Automatische Add-Ons in Browser

BBall247 · 09.07.2013, 06:58

Hallo,

immer wenn ich meinen Rechner neu starte sind meine Einstellungen der Browser (IE, Firefox und Chrome) auf Default und es wird versucht ein Add-On zu installieren (FreeHDSport TV 3).

Ich finde keinen Weg das weg zubekommen.
Auch eine Neuinstallation der Browser hilft nicht.

Ich habe 2 Logfiles generieren lassen:

Hijackthis:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 06:06:28, on 09.07.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16611)
Boot mode: Normal

Running processes:
C:\Users\UserXYZ\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\UserXYZ\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_1&ent=hp&u=F5A84FECF9C6DE24E3FE8651D9BD1FBD
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\bh\zonealarm.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\zonealarmTlbr.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Dropbox.lnk = UserXYZ\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Desura Install Service - Desura Pty Ltd - C:\Program Files (x86)\Common Files\Desura\desura_service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Palm Novacom (NovacomD) - Palm - C:\Program Files (x86)\HP webOS\SDK\bin\novacomd\x86\novacomd.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Palm TCP Relay (Palm_TCP_Relay) - Unknown owner - C:\Program Files (x86)\HP webOS\PDK\tcprelay.exe
O23 - Service: PDF Architect Helper Service - pdfforge GbR - C:\Program Files (x86)\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GbR - C:\Program Files (x86)\PDF Architect\ConversionService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12765 bytes

OTL:

Code:

ATTFilter

OTL logfile created on: 09.07.2013 07:37:59 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\UserXYZ\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 3,91 Gb Available Physical Memory | 65,21% Memory free
11,98 Gb Paging File | 9,50 Gb Available in Paging File | 79,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 116,38 Gb Free Space | 12,50% Space Free | Partition Type: NTFS
 
Computer Name: UserXYZ-PC | User Name: UserXYZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\UserXYZ\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
PRC - C:\PROGRA~2\AD-AWA~1\AdAware.exe (Lavasoft Limited)
PRC - C:\Users\UserXYZ\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe ()
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR)
PRC - C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR)
PRC - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
PRC - C:\Program Files (x86)\HP webOS\PDK\tcprelay.exe ()
PRC - C:\Program Files (x86)\HP webOS\SDK\bin\novacomd\x86\novacomd.exe (Palm)
PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\UserXYZ\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Users\UserXYZ\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Ad-Aware Service) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMwareHostd) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe ()
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Desura Install Service) -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe (Desura Pty Ltd)
SRV - (PDF Architect Helper Service) -- C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR)
SRV - (PDF Architect Service) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR)
SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)
SRV - (SBAMSvc) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Palm_TCP_Relay) -- C:\Program Files (x86)\HP webOS\PDK\tcprelay.exe ()
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (NovacomD) -- C:\Program Files (x86)\HP webOS\SDK\bin\novacomd\x86\novacomd.exe (Palm)
SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (MSSQLServerADHelper100) -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (MSSQL$SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (vsock) -- C:\Windows\SysNative\drivers\vsock.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RRNetCapMP) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCap) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (libusb0) -- C:\Windows\SysNative\drivers\libusb0.sys (hxxp://libusb-win32.sourceforge.net)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (libusb0) -- C:\Windows\SysWOW64\drivers\libusb0.sys (hxxp://libusb-win32.sourceforge.net)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_1&ent=hp&u=F5A84FECF9C6DE24E3FE8651D9BD1FBD
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 AB 20 38 F4 40 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_1&ent=hp&u=F5A84FECF9C6DE24E3FE8651D9BD1FBD"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@vmware.com/vmrc,version=2.5.0.00000: C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\UserXYZ\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2013.05.18 11:26:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.06.22 08:55:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013.05.18 11:26:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012.11.24 22:22:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.07.07 21:10:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.02 12:19:39 | 000,000,000 | ---D | M]
 
