Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/PSW.Zbot.233472.224 Befall

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.07.2013, 12:17   #1
yosherl
 
TR/PSW.Zbot.233472.224 Befall - Ausrufezeichen

TR/PSW.Zbot.233472.224 Befall



Hallo zusammen!

Ich habe mit einen Trojaner eingefangen, zumindest sagt das mein Avira

Eine Suche hat mich leider nur bedingt weitergebracht, da ich zwar einen "TR/PSW.Zbot" gefunden habe, aber keine Info zu "TR/PSW.Zbot.233472.224"
Ob der Trojaner der gleiche ist oder nicht weiß ich leider nicht

Ich hoffe dass ihr mir hier weiterhelfen könnt.

Was ich bisher gemacht habe:

Scan mit Avira - Trojaner gefunden
Scan mit Kapersky(Online) - kein Fund
Scan mit Malwarebyte - kein Fund
Scan mit OTL

Die Berichte von Avia und OTL kommen hier:

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 2. Juli 2013 12:59


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Code:
ATTFilter
Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : DESKTOP

Versionsinformationen:
BUILD.DAT      : 13.0.0.3737    54853 Bytes  20.06.2013 15:37:00
AVSCAN.EXE     : 13.6.0.1722   634936 Bytes  01.07.2013 17:30:57
AVSCANRC.DLL   : 13.6.0.1550    62520 Bytes  01.07.2013 17:30:57
LUKE.DLL       : 13.6.0.1550    65080 Bytes  01.07.2013 17:31:18
AVSCPLR.DLL    : 13.6.0.1712    92216 Bytes  01.07.2013 17:30:57
AVREG.DLL      : 13.6.0.1550   247864 Bytes  01.07.2013 17:30:56
avlode.dll     : 13.6.2.1704   449592 Bytes  01.07.2013 17:30:54
avlode.rdf     : 13.0.1.18      26349 Bytes  22.06.2013 16:46:30
VBASE000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 10:15:34
VBASE001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 08:06:34
VBASE002.VDF   : 7.11.80.60   2751488 Bytes  28.05.2013 13:50:21
VBASE003.VDF   : 7.11.85.214  2162688 Bytes  21.06.2013 16:46:23
VBASE004.VDF   : 7.11.85.215     2048 Bytes  21.06.2013 16:46:23
VBASE005.VDF   : 7.11.85.216     2048 Bytes  21.06.2013 16:46:23
VBASE006.VDF   : 7.11.85.217     2048 Bytes  21.06.2013 16:46:23
VBASE007.VDF   : 7.11.85.218     2048 Bytes  21.06.2013 16:46:23
VBASE008.VDF   : 7.11.85.219     2048 Bytes  21.06.2013 16:46:23
VBASE009.VDF   : 7.11.85.220     2048 Bytes  21.06.2013 16:46:23
VBASE010.VDF   : 7.11.85.221     2048 Bytes  21.06.2013 16:46:24
VBASE011.VDF   : 7.11.85.222     2048 Bytes  21.06.2013 16:46:24
VBASE012.VDF   : 7.11.85.223     2048 Bytes  21.06.2013 16:46:24
VBASE013.VDF   : 7.11.85.224     2048 Bytes  21.06.2013 16:46:24
VBASE014.VDF   : 7.11.86.93    870400 Bytes  24.06.2013 11:29:39
VBASE015.VDF   : 7.11.86.223   331776 Bytes  25.06.2013 16:21:48
VBASE016.VDF   : 7.11.87.67    204800 Bytes  27.06.2013 16:21:48
VBASE017.VDF   : 7.11.87.157   247296 Bytes  28.06.2013 17:30:46
VBASE018.VDF   : 7.11.87.221   196608 Bytes  30.06.2013 17:30:47
VBASE019.VDF   : 7.11.87.222     2048 Bytes  30.06.2013 17:30:47
VBASE020.VDF   : 7.11.87.223     2048 Bytes  30.06.2013 17:30:47
VBASE021.VDF   : 7.11.87.224     2048 Bytes  30.06.2013 17:30:47
VBASE022.VDF   : 7.11.87.225     2048 Bytes  30.06.2013 17:30:47
VBASE023.VDF   : 7.11.87.226     2048 Bytes  30.06.2013 17:30:48
VBASE024.VDF   : 7.11.87.227     2048 Bytes  30.06.2013 17:30:48
VBASE025.VDF   : 7.11.87.228     2048 Bytes  30.06.2013 17:30:48
VBASE026.VDF   : 7.11.87.229     2048 Bytes  30.06.2013 17:30:48
VBASE027.VDF   : 7.11.87.230     2048 Bytes  30.06.2013 17:30:48
VBASE028.VDF   : 7.11.87.231     2048 Bytes  30.06.2013 17:30:48
VBASE029.VDF   : 7.11.87.232     2048 Bytes  30.06.2013 17:30:49
VBASE030.VDF   : 7.11.87.233     2048 Bytes  30.06.2013 17:30:49
VBASE031.VDF   : 7.11.88.26     79360 Bytes  01.07.2013 17:30:49
Engineversion  : 8.2.12.68 
AEVDF.DLL      : 8.1.3.4       102774 Bytes  15.06.2013 18:26:24
AESCRIPT.DLL   : 8.1.4.126     483710 Bytes  28.06.2013 16:21:54
AESCN.DLL      : 8.1.10.4      131446 Bytes  04.04.2013 07:10:18
AESBX.DLL      : 8.2.5.12      606578 Bytes  28.08.2012 15:58:06
AERDL.DLL      : 8.2.0.128     688504 Bytes  15.06.2013 18:26:24
AEPACK.DLL     : 8.3.2.24      749945 Bytes  22.06.2013 16:46:29
AEOFFICE.DLL   : 8.1.2.60      205181 Bytes  19.06.2013 06:24:15
AEHEUR.DLL     : 8.1.4.436    5964154 Bytes  28.06.2013 16:21:54
AEHELP.DLL     : 8.1.27.4      266617 Bytes  28.06.2013 16:21:50
AEGEN.DLL      : 8.1.7.6       442742 Bytes  28.06.2013 16:21:50
AEEXP.DLL      : 8.4.0.34      201079 Bytes  09.06.2013 17:05:40
AEEMU.DLL      : 8.1.3.2       393587 Bytes  19.09.2012 13:42:55
AECORE.DLL     : 8.1.31.6      201081 Bytes  28.06.2013 16:21:50
AEBB.DLL       : 8.1.1.4        53619 Bytes  05.11.2012 18:52:33
AVWINLL.DLL    : 13.6.0.1550    23608 Bytes  01.07.2013 17:30:46
AVPREF.DLL     : 13.6.0.1550    48184 Bytes  01.07.2013 17:30:56
AVREP.DLL      : 13.6.0.1550   175672 Bytes  01.07.2013 17:30:56
AVARKT.DLL     : 13.6.0.1626   258104 Bytes  01.07.2013 17:30:50
AVEVTLOG.DLL   : 13.6.0.1550   164920 Bytes  01.07.2013 17:30:53
SQLITE3.DLL    : 3.7.0.1       397088 Bytes  19.09.2012 17:17:40
AVSMTP.DLL     : 13.6.0.1550    59960 Bytes  01.07.2013 17:30:58
NETNT.DLL      : 13.6.0.1550    13368 Bytes  01.07.2013 17:31:18
RCIMAGE.DLL    : 13.4.0.360   4780832 Bytes  11.12.2012 15:10:11
RCTEXT.DLL     : 13.6.0.1624    67128 Bytes  01.07.2013 17:30:46

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_51d285ae\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Abweichende Archivtypen...............: +, +, +, +, +, +, +, +, 
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Beginn des Suchlaufs: Dienstag, 2. Juli 2013  12:59

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '157' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '165' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'IGDCTRL.EXE' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'HeciServer.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'jhi_service.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'kss.exe' - '173' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'rndlresolversvc.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer_Service.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'viakaraokesrv.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'LCore.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'VDeck.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'kss.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'iusb3mon.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'realsched.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'LCDRSS.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'LCDPictureViewer.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'LCDWebCam.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'LCDClock.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'LCDMovieViewer.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'LCDYT.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'LCDMedia.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'LCDPop3.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'LCDCountdown.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'IELowutil.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'OSPPSVC.EXE' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '147' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_7_700_224.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_7_700_224.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'OTL.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '33' Modul(e) wurden durchsucht

Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57c9fd79-2458a1a2'
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57c9fd79-2458a1a2
  [FUND]      Ist das Trojanische Pferd TR/PSW.Zbot.233472.224

Beginne mit der Desinfektion:
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57c9fd79-2458a1a2
  [FUND]      Ist das Trojanische Pferd TR/PSW.Zbot.233472.224
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54681d14.qua' verschoben!


Ende des Suchlaufs: Dienstag, 2. Juli 2013  12:59
Benötigte Zeit: 00:28 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
    908 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
    907 Dateien ohne Befall
      1 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise
 108510 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden

Die Suchergebnisse werden an den Guard übermittelt.
         
[CODE]OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.07.2013 13:11:57 - Run 1[/B]
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*****\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 5,09 Gb Available Physical Memory | 64,45% Memory free
7,99 Gb Paging File | 4,99 Gb Available in Paging File | 62,41% Paging File free
Paging file location(s): c:\pagefile.sys 100 1024 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 0,67 Gb Free Space | 0,56% Space Free | Partition Type: NTFS
Drive E: | 78,12 Gb Total Space | 2,82 Gb Free Space | 3,61% Space Free | Partition Type: NTFS
Drive F: | 28,59 Gb Total Space | 10,89 Gb Free Space | 38,08% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 23,08 Gb Free Space | 47,26% Space Free | Partition Type: NTFS
Drive H: | 142,54 Gb Total Space | 4,15 Gb Free Space | 2,91% Space Free | Partition Type: NTFS
Drive J: | 488,28 Gb Total Space | 199,27 Gb Free Space | 40,81% Space Free | Partition Type: NTFS
Drive K: | 443,23 Gb Total Space | 429,90 Gb Free Space | 96,99% Space Free | Partition Type: NTFS
 
Computer Name: DESKTOP | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*****\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Logitech Gaming Software\Applets\LCDYT.exe (Logitech Inc.)
PRC - C:\Programme\Logitech Gaming Software\Applets\LCDWebCam.exe (Logitech Inc.)
PRC - C:\Programme\Logitech Gaming Software\Applets\LCDMovieViewer.exe (Logitech Inc.)
PRC - C:\Programme\Logitech Gaming Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtGui4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtCore4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtScript4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtSql4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtDeclarative4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (KSS) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IGDCTRL) -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (LADF_CaptureOnly) -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys (Logitech)
DRV:64bit: - (LADF_RenderOnly) -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys (Logitech)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Qualcomm Atheros Co., Ltd.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (LGPBTDD) -- C:\Windows\SysNative\drivers\LGPBTDD.sys (Logitech Inc.)
DRV:64bit: - (FETNDIS) -- C:\Windows\SysNative\drivers\fet6x64.sys (VIA Technologies, Inc.              )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=798
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: G:\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.01.18 15:27:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.06.25 17:46:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2013.06.25 17:46:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.06.25 17:46:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = G:\VLC\npvlc.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Docs = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealDownloader = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Google Mail = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft-Konto-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7416E48D-2790-46BC-B926-A416FC8BB1E4}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -  File not found
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ef99db7b-090b-11e2-a3b5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ef99db7b-090b-11e2-a3b5-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Run.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.01 21:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2013.07.01 20:45:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2013.07.01 20:24:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2013.07.01 20:14:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2013.07.01 20:14:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2013.07.01 20:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2013.06.27 20:41:51 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Arma 3 - Other Profiles
[2013.06.27 20:41:45 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Arma 3
[2013.06.27 20:41:45 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Arma 3
[2013.06.25 17:46:52 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Mozilla
[2013.06.25 17:46:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.06.25 16:34:05 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Mozilla
[2013.06.25 14:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.06.25 14:56:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.06.25 14:56:19 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Google
[2013.06.25 14:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.06.25 13:32:53 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
[2013.06.25 13:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.06.25 13:32:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013.06.25 12:29:22 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Ywewu
[2013.06.25 12:29:22 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Epera
[2013.06.25 08:55:49 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\The Lord of the Rings Online
[2013.06.25 08:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbine
[2013.06.24 17:58:54 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\PMB Files
[2013.06.24 17:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013.06.24 17:58:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013.06.24 17:53:31 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\The Lord of the Rings Online
[2013.06.24 12:42:54 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Turbine
[2013.06.24 12:42:49 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Turbine
[2013.06.24 12:42:24 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\ApplicationHistory
[2013.06.24 12:41:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2013.06.19 23:53:17 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Star Wars - The Old Republic
[2013.06.19 17:36:28 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\SWTOR
[2013.06.19 17:36:28 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\HeroBlade Logs
[2013.06.19 13:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
[2013.06.19 12:29:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2013.06.19 12:29:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2013.06.19 11:13:29 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\SWTORPerf
[2013.06.18 11:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.06.18 11:55:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.06.18 11:55:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.06.18 11:55:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.06.18 11:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.06.17 21:16:18 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2013.06.16 00:12:46 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.16 00:12:46 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.13 09:49:24 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Arma 3 Alpha - Other Profiles
[2013.06.13 09:47:43 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Arma 3 Alpha
[2013.06.13 09:47:43 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Arma 3 Alpha
[2013.06.12 23:18:25 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.06.12 23:18:25 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.06.12 23:18:25 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.06.12 23:18:25 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.06.12 23:18:25 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.06.12 23:18:25 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.06.12 23:18:25 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.06.12 23:18:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.06.12 23:18:25 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.06.12 23:18:25 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.06.12 23:18:25 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.06.12 23:18:25 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.06.12 23:18:24 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.06.12 08:50:23 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.06.12 08:50:23 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.06.12 08:50:20 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013.06.12 08:50:20 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013.06.12 08:50:16 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.06.12 08:50:13 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.06.12 08:50:13 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013.06.12 08:50:13 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013.06.12 08:50:13 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.06.12 08:50:13 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013.06.12 08:50:13 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013.06.12 08:50:08 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.06.12 08:50:08 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.06.11 21:04:15 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Arma 3 Alpha Lite - Other Profiles
[2013.06.11 20:53:15 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Arma 3 Alpha Lite
[2013.06.11 20:53:15 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Arma 3 Alpha Lite
[2013.06.11 20:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Bohemia Interactive
[2013.06.06 08:36:49 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Chromium
[2013.06.04 18:48:42 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Gameforge4d
[2013.06.04 18:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
[2013.06.03 11:31:23 | 000,000,000 | ---D | C] -- C:\Windows\de
[2013.06.03 11:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013.06.03 11:31:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013.06.03 11:30:26 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Windows Live
[2013.06.03 11:30:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.02 13:01:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.02 12:51:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.02 09:55:09 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.02 09:55:09 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.02 09:53:59 | 001,536,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.02 09:53:59 | 000,668,274 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.02 09:53:59 | 000,627,850 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.02 09:53:59 | 000,135,942 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.02 09:53:59 | 000,111,428 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.02 09:48:09 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.02 09:47:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.01 21:18:27 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2013.07.01 19:31:25 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.06.30 18:15:17 | 000,000,270 | ---- | M] () -- C:\Users\*****\Desktop\TS 3 backup.ini
[2013.06.25 17:46:50 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.06.25 16:42:10 | 000,113,988 | ---- | M] () -- C:\Users\*****\Documents\cc_20130625_164204.reg
[2013.06.25 14:57:35 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.06.25 14:32:58 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.06.25 13:32:51 | 000,001,077 | ---- | M] () -- C:\Users\*****\Desktop\Kaspersky Security Scan.lnk
[2013.06.25 13:28:20 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.25 12:41:23 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.06.25 12:41:23 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.06.25 08:37:53 | 000,002,720 | ---- | M] () -- C:\Users\*****\Documents\UserPreferences.ini
[2013.06.25 08:36:27 | 000,000,729 | ---- | M] () -- C:\Users\*****\Desktop\Der Herr der Ringe Online.lnk
[2013.06.24 17:50:31 | 000,000,846 | ---- | M] () -- C:\Users\*****\Desktop\Der Herr de Ringe Online Die Schatten von Angmar.lnk
[2013.06.24 13:38:30 | 000,000,202 | ---- | M] () -- C:\Users\*****\Desktop\APB Reloaded.url
[2013.06.24 12:42:24 | 000,000,103 | ---- | M] () -- C:\Users\*****\AppData\Local\fusioncache.dat
[2013.06.24 12:42:18 | 001,562,390 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.06.21 09:03:30 | 000,001,483 | ---- | M] () -- C:\Users\*****\Desktop\Star Wars - The Old Republic.lnk
[2013.06.20 20:54:55 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.06.20 20:54:55 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.06.20 20:54:31 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.06.18 11:55:35 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.06.17 21:16:18 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2013.06.17 16:47:00 | 000,000,923 | ---- | M] () -- C:\Users\*****\Desktop\Logitech Gaming Software 8.35.lnk
[2013.06.12 19:44:59 | 000,000,202 | ---- | M] () -- C:\Users\*****\Desktop\Arma 3 Alpha.url
[2013.06.11 21:51:23 | 009,089,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013.06.08 16:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.03 14:22:20 | 106,159,115 | ---- | M] () -- C:\Users\*****\Hochwasser 2013.mp4
[2013.06.03 12:51:23 | 055,285,607 | ---- | M] () -- C:\Users\*****\Mein Film.mp4
 
