gvu trojaner meets truecrypt platte

schrauber · 02.07.2013, 07:50

genau, sicher erstmal daten, dann können wir weiter spielen

Nighthawk93 · 03.07.2013, 16:52

So wichtig : heute Pc gestartet in aller Verzweiflung und irgendwie, ka wie bin ich jetzt drinne hab alles was mir schlecht vor kam von anfang an im Tk-Manager gekillt. Wie soll ich fortfahren ? Ausmachen tu ich ihn nichmehr

Achja Systemwiederherstelungspunkte hab ich auch wieder weiß aber nicht obs der Versuch wert ist ?

schrauber · 03.07.2013, 18:19

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Scan.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Nighthawk93 · 03.07.2013, 18:34

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-07-2013 02
Ran by Andi (administrator) on 03-07-2013 19:31:47
Running from C:\Users\Andi\Documents
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
() C:\Windows\system32\dmwu.exe
() C:\Program Files\ICQ6Toolbar\ICQ Service.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Locktime Software) C:\Program Files\NetLimiter 3\nlsvc.exe
() C:\Windows\system32\PnkBstrA.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(DeviceVM, Inc.) C:\Program Files\DeviceVM\SmartView\SmartViewService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\Windows\system32\vmnat.exe
(SoftEther Corporation) C:\Program Files\PacketiX VPN Client English\vpnclient.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(VMware, Inc.) C:\Windows\system32\vmnetdhcp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Creative Technology Ltd) C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Creative Technology Ltd) C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Locktime Software) C:\Program Files\NetLimiter 3\NLClientApp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Opera Software) C:\Program Files\Opera\opera.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Windows\system32\rstrui.exe
(Microsoft Corporation) C:\Windows\system32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
(Spotify Ltd) C:\Users\Andi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.171\deploy\LoLLauncher.exe
(Adobe Systems Inc.) C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.30\deploy\LolClient.exe
() C:\Program Files\Pando Networks\Media Booster\PMB.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(DeviceVM, Inc.) C:\Program Files\DeviceVM\SmartView\SmartViewClientService.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [9398888 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [CTSyncService] C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe /StartRunKey [1233195 2009-07-08] (Creative Technology Ltd)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [281768 2011-10-30] (Avira GmbH)
HKLM\...\Run: [VolPanel] "C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r [241789 2009-05-04] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [14848 2009-02-26] (Creative Technology Ltd.)
HKLM\...\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [153672 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [MDS_Menu] "C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1" [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-12-15] (CyberLink)
HKLM\...\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.)
HKLM\...\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe [75048 2010-05-14] (cyberlink)
HKLM\...\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0" [218408 2009-02-17] (CyberLink Corp.)
HKLM\...\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun [557056 2011-11-12] (BitLeader)
HKLM\...\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [SmartviewAgent] "C:\Program Files\DeviceVM\SmartView\SmartViewAgent.exe" [948504 2010-09-02] ()
HKLM\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-05-15] (LogMeIn Inc.)
HKCU\...\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent [1635752 2013-05-04] (Valve Corporation)
HKCU\...\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon [1517520 2012-01-09] (TrueCrypt Foundation)
HKCU\...\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray [1839104 2011-03-21] (Locktime Software)
HKCU\...\Run: [Spotify Web Helper] "C:\Users\Andi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1104384 2013-06-19] (Spotify Ltd)
HKCU\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [18705664 2013-01-08] (Skype Technologies S.A.)
HKCU\...\Run: [Smart PC Cleaner] C:\Program Files\Smart PC Cleaner\SPCLauncher.exe [84280 2013-02-01] (Smart PC Cleaner)
HKCU\...\Run: [Spotify] "C:\Users\Andi\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [4643328 2013-06-19] (Spotify Ltd)
HKCU\...\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe" [393216 2011-10-16] (AMD)
HKCU\...\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin [247968 2011-12-13] (Adobe Systems, Inc.)
HKCU\...\Winlogon: [Shell] explorer.exe <==== ATTENTION 
HKCU\...\Command Processor:  <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: SearchHook Class - {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files\DeviceVM\SmartView\AddressBarSearch.dll (DeviceVM, Inc.)
URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
BHO: SmartView VisualBookmark - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files\DeviceVM\SmartView\SmartView.dll (DeviceVM, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Web Assistant - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO: ICQ Sparberater - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Program Files\icq\Internet Explorer\icq.dll (solute gmbh)
Toolbar: HKLM - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKLM - Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 11 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.)
Winsock: Catalog9 12 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{0DD0FC19-EDA2-4C30-B161-FE5468D0CBEF}: [NameServer]85.214.20.141

FireFox:
========
FF ProfilePath: C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default
FF user.js: detected! => C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\user.js
FF SelectedSearchEngine: ICQ Search
FF Homepage: hxxp://start.icq.com/
FF Keyword.URL: hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @esn.me/esnsonar,version=0.70.4 - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin: @esn/esnlaunch,version=1.102.0 - C:\Program Files\Battlelog Web Plugins\1.102.0\npesnlaunch.dll No File
FF Plugin: @esn/esnlaunch,version=1.110.0 - C:\Program Files\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin: @esn/esnlaunch,version=2.1.2 - C:\Program Files\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: incredibar.com - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\Extensions\ffxtlbr@incredibar.com
FF Extension: No Name - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF Extension: ???????? HTTP ?????????? - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF Extension: ciuvo-extension - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\Extensions\ciuvo-extension@icq.de.xpi
FF Extension: firebug - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: fireforce - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\Extensions\fireforce@scrt.ch.xpi
FF Extension: youtube2mp3 - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\Extensions\youtube2mp3@mondayx.de.xpi
FF Extension: No Name - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox
FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] C:\Program Files\Web Assistant\Firefox
FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox
FF HKCU\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] C:\Users\Andi\AppData\Roaming\5050
FF Extension: Java String Helper - C:\Users\Andi\AppData\Roaming\5050

========================== Services (Whitelisted) =================

R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-03] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [136360 2011-10-30] (Avira GmbH)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [269480 2011-10-30] (Avira GmbH)
S2 CLKMSVC10_E92D8507; C:\Program Files\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [246256 2010-05-14] (CyberLink)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-10-28] (Creative Labs)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1435984 2013-05-15] (LogMeIn Inc.)
R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1156400 2013-04-07] ()
R2 ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [247872 2011-08-17] ()
R2 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1126400 2011-03-21] (Locktime Software)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2012-12-19] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] ()
R2 SmartViewService; C:\Program Files\DeviceVM\SmartView\SmartViewService.exe [125216 2010-09-02] (DeviceVM, Inc.)
R3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2011-10-27] (Creative Labs)
R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [79872 2011-11-13] (VMware, Inc.)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [354416 2011-11-14] (VMware, Inc.)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [665200 2011-08-29] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [433264 2011-11-14] (VMware, Inc.)
R2 vpnclient; C:\Program Files\PacketiX VPN Client English\vpnclient.exe [2478080 2008-05-15] (SoftEther Corporation)
S3 MPAJCNVDE; C:\Users\Andi\AppData\Local\Temp\MPAJCNVDE.exe [x]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]
S3 ZR; C:\Users\Andi\AppData\Local\Temp\ZR.exe [x]

==================== Drivers (Whitelisted) ====================

R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [13832 2010-06-11] (Windows (R) Win 7 DDK provider)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [66616 2011-10-30] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [138192 2011-10-30] (Avira GmbH)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [32384 2011-02-08] (Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [52352 2011-02-08] (Etron Technology Inc)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [29248 2011-10-28] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [14656 2011-10-27] (FNet Co., Ltd.)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [32496 2011-08-29] (VMware, Inc.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
S3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0033.sys [22000 2011-11-12] (SoftEther Corporation)
R3 NLNdisMP; C:\Windows\System32\DRIVERS\nlndis.sys [5230088 2011-03-21] (Locktime Software)
S3 NLNdisPT; C:\Windows\System32\DRIVERS\nlndis.sys [5230088 2011-03-21] (Locktime Software)
R1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [5281672 2011-03-21] (Locktime Software)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH)
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [25584 2011-11-14] (VMware, Inc.)
S3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16624 2011-11-13] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [36464 2011-11-13] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [25712 2011-11-14] (VMware, Inc.)
R2 VMparport; C:\Windows\system32\Drivers\VMparport.sys [23792 2011-11-14] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [55664 2011-11-14] (VMware, Inc.)
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
R3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
S3 catchme; \??\C:\Users\Andi\AppData\Local\Temp\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-03 19:31 - 2013-07-03 19:31 - 00000000 ____D C:\FRST
2013-07-03 19:27 - 2013-07-03 19:27 - 01372941 ____A (Farbar) C:\Users\Andi\Documents\FRST.exe
2013-06-25 18:22 - 2013-06-25 18:22 - 00000008 ____A C:\Users\Andi\Documents\wsi tan.txt
2013-06-19 12:45 - 2013-06-19 12:45 - 00001128 ____A C:\Users\Andi\Desktop\Continue Zip Opener Installation.lnk
2013-06-19 12:44 - 2013-06-19 12:44 - 00793536 ____A C:\Users\Andi\Documents\ZipOpenerSetup.exe
2013-06-18 23:59 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-18 23:59 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-18 23:59 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-18 23:59 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-18 23:59 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-18 23:59 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-18 23:58 - 2013-05-17 03:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-18 23:58 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-18 23:58 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-18 23:58 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-18 23:58 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-18 23:58 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-18 23:58 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-18 23:57 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-18 23:57 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-18 23:57 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-18 22:19 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-18 22:19 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-18 22:19 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-18 22:19 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-18 22:19 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-18 22:19 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-18 22:19 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-18 22:19 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-18 22:19 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-18 22:18 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-18 22:18 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-18 22:17 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-18 11:38 - 2013-06-18 22:01 - 95023320 ___AT C:\ProgramData\jlotir.pad
2013-06-18 11:38 - 2013-06-18 22:01 - 00000000 ____A C:\ProgramData\kjhy64.txt
2013-06-18 11:37 - 2013-06-18 11:37 - 00140288 ____A (Microsoft Corporation) C:\ProgramData\ritolj.dat