[2012.10.19 08:31:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserXYZ\AppData\Roaming\mozilla\Extensions
[2012.02.16 23:03:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserXYZ\AppData\Roaming\mozilla\Firefox\extensions
[2012.02.16 23:03:13 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\UserXYZ\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2013.07.08 17:26:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserXYZ\AppData\Roaming\mozilla\Firefox\Profiles\n81625pk.default\extensions
[2013.06.30 10:44:04 | 000,242,624 | ---- | M] () (No name found) -- C:\Users\UserXYZ\AppData\Roaming\mozilla\firefox\profiles\n81625pk.default\extensions\fhdp3@freehdsp.tv.xpi
[2013.03.07 10:14:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.07 10:14:23 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.03.07 10:14:20 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.07 10:14:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.07 10:14:20 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 10:14:20 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.07 10:14:20 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 10:14:20 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: VMware Remote Console and Client Integration Plug-in (Enabled) = C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: OnLive Game Client Detector (Enabled) = C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\UserXYZ\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\UserXYZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Docs = C:\Users\UserXYZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\UserXYZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Users\UserXYZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\UserXYZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\UserXYZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\UserXYZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google-Suche = C:\Users\UserXYZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: FreeHDSport TV 3 = C:\Users\UserXYZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdbmopeebalgaeghmjoegpkngglikgn\3.0_0\
CHR - Extension: Google Mail = C:\Users\UserXYZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - No CLSID value found.
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\bh\zonealarm.dll (Check Point Software Technologies LTD)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\zonealarmTlbr.dll (Check Point Software Technologies LTD)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"\Avast\avastUI.exe (AVAST Software)
 File not found
O4 - Startup: C:\Users\UserXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\UserXYZ\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office10\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9568D291-C46E-4162-BD35-8D0887733572}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SYSTEM32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5438a09c-3c9f-11e2-b68c-aa33643e05aa}\Shell - "" = AutoRun
O33 - MountPoints2\{5438a09c-3c9f-11e2-b68c-aa33643e05aa}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Start.hta
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.08 22:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.07.08 19:55:41 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.07.08 17:47:24 | 000,000,000 | ---D | C] -- C:\Users\UserXYZ\AppData\Local\adawarebp
[2013.07.08 17:20:02 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.07.08 17:19:57 | 000,000,000 | ---D | C] -- C:\JRT
[2013.07.08 17:02:53 | 000,000,000 | ---D | C] -- C:\FRST
[2013.07.07 21:20:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013.07.07 21:18:26 | 000,000,000 | ---D | C] -- C:\Users\UserXYZ\AppData\Roaming\LavasoftStatistics
[2013.07.07 21:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013.07.07 21:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013.07.07 21:11:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013.07.07 21:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013.07.07 21:10:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013.07.07 21:10:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013.07.07 21:09:06 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013.07.07 21:09:06 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.07.07 21:09:05 | 000,000,000 | ---D | C] -- C:\Users\UserXYZ\AppData\Roaming\Ad-Aware Antivirus
[2013.07.07 15:52:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeHDSport.TV
[2013.07.07 15:52:33 | 000,000,000 | ---D | C] -- C:\Users\UserXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FirstRowSportApp.com
[2013.07.07 15:52:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FirstRowSportApp.com
[2013.07.04 20:55:30 | 000,000,000 | ---D | C] -- C:\Users\UserXYZ\Documents\Assassin's Creed III
[2013.07.03 19:43:03 | 000,000,000 | ---D | C] -- C:\Users\UserXYZ\Documents\Amazon Downloader Logs
[2013.07.03 19:43:02 | 000,000,000 | ---D | C] -- C:\Users\UserXYZ\Documents\Assassin's Creed III (Online Game Code)
[2013.06.25 20:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2013.06.25 20:45:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2013.06.23 09:35:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.06.18 10:56:46 | 000,000,000 | ---D | C] -- C:\Users\UserXYZ\Documents\NBA 2K Audio Editor
[2013.06.09 13:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.06.09 13:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.06.09 13:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.06.09 13:21:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.06.09 13:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\UserXYZ\*.tmp files -> C:\Users\UserXYZ\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.09 07:36:31 | 000,000,000 | ---- | M] () -- C:\Users\UserXYZ\defogger_reenable
[2013.07.09 07:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.09 06:51:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.09 06:50:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3451269569-2079452642-3206440045-1012UA.job
[2013.07.09 06:12:01 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.09 06:12:01 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.09 06:02:46 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.09 06:01:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.09 06:01:22 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.08 22:23:42 | 001,848,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.08 22:23:42 | 000,779,858 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.08 22:23:42 | 000,732,952 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.08 22:23:42 | 000,181,698 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.08 22:23:42 | 000,153,490 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.08 22:01:06 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.07.08 21:55:58 | 001,108,252 | ---- | M] () -- C:\Users\UserXYZ\Desktop\Unbenannt2.png