========== Files Created - No Company Name ==========
 
[2013.07.01 20:14:37 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2013.06.30 18:15:17 | 000,000,270 | ---- | C] () -- C:\Users\*****\Desktop\TS 3 backup.ini
[2013.06.25 17:46:50 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.06.25 16:42:08 | 000,113,988 | ---- | C] () -- C:\Users\*****\Documents\cc_20130625_164204.reg
[2013.06.25 14:57:35 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.06.25 14:56:21 | 000,001,128 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.25 14:56:21 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.25 14:32:58 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.06.25 13:32:53 | 000,001,077 | ---- | C] () -- C:\Users\*****\Desktop\Kaspersky Security Scan.lnk
[2013.06.25 13:28:20 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.25 08:37:08 | 000,002,720 | ---- | C] () -- C:\Users\*****\Documents\UserPreferences.ini
[2013.06.25 08:36:27 | 000,000,729 | ---- | C] () -- C:\Users\*****\Desktop\Der Herr der Ringe Online.lnk
[2013.06.24 17:50:31 | 000,000,846 | ---- | C] () -- C:\Users\*****\Desktop\Der Herr de Ringe Online Die Schatten von Angmar.lnk
[2013.06.24 13:38:30 | 000,000,202 | ---- | C] () -- C:\Users\*****\Desktop\APB Reloaded.url
[2013.06.24 12:42:24 | 000,000,103 | ---- | C] () -- C:\Users\*****\AppData\Local\fusioncache.dat
[2013.06.24 12:42:01 | 001,562,390 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.06.21 09:03:30 | 000,001,483 | ---- | C] () -- C:\Users\*****\Desktop\Star Wars - The Old Republic.lnk
[2013.06.18 11:55:35 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.06.17 16:47:00 | 000,000,923 | ---- | C] () -- C:\Users\*****\Desktop\Logitech Gaming Software 8.35.lnk
[2013.06.12 19:44:59 | 000,000,202 | ---- | C] () -- C:\Users\*****\Desktop\Arma 3 Alpha.url
[2013.06.03 14:17:56 | 106,159,115 | ---- | C] () -- C:\Users\*****\Hochwasser 2013.mp4
[2013.06.03 12:49:07 | 055,285,607 | ---- | C] () -- C:\Users\*****\Mein Film.mp4
[2013.06.03 11:31:20 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013.06.03 11:31:19 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013.02.14 19:39:11 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.02.14 19:39:11 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.01.10 14:29:01 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2013.01.03 00:30:26 | 000,038,429 | ---- | C] () -- C:\Users\*****\AppData\Local\recently-used.xbel
[2013.01.03 00:22:41 | 000,000,286 | ---- | C] () -- C:\Users\*****\AppData\Roaming\gmic_faves
[2012.12.26 14:51:39 | 000,001,052 | ---- | C] () -- C:\Users\*****\AppData\Roaming\gmic_sources.cimgz
[2012.10.29 23:05:36 | 000,000,073 | ---- | C] () -- C:\Users\*****\.gtk-bookmarks
[2012.10.10 03:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.10.10 03:22:32 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.10.10 03:22:16 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.09.28 22:36:40 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012.04.20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
         
--- --- ---



Hat Avira alles gefunden ? Kann ich noch irgendwelche Tests machen, um festzustellen ob mein System bereinigt ist ?
Was macht der Trojaner eigentlich genau, weiß das jemand ?

Wäre wirklich toll wenn ihr mit helfen könnt!!

lg
yosh

Geändert von yosherl (02.07.2013 um 12:45 Uhr)

Alt 02.07.2013, 12:20   #2
schrauber
/// the machine
/// TB-Ausbilder
 

TR/PSW.Zbot.233472.224 Befall - Standard

TR/PSW.Zbot.233472.224 Befall



Hi,

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 02.07.2013, 12:36   #3
yosherl
 
TR/PSW.Zbot.233472.224 Befall - Standard

TR/PSW.Zbot.233472.224 Befall



Hallo Schrauber!

Vielen Dank für Deine Hilfe.

Hier die beiden Txt Files.
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2013
Ran by ***** at 2013-07-02 13:33:38
Running from C:\Users\*****\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

„Der Herr der Ringe Online™“ v1100.0052.1373.8030 (x32 Version: 1100.0052.1373.8030)
4Media iPhone Contacts Transfer (x32 Version: 1.2.7.20121110)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Photoshop 7.0 (x32 Version: 7.0)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
APB Reloaded (x32)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
applicationupdater (HKCU)
Arma 3 Alpha (x32)
Arma 3 Alpha Lite (x32)
Asheron's Call 2 (x32 Version: 1.0.0)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.7)
Avira Free Antivirus (x32 Version: 13.0.0.3737)
AVM FRITZ!Box Dokumentation (x32)
AVM FRITZ!DSL (x32 Version: 2.04.02)
Battlefield 3™ (x32 Version: 1.5.0.0)
Bonjour (Version: 3.0.0.10)
Canon MG4100 series MP Drivers
CCleaner (Version: 4.02)
CDBurnerXP (x32 Version: 4.4.2.3442)
CINEMA 4D 12.016 (Version: 12.016)
Counter-Strike: Global Offensive (x32)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.45.4.0314)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
DER HERR DER RINGE ONLINE: Schatten von Angmar v07.12.30.70 (x32 Version: 07.12.30.70)
Dota 2 (x32)
Dota 2 Test (x32)
Dual-Core Optimizer (x32 Version: 1.1.4.0169)
ESN Sonar (x32 Version: 0.70.4)
Etron USB3.0 Host Controller (x32 Version: 0.109)
Fotogalerie (x32 Version: 16.4.3508.0205)
Fraps (remove only) (x32)
gamelauncher-ps2-psg (HKCU)
GIMP 2.8.2 (Version: 2.8.2)
G'MIC for GIMP Version 1.5.2.4 (x32 Version: 1.5.2.4)
Google Chrome (x32 Version: 27.0.1453.116)
Google Update Helper (x32 Version: 1.3.21.145)
Hamachi 1.0.3.0 (x32)
Inkscape 0.48.3.1 (x32 Version: 0.48.3.1)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2867)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.225)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
iTunes (Version: 11.0.4.4)
Java 7 Update 17 (64-bit) (Version: 7.0.170)
Java 7 Update 17 (x32 Version: 7.0.170)
Java Auto Updater (x32 Version: 2.1.9.0)
Java SE Development Kit 7 Update 17 (64-bit) (Version: 1.7.0.170)
Kaspersky Security Scan (x32 Version: 12.0.1.340)
Logitech Gaming Software (Version: 8.35.18)
Logitech Gaming Software 8.46 (Version: 8.46.27)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mein CEWE FOTOBUCH (x32 Version: 5.0.1)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 1.1 (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Standard 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Outlook Hotmail Connector 64-Bit (Version: 14.0.6123.5001)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3508.0205)
Mozilla Firefox 21.0 (x86 de) (x32 Version: 21.0)
mp3-2-wav converter 1.14 (x32)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
NVIDIA 3D Vision Controller-Treiber 310.90 (Version: 310.90)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Origin (x32 Version: 9.1.13.85)
Pando Media Booster (x32 Version: 2.6.0.9)
Photo Common (x32 Version: 16.4.3508.0205)
Photo Gallery (x32 Version: 16.4.3508.0205)
Platform (x32 Version: 1.39)
PunkBuster Services (x32 Version: 0.991)
RealDownloader (x32 Version: 1.3.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Samsung Magician (x32 Version: 4.0.1)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.650.0)
Sid Meier's Civilization 4 - Beyond the Sword (x32 Version: 3.01)
Sid Meier's Civilization 4 - Warlords (x32 Version: 2.13)
Sid Meier's Civilization 4 (x32 Version: 1.00.0000)
Sid Meier's Civilization 4 (x32 Version: 1.74)
Skype™ 6.3 (x32 Version: 6.3.105)
Sorian AI Mod 2.1.1 (x32)
SpeedFan (remove only) (x32)
Star Trek Online (x32)
Star Wars: The Old Republic (x32 Version: 1.00)
Steam (x32 Version: 1.0.0.0)
TeamSpeak 3 Client (HKCU Version: 3.0.10.1)
TeamViewer 7 (x32 Version: 7.0.15723)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
VIA Plattform-Geräte-Manager (x32 Version: 1.39)
VLC media player 2.0.3 (x32 Version: 2.0.3)
VTrain (Vokabeltrainer) 5.2 (x32)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
World of Warcraft (x32 Version: 5.3.0.17128)

==================== Restore Points  =========================

14-02-2013 08:10:33 Windows Update
14-02-2013 08:14:54 Windows Update

==================== Scheduled Tasks (whitelisted) =============

Task: {2C6E8146-5BC1-461F-9655-B0E796A7D749} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-25] (Google Inc.)
Task: {471FD391-AA62-4537-8976-FA6FB437D42B} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {5328F7D3-5BA0-4267-A416-F76E4ECCB092} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2633229710-3872475631-2564557350-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {65BDB40B-EACB-4A6E-87A4-1FD05524C9C1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {7A24E188-36A0-4D78-835B-888D4A46EEE3} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2633229710-3872475631-2564557350-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {98C11027-7FC3-43B4-97F2-2A8DF55C127A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-25] (Google Inc.)
Task: {9CE0B31B-EAB5-40B6-B463-526CD104E78B} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2633229710-3872475631-2564557350-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {9F967BD9-0332-4466-960C-BFDC463FB810} - System32\Tasks\{931FE2AF-51A5-4AB6-9627-659204BBDAE5} => C:\program files (x86)\mozilla firefox\firefox.exe [2013-05-12] (Mozilla Corporation)
Task: {AD97E911-84FD-47E3-8500-F42C4B9042E6} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2633229710-3872475631-2564557350-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {B15DC10D-9690-49CA-B9FB-0BE6BCF6B0B1} - System32\Tasks\User_Feed_Synchronization-{8C22BAB9-115F-42DC-933C-D0F775D5F0DC} => C:\Windows\system32\msfeedssync.exe [2013-04-30] (Microsoft Corporation)
Task: {D5A0FC38-2467-4EEA-B6BA-17B576E0E0EE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-25] (Adobe Systems Incorporated)
Task: {E4B50748-4B75-4099-8966-E45FD573A0FD} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: High Definition Audio-Gerät
Description: High Definition Audio-Gerät
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/02/2013 09:49:46 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 10:13:29 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/01/2013 08:48:04 PM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(54A0C32C00049C73532ABLZ00011CyF1F8C\032DE19DA6D2B3C8D4p._bzdn._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (07/01/2013 08:21:53 PM) (Source: Application Hang) (User: )
Description: Programm WoW-64.exe, Version 5.3.0.17128 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1528

Startzeit: 01ce7687c42be20f

Endzeit: 387

Anwendungspfad: J:\WoW\World of Warcraft\WoW-64.exe

Berichts-ID:

Error: (07/01/2013 07:58:30 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: swtor.exe, Version: 1.0.0.0, Zeitstempel: 0x51c21f36
Name des fehlerhaften Moduls: nvd3dum.dll, Version: 9.18.13.1106, Zeitstempel: 0x50f946b6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0068ef61
ID des fehlerhaften Prozesses: 0xc8c
Startzeit der fehlerhaften Anwendung: 0xswtor.exe0
Pfad der fehlerhaften Anwendung: swtor.exe1
Pfad des fehlerhaften Moduls: swtor.exe2
Berichtskennung: swtor.exe3