==================== One Month Modified Files and Folders ========

2013-07-03 19:32 - 2012-02-16 17:23 - 00000000 ____D C:\Users\Andi\AppData\Local\PMB Files
2013-07-03 19:31 - 2013-07-03 19:31 - 00000000 ____D C:\FRST
2013-07-03 19:27 - 2013-07-03 19:27 - 01372941 ____A (Farbar) C:\Users\Andi\Documents\FRST.exe
2013-07-03 18:43 - 2011-10-28 16:54 - 00000000 ____D C:\Users\Andi\AppData\Roaming\TS3Client
2013-07-03 18:28 - 2011-11-23 20:05 - 00000000 ____D C:\Program Files\Steam
2013-07-03 17:58 - 2009-07-14 06:34 - 00014976 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-03 17:58 - 2009-07-14 06:34 - 00014976 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-03 17:56 - 2012-05-03 16:27 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Spotify
2013-07-03 17:56 - 2012-01-28 13:28 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Skype
2013-07-03 17:51 - 2011-10-27 21:06 - 01229652 ____A C:\Windows\WindowsUpdate.log
2013-07-03 17:47 - 2012-02-28 23:05 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-07-03 17:46 - 2013-03-01 14:14 - 00001380 ____A C:\Users\Andi\Desktop\Games.lnk
2013-07-03 17:46 - 2012-05-03 16:31 - 00000000 ____D C:\Users\Andi\AppData\Local\Spotify
2013-07-03 17:46 - 2011-11-12 14:06 - 00000000 ____D C:\Program Files\PacketiX VPN Client English
2013-07-03 17:45 - 2012-01-02 01:03 - 00065536 _____ C:\Windows\System32\Ikeext.etl
2013-07-03 17:45 - 2011-12-17 16:46 - 00000000 ____D C:\ProgramData\VMware
2013-07-03 17:45 - 2011-10-31 12:36 - 00000000 ____D C:\Users\Andi\AppData\Local\LogMeIn Hamachi
2013-07-03 17:45 - 2011-10-27 21:09 - 00000000 ____D C:\users\Andi
2013-07-03 17:45 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-03 17:45 - 2009-07-14 06:39 - 00153321 ____A C:\Windows\setupact.log
2013-06-28 12:02 - 2012-02-16 17:23 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-26 16:36 - 2012-08-20 17:58 - 00000000 ____D C:\Program Files\SpeedFan
2013-06-25 18:22 - 2013-06-25 18:22 - 00000008 ____A C:\Users\Andi\Documents\wsi tan.txt
2013-06-24 11:29 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-19 12:45 - 2013-06-19 12:45 - 00001128 ____A C:\Users\Andi\Desktop\Continue Zip Opener Installation.lnk
2013-06-19 12:44 - 2013-06-19 12:44 - 00793536 ____A C:\Users\Andi\Documents\ZipOpenerSetup.exe
2013-06-19 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-18 22:07 - 2011-11-01 17:25 - 00000000 ____D C:\Users\Andi\AppData\Roaming\vlc
2013-06-18 22:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\wfp
2013-06-18 22:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-06-18 22:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-06-18 22:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat
2013-06-18 22:07 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-06-18 22:01 - 2013-06-18 11:38 - 95023320 ___AT C:\ProgramData\jlotir.pad
2013-06-18 22:01 - 2013-06-18 11:38 - 00000000 ____A C:\ProgramData\kjhy64.txt
2013-06-18 11:37 - 2013-06-18 11:37 - 00140288 ____A (Microsoft Corporation) C:\ProgramData\ritolj.dat
2013-06-15 20:45 - 2011-10-28 20:16 - 00000000 ____D C:\Users\Andi\AppData\Local\CrashDumps
2013-06-12 23:48 - 2011-10-28 00:09 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Origin
2013-06-12 23:48 - 2011-10-28 00:08 - 00000000 ____D C:\ProgramData\Origin
2013-06-12 23:46 - 2011-10-28 00:09 - 00000000 ____D C:\Users\Andi\AppData\Local\Origin
2013-06-12 23:46 - 2011-10-28 00:08 - 00000000 ____D C:\Program Files\Origin
2013-06-08 13:42 - 2013-06-18 23:59 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 13:40 - 2013-06-18 23:59 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 13:40 - 2013-06-18 23:59 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 13:40 - 2013-06-18 23:59 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 13:40 - 2013-06-18 23:59 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:13 - 2013-06-18 23:59 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

Files to move or delete:
====================
C:\ProgramData\rundll32.exe
C:\Users\Andi\AppData\Roaming\skype.dat
C:\ProgramData\edfo.pad
C:\ProgramData\hgwDXZs.pad
C:\ProgramData\iwgbh.pad
C:\ProgramData\jlotir.pad
C:\ProgramData\ofde.dat
C:\ProgramData\ritolj.dat

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-24 11:20

==================== End Of Log ============================

--- --- ---

schrauber · 03.07.2013, 18:40

Fix mit FRST
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKCU\...\Winlogon: [Shell] explorer.exe <==== ATTENTION 
HKCU\...\Command Processor:  <======= ATTENTION
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]
S3 ZR; C:\Users\Andi\AppData\Local\Temp\ZR.exe [x]
C:\ProgramData\rundll32.exe
C:\Users\Andi\AppData\Roaming\skype.dat
C:\ProgramData\edfo.pad
C:\ProgramData\hgwDXZs.pad
C:\ProgramData\iwgbh.pad
C:\ProgramData\jlotir.pad
C:\ProgramData\ofde.dat
C:\ProgramData\ritolj.dat

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Nighthawk93 · 03.07.2013, 19:11

Code:

ATTFilter

Boot Mode: Normal

==============================================

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon => Key deleted successfully.
HKCU\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
rpcapd => Service deleted successfully.
ZR => Service deleted successfully.
C:\ProgramData\rundll32.exe => Moved successfully.
C:\Users\Andi\AppData\Roaming\skype.dat => Moved successfully.
C:\ProgramData\edfo.pad => Moved successfully.
C:\ProgramData\hgwDXZs.pad => Moved successfully.
C:\ProgramData\iwgbh.pad => Moved successfully.
C:\ProgramData\jlotir.pad => Moved successfully.
C:\ProgramData\ofde.dat => Moved successfully.
C:\ProgramData\ritolj.dat => Moved successfully.

==== End of Fixlog ====

schrauber · 03.07.2013, 20:22

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Und ein frisches FRST Log bitte.

Nighthawk93 · 03.07.2013, 21:54

Code:

ATTFilter

# AdwCleaner v2.304 - Datei am 03/07/2013 um 22:33:41 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Andi - ANDISCPUMONSTER
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Andi\Documents\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : IBUpdaterService
Gestoppt & Gelöscht : ICQ Service

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\searchplugins\MyStart Search.xml
Gelöscht mit Neustart : C:\Program Files\DeviceVM
Gelöscht mit Neustart : C:\Windows\system32\Zynga
Gelöscht mit Neustart : C:\Windows\system32\Zynga
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files\incredibar.com
Ordner Gelöscht : C:\Program Files\Web Assistant
Ordner Gelöscht : C:\ProgramData\APN
Ordner Gelöscht : C:\ProgramData\DeviceVM
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Andi\AppData\Local\TempDir
Ordner Gelöscht : C:\Users\Andi\AppData\Roaming\DeviceVM
Ordner Gelöscht : C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
Ordner Gelöscht : C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\extensions\ffxtlbr@incredibar.com
Ordner Gelöscht : C:\Windows\system32\WNLT

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\I
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\Software\incredibar.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gelöscht : HKLM\Software\Web Assistant
Schlüssel Gelöscht : HKLM\Software\WNLT
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.icq.com/ --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v13.0.1 (de)