[2013.07.08 21:55:33 | 000,196,824 | ---- | M] () -- C:\Users\UserXYZ\Desktop\Unbenannt.png
[2013.07.08 21:53:24 | 000,536,125 | ---- | M] () -- C:\Users\UserXYZ\Documents\bookmarks_08.07.13.html
[2013.07.08 21:48:31 | 000,000,524 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.07.08 12:50:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3451269569-2079452642-3206440045-1012Core.job
[2013.07.07 21:09:06 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013.07.07 21:09:06 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.07.04 20:55:26 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.07.04 20:55:08 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.07.04 20:09:24 | 003,123,272 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2013.07.03 22:14:47 | 000,557,009 | ---- | M] () -- C:\Users\UserXYZ\Documents\Grid2Error.png
[2013.07.03 19:45:10 | 000,144,079 | ---- | M] () -- C:\Users\UserXYZ\Documents\STEAM - receipt for your key subscription4.pdf
[2013.06.29 15:35:00 | 001,670,182 | ---- | M] () -- C:\Users\UserXYZ\Desktop\Das geraubte Leben des Waisen Jun Do - R - Suhrkamp-Verlag _Berlin_.epub
[2013.06.28 05:59:28 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.06.28 05:59:28 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.06.28 05:59:28 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.06.28 05:59:28 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013.06.28 05:59:28 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013.06.28 05:59:28 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013.06.22 08:55:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.06.19 22:21:46 | 001,821,732 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\UserXYZ\*.tmp files -> C:\Users\UserXYZ\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.09 07:36:31 | 000,000,000 | ---- | C] () -- C:\Users\UserXYZ\defogger_reenable
[2013.07.08 22:01:06 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.07.08 21:55:58 | 001,108,252 | ---- | C] () -- C:\Users\UserXYZ\Desktop\Unbenannt2.png
[2013.07.08 21:55:33 | 000,196,824 | ---- | C] () -- C:\Users\UserXYZ\Desktop\Unbenannt.png
[2013.07.08 21:53:23 | 000,536,125 | ---- | C] () -- C:\Users\UserXYZ\Documents\bookmarks_08.07.13.html
[2013.07.08 17:06:00 | 000,000,524 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.07.04 20:55:07 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013.07.03 22:14:47 | 000,557,009 | ---- | C] () -- C:\Users\UserXYZ\Documents\Grid2Error.png
[2013.07.03 19:45:10 | 000,144,079 | ---- | C] () -- C:\Users\UserXYZ\Documents\STEAM - receipt for your key subscription4.pdf
[2013.06.29 15:35:10 | 001,670,182 | ---- | C] () -- C:\Users\UserXYZ\Desktop\Das geraubte Leben des Waisen Jun Do - R - Suhrkamp-Verlag _Berlin_.epub
[2013.06.28 05:59:28 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013.06.26 20:55:35 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013.06.26 20:55:34 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013.06.23 09:36:09 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.23 09:36:00 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.17 21:31:15 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.03.17 21:31:13 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.11.19 22:54:48 | 000,000,000 | ---- | C] () -- C:\Users\UserXYZ\DesktopNapsterRienfRepair_119.msi
[2012.10.14 18:32:06 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.06.10 21:22:44 | 000,000,093 | ---- | C] () -- C:\Users\UserXYZ\AppData\Local\fusioncache.dat
[2012.03.27 11:20:16 | 000,000,032 | ---- | C] () -- C:\Users\UserXYZ\.simfy
[2012.02.20 14:45:02 | 001,821,732 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.25 21:22:33 | 000,000,000 | ---D | M] -- C:\Users\UserXYZ\AppData\Roaming\2K Sports
[2013.07.08 17:35:41 | 000,000,000 | ---D | M] -- C:\Users\UserXYZ\AppData\Roaming\Ad-Aware Antivirus
[2012.11.24 22:22:28 | 000,000,000 | ---D | M] -- C:\Users\UserXYZ\AppData\Roaming\APP_NAME_NON_STRING
[2013.05.12 22:47:15 | 000,000,000 | ---D | M] -- C:\Users\UserXYZ\AppData\Roaming\Bitcoin
[2012.04.04 21:13:48 | 000,000,000 | ---D | M] -- C:\Users\UserXYZ\AppData\Roaming\bizarre creations
[2013.01.31 22:49:57 | 000,000,000 | ---D | M] -- C:\Users\UserXYZ\AppData\Roaming\calibre
[2012.02.16 22:48:23 | 000,000,000 | ---D | M] -- C:\Users\UserXYZ\AppData\Roaming\Canon
[2013.05.18 11:06:12 | 000,000,000 | ---D | M] -- C:\Users\UserXYZ\AppData\Roaming\Check Point Software Technologies LTD
[2012.10.19 08:31:20 | 000,000,000 | ---D | M] -- C:\Users\UserXYZ\AppData\Roaming\CheckPoint
[2012.03.27 11:13:18 | 000,000,000 | ---D | M] -- C:\Users\UserXYZ\AppData\Roaming\com.Rhapsody.Napster5
[2013.07.09 06:03:45 | 000,000,000 | ---D | M] -- C:\Users\UserXYZ\AppData\Roaming\Dropbox
[2013.05.30 21:36:11 | 000,000,000 | ---D | M] -- C:\Users\UserXYZ\AppData\Roaming\InfraRecorder
[2013.04.12 15:39:57 | 000,000,000 | ---D | M] -- C:\Users\UserXYZ\AppData\Roaming\IrfanView
[2012.11.01 20:35:17 | 000,000,000 | ---D | M] -- C:\Users\UserXYZ\AppData\Roaming\JemiZhuu
[2013.01.18 22:42:00 | 000,000,000 | ---D | M] -- C:\Users\UserXYZ\AppData\Roaming\Leadertech
[2012.02.28 12:26:48 | 000,000,000 | ---D | M] -- C:\Users\UserXYZ\AppData\Roaming\LibreOffice
[2013.04.29 22:19:00 | 000,000,000 | ---D | M] -- C:\Users\UserXYZ\AppData\Roaming\Litecoin
[2013.03.02 09:16:55 | 000,000,000 | ---D | M] -- C:\Users\UserXYZ\AppData\Roaming\Milestone
[2013.01.03 21:54:29 | 000,000,000 | ---D | M] -- C:\Users\UserXYZ\AppData\Roaming\Need for Speed World
[2013.01.20 20:29:53 | 000,000,000 | ---D | M] -- C:\Users\UserXYZ\AppData\Roaming\Notepad++
[2012.06.16 08:26:07 | 000,000,000 | ---D | M] -- C:\Users\UserXYZ\AppData\Roaming\OnLive App
[2012.03.27 11:20:15 | 000,000,000 | ---D | M] -- C:\Users\UserXYZ\AppData\Roaming\Simfy
[2012.09.24 13:38:37 | 000,000,000 | ---D | M] -- C:\Users\UserXYZ\AppData\Roaming\Subversion
[2012.03.22 10:57:33 | 000,000,000 | ---D | M] -- C:\Users\UserXYZ\AppData\Roaming\The Creative Assembly
[2013.03.09 12:42:16 | 000,000,000 | ---D | M] -- C:\Users\UserXYZ\AppData\Roaming\TuneUp Software
[2013.03.17 21:39:58 | 000,000,000 | ---D | M] -- C:\Users\UserXYZ\AppData\Roaming\Ubisoft
[2013.04.27 21:09:42 | 000,000,000 | ---D | M] -- C:\Users\UserXYZ\AppData\Roaming\Unity
[2013.05.18 13:53:16 | 000,000,000 | ---D | M] -- C:\Users\UserXYZ\AppData\Roaming\uTorrent
[2013.03.01 22:03:31 | 000,000,000 | ---D | M] -- C:\Users\UserXYZ\AppData\Roaming\Warner Bros. Interactive Entertainment
 