Error: (07/01/2013 07:58:30 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: swtor.exe, Version: 1.0.0.0, Zeitstempel: 0x51c21f36
Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161, Zeitstempel: 0x4dace5b9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003734d
ID des fehlerhaften Prozesses: 0x133c
Startzeit der fehlerhaften Anwendung: 0xswtor.exe0
Pfad der fehlerhaften Anwendung: swtor.exe1
Pfad des fehlerhaften Moduls: swtor.exe2
Berichtskennung: swtor.exe3

Error: (07/01/2013 07:21:07 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2013 09:38:23 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2013 02:22:12 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/29/2013 10:22:56 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/02/2013 00:42:47 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (07/02/2013 09:50:07 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/02/2013 09:50:07 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/01/2013 09:45:49 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (07/01/2013 07:21:29 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/01/2013 07:21:29 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (06/30/2013 02:19:49 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (06/30/2013 09:38:44 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (06/30/2013 09:38:44 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (06/29/2013 10:23:18 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069


Microsoft Office Sessions:
=========================
Error: (07/02/2013 09:49:46 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 10:13:29 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe

Error: (07/01/2013 08:48:04 PM) (Source: Bonjour Service)(User: )
Description: Client application bug: DNSServiceResolve(54A0C32C00049C73532ABLZ00011CyF1F8C\032DE19DA6D2B3C8D4p._bzdn._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (07/01/2013 08:21:53 PM) (Source: Application Hang)(User: )
Description: WoW-64.exe5.3.0.17128152801ce7687c42be20f387J:\WoW\World of Warcraft\WoW-64.exe

Error: (07/01/2013 07:58:30 PM) (Source: Application Error)(User: )
Description: swtor.exe1.0.0.051c21f36nvd3dum.dll9.18.13.110650f946b6c00000050068ef61c8c01ce761ae70f5017C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\RetailClient\swtor.exeC:\Windows\system32\nvd3dum.dlld645e6c5-e277-11e2-b955-902b3490862b

Error: (07/01/2013 07:58:30 PM) (Source: Application Error)(User: )
Description: swtor.exe1.0.0.051c21f36MSVCR90.dll9.0.30729.61614dace5b9c00000050003734d133c01ce761ae551e222C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\RetailClient\swtor.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dlld645bfb5-e277-11e2-b955-902b3490862b

Error: (07/01/2013 07:21:07 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2013 09:38:23 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2013 02:22:12 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe

Error: (06/29/2013 10:22:56 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 40%
Total physical RAM: 8086.23 MB
Available physical RAM: 4831.54 MB
Total Pagefile: 8184.42 MB
Available Pagefile: 4763.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:0.09 GB) NTFS (Disk=0 Partition=2)
Drive e: (Altes C) (Fixed) (Total:78.12 GB) (Free:2.82 GB) NTFS (Disk=2 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive f: (Backup) (Fixed) (Total:28.59 GB) (Free:10.89 GB) NTFS (Disk=2 Partition=4)
Drive g: (Altes D) (Fixed) (Total:48.83 GB) (Free:23.08 GB) NTFS (Disk=2 Partition=2)
Drive h: (Spiele) (Fixed) (Total:142.54 GB) (Free:4.15 GB) NTFS (Disk=2 Partition=3)
Drive j: (Downloads) (Fixed) (Total:488.28 GB) (Free:199.27 GB) NTFS (Disk=1 Partition=1)
Drive k: (Volume) (Fixed) (Total:443.23 GB) (Free:429.9 GB) NTFS (Disk=1 Partition=2)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 6B6C1E98)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 725D6C28)
Partition 1: (Not Active) - (Size=488 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=443 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 71F8B3BB)
Partition 1: (Active) - (Size=78 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=143 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         



FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-07-2013
Ran by ***** (administrator) on 02-07-2013 13:33:21
Running from C:\Users\*****\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Avira Operations GmbH & Co. KG) C:\program files (x86)\avira\antivir desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\program files (x86)\avira\antivir desktop\avscan.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized [7477016 2013-04-25] (Logitech Inc.)
HKLM\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [5299320 2012-10-25] (VIA)
HKCU\...\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun [202328 2012-12-07] (Kaspersky Lab ZAO)
MountPoints2: {ef99db7b-090b-11e2-a3b5-806e6f6e6963} - D:\Run.exe
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [295072 2013-01-18] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [NPSStartup]  [x]
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [245872 2013-02-26] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [201576 2013-02-26] (NVIDIA Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\cxol3jfn.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - G:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

Chrome: 
=======
CHR HomePage: hxxp://www.google.de/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - G:\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Docs) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (RealDownloader) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0
CHR Extension: (Gmail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 IGDCTRL; C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE [87344 2007-09-04] (AVM Berlin)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-03-03] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-04] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-10-09] (DT Soft Ltd)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fet6x64.sys [47872 2009-06-10] (VIA Technologies, Inc.              )
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
S3 ALSysIO; \??\C:\Users\RICHAR~1\AppData\Local\Temp\ALSysIO64.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
S4 NVHDA; system32\drivers\nvhda64v.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-02 13:33 - 2013-07-02 13:33 - 00000000 ____D C:\FRST
2013-07-02 13:32 - 2013-07-02 13:33 - 01933556 ____A (Farbar) C:\Users\*****\Downloads\FRST64.exe
2013-07-02 13:03 - 2013-07-02 13:03 - 00000264 ____A C:\Users\*****\Downloads\defogger_enable.log
2013-07-02 13:02 - 2013-07-02 13:18 - 00104460 ____A C:\Users\*****\Downloads\OTL.Txt
2013-07-02 13:02 - 2013-07-02 13:13 - 00088718 ____A C:\Users\*****\Downloads\Extras.Txt
2013-07-02 12:56 - 2013-07-02 12:56 - 00602112 ____A (OldTimer Tools) C:\Users\*****\Downloads\OTL.exe
2013-07-02 12:55 - 2013-07-02 12:55 - 00050477 ____A C:\Users\*****\Downloads\Defogger.exe
2013-07-02 12:55 - 2013-07-02 12:55 - 00000492 ____A C:\Users\*****\Downloads\defogger_disable.log
2013-07-02 09:47 - 2013-07-02 09:47 - 00001660 ____A C:\Windows\PFRO.log
2013-07-01 20:45 - 2013-07-01 20:45 - 00000000 ____D C:\Users\Public\Documents\Blizzard Entertainment
2013-07-01 20:24 - 2013-07-01 20:25 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-07-01 20:14 - 2013-07-01 21:18 - 00000830 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2013-07-01 20:14 - 2013-07-01 20:14 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2013-07-01 20:11 - 2013-07-01 20:13 - 00000000 ____D C:\ProgramData\Battle.net
2013-07-01 20:09 - 2013-07-01 20:11 - 83293072 ____A (Blizzard Entertainment) C:\Users\*****\Downloads\World-of-Warcraft-Setup-deDE.exe
2013-06-30 18:15 - 2013-06-30 18:15 - 00000270 ____A C:\Users\*****\Desktop\TS 3 backup.ini
2013-06-27 20:41 - 2013-06-28 21:12 - 00000000 ____D C:\Users\*****\AppData\Local\Arma 3
2013-06-27 20:41 - 2013-06-27 20:41 - 00000000 ____D C:\Users\*****\Documents\Arma 3
2013-06-25 17:46 - 2013-07-02 00:15 - 00120555 ____A C:\Windows\WindowsUpdate.log
2013-06-25 17:46 - 2013-06-25 17:46 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-25 17:46 - 2013-06-25 17:46 - 00000000 ____D C:\Users\*****\AppData\Roaming\Mozilla
2013-06-25 17:46 - 2013-06-25 17:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-25 17:45 - 2013-06-25 17:46 - 21151576 ____A (Mozilla) C:\Users\*****\Downloads\Firefox_Setup_21.0.exe
2013-06-25 17:44 - 2013-07-02 09:48 - 00000616 ____A C:\Windows\setupact.log
2013-06-25 17:44 - 2013-06-25 17:44 - 00000000 ____A C:\Windows\setuperr.log
2013-06-25 16:42 - 2013-06-25 16:42 - 00113988 ____A C:\Users\*****\Documents\cc_20130625_164204.reg
2013-06-25 16:34 - 2013-06-25 16:34 - 00000000 ____D C:\Users\*****\AppData\Local\Mozilla
2013-06-25 14:57 - 2013-06-25 14:57 - 00002259 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-25 14:56 - 2013-07-02 13:01 - 00001128 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-25 14:56 - 2013-07-02 09:48 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-25 14:56 - 2013-06-25 14:57 - 00000000 ____D C:\Users\*****\AppData\Local\Google
2013-06-25 14:56 - 2013-06-25 14:57 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-25 14:39 - 2013-06-25 14:39 - 00903080 ____A (Oracle Corporation) C:\Users\*****\Downloads\jxpiinstall.exe
2013-06-25 14:32 - 2013-06-25 14:32 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-25 14:32 - 2013-06-25 14:32 - 00000000 ____D C:\Program Files\CCleaner
2013-06-25 13:32 - 2013-06-25 13:32 - 00001077 ____A C:\Users\*****\Desktop\Kaspersky Security Scan.lnk
2013-06-25 13:32 - 2013-06-25 13:32 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-06-25 13:32 - 2013-06-25 13:32 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-06-25 13:28 - 2013-06-25 13:28 - 00001113 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-25 12:29 - 2013-06-25 12:35 - 00000000 ____D C:\Users\*****\AppData\Roaming\Ywewu
2013-06-25 12:29 - 2013-06-25 12:29 - 00000000 ____D C:\Users\*****\AppData\Roaming\Epera
2013-06-25 08:55 - 2013-06-25 08:55 - 00000000 ____D C:\Users\*****\AppData\Local\The Lord of the Rings Online
2013-06-25 08:37 - 2013-06-25 08:37 - 00002720 ____A C:\Users\*****\Documents\UserPreferences.ini
2013-06-25 08:36 - 2013-06-25 08:36 - 00000729 ____A C:\Users\*****\Desktop\Der Herr der Ringe Online.lnk
2013-06-24 17:58 - 2013-06-25 12:34 - 00000000 ____D C:\Users\*****\AppData\Local\PMB Files
2013-06-24 17:58 - 2013-06-24 18:07 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-24 17:58 - 2013-06-24 17:58 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-06-24 17:53 - 2013-06-25 09:03 - 00000000 ____D C:\Users\*****\Documents\The Lord of the Rings Online
2013-06-24 17:50 - 2013-06-24 17:50 - 00000846 ____A C:\Users\*****\Desktop\Der Herr de Ringe Online Die Schatten von Angmar.lnk
2013-06-24 13:38 - 2013-06-24 13:38 - 00000202 ____A C:\Users\*****\Desktop\APB Reloaded.url
2013-06-24 12:42 - 2013-06-25 08:39 - 00000000 ____D C:\Users\*****\AppData\Local\Turbine
2013-06-24 12:42 - 2013-06-24 12:42 - 01562390 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-24 12:42 - 2013-06-24 12:42 - 00000103 ____A C:\Users\*****\AppData\Local\fusioncache.dat
2013-06-24 12:42 - 2013-06-24 12:42 - 00000000 ____D C:\Users\*****\AppData\Roaming\Turbine
2013-06-21 09:03 - 2013-06-21 09:03 - 00001483 ____A C:\Users\*****\Desktop\Star Wars - The Old Republic.lnk
2013-06-19 17:36 - 2013-06-19 17:36 - 00000000 ____D C:\Users\*****\AppData\Local\SWTOR
2013-06-19 12:29 - 2013-06-19 12:29 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-06-19 12:28 - 2013-06-19 13:05 - 00113868 ____A C:\Users\*****\Documents\Install STAR WARS The Old Republic.log
2013-06-19 11:13 - 2013-06-19 11:13 - 00000000 ____D C:\Users\*****\AppData\Local\SWTORPerf
2013-06-18 11:55 - 2013-06-18 11:55 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files\iTunes
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files\iPod
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-17 21:16 - 2013-06-17 21:16 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2013-06-17 16:47 - 2013-06-17 16:47 - 00000923 ____A C:\Users\*****\Desktop\Logitech Gaming Software 8.35.lnk
2013-06-16 00:12 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-16 00:12 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-16 00:12 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-16 00:12 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-16 00:12 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-16 00:12 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-16 00:12 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-16 00:12 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-16 00:12 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-16 00:12 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-16 00:12 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-16 00:12 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 09:47 - 2013-06-17 19:01 - 00000000 ____D C:\Users\*****\AppData\Local\Arma 3 Alpha
2013-06-13 09:47 - 2013-06-13 09:48 - 00000000 ____D C:\Users\*****\Documents\Arma 3 Alpha
2013-06-12 23:18 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 23:18 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 23:18 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 23:18 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 23:18 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 23:18 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 19:44 - 2013-06-12 19:44 - 00000202 ____A C:\Users\*****\Desktop\Arma 3 Alpha.url
2013-06-12 08:50 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 08:50 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 08:50 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 08:50 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 08:50 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 08:50 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 08:50 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 08:50 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 08:50 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 08:50 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 08:50 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 08:50 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 08:50 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 08:50 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 08:50 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 08:50 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 08:50 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 08:50 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 08:50 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 20:53 - 2013-06-27 20:41 - 00000000 ____D C:\ProgramData\Bohemia Interactive
2013-06-11 20:53 - 2013-06-12 19:39 - 00000000 ____D C:\Users\*****\AppData\Local\Arma 3 Alpha Lite
2013-06-11 20:53 - 2013-06-11 20:53 - 00000000 ____D C:\Users\*****\Documents\Arma 3 Alpha Lite
2013-06-06 08:36 - 2013-06-06 08:36 - 00000000 ____D C:\Users\*****\AppData\Local\Chromium
2013-06-04 19:01 - 2013-06-04 19:02 - 18989296 ____A (Gameforge                                                   ) C:\Users\*****\Downloads\AION_GameforgeLiveSetup.exe
2013-06-04 18:48 - 2013-06-04 18:48 - 00000000 ____D C:\Users\*****\Downloads\Gameforge Live
2013-06-04 18:48 - 2013-06-04 18:48 - 00000000 ____D C:\Users\*****\AppData\Local\Gameforge4d
2013-06-04 14:08 - 2013-06-04 14:08 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-06-04 14:08 - 2013-06-04 14:08 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-06-03 14:17 - 2013-06-03 14:22 - 106159115 ____A C:\Users\*****\Hochwasser 2013.mp4
2013-06-03 12:49 - 2013-06-03 12:51 - 55285607 ____A C:\Users\*****\Mein Film.mp4
2013-06-03 11:31 - 2013-06-03 11:31 - 00000000 ____D C:\Windows\de
2013-06-03 11:31 - 2013-06-03 11:31 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-06-03 11:31 - 2013-06-03 11:31 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-03 11:30 - 2013-06-18 12:26 - 00000000 ____D C:\Users\*****\AppData\Local\Windows Live