Datei : C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\prefs.js

C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.startup.homepage", "hxxp://start.icq.com/");
Gelöscht : user_pref("extensions.incredibar_i.aflt", "orgnl");
Gelöscht : user_pref("extensions.incredibar_i.dfltLng", "");
Gelöscht : user_pref("extensions.incredibar_i.did", "10643");
Gelöscht : user_pref("extensions.incredibar_i.excTlbr", false);
Gelöscht : user_pref("extensions.incredibar_i.id", "48be16e4000000000000001fcf1156ba");
Gelöscht : user_pref("extensions.incredibar_i.installerproductid", "26");
Gelöscht : user_pref("extensions.incredibar_i.instlDay", "15519");
Gelöscht : user_pref("extensions.incredibar_i.instlRef", "");
Gelöscht : user_pref("extensions.incredibar_i.ms_url_id", "");
Gelöscht : user_pref("extensions.incredibar_i.newTab", false);
Gelöscht : user_pref("extensions.incredibar_i.ppd", "35");
Gelöscht : user_pref("extensions.incredibar_i.prdct", "incredibar");
Gelöscht : user_pref("extensions.incredibar_i.productid", "26");
Gelöscht : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Gelöscht : user_pref("extensions.incredibar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.incredibar_i.tlbrId", "base");
Gelöscht : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQBQGJWHq&loc=IB[...]
Gelöscht : user_pref("extensions.incredibar_i.upn2", "6PQBQGJWHq");
Gelöscht : user_pref("extensions.incredibar_i.upn2n", "92543138501114212");
Gelöscht : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1415:46:15");
Gelöscht : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Gelöscht : user_pref("icqtoolbar.engineVerified", false);
Gelöscht : user_pref("icqtoolbar.geolastmodified", 1320487111);
Gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Gelöscht : user_pref("icqtoolbar.history", "hacking%20board||'hack.txt'%20filetype%3Atxt||'hack.txt'%20'disallo[...]
Gelöscht : user_pref("icqtoolbar.icqgeo", 49);
Gelöscht : user_pref("icqtoolbar.installTime", "1320690539");
Gelöscht : user_pref("icqtoolbar.installsource", "1");
Gelöscht : user_pref("icqtoolbar.newtab_state", "1");
Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Gelöscht : user_pref("icqtoolbar.previousFFVersion", "7.0.1");
Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelöscht : user_pref("icqtoolbar.suggestions", false);
Gelöscht : user_pref("icqtoolbar.uniqueID", "143965868710263727041319752770078");
Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1320684734);
Gelöscht : user_pref("icqtoolbar.version", "1.3.6");
Gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherWasShown", 1);
Gelöscht : user_pref("icqtoolbar.xmlEnableHomePageDsGuard", false);
Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
Gelöscht : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=");

-\\ Opera v12.15.1748.0

Datei : C:\Users\Andi\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [14678 octets] - [03/07/2013 22:33:41]

########## EOF - C:\AdwCleaner[S1].txt - [14739 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x86
Ran by Andi on 03.07.2013 at 22:43:50,15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\smart pc cleaner



~~~ Registry Keys

Successfully deleted: [Registry Key] "HKEY_CURRENT_USER\Software\Microsoft\internet explorer\internetregistry\registry\user\S-1-5-21-4214484689-3840541374-2214880506-1000\software\web assistant"