========== Purity Check ==========
 
 

< End of report >

schrauber · 09.07.2013, 07:03

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

BBall247 · 09.07.2013, 07:26

FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by UserXYZ (administrator) on 09-07-2013 08:19:27
Running from C:\Users\UserXYZ\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Palm) C:\Program Files (x86)\HP webOS\SDK\bin\novacomd\x86\novacomd.exe
() C:\Program Files (x86)\HP webOS\PDK\tcprelay.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\UserXYZ\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Lavasoft Limited) C:\PROGRA~2\AD-AWA~1\AdAware.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden" [1127592 2012-11-22] (Check Point Software Technologies)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
MountPoints2: {5438a09c-3c9f-11e2-b68c-aa33643e05aa} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Start.hta
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [73832 2013-03-27] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [554408 2013-05-15] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
Startup: C:\Users\UserXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\UserXYZ\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\mUserXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\UserXYZ\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\mUserXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_1&ent=hp&u=F5A84FECF9C6DE24E3FE8651D9BD1FBD
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Expat Shield Class - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\zonealarmTlbr.dll (Check Point Software Technologies LTD)
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: msdaipp - No CLSID Value - 
Handler-x32: msdaipp - No CLSID Value - 
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\UserXYZ\AppData\Roaming\Mozilla\Firefox\Profiles\n81625pk.default
FF Homepage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_1&ent=hp&u=F5A84FECF9C6DE24E3FE8651D9BD1FBD
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @vmware.com/vmrc,version=2.5.0.00000 - C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @onlive.com/OnLiveGameClientDetector,version=1.0.0 - C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\UserXYZ\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: fhdp3 - C:\Users\UserXYZ\AppData\Roaming\Mozilla\Firefox\Profiles\n81625pk.default\Extensions\fhdp3@freehdsp.tv.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (VMware Remote Console and Client Integration Plug-in) - C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (OnLive Game Client Detector) - C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\UserXYZ\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\UserXYZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\UserXYZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\UserXYZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\UserXYZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (FreeHDSport TV 3) - C:\Users\UserXYZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdbmopeebalgaeghmjoegpkngglikgn\3.0_0
CHR Extension: (Gmail) - C:\Users\UserXYZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 NovacomD; C:\Program Files (x86)\HP webOS\SDK\bin\novacomd\x86\novacomd.exe [61440 2011-09-19] (Palm)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4229912 2011-11-28] (INCA Internet Co., Ltd.)
R2 Palm_TCP_Relay; C:\Program Files (x86)\HP webOS\PDK\tcprelay.exe [11776 2011-12-21] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-07-04] ()
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2013-03-09] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-11-21] (TuneUp Software)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [13242960 2013-02-26] ()
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-03-27] (Check Point Software Technologies LTD)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] ()
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-07] (GFI Software)
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2012-01-09] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2012-01-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [485680 2012-01-09] (Kaspersky Lab)
S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [29184 2011-12-20] (hxxp://libusb-win32.sourceforge.net)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-03-20] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-03-20] (RapidSolution Software AG)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-24] (TuneUp Software)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
S3 EverestDriver; \??\C:\Users\UserXYZ\AppData\Local\Temp\EverestDriver.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-09 08:17 - 2013-07-09 08:17 - 00052421 ____A C:\Users\UserXYZ\Desktop\FRST.txt
2013-07-09 08:16 - 2013-07-09 08:16 - 01776219 ____A (Farbar) C:\Users\UserXYZ\Downloads\FRST64 (1).exe
2013-07-09 07:55 - 2013-07-09 07:55 - 00102152 ____A C:\Users\UserXYZ\Downloads\OTLmod.txt
2013-07-09 07:53 - 2013-07-09 07:53 - 00012773 ____A C:\Users\UserXYZ\Downloads\hijackthisMOD.txt
2013-07-09 07:36 - 2013-07-09 07:36 - 00000472 ____A C:\Users\UserXYZ\Downloads\defogger_disable.log
2013-07-09 07:36 - 2013-07-09 07:36 - 00000000 ____A C:\Users\UserXYZ\defogger_reenable
2013-07-09 07:35 - 2013-07-09 07:35 - 00050477 ____A C:\Users\UserXYZ\Downloads\Defogger.exe
2013-07-08 22:15 - 2013-07-09 07:37 - 00000000 ____D C:\Users\UserXYZ\Downloads\backups
2013-07-08 22:11 - 2013-07-09 06:06 - 00012767 ____A C:\Users\UserXYZ\Downloads\hijackthis.log
2013-07-08 22:10 - 2013-07-08 22:10 - 00388608 ____A (Trend Micro Inc.) C:\Users\UserXYZ\Downloads\hijackthis.exe
2013-07-08 22:01 - 2013-07-08 22:01 - 00002259 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-08 21:53 - 2013-07-08 21:53 - 00536125 ____A C:\Users\UserXYZ\Documents\bookmarks_08.07.13.html
2013-07-08 21:48 - 2013-07-08 21:48 - 00001516 ____A C:\AdwCleaner[S4].txt
2013-07-08 21:10 - 2013-07-09 07:46 - 00101816 ____A C:\Users\UserXYZ\Downloads\OTL.Txt
2013-07-08 21:10 - 2013-07-08 21:10 - 00121126 ____A C:\Users\UserXYZ\Downloads\Extras.Txt
2013-07-08 20:25 - 2013-07-08 20:25 - 00602112 ____A (OldTimer Tools) C:\Users\UserXYZ\Downloads\OTL.exe
2013-07-08 20:22 - 2013-07-08 21:47 - 00023764 ____A C:\Users\UserXYZ\Downloads\SystemLook.txt
2013-07-08 20:21 - 2013-07-08 20:21 - 00139264 ____A C:\Users\UserXYZ\Downloads\SystemLook.exe
2013-07-08 20:21 - 2013-07-08 20:21 - 00001796 ____A C:\sc-cleaner.txt
2013-07-08 20:20 - 2013-07-08 20:20 - 00406144 ____A (Bleeping Computer, LLC) C:\Users\UserXYZ\Downloads\sc-cleaner.exe
2013-07-08 19:55 - 2013-07-08 19:55 - 00000000 ____D C:\Windows\pss
2013-07-08 17:49 - 2013-07-08 17:50 - 00001456 ____A C:\AdwCleaner[S3].txt
2013-07-08 17:47 - 2013-07-08 17:47 - 00000000 ____D C:\Users\UserXYZ\AppData\Local\adawarebp
2013-07-08 17:27 - 2013-07-08 17:27 - 00001994 ____A C:\Users\UserXYZ\Downloads\JRT.txt
2013-07-08 17:20 - 2013-07-08 17:20 - 00000000 ____D C:\Windows\ERUNT
2013-07-08 17:19 - 2013-07-08 17:19 - 00547139 ____A (Oleg N. Scherbakov) C:\Users\UserXYZ\Downloads\JRT.exe
2013-07-08 17:19 - 2013-07-08 17:19 - 00000000 ____D C:\JRT
2013-07-08 17:11 - 2013-07-08 17:12 - 00001396 ____A C:\AdwCleaner[S2].txt
2013-07-08 17:06 - 2013-07-08 21:48 - 00000524 ____A C:\Windows\DeleteOnReboot.bat
2013-07-08 17:05 - 2013-07-08 17:06 - 00012489 ____A C:\AdwCleaner[S1].txt
2013-07-08 17:03 - 2013-07-08 17:03 - 00029435 ____A C:\Users\UserXYZ\Desktop\Addition.txt
2013-07-08 17:02 - 2013-07-08 17:02 - 00000000 ____D C:\FRST
2013-07-08 17:01 - 2013-07-08 17:01 - 00650027 ____A C:\Users\UserXYZ\Downloads\adwcleaner.exe
2013-07-08 17:00 - 2013-07-08 17:00 - 01934636 ____A (Farbar) C:\Users\UserXYZ\Downloads\FRST64.exe
2013-07-07 21:20 - 2013-07-07 21:20 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-07-07 21:18 - 2013-07-07 21:18 - 00000000 ____D C:\Users\UserXYZ\AppData\Roaming\LavasoftStatistics
2013-07-07 21:11 - 2013-07-07 21:22 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-07-07 21:11 - 2013-07-07 21:11 - 00000000 ____D C:\ProgramData\Lavasoft
2013-07-07 21:10 - 2013-07-07 21:10 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-07-07 21:10 - 2013-07-07 21:10 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-07-07 21:10 - 2013-07-07 21:10 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-07-07 21:09 - 2013-07-08 17:35 - 00000000 ____D C:\Users\UserXYZ\AppData\Roaming\Ad-Aware Antivirus