==================== One Month Modified Files and Folders =======

2013-07-02 13:33 - 2013-07-02 13:33 - 00000000 ____D C:\FRST
2013-07-02 13:33 - 2013-07-02 13:32 - 01933556 ____A (Farbar) C:\Users\*****\Downloads\FRST64.exe
2013-07-02 13:18 - 2013-07-02 13:02 - 00104460 ____A C:\Users\*****\Downloads\OTL.Txt
2013-07-02 13:13 - 2013-07-02 13:02 - 00088718 ____A C:\Users\*****\Downloads\Extras.Txt
2013-07-02 13:03 - 2013-07-02 13:03 - 00000264 ____A C:\Users\*****\Downloads\defogger_enable.log
2013-07-02 13:03 - 2012-09-28 21:33 - 00000000 ____D C:\users\*****
2013-07-02 13:01 - 2013-06-25 14:56 - 00001128 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-02 12:56 - 2013-07-02 12:56 - 00602112 ____A (OldTimer Tools) C:\Users\*****\Downloads\OTL.exe
2013-07-02 12:55 - 2013-07-02 12:55 - 00050477 ____A C:\Users\*****\Downloads\Defogger.exe
2013-07-02 12:55 - 2013-07-02 12:55 - 00000492 ____A C:\Users\*****\Downloads\defogger_disable.log
2013-07-02 12:51 - 2013-05-06 14:33 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-02 11:49 - 2012-09-29 00:11 - 00000000 ____D C:\Users\*****\AppData\Roaming\TS3Client
2013-07-02 10:31 - 2012-10-09 11:52 - 00000000 ____D C:\Users\*****\Documents\Outlook-Dateien
2013-07-02 09:55 - 2009-07-14 06:45 - 00021856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-02 09:55 - 2009-07-14 06:45 - 00021856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-02 09:53 - 2011-04-12 09:43 - 00668274 ____A C:\Windows\System32\perfh007.dat
2013-07-02 09:53 - 2011-04-12 09:43 - 00135942 ____A C:\Windows\System32\perfc007.dat
2013-07-02 09:53 - 2009-07-14 07:13 - 01536742 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-02 09:48 - 2013-06-25 17:44 - 00000616 ____A C:\Windows\setupact.log
2013-07-02 09:48 - 2013-06-25 14:56 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-02 09:48 - 2012-09-28 23:57 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-02 09:48 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-02 09:47 - 2013-07-02 09:47 - 00001660 ____A C:\Windows\PFRO.log
2013-07-02 00:15 - 2013-06-25 17:46 - 00120555 ____A C:\Windows\WindowsUpdate.log
2013-07-01 21:19 - 2012-09-29 02:55 - 00000000 ____D C:\Users\*****\AppData\Roaming\Skype
2013-07-01 21:18 - 2013-07-01 20:14 - 00000830 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2013-07-01 20:45 - 2013-07-01 20:45 - 00000000 ____D C:\Users\Public\Documents\Blizzard Entertainment
2013-07-01 20:25 - 2013-07-01 20:24 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-07-01 20:14 - 2013-07-01 20:14 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2013-07-01 20:13 - 2013-07-01 20:11 - 00000000 ____D C:\ProgramData\Battle.net
2013-07-01 20:11 - 2013-07-01 20:09 - 83293072 ____A (Blizzard Entertainment) C:\Users\*****\Downloads\World-of-Warcraft-Setup-deDE.exe
2013-07-01 19:31 - 2013-05-20 10:07 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-30 18:15 - 2013-06-30 18:15 - 00000270 ____A C:\Users\*****\Desktop\TS 3 backup.ini
2013-06-28 21:12 - 2013-06-27 20:41 - 00000000 ____D C:\Users\*****\AppData\Local\Arma 3
2013-06-27 20:41 - 2013-06-27 20:41 - 00000000 ____D C:\Users\*****\Documents\Arma 3
2013-06-27 20:41 - 2013-06-11 20:53 - 00000000 ____D C:\ProgramData\Bohemia Interactive
2013-06-25 17:46 - 2013-06-25 17:46 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-25 17:46 - 2013-06-25 17:46 - 00000000 ____D C:\Users\*****\AppData\Roaming\Mozilla
2013-06-25 17:46 - 2013-06-25 17:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-25 17:46 - 2013-06-25 17:45 - 21151576 ____A (Mozilla) C:\Users\*****\Downloads\Firefox_Setup_21.0.exe
2013-06-25 17:44 - 2013-06-25 17:44 - 00000000 ____A C:\Windows\setuperr.log
2013-06-25 16:42 - 2013-06-25 16:42 - 00113988 ____A C:\Users\*****\Documents\cc_20130625_164204.reg
2013-06-25 16:34 - 2013-06-25 16:34 - 00000000 ____D C:\Users\*****\AppData\Local\Mozilla
2013-06-25 14:57 - 2013-06-25 14:57 - 00002259 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-25 14:57 - 2013-06-25 14:56 - 00000000 ____D C:\Users\*****\AppData\Local\Google
2013-06-25 14:57 - 2013-06-25 14:56 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-25 14:56 - 2013-02-14 17:44 - 00000000 ____D C:\Users\*****\AppData\Local\Deployment
2013-06-25 14:40 - 2012-09-30 03:15 - 00000000 ____D C:\Users\*****\AppData\Local\Adobe
2013-06-25 14:39 - 2013-06-25 14:39 - 00903080 ____A (Oracle Corporation) C:\Users\*****\Downloads\jxpiinstall.exe
2013-06-25 14:33 - 2012-09-28 04:28 - 00000000 ____D C:\Windows\Panther
2013-06-25 14:32 - 2013-06-25 14:32 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-25 14:32 - 2013-06-25 14:32 - 00000000 ____D C:\Program Files\CCleaner
2013-06-25 13:32 - 2013-06-25 13:32 - 00001077 ____A C:\Users\*****\Desktop\Kaspersky Security Scan.lnk
2013-06-25 13:32 - 2013-06-25 13:32 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-06-25 13:32 - 2013-06-25 13:32 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-06-25 13:28 - 2013-06-25 13:28 - 00001113 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-25 13:28 - 2013-01-20 09:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-25 13:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-25 12:41 - 2013-05-06 14:33 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-25 12:41 - 2013-05-06 14:33 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-25 12:35 - 2013-06-25 12:29 - 00000000 ____D C:\Users\*****\AppData\Roaming\Ywewu
2013-06-25 12:34 - 2013-06-24 17:58 - 00000000 ____D C:\Users\*****\AppData\Local\PMB Files
2013-06-25 12:29 - 2013-06-25 12:29 - 00000000 ____D C:\Users\*****\AppData\Roaming\Epera
2013-06-25 09:03 - 2013-06-24 17:53 - 00000000 ____D C:\Users\*****\Documents\The Lord of the Rings Online
2013-06-25 08:55 - 2013-06-25 08:55 - 00000000 ____D C:\Users\*****\AppData\Local\The Lord of the Rings Online
2013-06-25 08:39 - 2013-06-24 12:42 - 00000000 ____D C:\Users\*****\AppData\Local\Turbine
2013-06-25 08:37 - 2013-06-25 08:37 - 00002720 ____A C:\Users\*****\Documents\UserPreferences.ini
2013-06-25 08:36 - 2013-06-25 08:36 - 00000729 ____A C:\Users\*****\Desktop\Der Herr der Ringe Online.lnk
2013-06-24 18:07 - 2013-06-24 17:58 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-24 17:58 - 2013-06-24 17:58 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-06-24 17:50 - 2013-06-24 17:50 - 00000846 ____A C:\Users\*****\Desktop\Der Herr de Ringe Online Die Schatten von Angmar.lnk
2013-06-24 13:38 - 2013-06-24 13:38 - 00000202 ____A C:\Users\*****\Desktop\APB Reloaded.url
2013-06-24 12:42 - 2013-06-24 12:42 - 01562390 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-24 12:42 - 2013-06-24 12:42 - 00000103 ____A C:\Users\*****\AppData\Local\fusioncache.dat
2013-06-24 12:42 - 2013-06-24 12:42 - 00000000 ____D C:\Users\*****\AppData\Roaming\Turbine
2013-06-24 12:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Registration
2013-06-24 12:13 - 2012-09-28 22:24 - 00000000 ____D C:\Users\*****\AppData\Roaming\vlc
2013-06-21 09:03 - 2013-06-21 09:03 - 00001483 ____A C:\Users\*****\Desktop\Star Wars - The Old Republic.lnk
2013-06-21 08:41 - 2013-03-03 19:47 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-06-20 20:54 - 2013-02-14 19:40 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2013-06-20 20:54 - 2013-02-14 19:39 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2013-06-20 20:54 - 2013-02-14 19:39 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2013-06-19 17:36 - 2013-06-19 17:36 - 00000000 ____D C:\Users\*****\AppData\Local\SWTOR
2013-06-19 13:05 - 2013-06-19 12:28 - 00113868 ____A C:\Users\*****\Documents\Install STAR WARS The Old Republic.log
2013-06-19 12:29 - 2013-06-19 12:29 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-06-19 12:29 - 2013-03-03 11:39 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-06-19 11:13 - 2013-06-19 11:13 - 00000000 ____D C:\Users\*****\AppData\Local\SWTORPerf
2013-06-19 11:02 - 2013-03-03 11:39 - 00000000 ____D C:\Users\*****\AppData\Roaming\Origin
2013-06-19 11:02 - 2013-03-03 11:39 - 00000000 ____D C:\Users\*****\AppData\Local\Origin
2013-06-19 11:02 - 2013-03-03 11:37 - 00000000 ____D C:\ProgramData\Origin
2013-06-18 12:26 - 2013-06-03 11:30 - 00000000 ____D C:\Users\*****\AppData\Local\Windows Live
2013-06-18 11:55 - 2013-06-18 11:55 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files\iTunes
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files\iPod
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-17 21:16 - 2013-06-17 21:16 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2013-06-17 21:16 - 2012-09-29 00:41 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2013-06-17 19:01 - 2013-06-13 09:47 - 00000000 ____D C:\Users\*****\AppData\Local\Arma 3 Alpha
2013-06-17 16:47 - 2013-06-17 16:47 - 00000923 ____A C:\Users\*****\Desktop\Logitech Gaming Software 8.35.lnk
2013-06-16 06:46 - 2013-03-02 15:59 - 00000000 ____D C:\Users\*****\Desktop\TTZ
2013-06-15 09:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 09:48 - 2013-06-13 09:47 - 00000000 ____D C:\Users\*****\Documents\Arma 3 Alpha
2013-06-12 23:18 - 2012-09-28 23:15 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 19:44 - 2013-06-12 19:44 - 00000202 ____A C:\Users\*****\Desktop\Arma 3 Alpha.url
2013-06-12 19:39 - 2013-06-11 20:53 - 00000000 ____D C:\Users\*****\AppData\Local\Arma 3 Alpha Lite
2013-06-11 21:51 - 2013-05-15 09:51 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-11 20:53 - 2013-06-11 20:53 - 00000000 ____D C:\Users\*****\Documents\Arma 3 Alpha Lite
2013-06-08 16:08 - 2013-06-16 00:12 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-16 00:12 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-16 00:12 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-16 00:12 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-16 00:12 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-16 00:12 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-16 00:12 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-16 00:12 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-16 00:12 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-16 00:12 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-16 00:12 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-16 00:12 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-06 08:36 - 2013-06-06 08:36 - 00000000 ____D C:\Users\*****\AppData\Local\Chromium
2013-06-06 01:35 - 2012-10-09 11:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-06 01:34 - 2009-07-14 04:34 - 00000478 ____A C:\Windows\win.ini
2013-06-04 19:02 - 2013-06-04 19:01 - 18989296 ____A (Gameforge                                                   ) C:\Users\*****\Downloads\AION_GameforgeLiveSetup.exe
2013-06-04 18:48 - 2013-06-04 18:48 - 00000000 ____D C:\Users\*****\Downloads\Gameforge Live
2013-06-04 18:48 - 2013-06-04 18:48 - 00000000 ____D C:\Users\*****\AppData\Local\Gameforge4d
2013-06-04 14:08 - 2013-06-04 14:08 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-06-04 14:08 - 2013-06-04 14:08 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-06-03 14:22 - 2013-06-03 14:17 - 106159115 ____A C:\Users\*****\Hochwasser 2013.mp4
2013-06-03 12:51 - 2013-06-03 12:49 - 55285607 ____A C:\Users\*****\Mein Film.mp4
2013-06-03 11:31 - 2013-06-03 11:31 - 00000000 ____D C:\Windows\de
2013-06-03 11:31 - 2013-06-03 11:31 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-06-03 11:31 - 2013-06-03 11:31 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-03 11:31 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-23 19:37

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 02.07.2013, 13:38   #4
schrauber
/// the machine
/// TB-Ausbilder
 

TR/PSW.Zbot.233472.224 Befall - Standard

TR/PSW.Zbot.233472.224 Befall



Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST Log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.07.2013, 14:14   #5
yosherl
 
TR/PSW.Zbot.233472.224 Befall - Standard

TR/PSW.Zbot.233472.224 Befall



- TFC ausgeführt
Kein Neustart verlangt, konnte alles gelöscht werden.

- AdwCleaner ausgeführt (1. Neustart)
Log:
Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 02/07/2013 um 14:52:37 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : **** - DESKTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\****\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\cxol3jfn.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v27.0.1453.116

Datei : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [9185 octets] - [21/02/2013 19:59:23]
AdwCleaner[R2].txt - [3027 octets] - [25/02/2013 15:44:38]
AdwCleaner[S1].txt - [9194 octets] - [21/02/2013 19:59:36]
AdwCleaner[S2].txt - [332 octets] - [25/02/2013 15:44:47]
AdwCleaner[S3].txt - [1395 octets] - [02/07/2013 14:52:37]

########## EOF - C:\AdwCleaner[S3].txt - [1455 octets] ##########
         


- JRT als Admin ausgeführt - Avira ausgemacht, Kapersky deinstalliert....
Hier bekomme ich ein kurzes Popup (CMD) mit einer Meldung dass "fsutil" falsch ist oder falsch geschrieben. CMD schließt sich, und das wars.