~~~ Files

Successfully deleted: [File] "C:\Windows\system32\dmwu.exe"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Andi\AppData\Roaming\smart pc cleaner"
Successfully deleted: [Folder] "C:\Program Files\smart pc cleaner"
Successfully deleted: [Empty Folder] C:\Users\Andi\appdata\local\{2ea72ae6-8b1b-f851-270e-318ff3fa56a6}
Successfully deleted: [Empty Folder] C:\Users\Andi\appdata\local\{32C5E046-1C06-4A49-81DC-505FD887502F}
Successfully deleted: [Empty Folder] C:\Users\Andi\appdata\local\{44C48779-D5C7-49EB-9D39-D9C23A6356F0}



~~~ FireFox

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\{184AA5E6-741D-464A-820E-94B3ABC2F3B4}
Emptied folder: C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\aqtb2t8k.default\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.07.2013 at 22:47:39,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-07-2013 02
Ran by Andi (administrator) on 03-07-2013 22:53:32
Running from C:\Users\Andi\Documents
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Locktime Software) C:\Program Files\NetLimiter 3\nlsvc.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
() C:\Windows\system32\PnkBstrA.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(DeviceVM, Inc.) C:\Program Files\DeviceVM\SmartView\SmartViewService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\Windows\system32\vmnat.exe
(SoftEther Corporation) C:\Program Files\PacketiX VPN Client English\vpnclient.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(VMware, Inc.) C:\Windows\system32\vmnetdhcp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Creative Technology Ltd) C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Creative Technology Ltd) C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files\CyberLink\Shared files\brs.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Locktime Software) C:\Program Files\NetLimiter 3\NLClientApp.exe
(Spotify Ltd) C:\Users\Andi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Spotify Ltd) C:\Users\Andi\AppData\Roaming\Spotify\spotify.exe
(Macrovision Europe Ltd.) C:\Users\Andi\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
(Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Opera Software) C:\Program Files\Opera\opera.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [9398888 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [CTSyncService] C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe /StartRunKey [1233195 2009-07-08] (Creative Technology Ltd)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [281768 2011-10-30] (Avira GmbH)
HKLM\...\Run: [VolPanel] "C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r [241789 2009-05-04] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [14848 2009-02-26] (Creative Technology Ltd.)
HKLM\...\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [153672 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [MDS_Menu] "C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1" [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-12-15] (CyberLink)
HKLM\...\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.)
HKLM\...\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe [75048 2010-05-14] (cyberlink)
HKLM\...\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0" [218408 2009-02-17] (CyberLink Corp.)
HKLM\...\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun [557056 2011-11-12] (BitLeader)
HKLM\...\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [SmartviewAgent] "C:\Program Files\DeviceVM\SmartView\SmartViewAgent.exe" [x]
HKLM\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-06-28] (LogMeIn Inc.)
HKCU\...\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent [1635752 2013-05-04] (Valve Corporation)
HKCU\...\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon [1517520 2012-01-09] (TrueCrypt Foundation)
HKCU\...\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray [1839104 2011-03-21] (Locktime Software)
HKCU\...\Run: [Spotify Web Helper] "C:\Users\Andi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1104384 2013-06-19] (Spotify Ltd)
HKCU\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [18705664 2013-01-08] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify] "C:\Users\Andi\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [4643328 2013-06-19] (Spotify Ltd)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO: ICQ Sparberater - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Program Files\icq\Internet Explorer\icq.dll (solute gmbh)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 11 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.)
Winsock: Catalog9 12 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.)
Tcpip\..\Interfaces\{0DD0FC19-EDA2-4C30-B161-FE5468D0CBEF}: [NameServer]85.214.20.141

FireFox:
========
FF ProfilePath: C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default
FF SelectedSearchEngine: ICQ Search
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @esn.me/esnsonar,version=0.70.4 - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin: @esn/esnlaunch,version=1.102.0 - C:\Program Files\Battlelog Web Plugins\1.102.0\npesnlaunch.dll No File
FF Plugin: @esn/esnlaunch,version=1.110.0 - C:\Program Files\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin: @esn/esnlaunch,version=2.1.2 - C:\Program Files\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: ???????? HTTP ?????????? - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF Extension: ciuvo-extension - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\Extensions\ciuvo-extension@icq.de.xpi
FF Extension: firebug - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: fireforce - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\Extensions\fireforce@scrt.ch.xpi
FF Extension: youtube2mp3 - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\Extensions\youtube2mp3@mondayx.de.xpi
FF Extension: No Name - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========================== Services (Whitelisted) =================

R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-03] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [136360 2011-10-30] (Avira GmbH)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [269480 2011-10-30] (Avira GmbH)
S2 CLKMSVC10_E92D8507; C:\Program Files\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [246256 2010-05-14] (CyberLink)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-10-28] (Creative Labs)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1440080 2013-06-28] (LogMeIn Inc.)
R2 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1126400 2011-03-21] (Locktime Software)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2012-12-19] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] ()
R2 SmartViewService; C:\Program Files\DeviceVM\SmartView\SmartViewService.exe [125216 2010-09-02] (DeviceVM, Inc.)
R3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2011-10-27] (Creative Labs)
R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [79872 2011-11-13] (VMware, Inc.)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [354416 2011-11-14] (VMware, Inc.)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [665200 2011-08-29] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [433264 2011-11-14] (VMware, Inc.)
R2 vpnclient; C:\Program Files\PacketiX VPN Client English\vpnclient.exe [2478080 2008-05-15] (SoftEther Corporation)
S3 MPAJCNVDE; C:\Users\Andi\AppData\Local\Temp\MPAJCNVDE.exe [x]

==================== Drivers (Whitelisted) ====================

R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [13832 2010-06-11] (Windows (R) Win 7 DDK provider)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [66616 2011-10-30] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [138192 2011-10-30] (Avira GmbH)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [32384 2011-02-08] (Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [52352 2011-02-08] (Etron Technology Inc)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [29248 2011-10-28] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [14656 2011-10-27] (FNet Co., Ltd.)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [32496 2011-08-29] (VMware, Inc.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
S3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0033.sys [22000 2011-11-12] (SoftEther Corporation)
R3 NLNdisMP; C:\Windows\System32\DRIVERS\nlndis.sys [5230088 2011-03-21] (Locktime Software)
S3 NLNdisPT; C:\Windows\System32\DRIVERS\nlndis.sys [5230088 2011-03-21] (Locktime Software)
R1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [5281672 2011-03-21] (Locktime Software)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH)
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [25584 2011-11-14] (VMware, Inc.)
S3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16624 2011-11-13] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [36464 2011-11-13] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [25712 2011-11-14] (VMware, Inc.)
R2 VMparport; C:\Windows\system32\Drivers\VMparport.sys [23792 2011-11-14] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [55664 2011-11-14] (VMware, Inc.)
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
R3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
S3 catchme; \??\C:\Users\Andi\AppData\Local\Temp\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-03 22:47 - 2013-07-03 22:47 - 00001739 ____A C:\Users\Andi\Desktop\JRT.txt
2013-07-03 22:43 - 2013-07-03 22:43 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Andi\Documents\JRT.exe
2013-07-03 22:43 - 2013-07-03 22:43 - 00000000 ____D C:\Windows\ERUNT
2013-07-03 22:43 - 2013-07-03 22:43 - 00000000 ____D C:\JRT
2013-07-03 22:40 - 2013-07-03 22:40 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2013-07-03 22:33 - 2013-07-03 22:34 - 00014809 ____A C:\AdwCleaner[S1].txt
2013-07-03 22:33 - 2013-07-03 22:34 - 00000171 ____A C:\Windows\DeleteOnReboot.bat
2013-07-03 22:32 - 2013-07-03 22:32 - 00650027 ____A C:\Users\Andi\Documents\adwcleaner.exe
2013-07-03 19:32 - 2013-07-03 19:32 - 00019527 ____A C:\Users\Andi\Documents\Addition.txt
2013-07-03 19:31 - 2013-07-03 19:31 - 00000000 ____D C:\FRST
2013-07-03 19:27 - 2013-07-03 19:27 - 01372941 ____A (Farbar) C:\Users\Andi\Documents\FRST.exe
2013-06-25 18:22 - 2013-06-25 18:22 - 00000008 ____A C:\Users\Andi\Documents\wsi tan.txt
2013-06-19 12:45 - 2013-06-19 12:45 - 00001128 ____A C:\Users\Andi\Desktop\Continue Zip Opener Installation.lnk
2013-06-19 12:44 - 2013-06-19 12:44 - 00793536 ____A C:\Users\Andi\Documents\ZipOpenerSetup.exe
2013-06-18 23:59 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-18 23:59 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-18 23:59 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-18 23:59 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-18 23:59 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-18 23:59 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-18 23:58 - 2013-05-17 03:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-18 23:58 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-18 23:58 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-18 23:58 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-18 23:58 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-18 23:58 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-18 23:58 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-18 23:57 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-18 23:57 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-18 23:57 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-18 22:19 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-18 22:19 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-18 22:19 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-18 22:19 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-18 22:19 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-18 22:19 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-18 22:19 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-18 22:19 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-18 22:19 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-18 22:18 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-18 22:18 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-18 22:17 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-18 11:38 - 2013-06-18 22:01 - 00000000 ____A C:\ProgramData\kjhy64.txt