2013-07-07 21:09 - 2013-07-07 21:09 - 00047496 ____A (GFI Software) C:\Windows\System32\sbbd.exe
2013-07-07 21:09 - 2013-07-07 21:09 - 00014456 ____A (GFI Software) C:\Windows\System32\Drivers\gfibto.sys
2013-07-07 21:08 - 2013-07-07 21:08 - 05616264 ____A (Lavasoft Limited) C:\Users\UserXYZ\Downloads\Adaware_Installer.exe
2013-07-07 15:52 - 2013-07-07 19:46 - 00000000 ____D C:\Program Files (x86)\FirstRowSportApp.com
2013-07-07 15:52 - 2013-07-07 15:52 - 00000000 ____D C:\Program Files (x86)\FreeHDSport.TV
2013-07-05 07:34 - 2013-07-05 07:34 - 00065694 ____A C:\Users\UserXYZ\Downloads\B - Modulbeschreibung + Stoffverteilungsplan + Prüfungshinweise.zip
2013-07-05 07:34 - 2013-07-05 07:34 - 00000000 ____D C:\Users\UserXYZ\Downloads\B - Modulbeschreibung + Stoffverteilungsplan + Prüfungshinweise
2013-07-04 20:55 - 2013-07-04 20:58 - 00000000 ____D C:\Users\UserXYZ\Documents\Assassin's Creed III
2013-07-04 20:55 - 2013-07-04 20:09 - 03123272 ____A C:\Windows\SysWOW64\pbsvc.exe
2013-07-03 19:51 - 2013-07-03 19:51 - 00983408 ____A (Amazon Services LLC) C:\Users\UserXYZ\Downloads\R_U_S_E_Downloader.exe
2013-07-03 19:43 - 2013-07-03 19:43 - 00000000 ____D C:\Users\UserXYZ\Documents\Assassin's Creed III (Online Game Code)
2013-07-03 19:42 - 2013-07-03 19:42 - 00983408 ____A (Amazon Services LLC) C:\Users\UserXYZ\Downloads\Assassin_s_Creed_III_Online_Game_Code_Downloader.exe
2013-06-29 15:35 - 2013-06-29 15:35 - 01670182 ____A C:\Users\UserXYZ\Desktop\Das geraubte Leben des Waisen Jun Do - R - Suhrkamp-Verlag _Berlin_.epub
2013-06-29 15:33 - 2013-06-29 15:42 - 386149070 ____A C:\Users\UserXYZ\Downloads\Platzhirsch.wma
2013-06-29 15:33 - 2013-06-29 15:33 - 00001622 ____A C:\Users\UserXYZ\Downloads\URLLink (26).acsm
2013-06-28 05:59 - 2013-06-28 05:59 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-26 20:55 - 2013-06-28 05:59 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-26 20:55 - 2013-06-28 05:59 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-25 20:45 - 2013-06-25 20:45 - 00001106 ____A C:\Users\UpdatusUser\Desktop\EVEREST Home Edition.lnk
2013-06-25 20:45 - 2013-06-25 20:45 - 00000000 ____D C:\Program Files (x86)\Lavalys
2013-06-25 20:44 - 2013-06-25 20:44 - 04179293 ____A (Lavalys, Inc.                                               ) C:\Users\UserXYZ\Downloads\everesthome220.exe
2013-06-25 10:01 - 2013-06-25 10:01 - 00001659 ____A C:\Users\UserXYZ\Downloads\URLLink (23).acsm
2013-06-25 10:01 - 2013-06-25 10:01 - 00001656 ____A C:\Users\UserXYZ\Downloads\URLLink (25).acsm
2013-06-25 10:01 - 2013-06-25 10:01 - 00001496 ____A C:\Users\UserXYZ\Downloads\URLLink (24).acsm
2013-06-25 10:00 - 2013-06-25 10:00 - 00001533 ____A C:\Users\UserXYZ\Downloads\URLLink (22).acsm
2013-06-23 12:06 - 2013-06-23 12:06 - 00019456 ____A C:\Users\UserXYZ\Downloads\2008 - 05.xls
2013-06-23 11:43 - 2013-06-23 11:44 - 00000000 ____D C:\Users\UserXYZ\Downloads\Hohe (4)
2013-06-23 11:43 - 2013-06-23 11:43 - 14710116 ____A C:\Users\UserXYZ\Downloads\Hohe (4).zip
2013-06-23 09:37 - 2013-06-23 09:37 - 00000000 ____D C:\Users\UserXYZ\AppData\LocalGoogle
2013-06-23 09:36 - 2013-07-09 07:51 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-23 09:36 - 2013-07-09 06:02 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-23 09:35 - 2013-07-08 22:00 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-20 14:02 - 2013-06-20 14:02 - 00000000 ____D C:\Users\UserXYZ\Downloads\Mediencenter
2013-06-20 14:01 - 2013-06-20 14:01 - 07565804 ____A C:\Users\UserXYZ\Downloads\Mediencenter.zip
2013-06-18 20:32 - 2013-06-18 20:32 - 00019456 ____A C:\Users\UserXYZ\Downloads\2013 - 01.xls
2013-06-18 20:31 - 2013-06-18 20:31 - 00020480 ____A C:\Users\UserXYZ\Downloads\2013 - 03.xls
2013-06-18 20:31 - 2013-06-18 20:31 - 00019968 ____A C:\Users\UserXYZ\Downloads\2013 - 05.xls
2013-06-18 20:31 - 2013-06-18 20:31 - 00019968 ____A C:\Users\UserXYZ\Downloads\2013 - 02.xls
2013-06-18 20:31 - 2013-06-18 20:31 - 00019456 ____A C:\Users\UserXYZ\Downloads\2013 - 04.xls
2013-06-18 20:29 - 2013-06-18 20:29 - 00020480 ____A C:\Users\UserXYZ\Downloads\2012 - 03.xls
2013-06-18 10:56 - 2013-06-24 22:01 - 00000000 ____D C:\Users\UserXYZ\Documents\NBA 2K Audio Editor
2013-06-18 10:44 - 2013-06-18 10:44 - 01005568 ____A (Microsoft Corporation) C:\Users\UserXYZ\Downloads\dotNetFx45_Full_setup.exe
2013-06-17 21:42 - 2013-06-17 21:51 - 259574738 ____A C:\Users\UserXYZ\Downloads\Bastian Pastewka liest -Jochen oder die Nacht des Hasen-.wma
2013-06-16 16:00 - 2013-06-16 16:09 - 292466642 ____A C:\Users\UserXYZ\Downloads\Cordula Stratmann liest -Danke für meine Aufmerksamkeit-.wma
2013-06-15 23:27 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 23:27 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 23:27 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 23:27 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 23:27 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 23:27 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 23:27 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 23:27 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 23:27 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 23:27 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 23:27 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 23:27 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 21:41 - 2013-06-13 21:53 - 303623912 ____A C:\Users\UserXYZ\Downloads\Oliver Kalkofe liest Roger Schmelzer -Die besten zehn Sekunden meines Lebens.wma
2013-06-12 22:48 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 22:48 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 22:48 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 22:48 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 22:48 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 22:48 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 22:48 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 22:48 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 22:48 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 22:48 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 22:48 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 22:48 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 22:48 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 22:48 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 22:48 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 22:48 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 22:48 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 22:48 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 22:48 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 19:33 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 19:33 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 19:33 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 19:33 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 19:33 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 19:33 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 19:33 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 19:33 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 19:33 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 19:33 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 19:33 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 19:33 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 19:33 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 19:33 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 19:33 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 19:33 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 19:33 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 19:33 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 19:33 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 16:30 - 2013-06-11 16:30 - 00169472 ____A C:\Users\UserXYZ\Downloads\_Thumbs (3).db
2013-06-11 09:10 - 2013-06-11 09:10 - 00000000 ____D C:\Users\mUserXYZ\AppData\Roaming\2K Sports
2013-06-11 09:03 - 2013-07-05 06:01 - 02369024 ____A C:\Users\mUserXYZ\Desktop\Arbeitszeitnachweis_2013.xls
2013-06-09 13:21 - 2013-06-09 13:21 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-09 13:21 - 2013-06-09 13:21 - 00000000 ____D C:\Program Files\iTunes
2013-06-09 13:21 - 2013-06-09 13:21 - 00000000 ____D C:\Program Files\iPod
2013-06-09 13:21 - 2013-06-09 13:21 - 00000000 ____D C:\Program Files (x86)\iTunes