Frisches FRST File:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-07-2013
Ran by **** (administrator) on 02-07-2013 15:08:12
Running from C:\Users\****\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\mspaint.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized [7477016 2013-04-25] (Logitech Inc.)
HKLM\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [5299320 2012-10-25] (VIA)
MountPoints2: {ef99db7b-090b-11e2-a3b5-806e6f6e6963} - D:\Run.exe
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [295072 2013-01-18] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [NPSStartup]  [x]
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [245872 2013-02-26] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [201576 2013-02-26] (NVIDIA Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\cxol3jfn.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - G:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

Chrome: 
=======
CHR HomePage: hxxp://www.google.de/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - G:\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Docs) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (RealDownloader) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0
CHR Extension: (Gmail) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 IGDCTRL; C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE [87344 2007-09-04] (AVM Berlin)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-03-03] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-04] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-10-09] (DT Soft Ltd)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fet6x64.sys [47872 2009-06-10] (VIA Technologies, Inc.              )
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
S3 ALSysIO; \??\C:\Users\RICHAR~1\AppData\Local\Temp\ALSysIO64.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
S4 NVHDA; system32\drivers\nvhda64v.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-02 14:58 - 2013-07-02 14:58 - 00001343 ____A C:\AdwCleaner[S4].txt
2013-07-02 14:56 - 2013-07-02 15:07 - 00000000 ____D C:\JRT
2013-07-02 14:56 - 2013-07-02 14:56 - 00001480 ____A C:\Users\****\Desktop\AdwCleaner[S1].txt
2013-07-02 14:52 - 2013-07-02 14:52 - 00001524 ____A C:\AdwCleaner[S3].txt
2013-07-02 14:50 - 2013-07-02 14:54 - 00001363 ____A C:\Users\****\Desktop\Neues Textdokument.txt
2013-07-02 14:48 - 2013-07-02 14:48 - 00648201 ____A C:\Users\****\Downloads\adwcleaner.exe
2013-07-02 14:48 - 2013-07-02 14:48 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\****\Downloads\JRT.exe
2013-07-02 14:47 - 2013-07-02 14:47 - 00448512 ____A (OldTimer Tools) C:\Users\****\Downloads\TFC.exe
2013-07-02 13:33 - 2013-07-02 13:36 - 00023669 ____A C:\Users\****\Downloads\Addition.txt
2013-07-02 13:33 - 2013-07-02 13:33 - 00000000 ____D C:\FRST
2013-07-02 13:32 - 2013-07-02 13:33 - 01933556 ____A (Farbar) C:\Users\****\Downloads\FRST64.exe
2013-07-02 13:03 - 2013-07-02 13:03 - 00000264 ____A C:\Users\****\Downloads\defogger_enable.log
2013-07-02 13:02 - 2013-07-02 13:18 - 00104460 ____A C:\Users\****\Downloads\OTL.Txt
2013-07-02 13:02 - 2013-07-02 13:13 - 00088718 ____A C:\Users\****\Downloads\Extras.Txt
2013-07-02 12:56 - 2013-07-02 12:56 - 00602112 ____A (OldTimer Tools) C:\Users\****\Downloads\OTL.exe
2013-07-02 12:55 - 2013-07-02 12:55 - 00050477 ____A C:\Users\****\Downloads\Defogger.exe
2013-07-02 12:55 - 2013-07-02 12:55 - 00000492 ____A C:\Users\****\Downloads\defogger_disable.log
2013-07-02 09:47 - 2013-07-02 14:53 - 00002036 ____A C:\Windows\PFRO.log
2013-07-01 20:45 - 2013-07-01 20:45 - 00000000 ____D C:\Users\Public\Documents\Blizzard Entertainment
2013-07-01 20:24 - 2013-07-01 20:25 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-07-01 20:14 - 2013-07-01 21:18 - 00000830 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2013-07-01 20:14 - 2013-07-01 20:14 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2013-07-01 20:11 - 2013-07-01 20:13 - 00000000 ____D C:\ProgramData\Battle.net
2013-07-01 20:09 - 2013-07-01 20:11 - 83293072 ____A (Blizzard Entertainment) C:\Users\****\Downloads\World-of-Warcraft-Setup-deDE.exe
2013-06-30 18:15 - 2013-06-30 18:15 - 00000270 ____A C:\Users\****\Desktop\TS 3 backup.ini
2013-06-27 20:41 - 2013-06-28 21:12 - 00000000 ____D C:\Users\****\AppData\Local\Arma 3
2013-06-27 20:41 - 2013-06-27 20:41 - 00000000 ____D C:\Users\****\Documents\Arma 3
2013-06-25 17:46 - 2013-07-02 14:58 - 00137853 ____A C:\Windows\WindowsUpdate.log
2013-06-25 17:46 - 2013-06-25 17:46 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-25 17:46 - 2013-06-25 17:46 - 00000000 ____D C:\Users\****\AppData\Roaming\Mozilla
2013-06-25 17:46 - 2013-06-25 17:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-25 17:45 - 2013-06-25 17:46 - 21151576 ____A (Mozilla) C:\Users\****\Downloads\Firefox_Setup_21.0.exe
2013-06-25 17:44 - 2013-07-02 14:59 - 00000728 ____A C:\Windows\setupact.log
2013-06-25 17:44 - 2013-06-25 17:44 - 00000000 ____A C:\Windows\setuperr.log
2013-06-25 16:42 - 2013-06-25 16:42 - 00113988 ____A C:\Users\****\Documents\cc_20130625_164204.reg
2013-06-25 16:34 - 2013-06-25 16:34 - 00000000 ____D C:\Users\****\AppData\Local\Mozilla
2013-06-25 14:57 - 2013-06-25 14:57 - 00002259 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-25 14:56 - 2013-07-02 15:02 - 00001128 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-25 14:56 - 2013-07-02 15:01 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-25 14:56 - 2013-06-25 14:57 - 00000000 ____D C:\Users\****\AppData\Local\Google
2013-06-25 14:56 - 2013-06-25 14:57 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-25 14:39 - 2013-06-25 14:39 - 00903080 ____A (Oracle Corporation) C:\Users\****\Downloads\jxpiinstall.exe
2013-06-25 14:32 - 2013-06-25 14:32 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-25 14:32 - 2013-06-25 14:32 - 00000000 ____D C:\Program Files\CCleaner
2013-06-25 13:28 - 2013-06-25 13:28 - 00001113 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-25 12:29 - 2013-06-25 12:35 - 00000000 ____D C:\Users\****\AppData\Roaming\Ywewu
2013-06-25 12:29 - 2013-06-25 12:29 - 00000000 ____D C:\Users\****\AppData\Roaming\Epera
2013-06-25 08:55 - 2013-06-25 08:55 - 00000000 ____D C:\Users\****\AppData\Local\The Lord of the Rings Online
2013-06-25 08:37 - 2013-06-25 08:37 - 00002720 ____A C:\Users\****\Documents\UserPreferences.ini
2013-06-25 08:36 - 2013-06-25 08:36 - 00000729 ____A C:\Users\****\Desktop\Der Herr der Ringe Online.lnk
2013-06-24 17:58 - 2013-06-25 12:34 - 00000000 ____D C:\Users\****\AppData\Local\PMB Files
2013-06-24 17:58 - 2013-06-24 18:07 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-24 17:58 - 2013-06-24 17:58 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-06-24 17:53 - 2013-06-25 09:03 - 00000000 ____D C:\Users\****\Documents\The Lord of the Rings Online
2013-06-24 17:50 - 2013-06-24 17:50 - 00000846 ____A C:\Users\****\Desktop\Der Herr de Ringe Online Die Schatten von Angmar.lnk
2013-06-24 13:38 - 2013-06-24 13:38 - 00000202 ____A C:\Users\****\Desktop\APB Reloaded.url
2013-06-24 12:42 - 2013-06-25 08:39 - 00000000 ____D C:\Users\****\AppData\Local\Turbine
2013-06-24 12:42 - 2013-06-24 12:42 - 01562390 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-24 12:42 - 2013-06-24 12:42 - 00000103 ____A C:\Users\****\AppData\Local\fusioncache.dat
2013-06-24 12:42 - 2013-06-24 12:42 - 00000000 ____D C:\Users\****\AppData\Roaming\Turbine
2013-06-21 09:03 - 2013-06-21 09:03 - 00001483 ____A C:\Users\****\Desktop\Star Wars - The Old Republic.lnk
2013-06-19 17:36 - 2013-06-19 17:36 - 00000000 ____D C:\Users\****\AppData\Local\SWTOR
2013-06-19 12:29 - 2013-06-19 12:29 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-06-19 12:28 - 2013-06-19 13:05 - 00113868 ____A C:\Users\****\Documents\Install STAR WARS The Old Republic.log
2013-06-19 11:13 - 2013-06-19 11:13 - 00000000 ____D C:\Users\****\AppData\Local\SWTORPerf
2013-06-18 11:55 - 2013-06-18 11:55 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files\iTunes
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files\iPod
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-17 21:16 - 2013-06-17 21:16 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2013-06-17 16:47 - 2013-06-17 16:47 - 00000923 ____A C:\Users\****\Desktop\Logitech Gaming Software 8.35.lnk
2013-06-16 00:12 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-16 00:12 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-16 00:12 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-16 00:12 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-16 00:12 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-16 00:12 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-16 00:12 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-16 00:12 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-16 00:12 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-16 00:12 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-16 00:12 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-16 00:12 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 09:47 - 2013-06-17 19:01 - 00000000 ____D C:\Users\****\AppData\Local\Arma 3 Alpha
2013-06-13 09:47 - 2013-06-13 09:48 - 00000000 ____D C:\Users\****\Documents\Arma 3 Alpha
2013-06-12 23:18 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 23:18 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 23:18 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 23:18 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 23:18 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 23:18 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 19:44 - 2013-06-12 19:44 - 00000202 ____A C:\Users\****\Desktop\Arma 3 Alpha.url
2013-06-12 08:50 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 08:50 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 08:50 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 08:50 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 08:50 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 08:50 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 08:50 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 08:50 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 08:50 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 08:50 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 08:50 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 08:50 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 08:50 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 08:50 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 08:50 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 08:50 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 08:50 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 08:50 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 08:50 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 20:53 - 2013-06-27 20:41 - 00000000 ____D C:\ProgramData\Bohemia Interactive
2013-06-11 20:53 - 2013-06-12 19:39 - 00000000 ____D C:\Users\****\AppData\Local\Arma 3 Alpha Lite
2013-06-11 20:53 - 2013-06-11 20:53 - 00000000 ____D C:\Users\****\Documents\Arma 3 Alpha Lite
2013-06-06 08:36 - 2013-06-06 08:36 - 00000000 ____D C:\Users\****\AppData\Local\Chromium
2013-06-04 19:01 - 2013-06-04 19:02 - 18989296 ____A (Gameforge                                                   ) C:\Users\****\Downloads\AION_GameforgeLiveSetup.exe
2013-06-04 18:48 - 2013-06-04 18:48 - 00000000 ____D C:\Users\****\Downloads\Gameforge Live
2013-06-04 18:48 - 2013-06-04 18:48 - 00000000 ____D C:\Users\****\AppData\Local\Gameforge4d
2013-06-04 14:08 - 2013-06-04 14:08 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-06-04 14:08 - 2013-06-04 14:08 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-06-03 14:17 - 2013-06-03 14:22 - 106159115 ____A C:\Users\****\Hochwasser 2013.mp4
2013-06-03 12:49 - 2013-06-03 12:51 - 55285607 ____A C:\Users\****\Mein Film.mp4
2013-06-03 11:31 - 2013-06-03 11:31 - 00000000 ____D C:\Windows\de
2013-06-03 11:31 - 2013-06-03 11:31 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-06-03 11:31 - 2013-06-03 11:31 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-03 11:30 - 2013-06-18 12:26 - 00000000 ____D C:\Users\****\AppData\Local\Windows Live