==================== One Month Modified Files and Folders ========

2013-07-03 22:47 - 2013-07-03 22:47 - 00001739 ____A C:\Users\Andi\Desktop\JRT.txt
2013-07-03 22:46 - 2009-07-14 06:34 - 00014976 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-03 22:46 - 2009-07-14 06:34 - 00014976 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-03 22:43 - 2013-07-03 22:43 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Andi\Documents\JRT.exe
2013-07-03 22:43 - 2013-07-03 22:43 - 00000000 ____D C:\Windows\ERUNT
2013-07-03 22:43 - 2013-07-03 22:43 - 00000000 ____D C:\JRT
2013-07-03 22:43 - 2011-10-28 16:54 - 00000000 ____D C:\Users\Andi\AppData\Roaming\TS3Client
2013-07-03 22:40 - 2013-07-03 22:40 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2013-07-03 22:40 - 2012-05-03 16:27 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Spotify
2013-07-03 22:40 - 2012-01-28 13:28 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Skype
2013-07-03 22:40 - 2011-11-23 20:05 - 00000000 ____D C:\Program Files\Steam
2013-07-03 22:40 - 2011-10-31 12:36 - 00000000 ____D C:\Users\Andi\AppData\Local\LogMeIn Hamachi
2013-07-03 22:39 - 2012-02-28 23:05 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-07-03 22:39 - 2011-12-17 16:46 - 00000000 ____D C:\ProgramData\VMware
2013-07-03 22:39 - 2011-11-12 14:06 - 00000000 ____D C:\Program Files\PacketiX VPN Client English
2013-07-03 22:38 - 2012-01-02 01:03 - 00065536 _____ C:\Windows\System32\Ikeext.etl
2013-07-03 22:38 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-03 22:38 - 2009-07-14 06:39 - 00153377 ____A C:\Windows\setupact.log
2013-07-03 22:34 - 2013-07-03 22:33 - 00014809 ____A C:\AdwCleaner[S1].txt
2013-07-03 22:34 - 2013-07-03 22:33 - 00000171 ____A C:\Windows\DeleteOnReboot.bat
2013-07-03 22:34 - 2011-10-27 21:06 - 01243810 ____A C:\Windows\WindowsUpdate.log
2013-07-03 22:32 - 2013-07-03 22:32 - 00650027 ____A C:\Users\Andi\Documents\adwcleaner.exe
2013-07-03 20:36 - 2012-02-16 17:23 - 00000000 ____D C:\Users\Andi\AppData\Local\PMB Files
2013-07-03 19:38 - 2012-02-16 17:23 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-03 19:32 - 2013-07-03 19:32 - 00019527 ____A C:\Users\Andi\Documents\Addition.txt
2013-07-03 19:31 - 2013-07-03 19:31 - 00000000 ____D C:\FRST
2013-07-03 19:27 - 2013-07-03 19:27 - 01372941 ____A (Farbar) C:\Users\Andi\Documents\FRST.exe
2013-07-03 17:46 - 2013-03-01 14:14 - 00001380 ____A C:\Users\Andi\Desktop\Games.lnk
2013-07-03 17:46 - 2012-05-03 16:31 - 00000000 ____D C:\Users\Andi\AppData\Local\Spotify
2013-07-03 17:45 - 2011-10-27 21:09 - 00000000 ____D C:\users\Andi
2013-06-26 16:36 - 2012-08-20 17:58 - 00000000 ____D C:\Program Files\SpeedFan
2013-06-25 18:22 - 2013-06-25 18:22 - 00000008 ____A C:\Users\Andi\Documents\wsi tan.txt
2013-06-24 11:29 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-19 12:45 - 2013-06-19 12:45 - 00001128 ____A C:\Users\Andi\Desktop\Continue Zip Opener Installation.lnk
2013-06-19 12:44 - 2013-06-19 12:44 - 00793536 ____A C:\Users\Andi\Documents\ZipOpenerSetup.exe
2013-06-19 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-18 22:07 - 2011-11-01 17:25 - 00000000 ____D C:\Users\Andi\AppData\Roaming\vlc
2013-06-18 22:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\wfp
2013-06-18 22:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-06-18 22:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-06-18 22:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat
2013-06-18 22:07 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-06-18 22:01 - 2013-06-18 11:38 - 00000000 ____A C:\ProgramData\kjhy64.txt
2013-06-15 20:45 - 2011-10-28 20:16 - 00000000 ____D C:\Users\Andi\AppData\Local\CrashDumps
2013-06-12 23:48 - 2011-10-28 00:09 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Origin
2013-06-12 23:48 - 2011-10-28 00:08 - 00000000 ____D C:\ProgramData\Origin
2013-06-12 23:46 - 2011-10-28 00:09 - 00000000 ____D C:\Users\Andi\AppData\Local\Origin
2013-06-12 23:46 - 2011-10-28 00:08 - 00000000 ____D C:\Program Files\Origin
2013-06-08 13:42 - 2013-06-18 23:59 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 13:40 - 2013-06-18 23:59 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 13:40 - 2013-06-18 23:59 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 13:40 - 2013-06-18 23:59 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 13:40 - 2013-06-18 23:59 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:13 - 2013-06-18 23:59 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-24 11:20

==================== End Of Log ============================

--- --- ---

schrauber · 04.07.2013, 07:10

Supi,

gibt es noch Boot-Probleme?

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte.

Nighthawk93 · 06.07.2013, 01:33

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=bc9b18466285b04f948168397757b6d0
# engine=14268
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-04 01:09:23
# local_time=2013-07-04 03:09:23 (+0100, Mitteleuropäische Sommerzeit )
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 530305 109483819 69546 0
# compatibility_mode=5893 16776574 66 94 32827200 124574554 0 0
# scanned=239620
# found=14
# cleaned=0
# scan_time=5335
sh=A2D061A7339F997E8C2128F66648EBA960E6F047 ft=1 fh=840c2f28d85027f7 vn="a variant of Win32/Kryptik.BBLJ trojan" ac=I fn="C:\FRST\Quarantine\ofde.dat"
sh=DAEC63C08B544A27E2B565018BADA5204819D4A6 ft=1 fh=1d74f5246feacc78 vn="Win32/Reveton.R trojan" ac=I fn="C:\FRST\Quarantine\ritolj.dat"
sh=DE076902ED8D6A545C4200DA0F5A0BDFC9C5CFB0 ft=1 fh=c71c0011fca4a1e5 vn="Win32/LockScreen.APR trojan" ac=I fn="C:\FRST\Quarantine\skype.dat"
sh=17BCD2383679B1BD3ABA3E352C8BE3E8BC4D25DA ft=1 fh=c71c001192ebd825 vn="Win32/Adware.RegistryEasy application" ac=I fn="C:\Program Files\Registry Easy\Recoveryer.dll"
sh=BA6EFFF0AB490E69010EB196E0701385B02E5AA9 ft=1 fh=f4dffd93f7a696b2 vn="a variant of Win32/Adware.RegistryEasy application" ac=I fn="C:\Program Files\Registry Easy\RegEasyCleaner.exe"
sh=EE943F1C0261491B4A9BCDCF902544E2983EC902 ft=0 fh=0000000000000000 vn="HTML/Ransom.B trojan" ac=I fn="C:\ProgramData\rprmhoiupnfmzcq\main.html"
sh=EE943F1C0261491B4A9BCDCF902544E2983EC902 ft=0 fh=0000000000000000 vn="HTML/Ransom.B trojan" ac=I fn="C:\Users\All Users\rprmhoiupnfmzcq\main.html"
sh=A2D061A7339F997E8C2128F66648EBA960E6F047 ft=1 fh=840c2f28d85027f7 vn="a variant of Win32/Kryptik.BBLJ trojan" ac=I fn="C:\Users\Andi\AppData\Local\temp\0.9516129091187048.bfg"
sh=DAEC63C08B544A27E2B565018BADA5204819D4A6 ft=1 fh=1d74f5246feacc78 vn="Win32/Reveton.R trojan" ac=I fn="C:\Users\Andi\AppData\Local\temp\iipfwmdbfvytnoowibp.bfg"
sh=E8F2CE860F2A7DA312D45D07B22B3803ABD4F41E ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-1723.IB trojan" ac=I fn="C:\Users\Andi\AppData\Local\temp\jar_cache1056613173081484602.tmp"
sh=81145D4FF96A79C955AA139CAC6CEC290E82F176 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OSL trojan" ac=I fn="C:\Users\Andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\42074392-1304d6ce"
sh=25CE00D5430CA32BFECA2FC051A566020C961451 ft=1 fh=b6a9fa6248c1190d vn="a variant of Win32/Adware.RegistryEasy application" ac=I fn="C:\Users\Andi\Downloads\registryeasy_lite.exe"
sh=7E5DF510CC819DE59469DC7FB847ED6A25DB644D ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\Windows\pss\msconfig.lnk.Startup"

Scheint ja als hab ich mir viele tolle sachen hier auf Win eingefangen...

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.68  
 Windows 7 Service Pack 1 x86   
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
AntiVir Desktop   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.70.0.1100  
 Out of date Malwarebytes Anti-Malware installed! 
 Smart PC Cleaner v3.1  
 JavaFX 2.1.1    
 Java(TM) 6 Update 22  
 Java(TM) 6 Update 31  
 Java 7 Update 11  
 Java version out of Date! 
 Adobe Flash Player 	11.1.102.55  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox 13.0.1 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-07-2013 02
Ran by Andi (administrator) on 06-07-2013 02:44:29
Running from C:\Users\Andi\Documents
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Locktime Software) C:\Program Files\NetLimiter 3\nlsvc.exe
() C:\Windows\system32\PnkBstrA.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(DeviceVM, Inc.) C:\Program Files\DeviceVM\SmartView\SmartViewService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\Windows\system32\vmnat.exe
(SoftEther Corporation) C:\Program Files\PacketiX VPN Client English\vpnclient.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(VMware, Inc.) C:\Windows\system32\vmnetdhcp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Creative Technology Ltd) C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Creative Technology Ltd) C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Macrovision Europe Ltd.) C:\Users\Andi\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files\CyberLink\Shared files\brs.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Locktime Software) C:\Program Files\NetLimiter 3\NLClientApp.exe
(Spotify Ltd) C:\Users\Andi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Opera Software) C:\Program Files\Opera\opera.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.171\deploy\LoLLauncher.exe
(Adobe Systems Inc.) C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.30\deploy\LolClient.exe
() C:\Users\Andi\Documents\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [9398888 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [CTSyncService] C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe /StartRunKey [1233195 2009-07-08] (Creative Technology Ltd)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [281768 2011-10-30] (Avira GmbH)
HKLM\...\Run: [VolPanel] "C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r [241789 2009-05-04] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [14848 2009-02-26] (Creative Technology Ltd.)
HKLM\...\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [153672 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [MDS_Menu] "C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1" [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-12-15] (CyberLink)
HKLM\...\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.)
HKLM\...\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe [75048 2010-05-14] (cyberlink)
HKLM\...\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0" [218408 2009-02-17] (CyberLink Corp.)
HKLM\...\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun [557056 2011-11-12] (BitLeader)
HKLM\...\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [SmartviewAgent] "C:\Program Files\DeviceVM\SmartView\SmartViewAgent.exe" [x]
HKLM\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-06-28] (LogMeIn Inc.)
HKCU\...\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent [1635752 2013-05-04] (Valve Corporation)
HKCU\...\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon [1517520 2012-01-09] (TrueCrypt Foundation)