==================== One Month Modified Files and Folders =======

2013-07-09 08:17 - 2013-07-09 08:17 - 00052421 ____A C:\Users\UserXYZ\Desktop\FRST.txt
2013-07-09 08:16 - 2013-07-09 08:16 - 01776219 ____A (Farbar) C:\Users\UserXYZ\Downloads\FRST64 (1).exe
2013-07-09 08:12 - 2012-05-05 09:45 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-09 07:55 - 2013-07-09 07:55 - 00102152 ____A C:\Users\UserXYZ\Downloads\OTLmod.txt
2013-07-09 07:53 - 2013-07-09 07:53 - 00012773 ____A C:\Users\UserXYZ\Downloads\hijackthisMOD.txt
2013-07-09 07:51 - 2013-06-23 09:36 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-09 07:50 - 2012-09-24 12:00 - 00001128 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3451269569-2079452642-3206440045-1012UA.job
2013-07-09 07:46 - 2013-07-08 21:10 - 00101816 ____A C:\Users\UserXYZ\Downloads\OTL.Txt
2013-07-09 07:37 - 2013-07-08 22:15 - 00000000 ____D C:\Users\UserXYZ\Downloads\backups
2013-07-09 07:36 - 2013-07-09 07:36 - 00000472 ____A C:\Users\UserXYZ\Downloads\defogger_disable.log
2013-07-09 07:36 - 2013-07-09 07:36 - 00000000 ____A C:\Users\UserXYZ\defogger_reenable
2013-07-09 07:36 - 2012-02-16 11:35 - 00000000 ____D C:\users\UserXYZ
2013-07-09 07:35 - 2013-07-09 07:35 - 00050477 ____A C:\Users\UserXYZ\Downloads\Defogger.exe
2013-07-09 07:17 - 2012-02-16 11:34 - 01704800 ____A C:\Windows\WindowsUpdate.log
2013-07-09 06:12 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-09 06:12 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-09 06:06 - 2013-07-08 22:11 - 00012767 ____A C:\Users\UserXYZ\Downloads\hijackthis.log
2013-07-09 06:03 - 2012-10-01 08:20 - 00000000 ____D C:\ProgramData\VMware
2013-07-09 06:03 - 2012-09-25 19:07 - 00000000 ___RD C:\Users\UserXYZ\Dropbox
2013-07-09 06:03 - 2012-09-25 19:04 - 00000000 ____D C:\Users\UserXYZ\AppData\Roaming\Dropbox
2013-07-09 06:03 - 2012-09-24 13:38 - 00000000 ____D C:\Users\UserXYZ\AppData\Local\TSVNCache
2013-07-09 06:02 - 2013-06-23 09:36 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-09 06:02 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-09 06:01 - 2012-02-16 13:28 - 00320576 ____A C:\Windows\PFRO.log
2013-07-09 06:01 - 2012-02-16 11:38 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-09 06:01 - 2009-07-14 06:51 - 00071971 ____A C:\Windows\setupact.log
2013-07-08 22:23 - 2009-07-14 19:58 - 00779858 ____A C:\Windows\System32\perfh007.dat
2013-07-08 22:23 - 2009-07-14 19:58 - 00181698 ____A C:\Windows\System32\perfc007.dat
2013-07-08 22:23 - 2009-07-14 07:13 - 01848388 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-08 22:17 - 2013-03-29 23:37 - 00011007 ____A C:\Windows\IE10_main.log
2013-07-08 22:11 - 2012-02-16 11:35 - 00000000 ____D C:\Users\UserXYZ\AppData\Local\VirtualStore
2013-07-08 22:10 - 2013-07-08 22:10 - 00388608 ____A (Trend Micro Inc.) C:\Users\UserXYZ\Downloads\hijackthis.exe
2013-07-08 22:01 - 2013-07-08 22:01 - 00002259 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-08 22:01 - 2012-02-16 11:39 - 00000000 ____D C:\Users\UserXYZ\AppData\Local\Google
2013-07-08 22:00 - 2013-06-23 09:35 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-08 21:53 - 2013-07-08 21:53 - 00536125 ____A C:\Users\UserXYZ\Documents\bookmarks_08.07.13.html
2013-07-08 21:48 - 2013-07-08 21:48 - 00001516 ____A C:\AdwCleaner[S4].txt
2013-07-08 21:48 - 2013-07-08 17:06 - 00000524 ____A C:\Windows\DeleteOnReboot.bat
2013-07-08 21:47 - 2013-07-08 20:22 - 00023764 ____A C:\Users\UserXYZ\Downloads\SystemLook.txt
2013-07-08 21:10 - 2013-07-08 21:10 - 00121126 ____A C:\Users\UserXYZ\Downloads\Extras.Txt
2013-07-08 20:25 - 2013-07-08 20:25 - 00602112 ____A (OldTimer Tools) C:\Users\UserXYZ\Downloads\OTL.exe
2013-07-08 20:21 - 2013-07-08 20:21 - 00139264 ____A C:\Users\UserXYZ\Downloads\SystemLook.exe
2013-07-08 20:21 - 2013-07-08 20:21 - 00001796 ____A C:\sc-cleaner.txt
2013-07-08 20:20 - 2013-07-08 20:20 - 00406144 ____A (Bleeping Computer, LLC) C:\Users\UserXYZ\Downloads\sc-cleaner.exe
2013-07-08 19:55 - 2013-07-08 19:55 - 00000000 ____D C:\Windows\pss
2013-07-08 17:50 - 2013-07-08 17:49 - 00001456 ____A C:\AdwCleaner[S3].txt
2013-07-08 17:47 - 2013-07-08 17:47 - 00000000 ____D C:\Users\UserXYZ\AppData\Local\adawarebp
2013-07-08 17:35 - 2013-07-07 21:09 - 00000000 ____D C:\Users\UserXYZ\AppData\Roaming\Ad-Aware Antivirus
2013-07-08 17:27 - 2013-07-08 17:27 - 00001994 ____A C:\Users\UserXYZ\Downloads\JRT.txt
2013-07-08 17:20 - 2013-07-08 17:20 - 00000000 ____D C:\Windows\ERUNT
2013-07-08 17:19 - 2013-07-08 17:19 - 00547139 ____A (Oleg N. Scherbakov) C:\Users\UserXYZ\Downloads\JRT.exe
2013-07-08 17:19 - 2013-07-08 17:19 - 00000000 ____D C:\JRT
2013-07-08 17:12 - 2013-07-08 17:11 - 00001396 ____A C:\AdwCleaner[S2].txt
2013-07-08 17:06 - 2013-07-08 17:05 - 00012489 ____A C:\AdwCleaner[S1].txt
2013-07-08 17:06 - 2012-10-22 07:17 - 00000000 ____D C:\Users\mUserXYZ\AppData\Roaming\CheckPoint