==================== One Month Modified Files and Folders =======

2013-07-02 15:07 - 2013-07-02 14:56 - 00000000 ____D C:\JRT
2013-07-02 15:06 - 2009-07-14 06:45 - 00021856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-02 15:06 - 2009-07-14 06:45 - 00021856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-02 15:05 - 2011-04-12 09:43 - 00668274 ____A C:\Windows\System32\perfh007.dat
2013-07-02 15:05 - 2011-04-12 09:43 - 00135942 ____A C:\Windows\System32\perfc007.dat
2013-07-02 15:05 - 2009-07-14 07:13 - 01536742 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-02 15:02 - 2013-06-25 14:56 - 00001128 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-02 15:01 - 2013-06-25 14:56 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-02 14:59 - 2013-06-25 17:44 - 00000728 ____A C:\Windows\setupact.log
2013-07-02 14:59 - 2012-09-28 23:57 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-02 14:59 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-02 14:58 - 2013-07-02 14:58 - 00001343 ____A C:\AdwCleaner[S4].txt
2013-07-02 14:58 - 2013-06-25 17:46 - 00137853 ____A C:\Windows\WindowsUpdate.log
2013-07-02 14:56 - 2013-07-02 14:56 - 00001480 ____A C:\Users\****\Desktop\AdwCleaner[S1].txt
2013-07-02 14:54 - 2013-07-02 14:50 - 00001363 ____A C:\Users\****\Desktop\Neues Textdokument.txt
2013-07-02 14:53 - 2013-07-02 09:47 - 00002036 ____A C:\Windows\PFRO.log
2013-07-02 14:52 - 2013-07-02 14:52 - 00001524 ____A C:\AdwCleaner[S3].txt
2013-07-02 14:51 - 2013-05-06 14:33 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-02 14:50 - 2012-09-29 00:11 - 00000000 ____D C:\Users\****\AppData\Roaming\TS3Client
2013-07-02 14:48 - 2013-07-02 14:48 - 00648201 ____A C:\Users\****\Downloads\adwcleaner.exe
2013-07-02 14:48 - 2013-07-02 14:48 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\****\Downloads\JRT.exe
2013-07-02 14:47 - 2013-07-02 14:47 - 00448512 ____A (OldTimer Tools) C:\Users\****\Downloads\TFC.exe
2013-07-02 14:18 - 2012-10-09 11:52 - 00000000 ____D C:\Users\****\Documents\Outlook-Dateien
2013-07-02 13:36 - 2013-07-02 13:33 - 00023669 ____A C:\Users\****\Downloads\Addition.txt
2013-07-02 13:33 - 2013-07-02 13:33 - 00000000 ____D C:\FRST
2013-07-02 13:33 - 2013-07-02 13:32 - 01933556 ____A (Farbar) C:\Users\****\Downloads\FRST64.exe
2013-07-02 13:18 - 2013-07-02 13:02 - 00104460 ____A C:\Users\****\Downloads\OTL.Txt
2013-07-02 13:13 - 2013-07-02 13:02 - 00088718 ____A C:\Users\****\Downloads\Extras.Txt
2013-07-02 13:03 - 2013-07-02 13:03 - 00000264 ____A C:\Users\****\Downloads\defogger_enable.log
2013-07-02 13:03 - 2012-09-28 21:33 - 00000000 ____D C:\users\****
2013-07-02 12:56 - 2013-07-02 12:56 - 00602112 ____A (OldTimer Tools) C:\Users\****\Downloads\OTL.exe
2013-07-02 12:55 - 2013-07-02 12:55 - 00050477 ____A C:\Users\****\Downloads\Defogger.exe
2013-07-02 12:55 - 2013-07-02 12:55 - 00000492 ____A C:\Users\****\Downloads\defogger_disable.log
2013-07-01 21:19 - 2012-09-29 02:55 - 00000000 ____D C:\Users\****\AppData\Roaming\Skype
2013-07-01 21:18 - 2013-07-01 20:14 - 00000830 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2013-07-01 20:45 - 2013-07-01 20:45 - 00000000 ____D C:\Users\Public\Documents\Blizzard Entertainment
2013-07-01 20:25 - 2013-07-01 20:24 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-07-01 20:14 - 2013-07-01 20:14 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2013-07-01 20:13 - 2013-07-01 20:11 - 00000000 ____D C:\ProgramData\Battle.net
2013-07-01 20:11 - 2013-07-01 20:09 - 83293072 ____A (Blizzard Entertainment) C:\Users\****\Downloads\World-of-Warcraft-Setup-deDE.exe
2013-07-01 19:31 - 2013-05-20 10:07 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-30 18:15 - 2013-06-30 18:15 - 00000270 ____A C:\Users\****\Desktop\TS 3 backup.ini
2013-06-28 21:12 - 2013-06-27 20:41 - 00000000 ____D C:\Users\****\AppData\Local\Arma 3
2013-06-27 20:41 - 2013-06-27 20:41 - 00000000 ____D C:\Users\****\Documents\Arma 3
2013-06-27 20:41 - 2013-06-11 20:53 - 00000000 ____D C:\ProgramData\Bohemia Interactive
2013-06-25 17:46 - 2013-06-25 17:46 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-25 17:46 - 2013-06-25 17:46 - 00000000 ____D C:\Users\****\AppData\Roaming\Mozilla
2013-06-25 17:46 - 2013-06-25 17:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-25 17:46 - 2013-06-25 17:45 - 21151576 ____A (Mozilla) C:\Users\****\Downloads\Firefox_Setup_21.0.exe
2013-06-25 17:44 - 2013-06-25 17:44 - 00000000 ____A C:\Windows\setuperr.log
2013-06-25 16:42 - 2013-06-25 16:42 - 00113988 ____A C:\Users\****\Documents\cc_20130625_164204.reg
2013-06-25 16:34 - 2013-06-25 16:34 - 00000000 ____D C:\Users\****\AppData\Local\Mozilla
2013-06-25 14:57 - 2013-06-25 14:57 - 00002259 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-25 14:57 - 2013-06-25 14:56 - 00000000 ____D C:\Users\****\AppData\Local\Google
2013-06-25 14:57 - 2013-06-25 14:56 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-25 14:56 - 2013-02-14 17:44 - 00000000 ____D C:\Users\****\AppData\Local\Deployment
2013-06-25 14:40 - 2012-09-30 03:15 - 00000000 ____D C:\Users\****\AppData\Local\Adobe
2013-06-25 14:39 - 2013-06-25 14:39 - 00903080 ____A (Oracle Corporation) C:\Users\****\Downloads\jxpiinstall.exe
2013-06-25 14:33 - 2012-09-28 04:28 - 00000000 ____D C:\Windows\Panther
2013-06-25 14:32 - 2013-06-25 14:32 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-25 14:32 - 2013-06-25 14:32 - 00000000 ____D C:\Program Files\CCleaner
2013-06-25 13:28 - 2013-06-25 13:28 - 00001113 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-25 13:28 - 2013-01-20 09:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-25 13:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-25 12:41 - 2013-05-06 14:33 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-25 12:41 - 2013-05-06 14:33 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-25 12:35 - 2013-06-25 12:29 - 00000000 ____D C:\Users\****\AppData\Roaming\Ywewu
2013-06-25 12:34 - 2013-06-24 17:58 - 00000000 ____D C:\Users\****\AppData\Local\PMB Files
2013-06-25 12:29 - 2013-06-25 12:29 - 00000000 ____D C:\Users\****\AppData\Roaming\Epera
2013-06-25 09:03 - 2013-06-24 17:53 - 00000000 ____D C:\Users\****\Documents\The Lord of the Rings Online
2013-06-25 08:55 - 2013-06-25 08:55 - 00000000 ____D C:\Users\****\AppData\Local\The Lord of the Rings Online
2013-06-25 08:39 - 2013-06-24 12:42 - 00000000 ____D C:\Users\****\AppData\Local\Turbine
2013-06-25 08:37 - 2013-06-25 08:37 - 00002720 ____A C:\Users\****\Documents\UserPreferences.ini
2013-06-25 08:36 - 2013-06-25 08:36 - 00000729 ____A C:\Users\****\Desktop\Der Herr der Ringe Online.lnk
2013-06-24 18:07 - 2013-06-24 17:58 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-24 17:58 - 2013-06-24 17:58 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-06-24 17:50 - 2013-06-24 17:50 - 00000846 ____A C:\Users\****\Desktop\Der Herr de Ringe Online Die Schatten von Angmar.lnk
2013-06-24 13:38 - 2013-06-24 13:38 - 00000202 ____A C:\Users\****\Desktop\APB Reloaded.url
2013-06-24 12:42 - 2013-06-24 12:42 - 01562390 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-24 12:42 - 2013-06-24 12:42 - 00000103 ____A C:\Users\****\AppData\Local\fusioncache.dat
2013-06-24 12:42 - 2013-06-24 12:42 - 00000000 ____D C:\Users\****\AppData\Roaming\Turbine
2013-06-24 12:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Registration
2013-06-24 12:13 - 2012-09-28 22:24 - 00000000 ____D C:\Users\****\AppData\Roaming\vlc
2013-06-21 09:03 - 2013-06-21 09:03 - 00001483 ____A C:\Users\****\Desktop\Star Wars - The Old Republic.lnk
2013-06-21 08:41 - 2013-03-03 19:47 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-06-20 20:54 - 2013-02-14 19:40 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2013-06-20 20:54 - 2013-02-14 19:39 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2013-06-20 20:54 - 2013-02-14 19:39 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2013-06-19 17:36 - 2013-06-19 17:36 - 00000000 ____D C:\Users\****\AppData\Local\SWTOR
2013-06-19 13:05 - 2013-06-19 12:28 - 00113868 ____A C:\Users\****\Documents\Install STAR WARS The Old Republic.log
2013-06-19 12:29 - 2013-06-19 12:29 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-06-19 12:29 - 2013-03-03 11:39 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-06-19 11:13 - 2013-06-19 11:13 - 00000000 ____D C:\Users\****\AppData\Local\SWTORPerf
2013-06-19 11:02 - 2013-03-03 11:39 - 00000000 ____D C:\Users\****\AppData\Roaming\Origin
2013-06-19 11:02 - 2013-03-03 11:39 - 00000000 ____D C:\Users\****\AppData\Local\Origin
2013-06-19 11:02 - 2013-03-03 11:37 - 00000000 ____D C:\ProgramData\Origin
2013-06-18 12:26 - 2013-06-03 11:30 - 00000000 ____D C:\Users\****\AppData\Local\Windows Live
2013-06-18 11:55 - 2013-06-18 11:55 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files\iTunes
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files\iPod
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-17 21:16 - 2013-06-17 21:16 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2013-06-17 21:16 - 2012-09-29 00:41 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2013-06-17 19:01 - 2013-06-13 09:47 - 00000000 ____D C:\Users\****\AppData\Local\Arma 3 Alpha
2013-06-17 16:47 - 2013-06-17 16:47 - 00000923 ____A C:\Users\****\Desktop\Logitech Gaming Software 8.35.lnk
2013-06-16 06:46 - 2013-03-02 15:59 - 00000000 ____D C:\Users\****\Desktop\TTZ
2013-06-15 09:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 09:48 - 2013-06-13 09:47 - 00000000 ____D C:\Users\****\Documents\Arma 3 Alpha
2013-06-12 23:18 - 2012-09-28 23:15 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 19:44 - 2013-06-12 19:44 - 00000202 ____A C:\Users\****\Desktop\Arma 3 Alpha.url
2013-06-12 19:39 - 2013-06-11 20:53 - 00000000 ____D C:\Users\****\AppData\Local\Arma 3 Alpha Lite
2013-06-11 21:51 - 2013-05-15 09:51 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-11 20:53 - 2013-06-11 20:53 - 00000000 ____D C:\Users\****\Documents\Arma 3 Alpha Lite
2013-06-08 16:08 - 2013-06-16 00:12 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-16 00:12 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-16 00:12 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-16 00:12 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-16 00:12 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-16 00:12 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-16 00:12 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-16 00:12 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-16 00:12 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-16 00:12 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-16 00:12 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-16 00:12 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-06 08:36 - 2013-06-06 08:36 - 00000000 ____D C:\Users\****\AppData\Local\Chromium
2013-06-06 01:35 - 2012-10-09 11:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-06 01:34 - 2009-07-14 04:34 - 00000478 ____A C:\Windows\win.ini
2013-06-04 19:02 - 2013-06-04 19:01 - 18989296 ____A (Gameforge                                                   ) C:\Users\****\Downloads\AION_GameforgeLiveSetup.exe
2013-06-04 18:48 - 2013-06-04 18:48 - 00000000 ____D C:\Users\****\Downloads\Gameforge Live
2013-06-04 18:48 - 2013-06-04 18:48 - 00000000 ____D C:\Users\****\AppData\Local\Gameforge4d
2013-06-04 14:08 - 2013-06-04 14:08 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-06-04 14:08 - 2013-06-04 14:08 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-06-03 14:22 - 2013-06-03 14:17 - 106159115 ____A C:\Users\****\Hochwasser 2013.mp4
2013-06-03 12:51 - 2013-06-03 12:49 - 55285607 ____A C:\Users\****\Mein Film.mp4
2013-06-03 11:31 - 2013-06-03 11:31 - 00000000 ____D C:\Windows\de
2013-06-03 11:31 - 2013-06-03 11:31 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-06-03 11:31 - 2013-06-03 11:31 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-03 11:31 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-23 19:37

==================== End Of Log ============================
         
--- --- ---


Mein Avira hat sich mittlerweile auch nochmal gemeldet, mit folgender Meldung:
"Die Datei 'C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57c9fd79-1d24f0b0'
enthielt einen Virus oder unerwünschtes Programm 'JAVA/Dldr.Obfshlp.MA' [virus]."


Alt 02.07.2013, 16:29   #6
schrauber
/// the machine
/// TB-Ausbilder
 

TR/PSW.Zbot.233472.224 Befall - Standard

TR/PSW.Zbot.233472.224 Befall



Sollte mit TFC eigentlich erledigt sein.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST Log bitte. Noch Probleme?
__________________
--> TR/PSW.Zbot.233472.224 Befall

Alt 04.07.2013, 11:33   #7
yosherl
 
TR/PSW.Zbot.233472.224 Befall - Standard

TR/PSW.Zbot.233472.224 Befall



Hallo Schrauber,

so nun bin ich wieder daheim.

Hier die Files:


Eset

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8a
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e4942df96867254ebc4cfaeb41230c78
# engine=14262
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-04 09:54:29
# local_time=2013-07-04 11:54:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 0 238354959 113986 0
# compatibility_mode=5893 16776574 100 94 24065285 124561519 0 0
# scanned=497197
# found=0
# cleaned=0
# scan_time=8717
         

FRT

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-07-2013
Ran by **** (administrator) on 04-07-2013 12:21:43
Running from C:\Users\****\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized [7477016 2013-04-25] (Logitech Inc.)
HKLM\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [5299320 2012-10-25] (VIA)
MountPoints2: {ef99db7b-090b-11e2-a3b5-806e6f6e6963} - D:\Run.exe
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [295072 2013-01-18] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [NPSStartup]  [x]
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [245872 2013-02-26] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [201576 2013-02-26] (NVIDIA Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\cxol3jfn.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - G:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