HKCU\...\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray [1839104 2011-03-21] (Locktime Software)
HKCU\...\Run: [Spotify Web Helper] "C:\Users\Andi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1104384 2013-06-19] (Spotify Ltd)
HKCU\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [18705664 2013-01-08] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify] "C:\Users\Andi\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [4643328 2013-06-19] (Spotify Ltd)
HKCU\...\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe" [393216 2011-10-16] (AMD)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO: ICQ Sparberater - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Program Files\icq\Internet Explorer\icq.dll (solute gmbh)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 11 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.)
Winsock: Catalog9 12 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.)
Tcpip\..\Interfaces\{0DD0FC19-EDA2-4C30-B161-FE5468D0CBEF}: [NameServer]85.214.20.141

FireFox:
========
FF ProfilePath: C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default
FF SelectedSearchEngine: ICQ Search
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @esn.me/esnsonar,version=0.70.4 - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin: @esn/esnlaunch,version=1.102.0 - C:\Program Files\Battlelog Web Plugins\1.102.0\npesnlaunch.dll No File
FF Plugin: @esn/esnlaunch,version=1.110.0 - C:\Program Files\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin: @esn/esnlaunch,version=2.1.2 - C:\Program Files\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: ???????? HTTP ?????????? - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF Extension: ciuvo-extension - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\Extensions\ciuvo-extension@icq.de.xpi
FF Extension: firebug - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: fireforce - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\Extensions\fireforce@scrt.ch.xpi
FF Extension: youtube2mp3 - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\Extensions\youtube2mp3@mondayx.de.xpi
FF Extension: No Name - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========================== Services (Whitelisted) =================

R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-03] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [136360 2011-10-30] (Avira GmbH)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [269480 2011-10-30] (Avira GmbH)
S2 CLKMSVC10_E92D8507; C:\Program Files\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [246256 2010-05-14] (CyberLink)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-10-28] (Creative Labs)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1440080 2013-06-28] (LogMeIn Inc.)
R2 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1126400 2011-03-21] (Locktime Software)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2012-12-19] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] ()
R2 SmartViewService; C:\Program Files\DeviceVM\SmartView\SmartViewService.exe [125216 2010-09-02] (DeviceVM, Inc.)
R3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2011-10-27] (Creative Labs)
R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [79872 2011-11-13] (VMware, Inc.)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [354416 2011-11-14] (VMware, Inc.)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [665200 2011-08-29] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [433264 2011-11-14] (VMware, Inc.)
R2 vpnclient; C:\Program Files\PacketiX VPN Client English\vpnclient.exe [2478080 2008-05-15] (SoftEther Corporation)
S3 MPAJCNVDE; C:\Users\Andi\AppData\Local\Temp\MPAJCNVDE.exe [x]

==================== Drivers (Whitelisted) ====================

R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [13832 2010-06-11] (Windows (R) Win 7 DDK provider)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [66616 2011-10-30] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [138192 2011-10-30] (Avira GmbH)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [32384 2011-02-08] (Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [52352 2011-02-08] (Etron Technology Inc)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [29248 2011-10-28] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [14656 2011-10-27] (FNet Co., Ltd.)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [32496 2011-08-29] (VMware, Inc.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
S3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0033.sys [22000 2011-11-12] (SoftEther Corporation)
R3 NLNdisMP; C:\Windows\System32\DRIVERS\nlndis.sys [5230088 2011-03-21] (Locktime Software)
S3 NLNdisPT; C:\Windows\System32\DRIVERS\nlndis.sys [5230088 2011-03-21] (Locktime Software)
R1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [5281672 2011-03-21] (Locktime Software)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH)
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [25584 2011-11-14] (VMware, Inc.)
S3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16624 2011-11-13] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [36464 2011-11-13] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [25712 2011-11-14] (VMware, Inc.)
R2 VMparport; C:\Windows\system32\Drivers\VMparport.sys [23792 2011-11-14] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [55664 2011-11-14] (VMware, Inc.)
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
R3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
S3 catchme; \??\C:\Users\Andi\AppData\Local\Temp\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-04 13:30 - 2013-07-04 13:30 - 00000000 ____D C:\Program Files\ESET
2013-07-04 13:29 - 2013-07-04 13:29 - 02347384 ____A (ESET) C:\Users\Andi\Documents\esetsmartinstaller_enu.exe
2013-07-04 13:29 - 2013-07-04 13:29 - 00890988 ____A C:\Users\Andi\Documents\SecurityCheck.exe
2013-07-03 22:47 - 2013-07-03 22:47 - 00001739 ____A C:\Users\Andi\Desktop\JRT.txt
2013-07-03 22:43 - 2013-07-03 22:43 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Andi\Documents\JRT.exe
2013-07-03 22:43 - 2013-07-03 22:43 - 00000000 ____D C:\Windows\ERUNT
2013-07-03 22:43 - 2013-07-03 22:43 - 00000000 ____D C:\JRT
2013-07-03 22:40 - 2013-07-03 22:40 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2013-07-03 22:33 - 2013-07-03 22:34 - 00014809 ____A C:\AdwCleaner[S1].txt
2013-07-03 22:33 - 2013-07-03 22:34 - 00000171 ____A C:\Windows\DeleteOnReboot.bat
2013-07-03 22:32 - 2013-07-03 22:32 - 00650027 ____A C:\Users\Andi\Documents\adwcleaner.exe
2013-07-03 19:32 - 2013-07-03 19:32 - 00019527 ____A C:\Users\Andi\Documents\Addition.txt
2013-07-03 19:31 - 2013-07-03 19:31 - 00000000 ____D C:\FRST
2013-07-03 19:27 - 2013-07-03 19:27 - 01372941 ____A (Farbar) C:\Users\Andi\Documents\FRST.exe
2013-06-25 18:22 - 2013-06-25 18:22 - 00000008 ____A C:\Users\Andi\Documents\wsi tan.txt
2013-06-19 12:45 - 2013-06-19 12:45 - 00001128 ____A C:\Users\Andi\Desktop\Continue Zip Opener Installation.lnk
2013-06-19 12:44 - 2013-06-19 12:44 - 00793536 ____A C:\Users\Andi\Documents\ZipOpenerSetup.exe
2013-06-18 23:59 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-18 23:59 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-18 23:59 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-18 23:59 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-18 23:59 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-18 23:59 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-18 23:58 - 2013-05-17 03:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-18 23:58 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-18 23:58 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-18 23:58 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-18 23:58 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-18 23:58 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-18 23:58 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-18 23:57 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-18 23:57 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-18 23:57 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-18 22:19 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-18 22:19 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-18 22:19 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-18 22:19 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-18 22:19 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-18 22:19 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-18 22:19 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-18 22:19 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-18 22:19 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-18 22:18 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-18 22:18 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-18 22:17 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-18 11:38 - 2013-06-18 22:01 - 00000000 ____A C:\ProgramData\kjhy64.txt

==================== One Month Modified Files and Folders ========

2013-07-06 02:35 - 2011-12-17 16:48 - 00000000 ____D C:\Users\Andi\AppData\Local\VMware
2013-07-06 02:09 - 2011-10-27 21:06 - 01347284 ____A C:\Windows\WindowsUpdate.log
2013-07-06 01:55 - 2011-12-17 16:46 - 00000000 ____D C:\ProgramData\VMware
2013-07-06 01:54 - 2011-12-17 16:47 - 00000000 ____D C:\Users\Andi\AppData\Roaming\VMware
2013-07-05 23:05 - 2011-10-28 16:54 - 00000000 ____D C:\Users\Andi\AppData\Roaming\TS3Client
2013-07-05 22:49 - 2012-02-16 17:23 - 00000000 ____D C:\Users\Andi\AppData\Local\PMB Files
2013-07-05 21:47 - 2012-02-16 17:23 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-05 20:46 - 2012-05-03 16:27 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Spotify
2013-07-05 19:11 - 2011-10-31 12:36 - 00000000 ____D C:\Users\Andi\AppData\Local\LogMeIn Hamachi
2013-07-05 12:47 - 2012-01-28 13:28 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Skype
2013-07-05 12:46 - 2011-11-23 20:05 - 00000000 ____D C:\Program Files\Steam
2013-07-05 12:40 - 2009-07-14 06:34 - 00014976 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-05 12:40 - 2009-07-14 06:34 - 00014976 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-05 12:34 - 2012-05-03 16:31 - 00000000 ____D C:\Users\Andi\AppData\Local\Spotify
2013-07-05 12:34 - 2012-02-28 23:05 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-07-05 12:33 - 2011-11-12 14:06 - 00000000 ____D C:\Program Files\PacketiX VPN Client English
2013-07-05 12:32 - 2012-01-02 01:03 - 00065536 _____ C:\Windows\System32\Ikeext.etl
2013-07-05 12:32 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-05 12:32 - 2009-07-14 06:39 - 00153545 ____A C:\Windows\setupact.log
2013-07-04 13:30 - 2013-07-04 13:30 - 00000000 ____D C:\Program Files\ESET
2013-07-04 13:29 - 2013-07-04 13:29 - 02347384 ____A (ESET) C:\Users\Andi\Documents\esetsmartinstaller_enu.exe
2013-07-04 13:29 - 2013-07-04 13:29 - 00890988 ____A C:\Users\Andi\Documents\SecurityCheck.exe
2013-07-03 22:47 - 2013-07-03 22:47 - 00001739 ____A C:\Users\Andi\Desktop\JRT.txt
2013-07-03 22:43 - 2013-07-03 22:43 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Andi\Documents\JRT.exe
2013-07-03 22:43 - 2013-07-03 22:43 - 00000000 ____D C:\Windows\ERUNT
2013-07-03 22:43 - 2013-07-03 22:43 - 00000000 ____D C:\JRT
2013-07-03 22:40 - 2013-07-03 22:40 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2013-07-03 22:34 - 2013-07-03 22:33 - 00014809 ____A C:\AdwCleaner[S1].txt
2013-07-03 22:34 - 2013-07-03 22:33 - 00000171 ____A C:\Windows\DeleteOnReboot.bat
2013-07-03 22:33 - 2011-10-27 23:59 - 00000000 ____D C:\ProgramData\ICQ
2013-07-03 22:32 - 2013-07-03 22:32 - 00650027 ____A C:\Users\Andi\Documents\adwcleaner.exe
