C:\Users\All Users\Vorlagen] -> C:\ProgramData\Microsoft\Windows\Templates -> Junction
[C:\Users\All Users] ->  -> Unknown point type
[C:\Users\Default User] -> C:\Users\Default -> Junction
[C:\Users\Default\Anwendungsdaten] -> C:\Users\Default\AppData\Roaming -> Junction
[C:\Users\Default\AppData\Local\Anwendungsdaten] -> C:\Users\Default\AppData\Local -> Junction
[C:\Users\Default\AppData\Local\Application Data] -> C:\Users\Default\AppData\Local -> Junction
[C:\Users\Default\AppData\Local\History] -> C:\Users\Default\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Users\Default\AppData\Local\Temporary Internet Files] -> C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Users\Default\AppData\Local\Verlauf] -> C:\Users\Default\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs -> Junction
[C:\Users\Default\Application Data] -> C:\Users\Default\AppData\Roaming -> Junction
[C:\Users\Default\Documents\Eigene Bilder] -> C:\Users\Default\Pictures -> Junction
[C:\Users\Default\Documents\Eigene Musik] -> C:\Users\Default\Music -> Junction
[C:\Users\Default\Documents\Eigene Videos] -> C:\Users\Default\Videos -> Junction
[C:\Users\Default\Documents\My Music] -> C:\Users\Default\Music -> Junction
[C:\Users\Default\Documents\My Pictures] -> C:\Users\Default\Pictures -> Junction
[C:\Users\Default\Documents\My Videos] -> C:\Users\Default\Videos -> Junction
[C:\Users\Default\Druckumgebung] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Users\Default\Eigene Dateien] -> C:\Users\Default\Documents -> Junction
[C:\Users\Default\Local Settings] -> C:\Users\Default\AppData\Local -> Junction
[C:\Users\Default\Lokale Einstellungen] -> C:\Users\Default\AppData\Local -> Junction
[C:\Users\Default\My Documents] -> C:\Users\Default\Documents -> Junction
[C:\Users\Default\NetHood] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Users\Default\Netzwerkumgebung] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Users\Default\PrintHood] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Users\Default\Recent] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Users\Default\SendTo] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Users\Default\Start Menu] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Users\Default\Startmenü] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Users\Default\Templates] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Users\Default\Vorlagen] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Users\***\Anwendungsdaten] -> C:\Users\***\AppData\Roaming -> Junction
[C:\Users\***\AppData\Local\Anwendungsdaten] -> C:\Users\***\AppData\Local -> Junction
[C:\Users\***\AppData\Local\Temporary Internet Files] -> C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Users\***\AppData\Local\Verlauf] -> C:\Users\***\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programme] -> C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs -> Junction
[C:\Users\***\Application Data\Documents\Eigene Bilder] -> C:\Users\***\Pictures -> Junction
[C:\Users\***\Application Data\Documents\Eigene Musik] -> C:\Users\***\Music -> Junction
[C:\Users\***\Application Data\Documents\Eigene Videos] -> C:\Users\***\Videos -> Junction
[C:\Users\***\Cookies] -> C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Users\***\Druckumgebung] -> C:\Users\***\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Users\***\Eigene Dateien] -> C:\Users\***\Documents -> Junction
[C:\Users\***\Lokale Einstellungen] -> C:\Users\***\AppData\Local -> Junction
[C:\Users\***\Netzwerkumgebung] -> C:\Users\***\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Users\***\Recent] -> C:\Users\***\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Users\***\SendTo] -> C:\Users\***\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Users\***\Startmenü] -> C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Users\***\Vorlagen] -> C:\Users\***\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Users\***Admin\Anwendungsdaten] -> C:\Users\***Admin\AppData\Roaming -> Junction
[C:\Users\***Admin\AppData\Local\Anwendungsdaten] -> C:\Users\***Admin\AppData\Local -> Junction
[C:\Users\***Admin\AppData\Local\Temporary Internet Files] -> C:\Users\***Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Users\***Admin\AppData\Local\Verlauf] -> C:\Users\***Admin\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Users\***Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programme] -> C:\Users\***Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs -> Junction
[C:\Users\***Admin\Cookies] -> C:\Users\***Admin\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Users\***Admin\Documents\Eigene Bilder] -> C:\Users\***Admin\Pictures -> Junction
[C:\Users\***Admin\Documents\Eigene Musik] -> C:\Users\***Admin\Music -> Junction
[C:\Users\***Admin\Documents\Eigene Videos] -> C:\Users\***Admin\Videos -> Junction
[C:\Users\***Admin\Druckumgebung] -> C:\Users\***Admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Users\***Admin\Eigene Dateien] -> C:\Users\***Admin\Documents -> Junction
[C:\Users\***Admin\Lokale Einstellungen] -> C:\Users\***Admin\AppData\Local -> Junction
[C:\Users\***Admin\Netzwerkumgebung] -> C:\Users\***Admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Users\***Admin\Recent] -> C:\Users\***Admin\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Users\***Admin\SendTo] -> C:\Users\***Admin\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Users\***Admin\Startmenü] -> C:\Users\***Admin\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Users\***Admin\Vorlagen] -> C:\Users\***Admin\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Users\Public\Documents\Eigene Bilder] -> C:\Users\Public\Pictures -> Junction
[C:\Users\Public\Documents\Eigene Musik] -> C:\Users\Public\Music -> Junction
[C:\Users\Public\Documents\Eigene Videos] -> C:\Users\Public\Videos -> Junction
[C:\Users\Public\Documents\My Music] -> C:\Users\Public\Music -> Junction
[C:\Users\Public\Documents\My Pictures] -> C:\Users\Public\Pictures -> Junction
[C:\Users\Public\Documents\My Videos] -> C:\Users\Public\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Startmenü] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction

< End of report >

aharonov · 31.05.2013, 15:11

Hi,

versuchen wir das anders:

Schritt 1

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\Backup" /c
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\de-de" /c
%SystemDrive%\*. /RP /s

Schliesse bitte alle anderen Programme.
Klicke nun auf None (deutsch "Nichts") und danach auf den Scan Button.
Kopiere danach den Inhalt der OTL.txt hier in deinen Thread.

Bitte poste in deiner nächsten Antwort:

Log von OTL

Meradock · 31.05.2013, 16:11

Code:

ATTFilter

OTL logfile created on: 31.05.2013 17:07:32 - Run 7
OTL by OldTimer - Version 3.2.69.0     Folder = G:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,59% Memory free
6,22 Gb Paging File | 3,73 Gb Available in Paging File | 59,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 293,33 Gb Total Space | 81,27 Gb Free Space | 27,71% Space Free | Partition Type: NTFS
Drive D: | 293,08 Gb Total Space | 76,83 Gb Free Space | 26,21% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 898,60 Gb Free Space | 96,47% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Custom Scans ==========
 
< fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\Backup" /c >
Fehler:  Zugriff verweigert
 
< fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\de-de" /c >
Fehler:  Zugriff verweigert
 
< %SystemDrive%\*. /RP /s >
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Documents and Settings] -> C:\Users -> Junction
[C:\Dokumente und Einstellungen] -> C:\Users -> Junction
[C:\Program Files\Gemeinsame Dateien] -> C:\Program Files\Common Files -> Junction
[C:\Program Files\Microsoft Security Client\Backup\systemprofile\Startmenü] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Program Files\Microsoft Security Client\Backup] ->  -> Unknown point type
[C:\Program Files\Microsoft Security Client\de-de\systemprofile\Startmenü] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Program Files\Microsoft Security Client\de-de] ->  -> Unknown point type
[C:\Program Files\Windows NT\Zubehör] -> C:\Program Files\Windows NT\Accessories -> Junction
[C:\ProgramData\Anwendungsdaten] -> C:\ProgramData -> Junction
[C:\ProgramData\Application Data] -> C:\ProgramData -> Junction
[C:\ProgramData\Desktop] -> C:\Users\Public\Desktop -> Junction
[C:\ProgramData\Documents] -> C:\Users\Public\Documents -> Junction
[C:\ProgramData\Dokumente] -> C:\Users\Public\Documents -> Junction
[C:\ProgramData\Favoriten] -> C:\Users\Public\Favorites -> Junction
[C:\ProgramData\Favorites] -> C:\Users\Public\Favorites -> Junction
[C:\ProgramData\Microsoft\Windows\Start Menu\Programme] -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs -> Junction
[C:\ProgramData\Start Menu] -> C:\ProgramData\Microsoft\Windows\Start Menu -> Junction
[C:\ProgramData\Startmenü] -> C:\ProgramData\Microsoft\Windows\Start Menu -> Junction
[C:\ProgramData\Templates] -> C:\ProgramData\Microsoft\Windows\Templates -> Junction
[C:\ProgramData\Vorlagen] -> C:\ProgramData\Microsoft\Windows\Templates -> Junction
[C:\Programme] -> C:\Program Files -> Junction
[C:\Users\All Users\Anwendungsdaten] -> C:\ProgramData -> Junction
[C:\Users\All Users\Application Data] -> C:\ProgramData -> Junction
[C:\Users\All Users\Desktop] -> C:\Users\Public\Desktop -> Junction
[C:\Users\All Users\Documents] -> C:\Users\Public\Documents -> Junction
[C:\Users\All Users\Dokumente] -> C:\Users\Public\Documents -> Junction
[C:\Users\All Users\Favoriten] -> C:\Users\Public\Favorites -> Junction
[C:\Users\All Users\Favorites] -> C:\Users\Public\Favorites -> Junction
[C:\Users\All Users\Microsoft\Windows\Start Menu\Programme] -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs -> Junction
[C:\Users\All Users\Start Menu] -> C:\ProgramData\Microsoft\Windows\Start Menu -> Junction
[C:\Users\All Users\Startmenü] -> C:\ProgramData\Microsoft\Windows\Start Menu -> Junction
[C:\Users\All Users\Templates] -> C:\ProgramData\Microsoft\Windows\Templates -> Junction
[C:\Users\All Users\Vorlagen] -> C:\ProgramData\Microsoft\Windows\Templates -> Junction
[C:\Users\All Users] ->  -> Unknown point type
[C:\Users\Default User] -> C:\Users\Default -> Junction
[C:\Users\Default\Anwendungsdaten] -> C:\Users\Default\AppData\Roaming -> Junction
[C:\Users\Default\AppData\Local\Anwendungsdaten] -> C:\Users\Default\AppData\Local -> Junction
[C:\Users\Default\AppData\Local\Application Data] -> C:\Users\Default\AppData\Local -> Junction
[C:\Users\Default\AppData\Local\History] -> C:\Users\Default\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Users\Default\AppData\Local\Temporary Internet Files] -> C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Users\Default\AppData\Local\Verlauf] -> C:\Users\Default\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs -> Junction
[C:\Users\Default\Application Data] -> C:\Users\Default\AppData\Roaming -> Junction
[C:\Users\Default\Documents\Eigene Bilder] -> C:\Users\Default\Pictures -> Junction
[C:\Users\Default\Documents\Eigene Musik] -> C:\Users\Default\Music -> Junction
[C:\Users\Default\Documents\Eigene Videos] -> C:\Users\Default\Videos -> Junction