Chrome: 
=======
CHR HomePage: hxxp://www.google.de/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - G:\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Docs) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (RealDownloader) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0
CHR Extension: (Gmail) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 IGDCTRL; C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE [87344 2007-09-04] (AVM Berlin)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-03-03] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-04] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-10-09] (DT Soft Ltd)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fet6x64.sys [47872 2009-06-10] (VIA Technologies, Inc.              )
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
S3 ALSysIO; \??\C:\Users\RICHAR~1\AppData\Local\Temp\ALSysIO64.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
S4 NVHDA; system32\drivers\nvhda64v.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-04 09:29 - 2013-07-04 09:29 - 00890988 ____A C:\Users\****\Downloads\SecurityCheck.exe
2013-07-04 09:27 - 2013-07-04 09:27 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-04 09:26 - 2013-07-04 09:26 - 02347384 ____A (ESET) C:\Users\****\Downloads\esetsmartinstaller_enu.exe
2013-07-03 13:04 - 2013-07-03 13:04 - 00000000 ____D C:\Users\****\Documents\My Curse
2013-07-03 13:03 - 2013-07-03 13:04 - 00000000 ____D C:\Users\****\AppData\Roaming\Curse Advertising
2013-07-03 13:02 - 2013-07-03 13:02 - 00000318 ____A C:\Users\****\Desktop\Curse Client.appref-ms
2013-07-03 13:00 - 2013-07-03 13:00 - 00402696 ____A () C:\Users\****\Downloads\setup.exe
2013-07-02 14:58 - 2013-07-02 14:58 - 00001343 ____A C:\AdwCleaner[S4].txt
2013-07-02 14:56 - 2013-07-02 17:20 - 00000000 ____D C:\JRT
2013-07-02 14:56 - 2013-07-02 14:56 - 00001480 ____A C:\Users\****\Desktop\AdwCleaner[S1].txt
2013-07-02 14:52 - 2013-07-02 14:52 - 00001524 ____A C:\AdwCleaner[S3].txt
2013-07-02 14:50 - 2013-07-02 14:54 - 00001363 ____A C:\Users\****\Desktop\Neues Textdokument.txt
2013-07-02 14:48 - 2013-07-02 14:48 - 00648201 ____A C:\Users\****\Downloads\adwcleaner.exe
2013-07-02 14:48 - 2013-07-02 14:48 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\****\Downloads\JRT.exe
2013-07-02 14:47 - 2013-07-02 14:47 - 00448512 ____A (OldTimer Tools) C:\Users\****\Downloads\TFC.exe
2013-07-02 13:33 - 2013-07-02 13:36 - 00023669 ____A C:\Users\****\Downloads\Addition.txt
2013-07-02 13:33 - 2013-07-02 13:33 - 00000000 ____D C:\FRST
2013-07-02 13:32 - 2013-07-02 13:33 - 01933556 ____A (Farbar) C:\Users\****\Downloads\FRST64.exe
2013-07-02 13:03 - 2013-07-02 13:03 - 00000264 ____A C:\Users\****\Downloads\defogger_enable.log
2013-07-02 13:02 - 2013-07-02 13:18 - 00104460 ____A C:\Users\****\Downloads\OTL.Txt
2013-07-02 13:02 - 2013-07-02 13:13 - 00088718 ____A C:\Users\****\Downloads\Extras.Txt
2013-07-02 12:56 - 2013-07-02 12:56 - 00602112 ____A (OldTimer Tools) C:\Users\****\Downloads\OTL.exe
2013-07-02 12:55 - 2013-07-02 12:55 - 00050477 ____A C:\Users\****\Downloads\Defogger.exe
2013-07-02 12:55 - 2013-07-02 12:55 - 00000492 ____A C:\Users\****\Downloads\defogger_disable.log
2013-07-02 09:47 - 2013-07-03 10:04 - 00002450 ____A C:\Windows\PFRO.log
2013-07-01 20:45 - 2013-07-01 20:45 - 00000000 ____D C:\Users\Public\Documents\Blizzard Entertainment
2013-07-01 20:24 - 2013-07-01 20:25 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-07-01 20:14 - 2013-07-01 21:18 - 00000830 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2013-07-01 20:14 - 2013-07-01 20:14 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2013-07-01 20:11 - 2013-07-01 20:13 - 00000000 ____D C:\ProgramData\Battle.net
2013-07-01 20:09 - 2013-07-01 20:11 - 83293072 ____A (Blizzard Entertainment) C:\Users\****\Downloads\World-of-Warcraft-Setup-deDE.exe
2013-06-30 18:15 - 2013-06-30 18:15 - 00000270 ____A C:\Users\****\Desktop\TS 3 backup.ini
2013-06-27 20:41 - 2013-06-28 21:12 - 00000000 ____D C:\Users\****\AppData\Local\Arma 3
2013-06-27 20:41 - 2013-06-27 20:41 - 00000000 ____D C:\Users\****\Documents\Arma 3
2013-06-25 17:46 - 2013-07-04 01:16 - 00248850 ____A C:\Windows\WindowsUpdate.log
2013-06-25 17:46 - 2013-06-25 17:46 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-25 17:46 - 2013-06-25 17:46 - 00000000 ____D C:\Users\****\AppData\Roaming\Mozilla
2013-06-25 17:46 - 2013-06-25 17:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-25 17:45 - 2013-06-25 17:46 - 21151576 ____A (Mozilla) C:\Users\****\Downloads\Firefox_Setup_21.0.exe
2013-06-25 17:44 - 2013-07-04 09:12 - 00002238 ____A C:\Windows\setupact.log
2013-06-25 17:44 - 2013-06-25 17:44 - 00000000 ____A C:\Windows\setuperr.log
2013-06-25 16:42 - 2013-06-25 16:42 - 00113988 ____A C:\Users\****\Documents\cc_20130625_164204.reg
2013-06-25 16:34 - 2013-06-25 16:34 - 00000000 ____D C:\Users\****\AppData\Local\Mozilla
2013-06-25 14:57 - 2013-06-25 14:57 - 00002259 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-25 14:56 - 2013-07-04 12:21 - 00001128 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-25 14:56 - 2013-07-04 09:12 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-25 14:56 - 2013-06-25 14:57 - 00000000 ____D C:\Users\****\AppData\Local\Google
2013-06-25 14:56 - 2013-06-25 14:57 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-25 14:39 - 2013-06-25 14:39 - 00903080 ____A (Oracle Corporation) C:\Users\****\Downloads\jxpiinstall.exe
2013-06-25 14:32 - 2013-06-25 14:32 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-25 14:32 - 2013-06-25 14:32 - 00000000 ____D C:\Program Files\CCleaner
2013-06-25 13:28 - 2013-06-25 13:28 - 00001113 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-25 12:29 - 2013-06-25 12:35 - 00000000 ____D C:\Users\****\AppData\Roaming\Ywewu
2013-06-25 12:29 - 2013-06-25 12:29 - 00000000 ____D C:\Users\****\AppData\Roaming\Epera
2013-06-25 08:55 - 2013-06-25 08:55 - 00000000 ____D C:\Users\****\AppData\Local\The Lord of the Rings Online
2013-06-25 08:37 - 2013-06-25 08:37 - 00002720 ____A C:\Users\****\Documents\UserPreferences.ini
2013-06-25 08:36 - 2013-06-25 08:36 - 00000729 ____A C:\Users\****\Desktop\Der Herr der Ringe Online.lnk
2013-06-24 17:58 - 2013-06-25 12:34 - 00000000 ____D C:\Users\****\AppData\Local\PMB Files
2013-06-24 17:58 - 2013-06-24 18:07 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-24 17:58 - 2013-06-24 17:58 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-06-24 17:53 - 2013-06-25 09:03 - 00000000 ____D C:\Users\****\Documents\The Lord of the Rings Online
2013-06-24 17:50 - 2013-06-24 17:50 - 00000846 ____A C:\Users\****\Desktop\Der Herr de Ringe Online Die Schatten von Angmar.lnk
2013-06-24 13:38 - 2013-06-24 13:38 - 00000202 ____A C:\Users\****\Desktop\APB Reloaded.url
2013-06-24 12:42 - 2013-06-25 08:39 - 00000000 ____D C:\Users\****\AppData\Local\Turbine
2013-06-24 12:42 - 2013-06-24 12:42 - 01562390 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-24 12:42 - 2013-06-24 12:42 - 00000103 ____A C:\Users\****\AppData\Local\fusioncache.dat
2013-06-24 12:42 - 2013-06-24 12:42 - 00000000 ____D C:\Users\****\AppData\Roaming\Turbine
2013-06-21 09:03 - 2013-06-21 09:03 - 00001483 ____A C:\Users\****\Desktop\Star Wars - The Old Republic.lnk
2013-06-19 17:36 - 2013-06-19 17:36 - 00000000 ____D C:\Users\****\AppData\Local\SWTOR
2013-06-19 12:29 - 2013-06-19 12:29 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-06-19 12:28 - 2013-06-19 13:05 - 00113868 ____A C:\Users\****\Documents\Install STAR WARS The Old Republic.log
2013-06-19 11:13 - 2013-06-19 11:13 - 00000000 ____D C:\Users\****\AppData\Local\SWTORPerf
2013-06-18 11:55 - 2013-06-18 11:55 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files\iTunes
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files\iPod
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-17 21:16 - 2013-06-17 21:16 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2013-06-17 16:47 - 2013-06-17 16:47 - 00000923 ____A C:\Users\****\Desktop\Logitech Gaming Software 8.35.lnk
2013-06-16 00:12 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-16 00:12 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-16 00:12 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-16 00:12 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-16 00:12 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-16 00:12 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-16 00:12 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-16 00:12 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-16 00:12 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-16 00:12 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-16 00:12 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-16 00:12 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 09:47 - 2013-06-17 19:01 - 00000000 ____D C:\Users\****\AppData\Local\Arma 3 Alpha
2013-06-13 09:47 - 2013-06-13 09:48 - 00000000 ____D C:\Users\****\Documents\Arma 3 Alpha
2013-06-12 23:18 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 23:18 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 23:18 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 23:18 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 23:18 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 23:18 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 19:44 - 2013-06-12 19:44 - 00000202 ____A C:\Users\****\Desktop\Arma 3 Alpha.url
2013-06-12 08:50 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 08:50 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 08:50 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 08:50 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 08:50 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 08:50 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 08:50 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 08:50 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 08:50 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 08:50 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 08:50 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 08:50 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 08:50 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 08:50 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 08:50 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 08:50 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 08:50 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 08:50 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 08:50 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 20:53 - 2013-06-27 20:41 - 00000000 ____D C:\ProgramData\Bohemia Interactive
2013-06-11 20:53 - 2013-06-12 19:39 - 00000000 ____D C:\Users\****\AppData\Local\Arma 3 Alpha Lite
2013-06-11 20:53 - 2013-06-11 20:53 - 00000000 ____D C:\Users\****\Documents\Arma 3 Alpha Lite
2013-06-06 08:36 - 2013-06-06 08:36 - 00000000 ____D C:\Users\****\AppData\Local\Chromium
2013-06-04 19:01 - 2013-06-04 19:02 - 18989296 ____A (Gameforge                                                   ) C:\Users\****\Downloads\AION_GameforgeLiveSetup.exe
2013-06-04 18:48 - 2013-06-04 18:48 - 00000000 ____D C:\Users\****\Downloads\Gameforge Live
2013-06-04 18:48 - 2013-06-04 18:48 - 00000000 ____D C:\Users\****\AppData\Local\Gameforge4d
2013-06-04 14:08 - 2013-06-04 14:08 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-06-04 14:08 - 2013-06-04 14:08 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help