2013-07-03 19:32 - 2013-07-03 19:32 - 00019527 ____A C:\Users\Andi\Documents\Addition.txt
2013-07-03 19:31 - 2013-07-03 19:31 - 00000000 ____D C:\FRST
2013-07-03 19:27 - 2013-07-03 19:27 - 01372941 ____A (Farbar) C:\Users\Andi\Documents\FRST.exe
2013-07-03 17:46 - 2013-03-01 14:14 - 00001380 ____A C:\Users\Andi\Desktop\Games.lnk
2013-07-03 17:45 - 2011-10-27 21:09 - 00000000 ____D C:\users\Andi
2013-06-26 16:36 - 2012-08-20 17:58 - 00000000 ____D C:\Program Files\SpeedFan
2013-06-25 18:22 - 2013-06-25 18:22 - 00000008 ____A C:\Users\Andi\Documents\wsi tan.txt
2013-06-24 11:29 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-19 12:45 - 2013-06-19 12:45 - 00001128 ____A C:\Users\Andi\Desktop\Continue Zip Opener Installation.lnk
2013-06-19 12:44 - 2013-06-19 12:44 - 00793536 ____A C:\Users\Andi\Documents\ZipOpenerSetup.exe
2013-06-19 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-18 22:07 - 2011-11-01 17:25 - 00000000 ____D C:\Users\Andi\AppData\Roaming\vlc
2013-06-18 22:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\wfp
2013-06-18 22:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-06-18 22:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-06-18 22:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat
2013-06-18 22:07 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-06-18 22:01 - 2013-06-18 11:38 - 00000000 ____A C:\ProgramData\kjhy64.txt
2013-06-15 20:45 - 2011-10-28 20:16 - 00000000 ____D C:\Users\Andi\AppData\Local\CrashDumps
2013-06-12 23:48 - 2011-10-28 00:09 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Origin
2013-06-12 23:48 - 2011-10-28 00:08 - 00000000 ____D C:\ProgramData\Origin
2013-06-12 23:46 - 2011-10-28 00:09 - 00000000 ____D C:\Users\Andi\AppData\Local\Origin
2013-06-12 23:46 - 2011-10-28 00:08 - 00000000 ____D C:\Program Files\Origin
2013-06-08 13:42 - 2013-06-18 23:59 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 13:40 - 2013-06-18 23:59 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 13:40 - 2013-06-18 23:59 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 13:40 - 2013-06-18 23:59 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 13:40 - 2013-06-18 23:59 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:13 - 2013-06-18 23:59 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-04 12:05

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Dazu muss ich sagen FF nutz ich nichtmehr, Antivir ist eigt normal geupdatet und Maleware Bytes hat auch eher ne sagen wir mal verdeckte Funktion.
Gibts eigt so einen Standartschutz am besten for free den ihr als Experten empfehlen könnt bzw womit habt ihr die besten Erfahrungen gemacht ? Mir ist das verantwortungsvoller Umgang mit Daten/Downloads schon 99% abdeckt aber ohne das wärs ja langweilig

schrauber · 06.07.2013, 09:03

Java, Adobe und Firefox updaten.

Downloade dir bitte

Farbar Service Scanner

Starte das Tool mit Doppelklick auf die FSS.exe
Gehe sicher, dass folgende Optionen angehakt sind.
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Other Services
Klicke auf Scan.
Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

Fix mit FRST
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Program Files\Registry Easy
C:\ProgramData\rprmhoiupnfmzcq
C:\Users\All Users\rprmhoiupnfmzcq
C:\Users\Andi\AppData\Local\temp\*.*
C:\Users\Andi\AppData\Local\temp\iipfwmdbfvytnoowibp.bfg
C:\Windows\pss\msconfig.lnk.Startup
S3 MPAJCNVDE; C:\Users\Andi\AppData\Local\Temp\MPAJCNVDE.exe [x]
2013-06-18 11:38 - 2013-06-18 22:01 - 00000000 ____A C:\ProgramData\kjhy64.txt

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

und ein frisches FRST Log bitte. Noch Probleme?

Nighthawk93 · 09.07.2013, 20:46

So sry war übers We stark beschäftigt :/ Hier jedenfalls mal der Log:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-07-2013 02
Ran by Andi at 2013-07-09 21:37:23 Run:2
Running from C:\Users\Andi\Documents
Boot Mode: Normal

==============================================

C:\Program Files\Registry Easy => Moved successfully.
C:\ProgramData\rprmhoiupnfmzcq => Moved successfully.
"C:\Users\All Users\rprmhoiupnfmzcq" => File/Directory not found.

"C:\Users\Andi\AppData\Local\temp\*.*" directory move:

Could not move "C:\Users\Andi\AppData\Local\temp\*.*" directory. => Scheduled to move on reboot.

C:\Users\Andi\AppData\Local\temp\iipfwmdbfvytnoowibp.bfg => Moved successfully.
C:\Windows\pss\msconfig.lnk.Startup => Moved successfully.
MPAJCNVDE => Service deleted successfully.
C:\ProgramData\kjhy64.txt => Moved successfully.

=========== Result of Scheduled Files to move ===========
"C:\Users\Andi\AppData\Local\temp\*.*" => Directory could not move.

==== End of Fixlog ====

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-07-2013 02 (ATTENTION: FRST version is 6 days old)
Ran by Andi (administrator) on 09-07-2013 21:44:55
Running from C:\Users\Andi\Documents
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Locktime Software) C:\Program Files\NetLimiter 3\nlsvc.exe
() C:\Windows\system32\PnkBstrA.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(DeviceVM, Inc.) C:\Program Files\DeviceVM\SmartView\SmartViewService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\Windows\system32\vmnat.exe
(SoftEther Corporation) C:\Program Files\PacketiX VPN Client English\vpnclient.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(VMware, Inc.) C:\Windows\system32\vmnetdhcp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Creative Technology Ltd) C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Creative Technology Ltd) C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files\CyberLink\Shared files\brs.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Locktime Software) C:\Program Files\NetLimiter 3\NLClientApp.exe
(Spotify Ltd) C:\Users\Andi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\Andi\AppData\Roaming\Spotify\spotify.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Macrovision Europe Ltd.) C:\Users\Andi\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
(Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
(Opera Software) C:\Program Files\Opera\opera.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [9398888 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [CTSyncService] C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe /StartRunKey [1233195 2009-07-08] (Creative Technology Ltd)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [281768 2011-10-30] (Avira GmbH)
HKLM\...\Run: [VolPanel] "C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r [241789 2009-05-04] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [14848 2009-02-26] (Creative Technology Ltd.)
HKLM\...\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [153672 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [MDS_Menu] "C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1" [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-12-15] (CyberLink)
HKLM\...\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.)
HKLM\...\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe [75048 2010-05-14] (cyberlink)
HKLM\...\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0" [218408 2009-02-17] (CyberLink Corp.)
HKLM\...\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun [557056 2011-11-12] (BitLeader)
HKLM\...\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [SmartviewAgent] "C:\Program Files\DeviceVM\SmartView\SmartViewAgent.exe" [x]
HKLM\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-06-28] (LogMeIn Inc.)
HKCU\...\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent [1635752 2013-05-04] (Valve Corporation)
HKCU\...\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon [1517520 2012-01-09] (TrueCrypt Foundation)
HKCU\...\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray [1839104 2011-03-21] (Locktime Software)
HKCU\...\Run: [Spotify Web Helper] "C:\Users\Andi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1104384 2013-07-06] (Spotify Ltd)
HKCU\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [18705664 2013-01-08] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify] "C:\Users\Andi\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [4640768 2013-07-06] (Spotify Ltd)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO: ICQ Sparberater - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Program Files\icq\Internet Explorer\icq.dll (solute gmbh)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 11 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.)
Winsock: Catalog9 12 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{0DD0FC19-EDA2-4C30-B161-FE5468D0CBEF}: [NameServer]85.214.20.141

FireFox:
========
FF ProfilePath: C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default
FF SelectedSearchEngine: ICQ Search
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @esn.me/esnsonar,version=0.70.4 - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin: @esn/esnlaunch,version=1.102.0 - C:\Program Files\Battlelog Web Plugins\1.102.0\npesnlaunch.dll No File
FF Plugin: @esn/esnlaunch,version=1.110.0 - C:\Program Files\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin: @esn/esnlaunch,version=2.1.2 - C:\Program Files\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: ???????? HTTP ?????????? - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF Extension: ciuvo-extension - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\Extensions\ciuvo-extension@icq.de.xpi
FF Extension: firebug - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: fireforce - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\Extensions\fireforce@scrt.ch.xpi
FF Extension: youtube2mp3 - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\Extensions\youtube2mp3@mondayx.de.xpi
FF Extension: No Name - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\aqtb2t8k.default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========================== Services (Whitelisted) =================

R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-03] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [136360 2011-10-30] (Avira GmbH)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [269480 2011-10-30] (Avira GmbH)
S2 CLKMSVC10_E92D8507; C:\Program Files\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [246256 2010-05-14] (CyberLink)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-10-28] (Creative Labs)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1440080 2013-06-28] (LogMeIn Inc.)
R2 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1126400 2011-03-21] (Locktime Software)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2012-12-19] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] ()
R2 SmartViewService; C:\Program Files\DeviceVM\SmartView\SmartViewService.exe [125216 2010-09-02] (DeviceVM, Inc.)
R3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2011-10-27] (Creative Labs)
R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [79872 2011-11-13] (VMware, Inc.)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [354416 2011-11-14] (VMware, Inc.)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [665200 2011-08-29] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [433264 2011-11-14] (VMware, Inc.)
R2 vpnclient; C:\Program Files\PacketiX VPN Client English\vpnclient.exe [2478080 2008-05-15] (SoftEther Corporation)

==================== Drivers (Whitelisted) ====================