[C:\Users\Default\Documents\My Music] -> C:\Users\Default\Music -> Junction
[C:\Users\Default\Documents\My Pictures] -> C:\Users\Default\Pictures -> Junction
[C:\Users\Default\Documents\My Videos] -> C:\Users\Default\Videos -> Junction
[C:\Users\Default\Druckumgebung] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Users\Default\Eigene Dateien] -> C:\Users\Default\Documents -> Junction
[C:\Users\Default\Local Settings] -> C:\Users\Default\AppData\Local -> Junction
[C:\Users\Default\Lokale Einstellungen] -> C:\Users\Default\AppData\Local -> Junction
[C:\Users\Default\My Documents] -> C:\Users\Default\Documents -> Junction
[C:\Users\Default\NetHood] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Users\Default\Netzwerkumgebung] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Users\Default\PrintHood] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Users\Default\Recent] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Users\Default\SendTo] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Users\Default\Start Menu] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Users\Default\Startmenü] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Users\Default\Templates] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Users\Default\Vorlagen] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Users\***\Anwendungsdaten] -> C:\Users\***\AppData\Roaming -> Junction
[C:\Users\***\AppData\Local\Anwendungsdaten] -> C:\Users\***\AppData\Local -> Junction
[C:\Users\***\AppData\Local\Temporary Internet Files] -> C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Users\***\AppData\Local\Verlauf] -> C:\Users\***\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programme] -> C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs -> Junction
[C:\Users\***\Application Data\Documents\Eigene Bilder] -> C:\Users\***\Pictures -> Junction
[C:\Users\***\Application Data\Documents\Eigene Musik] -> C:\Users\***\Music -> Junction
[C:\Users\***\Application Data\Documents\Eigene Videos] -> C:\Users\***\Videos -> Junction
[C:\Users\***\Cookies] -> C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Users\***\Druckumgebung] -> C:\Users\***\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Users\***\Eigene Dateien] -> C:\Users\***\Documents -> Junction
[C:\Users\***\Lokale Einstellungen] -> C:\Users\***\AppData\Local -> Junction
[C:\Users\***\Netzwerkumgebung] -> C:\Users\***\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Users\***\Recent] -> C:\Users\***\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Users\***\SendTo] -> C:\Users\***\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Users\***\Startmenü] -> C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Users\***\Vorlagen] -> C:\Users\***\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Users\***Admin\Anwendungsdaten] -> C:\Users\***Admin\AppData\Roaming -> Junction
[C:\Users\***Admin\AppData\Local\Anwendungsdaten] -> C:\Users\***Admin\AppData\Local -> Junction
[C:\Users\***Admin\AppData\Local\Temporary Internet Files] -> C:\Users\***Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Users\***Admin\AppData\Local\Verlauf] -> C:\Users\***Admin\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Users\***Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programme] -> C:\Users\***Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs -> Junction
[C:\Users\***Admin\Cookies] -> C:\Users\***Admin\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Users\***Admin\Documents\Eigene Bilder] -> C:\Users\***Admin\Pictures -> Junction
[C:\Users\***Admin\Documents\Eigene Musik] -> C:\Users\***Admin\Music -> Junction
[C:\Users\***Admin\Documents\Eigene Videos] -> C:\Users\***Admin\Videos -> Junction
[C:\Users\***Admin\Druckumgebung] -> C:\Users\***Admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Users\***Admin\Eigene Dateien] -> C:\Users\***Admin\Documents -> Junction
[C:\Users\***Admin\Lokale Einstellungen] -> C:\Users\***Admin\AppData\Local -> Junction
[C:\Users\***Admin\Netzwerkumgebung] -> C:\Users\***Admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Users\***Admin\Recent] -> C:\Users\***Admin\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Users\***Admin\SendTo] -> C:\Users\***Admin\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Users\***Admin\Startmenü] -> C:\Users\***Admin\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Users\***Admin\Vorlagen] -> C:\Users\***Admin\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Users\Public\Documents\Eigene Bilder] -> C:\Users\Public\Pictures -> Junction
[C:\Users\Public\Documents\Eigene Musik] -> C:\Users\Public\Music -> Junction
[C:\Users\Public\Documents\Eigene Videos] -> C:\Users\Public\Videos -> Junction
[C:\Users\Public\Documents\My Music] -> C:\Users\Public\Music -> Junction
[C:\Users\Public\Documents\My Pictures] -> C:\Users\Public\Pictures -> Junction
[C:\Users\Public\Documents\My Videos] -> C:\Users\Public\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Startmenü] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction

< End of report >

aharonov · 31.05.2013, 16:27

Wehrt sich hartnäckig..
Versuch das:

Drücke die

+ R Taste und schreibe "notepad" in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument:

Code:

ATTFilter

Unlock: C:\Program Files\Microsoft Security Client\Backup
Unlock: C:\Program Files\Microsoft Security Client\de-de
DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client

Speichere dieses dann bitte unter dem Dateinamen Fixlist.txt ebenfalls auf deinen Desktop neben FRST.

Starte nun FRST.exe und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt. Poste mir deren Inhalt.
Starte danach den Rechner neu auf.

Meradock · 31.05.2013, 17:16

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-05-2013
Ran by *** at 2013-05-31 17:44:05 Run:3
Running from C:\Users\***\Desktop
Boot Mode: Normal

==============================================

permissions for "C:\Program Files\Microsoft Security Client\Backup" were reset successfully 
permissions for "C:\Program Files\Microsoft Security Client\de-de" were reset successfully 
"C:\Program Files\Microsoft Security Client\Backup" => Failed to delete reparsepoint. Reboot and run the fix again.
"C:\Program Files\Microsoft Security Client\de-de" => Failed to delete reparsepoint. Reboot and run the fix again.
"C:\Program Files\Microsoft Security Client" => Deleting junctions and unlocking files completed successfully.

==== End of Fixlog ====