==================== One Month Modified Files and Folders =======

2013-07-04 12:21 - 2013-06-25 14:56 - 00001128 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-04 11:51 - 2013-05-06 14:33 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-04 09:29 - 2013-07-04 09:29 - 00890988 ____A C:\Users\****\Downloads\SecurityCheck.exe
2013-07-04 09:27 - 2013-07-04 09:27 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-04 09:26 - 2013-07-04 09:26 - 02347384 ____A (ESET) C:\Users\****\Downloads\esetsmartinstaller_enu.exe
2013-07-04 09:20 - 2009-07-14 06:45 - 00021856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-04 09:20 - 2009-07-14 06:45 - 00021856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-04 09:17 - 2011-04-12 09:43 - 00668274 ____A C:\Windows\System32\perfh007.dat
2013-07-04 09:17 - 2011-04-12 09:43 - 00135942 ____A C:\Windows\System32\perfc007.dat
2013-07-04 09:17 - 2009-07-14 07:13 - 01536742 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-04 09:12 - 2013-06-25 17:44 - 00002238 ____A C:\Windows\setupact.log
2013-07-04 09:12 - 2013-06-25 14:56 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-04 09:12 - 2013-02-14 17:44 - 00000000 ____D C:\Users\****\AppData\Local\Deployment
2013-07-04 09:12 - 2012-09-28 23:57 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-04 09:12 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-04 01:16 - 2013-06-25 17:46 - 00248850 ____A C:\Windows\WindowsUpdate.log
2013-07-03 23:59 - 2012-09-29 00:11 - 00000000 ____D C:\Users\****\AppData\Roaming\TS3Client
2013-07-03 15:53 - 2012-10-09 11:52 - 00000000 ____D C:\Users\****\Documents\Outlook-Dateien
2013-07-03 13:04 - 2013-07-03 13:04 - 00000000 ____D C:\Users\****\Documents\My Curse
2013-07-03 13:04 - 2013-07-03 13:03 - 00000000 ____D C:\Users\****\AppData\Roaming\Curse Advertising
2013-07-03 13:02 - 2013-07-03 13:02 - 00000318 ____A C:\Users\****\Desktop\Curse Client.appref-ms
2013-07-03 13:00 - 2013-07-03 13:00 - 00402696 ____A () C:\Users\****\Downloads\setup.exe
2013-07-03 10:04 - 2013-07-02 09:47 - 00002450 ____A C:\Windows\PFRO.log
2013-07-03 01:44 - 2012-09-29 02:55 - 00000000 ____D C:\Users\****\AppData\Roaming\Skype
2013-07-02 17:20 - 2013-07-02 14:56 - 00000000 ____D C:\JRT
2013-07-02 14:58 - 2013-07-02 14:58 - 00001343 ____A C:\AdwCleaner[S4].txt
2013-07-02 14:56 - 2013-07-02 14:56 - 00001480 ____A C:\Users\****\Desktop\AdwCleaner[S1].txt
2013-07-02 14:54 - 2013-07-02 14:50 - 00001363 ____A C:\Users\****\Desktop\Neues Textdokument.txt
2013-07-02 14:52 - 2013-07-02 14:52 - 00001524 ____A C:\AdwCleaner[S3].txt
2013-07-02 14:48 - 2013-07-02 14:48 - 00648201 ____A C:\Users\****\Downloads\adwcleaner.exe
2013-07-02 14:48 - 2013-07-02 14:48 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\****\Downloads\JRT.exe
2013-07-02 14:47 - 2013-07-02 14:47 - 00448512 ____A (OldTimer Tools) C:\Users\****\Downloads\TFC.exe
2013-07-02 13:36 - 2013-07-02 13:33 - 00023669 ____A C:\Users\****\Downloads\Addition.txt
2013-07-02 13:33 - 2013-07-02 13:33 - 00000000 ____D C:\FRST
2013-07-02 13:33 - 2013-07-02 13:32 - 01933556 ____A (Farbar) C:\Users\****\Downloads\FRST64.exe
2013-07-02 13:18 - 2013-07-02 13:02 - 00104460 ____A C:\Users\****\Downloads\OTL.Txt
2013-07-02 13:13 - 2013-07-02 13:02 - 00088718 ____A C:\Users\****\Downloads\Extras.Txt
2013-07-02 13:03 - 2013-07-02 13:03 - 00000264 ____A C:\Users\****\Downloads\defogger_enable.log
2013-07-02 13:03 - 2012-09-28 21:33 - 00000000 ____D C:\users\****
2013-07-02 12:56 - 2013-07-02 12:56 - 00602112 ____A (OldTimer Tools) C:\Users\****\Downloads\OTL.exe
2013-07-02 12:55 - 2013-07-02 12:55 - 00050477 ____A C:\Users\****\Downloads\Defogger.exe
2013-07-02 12:55 - 2013-07-02 12:55 - 00000492 ____A C:\Users\****\Downloads\defogger_disable.log
2013-07-01 21:18 - 2013-07-01 20:14 - 00000830 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2013-07-01 20:45 - 2013-07-01 20:45 - 00000000 ____D C:\Users\Public\Documents\Blizzard Entertainment
2013-07-01 20:25 - 2013-07-01 20:24 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-07-01 20:14 - 2013-07-01 20:14 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2013-07-01 20:13 - 2013-07-01 20:11 - 00000000 ____D C:\ProgramData\Battle.net
2013-07-01 20:11 - 2013-07-01 20:09 - 83293072 ____A (Blizzard Entertainment) C:\Users\****\Downloads\World-of-Warcraft-Setup-deDE.exe
2013-07-01 19:31 - 2013-05-20 10:07 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-30 18:15 - 2013-06-30 18:15 - 00000270 ____A C:\Users\****\Desktop\TS 3 backup.ini
2013-06-28 21:12 - 2013-06-27 20:41 - 00000000 ____D C:\Users\****\AppData\Local\Arma 3
2013-06-27 20:41 - 2013-06-27 20:41 - 00000000 ____D C:\Users\****\Documents\Arma 3
2013-06-27 20:41 - 2013-06-11 20:53 - 00000000 ____D C:\ProgramData\Bohemia Interactive
2013-06-25 17:46 - 2013-06-25 17:46 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-25 17:46 - 2013-06-25 17:46 - 00000000 ____D C:\Users\****\AppData\Roaming\Mozilla
2013-06-25 17:46 - 2013-06-25 17:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-25 17:46 - 2013-06-25 17:45 - 21151576 ____A (Mozilla) C:\Users\****\Downloads\Firefox_Setup_21.0.exe
2013-06-25 17:44 - 2013-06-25 17:44 - 00000000 ____A C:\Windows\setuperr.log
2013-06-25 16:42 - 2013-06-25 16:42 - 00113988 ____A C:\Users\****\Documents\cc_20130625_164204.reg
2013-06-25 16:34 - 2013-06-25 16:34 - 00000000 ____D C:\Users\****\AppData\Local\Mozilla
2013-06-25 14:57 - 2013-06-25 14:57 - 00002259 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-25 14:57 - 2013-06-25 14:56 - 00000000 ____D C:\Users\****\AppData\Local\Google
2013-06-25 14:57 - 2013-06-25 14:56 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-25 14:40 - 2012-09-30 03:15 - 00000000 ____D C:\Users\****\AppData\Local\Adobe
2013-06-25 14:39 - 2013-06-25 14:39 - 00903080 ____A (Oracle Corporation) C:\Users\****\Downloads\jxpiinstall.exe
2013-06-25 14:33 - 2012-09-28 04:28 - 00000000 ____D C:\Windows\Panther
2013-06-25 14:32 - 2013-06-25 14:32 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-25 14:32 - 2013-06-25 14:32 - 00000000 ____D C:\Program Files\CCleaner
2013-06-25 13:28 - 2013-06-25 13:28 - 00001113 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-25 13:28 - 2013-01-20 09:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-25 13:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-25 12:41 - 2013-05-06 14:33 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-25 12:41 - 2013-05-06 14:33 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-25 12:35 - 2013-06-25 12:29 - 00000000 ____D C:\Users\****\AppData\Roaming\Ywewu
2013-06-25 12:34 - 2013-06-24 17:58 - 00000000 ____D C:\Users\****\AppData\Local\PMB Files
2013-06-25 12:29 - 2013-06-25 12:29 - 00000000 ____D C:\Users\****\AppData\Roaming\Epera
2013-06-25 09:03 - 2013-06-24 17:53 - 00000000 ____D C:\Users\****\Documents\The Lord of the Rings Online
2013-06-25 08:55 - 2013-06-25 08:55 - 00000000 ____D C:\Users\****\AppData\Local\The Lord of the Rings Online
2013-06-25 08:39 - 2013-06-24 12:42 - 00000000 ____D C:\Users\****\AppData\Local\Turbine
2013-06-25 08:37 - 2013-06-25 08:37 - 00002720 ____A C:\Users\****\Documents\UserPreferences.ini
2013-06-25 08:36 - 2013-06-25 08:36 - 00000729 ____A C:\Users\****\Desktop\Der Herr der Ringe Online.lnk
2013-06-24 18:07 - 2013-06-24 17:58 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-24 17:58 - 2013-06-24 17:58 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-06-24 17:50 - 2013-06-24 17:50 - 00000846 ____A C:\Users\****\Desktop\Der Herr de Ringe Online Die Schatten von Angmar.lnk
2013-06-24 13:38 - 2013-06-24 13:38 - 00000202 ____A C:\Users\****\Desktop\APB Reloaded.url
2013-06-24 12:42 - 2013-06-24 12:42 - 01562390 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-24 12:42 - 2013-06-24 12:42 - 00000103 ____A C:\Users\****\AppData\Local\fusioncache.dat
2013-06-24 12:42 - 2013-06-24 12:42 - 00000000 ____D C:\Users\****\AppData\Roaming\Turbine
2013-06-24 12:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Registration
2013-06-24 12:13 - 2012-09-28 22:24 - 00000000 ____D C:\Users\****\AppData\Roaming\vlc
2013-06-21 09:03 - 2013-06-21 09:03 - 00001483 ____A C:\Users\****\Desktop\Star Wars - The Old Republic.lnk
2013-06-21 08:41 - 2013-03-03 19:47 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-06-20 20:54 - 2013-02-14 19:40 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2013-06-20 20:54 - 2013-02-14 19:39 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2013-06-20 20:54 - 2013-02-14 19:39 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2013-06-19 17:36 - 2013-06-19 17:36 - 00000000 ____D C:\Users\****\AppData\Local\SWTOR
2013-06-19 13:05 - 2013-06-19 12:28 - 00113868 ____A C:\Users\****\Documents\Install STAR WARS The Old Republic.log
2013-06-19 12:29 - 2013-06-19 12:29 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-06-19 12:29 - 2013-03-03 11:39 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-06-19 11:13 - 2013-06-19 11:13 - 00000000 ____D C:\Users\****\AppData\Local\SWTORPerf
2013-06-19 11:02 - 2013-03-03 11:39 - 00000000 ____D C:\Users\****\AppData\Roaming\Origin
2013-06-19 11:02 - 2013-03-03 11:39 - 00000000 ____D C:\Users\****\AppData\Local\Origin
2013-06-19 11:02 - 2013-03-03 11:37 - 00000000 ____D C:\ProgramData\Origin
2013-06-18 12:26 - 2013-06-03 11:30 - 00000000 ____D C:\Users\****\AppData\Local\Windows Live
2013-06-18 11:55 - 2013-06-18 11:55 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files\iTunes
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files\iPod
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-17 21:16 - 2013-06-17 21:16 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2013-06-17 21:16 - 2012-09-29 00:41 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2013-06-17 19:01 - 2013-06-13 09:47 - 00000000 ____D C:\Users\****\AppData\Local\Arma 3 Alpha
2013-06-17 16:47 - 2013-06-17 16:47 - 00000923 ____A C:\Users\****\Desktop\Logitech Gaming Software 8.35.lnk
2013-06-16 06:46 - 2013-03-02 15:59 - 00000000 ____D C:\Users\****\Desktop\TTZ
2013-06-15 09:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 09:48 - 2013-06-13 09:47 - 00000000 ____D C:\Users\****\Documents\Arma 3 Alpha
2013-06-12 23:18 - 2012-09-28 23:15 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 19:44 - 2013-06-12 19:44 - 00000202 ____A C:\Users\****\Desktop\Arma 3 Alpha.url
2013-06-12 19:39 - 2013-06-11 20:53 - 00000000 ____D C:\Users\****\AppData\Local\Arma 3 Alpha Lite
2013-06-11 21:51 - 2013-05-15 09:51 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-11 20:53 - 2013-06-11 20:53 - 00000000 ____D C:\Users\****\Documents\Arma 3 Alpha Lite
2013-06-08 16:08 - 2013-06-16 00:12 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-16 00:12 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-16 00:12 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-16 00:12 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-16 00:12 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-16 00:12 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-16 00:12 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-16 00:12 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-16 00:12 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-16 00:12 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-16 00:12 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-16 00:12 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-06 08:36 - 2013-06-06 08:36 - 00000000 ____D C:\Users\****\AppData\Local\Chromium
2013-06-06 01:35 - 2012-10-09 11:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-06 01:34 - 2009-07-14 04:34 - 00000478 ____A C:\Windows\win.ini
2013-06-04 19:02 - 2013-06-04 19:01 - 18989296 ____A (Gameforge                                                   ) C:\Users\****\Downloads\AION_GameforgeLiveSetup.exe
2013-06-04 18:48 - 2013-06-04 18:48 - 00000000 ____D C:\Users\****\Downloads\Gameforge Live
2013-06-04 18:48 - 2013-06-04 18:48 - 00000000 ____D C:\Users\****\AppData\Local\Gameforge4d
2013-06-04 14:08 - 2013-06-04 14:08 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-06-04 14:08 - 2013-06-04 14:08 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-03 05:45

==================== End Of Log ============================
         
--- --- ---



Bei dem Securitycheck habe ich folgendes Fenster erhalten:
Directupload.net - jxdmap5z.jpg
s7.directupload.net/file/d/3306/jxdmap5z_jpg.htm

Eine Textdatei wurde scheinbar nicht erstellt.

gruß,
yosh

Geändert von yosherl (04.07.2013 um 11:40 Uhr)

Alt 04.07.2013, 12:34   #8
schrauber
/// the machine
/// TB-Ausbilder
 

TR/PSW.Zbot.233472.224 Befall - Standard

TR/PSW.Zbot.233472.224 Befall



Supi, noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.07.2013, 12:39   #9
yosherl
 
TR/PSW.Zbot.233472.224 Befall - Standard

TR/PSW.Zbot.233472.224 Befall



hm nein aktuell nicht

Vielen Dank schonmal !!!

Lasse gerade Malwarebytes und Avira nochmal komplett durchlaufen.

Im Avira - Forum habe ich gelesen dass viele Rechner kompromittiert wurden durch so einen Trojaner..??
Da hilft dann wohl nur neu aufsetzen.

Wie sieht das in meinem Fall nun aus?

Und da ich gerade den Ausbilder an der Hand habe, wie kann man bei euch "Part of the Team" werden? Bin zwar Fachinformatiker, aber das was hier so abläuft war bisher nicht mein Schwerpunkt
Finde es aber Interessant, und würde gern mitmachen!

gruß,
yosh

ps: wohne auch nähe Muc =)

Alt 04.07.2013, 12:50   #10
schrauber
/// the machine
/// TB-Ausbilder
 

TR/PSW.Zbot.233472.224 Befall - Standard

TR/PSW.Zbot.233472.224 Befall



Guckst Du hier

http://www.trojaner-board.de/88896-a...ner-board.html

Nee in deinem Fall nicht.

Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu TR/PSW.Zbot.233472.224 Befall
adobe, antivirus, autorun, avira, bho, bonjour, dsl, flash player, ftp, home, intranet, kaspersky, launch, logfile, mozilla, ntdll.dll, object, plug-in, programm, prozesse, registry, schannel.dll, security, senden, services.exe, software, svchost.exe, taskhost.exe, tr/psw.zbot., trojaner, windows, wuauclt.exe




Ähnliche Themen: TR/PSW.Zbot.233472.224 Befall


  1. TR/Spy.Zbot.CGB befall (Win7 Servicepack 1)
    Log-Analyse und Auswertung - 27.11.2013 (3)
  2. Nach PWS:WIN32/Zbot.gen!Am jetzt PWS:WIN32/Zbot.AJB - wie werde ich diesen los
    Log-Analyse und Auswertung - 16.08.2013 (10)
  3. Trojan.zbot.FV und Spyware.zbot.-ED auf Netbook Asus Eee PC /Win7
    Plagegeister aller Art und deren Bekämpfung - 21.07.2013 (23)
  4. Befall von Trojan-Spy.Win32.Zbot.mzqa laut Disinfec't 2013
    Log-Analyse und Auswertung - 13.07.2013 (11)
  5. TR/Zbot.FV
    Plagegeister aller Art und deren Bekämpfung - 13.06.2013 (10)
  6. Avira schlägt Alarm: TR/Spy.ZBot.233472 und TR/Booruxt.A und EXP/CVE-2011-3402.C
    Log-Analyse und Auswertung - 11.06.2013 (30)
  7. Sparkassen Onlin Banking Virus (Zbot.HEEP, Agent.MIXC, Zbot, Agent.ED)
    Plagegeister aller Art und deren Bekämpfung - 18.05.2013 (21)
  8. Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke)
    Log-Analyse und Auswertung - 03.04.2013 (20)
  9. Befall mit zBot Zeus, was tun?
    Plagegeister aller Art und deren Bekämpfung - 19.01.2013 (24)
  10. ZeuS/Zbot-Befall laut Telekom
    Plagegeister aller Art und deren Bekämpfung - 18.12.2012 (11)
  11. Mehrere Trojaner (Zbot) nach Live Security Platimun-Befall gefunden
    Plagegeister aller Art und deren Bekämpfung - 18.09.2012 (9)
  12. Befall durch TR/PSW.Zbot.2805 und JAVA/Exdoer.CU.2 und JAVA/Exdoer.CT.3
    Plagegeister aller Art und deren Bekämpfung - 15.06.2011 (19)
  13. TR/Spy.ZBot.HA
    Log-Analyse und Auswertung - 17.09.2010 (3)
  14. Diverser Befall durch Adware/Trojaner (?) Unter anderem 'TR/Spy.ZBot.aghs'
    Plagegeister aller Art und deren Bekämpfung - 20.03.2010 (1)
  15. TR/Spy.ZBot.pbd
    Antiviren-, Firewall- und andere Schutzprogramme - 11.03.2009 (3)
  16. 3 tw. unbekannte Trojaner TR/Spy.ZBot.hkp.2, TR/Dropper.Gen und TR/Spy.ZBot.hss
    Plagegeister aller Art und deren Bekämpfung - 25.01.2009 (0)
  17. TR/Spy.ZBot.DPE
    Log-Analyse und Auswertung - 06.08.2008 (9)

Zum Thema TR/PSW.Zbot.233472.224 Befall - Hallo zusammen! Ich habe mit einen Trojaner eingefangen, zumindest sagt das mein Avira Eine Suche hat mich leider nur bedingt weitergebracht, da ich zwar einen "TR/PSW.Zbot" gefunden habe, aber keine - TR/PSW.Zbot.233472.224 Befall...
Archiv
Du betrachtest: TR/PSW.Zbot.233472.224 Befall auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.