R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [13832 2010-06-11] (Windows (R) Win 7 DDK provider)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [66616 2011-10-30] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [138192 2011-10-30] (Avira GmbH)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [32384 2011-02-08] (Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [52352 2011-02-08] (Etron Technology Inc)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [29248 2011-10-28] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [14656 2011-10-27] (FNet Co., Ltd.)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [32496 2011-08-29] (VMware, Inc.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
S3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0033.sys [22000 2011-11-12] (SoftEther Corporation)
R3 NLNdisMP; C:\Windows\System32\DRIVERS\nlndis.sys [5230088 2011-03-21] (Locktime Software)
S3 NLNdisPT; C:\Windows\System32\DRIVERS\nlndis.sys [5230088 2011-03-21] (Locktime Software)
R1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [5281672 2011-03-21] (Locktime Software)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH)
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [25584 2011-11-14] (VMware, Inc.)
S3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16624 2011-11-13] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [36464 2011-11-13] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [25712 2011-11-14] (VMware, Inc.)
R2 VMparport; C:\Windows\system32\Drivers\VMparport.sys [23792 2011-11-14] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [55664 2011-11-14] (VMware, Inc.)
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
R3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
S3 catchme; \??\C:\Users\Andi\AppData\Local\Temp\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-08 22:01 - 2013-07-08 22:01 - 01759843 ____A C:\Users\Andi\Documents\PredatoreMapPack3.zip
2013-07-08 14:45 - 2013-07-08 14:45 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2013-07-08 13:51 - 2013-07-08 13:51 - 00000000 ____D C:\Users\Andi\Documents\Command & Conquer 3 Tiberium Wars
2013-07-08 13:19 - 2013-07-08 13:50 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2013-07-08 13:14 - 2013-07-08 13:14 - 00000000 __RHD C:\Users\Andi\AppData\Roaming\SecuROM
2013-07-04 13:29 - 2013-07-04 13:29 - 02347384 ____A (ESET) C:\Users\Andi\Documents\esetsmartinstaller_enu.exe
2013-07-04 13:29 - 2013-07-04 13:29 - 00890988 ____A C:\Users\Andi\Documents\SecurityCheck.exe
2013-07-03 22:47 - 2013-07-03 22:47 - 00001739 ____A C:\Users\Andi\Desktop\JRT.txt
2013-07-03 22:43 - 2013-07-03 22:43 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Andi\Documents\JRT.exe
2013-07-03 22:43 - 2013-07-03 22:43 - 00000000 ____D C:\Windows\ERUNT
2013-07-03 22:43 - 2013-07-03 22:43 - 00000000 ____D C:\JRT
2013-07-03 22:33 - 2013-07-03 22:34 - 00014809 ____A C:\AdwCleaner[S1].txt
2013-07-03 22:33 - 2013-07-03 22:34 - 00000171 ____A C:\Windows\DeleteOnReboot.bat
2013-07-03 22:32 - 2013-07-03 22:32 - 00650027 ____A C:\Users\Andi\Documents\adwcleaner.exe
2013-07-03 19:32 - 2013-07-03 19:32 - 00019527 ____A C:\Users\Andi\Documents\Addition.txt
2013-07-03 19:31 - 2013-07-09 21:40 - 00000000 ____D C:\FRST
2013-07-03 19:27 - 2013-07-03 19:27 - 01372941 ____A (Farbar) C:\Users\Andi\Documents\FRST.exe
2013-06-25 18:22 - 2013-06-25 18:22 - 00000008 ____A C:\Users\Andi\Documents\wsi tan.txt
2013-06-19 12:45 - 2013-06-19 12:45 - 00001128 ____A C:\Users\Andi\Desktop\Continue Zip Opener Installation.lnk
2013-06-19 12:44 - 2013-06-19 12:44 - 00793536 ____A C:\Users\Andi\Documents\ZipOpenerSetup.exe
2013-06-18 23:59 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-18 23:59 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-18 23:59 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-18 23:59 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-18 23:59 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-18 23:59 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-18 23:58 - 2013-05-17 03:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-18 23:58 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-18 23:58 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-18 23:58 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-18 23:58 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-18 23:58 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-18 23:58 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-18 23:57 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-18 23:57 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-18 23:57 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-18 22:19 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-18 22:19 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-18 22:19 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-18 22:19 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-18 22:19 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-18 22:19 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-18 22:19 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-18 22:19 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-18 22:19 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-18 22:18 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-18 22:18 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-18 22:17 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

==================== One Month Modified Files and Folders ========

2013-07-09 21:43 - 2011-10-28 16:54 - 00000000 ____D C:\Users\Andi\AppData\Roaming\TS3Client
2013-07-09 21:41 - 2012-05-03 16:27 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Spotify
2013-07-09 21:41 - 2011-11-23 20:05 - 00000000 ____D C:\Program Files\Steam
2013-07-09 21:40 - 2013-07-03 19:31 - 00000000 ____D C:\FRST
2013-07-09 21:40 - 2012-01-28 13:28 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Skype
2013-07-09 21:40 - 2011-10-31 12:36 - 00000000 ____D C:\Users\Andi\AppData\Local\LogMeIn Hamachi
2013-07-09 21:39 - 2012-02-28 23:05 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-07-09 21:39 - 2011-12-17 16:46 - 00000000 ____D C:\ProgramData\VMware
2013-07-09 21:39 - 2011-11-12 14:06 - 00000000 ____D C:\Program Files\PacketiX VPN Client English
2013-07-09 21:38 - 2012-01-02 01:03 - 00065536 _____ C:\Windows\System32\Ikeext.etl
2013-07-09 21:38 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-09 21:38 - 2009-07-14 06:39 - 00153937 ____A C:\Windows\setupact.log
2013-07-09 21:37 - 2011-11-27 10:43 - 00000000 ____D C:\Windows\pss
2013-07-09 21:37 - 2011-10-27 21:06 - 01512783 ____A C:\Windows\WindowsUpdate.log
2013-07-09 18:46 - 2009-07-14 06:34 - 00014976 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-09 18:46 - 2009-07-14 06:34 - 00014976 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-09 10:55 - 2012-05-03 16:31 - 00000000 ____D C:\Users\Andi\AppData\Local\Spotify
2013-07-08 22:01 - 2013-07-08 22:01 - 01759843 ____A C:\Users\Andi\Documents\PredatoreMapPack3.zip
2013-07-08 17:03 - 2011-12-17 16:48 - 00000000 ____D C:\Users\Andi\AppData\Local\VMware
2013-07-08 16:34 - 2011-12-17 16:47 - 00000000 ____D C:\Users\Andi\AppData\Roaming\VMware
2013-07-08 15:32 - 2012-08-20 17:58 - 00000000 ____D C:\Program Files\SpeedFan
2013-07-08 14:45 - 2013-07-08 14:45 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2013-07-08 13:51 - 2013-07-08 13:51 - 00000000 ____D C:\Users\Andi\Documents\Command & Conquer 3 Tiberium Wars
2013-07-08 13:50 - 2013-07-08 13:19 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2013-07-08 13:14 - 2013-07-08 13:14 - 00000000 __RHD C:\Users\Andi\AppData\Roaming\SecuROM
2013-07-08 12:58 - 2012-03-29 23:37 - 00035849 ____A C:\Windows\DirectX.log
2013-07-08 12:52 - 2011-11-10 20:46 - 00000000 ____D C:\Program Files\Electronic Arts
2013-07-06 13:46 - 2011-10-27 21:14 - 01506624 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-06 13:39 - 2011-10-28 00:02 - 00280624 ____A C:\Windows\PFRO.log
2013-07-05 22:49 - 2012-02-16 17:23 - 00000000 ____D C:\Users\Andi\AppData\Local\PMB Files
2013-07-05 21:47 - 2012-02-16 17:23 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-04 13:29 - 2013-07-04 13:29 - 02347384 ____A (ESET) C:\Users\Andi\Documents\esetsmartinstaller_enu.exe
2013-07-04 13:29 - 2013-07-04 13:29 - 00890988 ____A C:\Users\Andi\Documents\SecurityCheck.exe
2013-07-03 22:47 - 2013-07-03 22:47 - 00001739 ____A C:\Users\Andi\Desktop\JRT.txt
2013-07-03 22:43 - 2013-07-03 22:43 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Andi\Documents\JRT.exe
2013-07-03 22:43 - 2013-07-03 22:43 - 00000000 ____D C:\Windows\ERUNT
2013-07-03 22:43 - 2013-07-03 22:43 - 00000000 ____D C:\JRT
2013-07-03 22:34 - 2013-07-03 22:33 - 00014809 ____A C:\AdwCleaner[S1].txt
2013-07-03 22:34 - 2013-07-03 22:33 - 00000171 ____A C:\Windows\DeleteOnReboot.bat
2013-07-03 22:33 - 2011-10-27 23:59 - 00000000 ____D C:\ProgramData\ICQ
2013-07-03 22:32 - 2013-07-03 22:32 - 00650027 ____A C:\Users\Andi\Documents\adwcleaner.exe
2013-07-03 19:32 - 2013-07-03 19:32 - 00019527 ____A C:\Users\Andi\Documents\Addition.txt
2013-07-03 19:27 - 2013-07-03 19:27 - 01372941 ____A (Farbar) C:\Users\Andi\Documents\FRST.exe
2013-07-03 17:46 - 2013-03-01 14:14 - 00001380 ____A C:\Users\Andi\Desktop\Games.lnk
2013-07-03 17:45 - 2011-10-27 21:09 - 00000000 ____D C:\users\Andi
2013-06-25 18:22 - 2013-06-25 18:22 - 00000008 ____A C:\Users\Andi\Documents\wsi tan.txt
2013-06-24 11:29 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-19 12:45 - 2013-06-19 12:45 - 00001128 ____A C:\Users\Andi\Desktop\Continue Zip Opener Installation.lnk
2013-06-19 12:44 - 2013-06-19 12:44 - 00793536 ____A C:\Users\Andi\Documents\ZipOpenerSetup.exe
2013-06-19 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-18 22:07 - 2011-11-01 17:25 - 00000000 ____D C:\Users\Andi\AppData\Roaming\vlc
2013-06-18 22:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\wfp
2013-06-18 22:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-06-18 22:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-06-18 22:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat
2013-06-18 22:07 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-06-15 20:45 - 2011-10-28 20:16 - 00000000 ____D C:\Users\Andi\AppData\Local\CrashDumps
2013-06-12 23:48 - 2011-10-28 00:09 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Origin
2013-06-12 23:48 - 2011-10-28 00:08 - 00000000 ____D C:\ProgramData\Origin
2013-06-12 23:46 - 2011-10-28 00:09 - 00000000 ____D C:\Users\Andi\AppData\Local\Origin
2013-06-12 23:46 - 2011-10-28 00:08 - 00000000 ____D C:\Program Files\Origin

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-04 12:05

==================== End Of Log ============================

--- --- ---

--- --- ---

Schätze es ist soweit alles gut

!!!

Achja der FSS scan

Code:

ATTFilter

Farbar Service Scanner Version: 08-07-2013
Ran by Andi (administrator) on 09-07-2013 at 21:52:39
Running from "C:\Users\Andi\Documents"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to retrieve start type of iphlpsvc. The value does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to retrieve ImagePath of iphlpsvc. The value does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to retrieve ServiceDll of iphlpsvc. The value does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

schrauber · 10.07.2013, 08:29

http://download.bleepingcomputer.com...s/7/MpsSvc.reg
http://download.bleepingcomputer.com...s/7/wscsvc.reg
http://download.bleepingcomputer.com...aredAccess.reg

alle 3 downloaden und ausführen, erlauben. Reboot und frisches FRST Log bitte.

02.07.2013, 07:50	#16
schrauber /// the machine /// TB-Ausbilder	gvu trojaner meets truecrypt platte genau, sicher erstmal daten, dann können wir weiter spielen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

gvu trojaner meets truecrypt platte

Plagegeister aller Art und deren Bekämpfung: gvu trojaner meets truecrypt platte