2013-07-08 17:03 - 2013-07-08 17:03 - 00029435 ____A C:\Users\UserXYZ\Desktop\Addition.txt
2013-07-08 17:02 - 2013-07-08 17:02 - 00000000 ____D C:\FRST
2013-07-08 17:01 - 2013-07-08 17:01 - 00650027 ____A C:\Users\UserXYZ\Downloads\adwcleaner.exe
2013-07-08 17:00 - 2013-07-08 17:00 - 01934636 ____A (Farbar) C:\Users\UserXYZ\Downloads\FRST64.exe
2013-07-08 12:50 - 2012-09-24 12:00 - 00001076 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3451269569-2079452642-3206440045-1012Core.job
2013-07-07 22:14 - 2012-02-20 14:14 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-07 21:45 - 2012-02-20 19:37 - 00893117 ____A C:\Windows\DirectX.log
2013-07-07 21:22 - 2013-07-07 21:11 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-07-07 21:20 - 2013-07-07 21:20 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-07-07 21:18 - 2013-07-07 21:18 - 00000000 ____D C:\Users\UserXYZ\AppData\Roaming\LavasoftStatistics
2013-07-07 21:11 - 2013-07-07 21:11 - 00000000 ____D C:\ProgramData\Lavasoft
2013-07-07 21:10 - 2013-07-07 21:10 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-07-07 21:10 - 2013-07-07 21:10 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-07-07 21:10 - 2013-07-07 21:10 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-07-07 21:09 - 2013-07-07 21:09 - 00047496 ____A (GFI Software) C:\Windows\System32\sbbd.exe
2013-07-07 21:09 - 2013-07-07 21:09 - 00014456 ____A (GFI Software) C:\Windows\System32\Drivers\gfibto.sys
2013-07-07 21:08 - 2013-07-07 21:08 - 05616264 ____A (Lavasoft Limited) C:\Users\UserXYZ\Downloads\Adaware_Installer.exe
2013-07-07 19:46 - 2013-07-07 15:52 - 00000000 ____D C:\Program Files (x86)\FirstRowSportApp.com
2013-07-07 15:52 - 2013-07-07 15:52 - 00000000 ____D C:\Program Files (x86)\FreeHDSport.TV
2013-07-05 11:39 - 2012-10-01 08:22 - 00000000 ____D C:\Users\mUserXYZ\AppData\Roaming\VMware
2013-07-05 11:39 - 2012-10-01 08:21 - 00000000 ____D C:\Users\mUserXYZ\AppData\Local\VMware
2013-07-05 07:34 - 2013-07-05 07:34 - 00065694 ____A C:\Users\UserXYZ\Downloads\B - Modulbeschreibung + Stoffverteilungsplan + Prüfungshinweise.zip
2013-07-05 07:34 - 2013-07-05 07:34 - 00000000 ____D C:\Users\UserXYZ\Downloads\B - Modulbeschreibung + Stoffverteilungsplan + Prüfungshinweise
2013-07-05 07:18 - 2012-10-30 15:28 - 00000000 ____D C:\Users\mUserXYZ\AppData\Roaming\KeePass
2013-07-05 07:00 - 2013-05-21 08:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-05 06:04 - 2012-09-25 09:33 - 00000000 ____D C:\Users\mUserXYZ\AppData\Roaming\Dropbox
2013-07-05 06:01 - 2013-06-11 09:03 - 02369024 ____A C:\Users\mUserXYZ\Desktop\Arbeitszeitnachweis_2013.xls
2013-07-05 05:59 - 2012-09-25 09:35 - 00000000 ___RD C:\Users\mUserXYZ\Dropbox
2013-07-04 20:58 - 2013-07-04 20:55 - 00000000 ____D C:\Users\UserXYZ\Documents\Assassin's Creed III
2013-07-04 20:55 - 2013-03-17 21:31 - 00189248 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2013-07-04 20:55 - 2013-03-17 21:31 - 00075136 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2013-07-04 20:09 - 2013-07-04 20:55 - 03123272 ____A C:\Windows\SysWOW64\pbsvc.exe
2013-07-03 19:51 - 2013-07-03 19:51 - 00983408 ____A (Amazon Services LLC) C:\Users\UserXYZ\Downloads\R_U_S_E_Downloader.exe
2013-07-03 19:43 - 2013-07-03 19:43 - 00000000 ____D C:\Users\UserXYZ\Documents\Assassin's Creed III (Online Game Code)
2013-07-03 19:42 - 2013-07-03 19:42 - 00983408 ____A (Amazon Services LLC) C:\Users\UserXYZ\Downloads\Assassin_s_Creed_III_Online_Game_Code_Downloader.exe
2013-07-02 15:36 - 2012-10-01 07:38 - 00009486 ____A C:\Users\mUserXYZ\Documents\UserXYZUserXYZ.kdbx
2013-06-29 15:42 - 2013-06-29 15:33 - 386149070 ____A C:\Users\UserXYZ\Downloads\Platzhirsch.wma
2013-06-29 15:35 - 2013-06-29 15:35 - 01670182 ____A C:\Users\UserXYZ\Desktop\Das geraubte Leben des Waisen Jun Do - R - Suhrkamp-Verlag _Berlin_.epub
2013-06-29 15:35 - 2012-02-16 13:56 - 00000000 ____D C:\Users\UserXYZ\Calibre Bibliothek
2013-06-29 15:34 - 2012-02-16 14:07 - 00000000 ____D C:\Users\UserXYZ\Documents\My Digital Editions
2013-06-29 15:33 - 2013-06-29 15:33 - 00001622 ____A C:\Users\UserXYZ\Downloads\URLLink (26).acsm
2013-06-28 19:00 - 2012-09-09 18:36 - 00000000 ____D C:\Users\UserXYZ\AppData\Local\Akamai
2013-06-28 05:59 - 2013-06-28 05:59 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-28 05:59 - 2013-06-26 20:55 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-28 05:59 - 2013-06-26 20:55 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-28 05:59 - 2013-03-19 14:57 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-06-28 05:59 - 2012-02-16 11:47 - 01030952 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-06-28 05:59 - 2012-02-16 11:47 - 00378944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-06-25 20:45 - 2013-06-25 20:45 - 00001106 ____A C:\Users\UpdatusUser\Desktop\EVEREST Home Edition.lnk
2013-06-25 20:45 - 2013-06-25 20:45 - 00000000 ____D C:\Program Files (x86)\Lavalys
2013-06-25 20:44 - 2013-06-25 20:44 - 04179293 ____A (Lavalys, Inc.                                               ) C:\Users\UserXYZ\Downloads\everesthome220.exe
2013-06-25 10:09 - 2012-02-28 13:44 - 00000000 ____D C:\Users\UserXYZ\Documents\Reading
2013-06-25 10:01 - 2013-06-25 10:01 - 00001659 ____A C:\Users\UserXYZ\Downloads\URLLink (23).acsm
2013-06-25 10:01 - 2013-06-25 10:01 - 00001656 ____A C:\Users\UserXYZ\Downloads\URLLink (25).acsm
2013-06-25 10:01 - 2013-06-25 10:01 - 00001496 ____A C:\Users\UserXYZ\Downloads\URLLink (24).acsm
2013-06-25 10:00 - 2013-06-25 10:00 - 00001533 ____A C:\Users\UserXYZ\Downloads\URLLink (22).acsm
2013-06-25 07:34 - 2012-09-24 12:00 - 00000000 ____D C:\Users\mUserXYZ\AppData\Local\Google
2013-06-25 06:42 - 2012-09-25 09:27 - 00000000 ____D C:\Users\mUserXYZ\AppData\Local\TSVNCache
2013-06-24 22:01 - 2013-06-18 10:56 - 00000000 ____D C:\Users\UserXYZ\Documents\NBA 2K Audio Editor
2013-06-24 21:28 - 2012-10-21 20:10 - 00000000 ____D C:\Users\UserXYZ\Desktop\2k13
2013-06-23 12:06 - 2013-06-23 12:06 - 00019456 ____A C:\Users\UserXYZ\Downloads\2008 - 05.xls
2013-06-23 11:44 - 2013-06-23 11:43 - 00000000 ____D C:\Users\UserXYZ\Downloads\Hohe (4)
2013-06-23 11:43 - 2013-06-23 11:43 - 14710116 ____A C:\Users\UserXYZ\Downloads\Hohe (4).zip
2013-06-23 09:37 - 2013-06-23 09:37 - 00000000 ____D C:\Users\UserXYZ\AppData\LocalGoogle
2013-06-22 08:55 - 2012-02-16 11:47 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-06-21 23:36 - 2013-04-21 09:45 - 00010601 ____A C:\Users\UserXYZ\Documents\Playoffs2013.xlsx
2013-06-20 14:02 - 2013-06-20 14:02 - 00000000 ____D C:\Users\UserXYZ\Downloads\Mediencenter
2013-06-20 14:01 - 2013-06-20 14:01 - 07565804 ____A C:\Users\UserXYZ\Downloads\Mediencenter.zip
2013-06-19 22:21 - 2012-02-20 14:45 - 01821732 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-18 20:32 - 2013-06-18 20:32 - 00019456 ____A C:\Users\UserXYZ\Downloads\2013 - 01.xls
2013-06-18 20:31 - 2013-06-18 20:31 - 00020480 ____A C:\Users\UserXYZ\Downloads\2013 - 03.xls
2013-06-18 20:31 - 2013-06-18 20:31 - 00019968 ____A C:\Users\UserXYZ\Downloads\2013 - 05.xls
2013-06-18 20:31 - 2013-06-18 20:31 - 00019968 ____A C:\Users\UserXYZ\Downloads\2013 - 02.xls
2013-06-18 20:31 - 2013-06-18 20:31 - 00019456 ____A C:\Users\UserXYZ\Downloads\2013 - 04.xls
2013-06-18 20:29 - 2013-06-18 20:29 - 00020480 ____A C:\Users\UserXYZ\Downloads\2012 - 03.xls
2013-06-18 10:44 - 2013-06-18 10:44 - 01005568 ____A (Microsoft Corporation) C:\Users\UserXYZ\Downloads\dotNetFx45_Full_setup.exe
2013-06-17 21:51 - 2013-06-17 21:42 - 259574738 ____A C:\Users\UserXYZ\Downloads\Bastian Pastewka liest -Jochen oder die Nacht des Hasen-.wma
2013-06-16 16:09 - 2013-06-16 16:00 - 292466642 ____A C:\Users\UserXYZ\Downloads\Cordula Stratmann liest -Danke für meine Aufmerksamkeit-.wma
2013-06-13 21:53 - 2013-06-13 21:41 - 303623912 ____A C:\Users\UserXYZ\Downloads\Oliver Kalkofe liest Roger Schmelzer -Die besten zehn Sekunden meines Lebens.wma
2013-06-13 21:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-12 22:49 - 2012-04-25 20:28 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-11 21:13 - 2012-05-05 09:45 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 21:13 - 2012-03-22 09:49 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 16:30 - 2013-06-11 16:30 - 00169472 ____A C:\Users\UserXYZ\Downloads\_Thumbs (3).db
2013-06-11 09:10 - 2013-06-11 09:10 - 00000000 ____D C:\Users\mUserXYZ\AppData\Roaming\2K Sports
2013-06-09 13:21 - 2013-06-09 13:21 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-09 13:21 - 2013-06-09 13:21 - 00000000 ____D C:\Program Files\iTunes
2013-06-09 13:21 - 2013-06-09 13:21 - 00000000 ____D C:\Program Files\iPod
2013-06-09 13:21 - 2013-06-09 13:21 - 00000000 ____D C:\Program Files (x86)\iTunes

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-03 08:34

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-07-2013
Ran by UserXYZ at 2013-07-08 17:03:34
Running from C:\Users\UserXYZ\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

µTorrent (x32 Version: 3.3.0.29462)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Ad-Aware Antivirus (x32 Version: 10.5.3.4405)
Ad-Aware Security Add-on (x32 Version: 3.1.0.2)
Adobe AIR (x32 Version: 3.7.0.1860)
Adobe Digital Editions (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Akamai NetSession Interface (HKCU)
Amazon Kindle (HKCU)
AMP WinOFF 5.0.1 (x32 Version: 5.0.1)
Ankh 2: Heart of Osiris (x32)
Apache Directory Studio - (remove only) (x32)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Assassin’s Creed® III (x32)
Assassin's Creed Brotherhood (x32)
Assassin's Creed II (x32)
Assassin's Creed Revelations (x32)
Audials (x32 Version: 8.0.55300.0)
Audials (x32 Version: 9.1.13600.0)
Audials TV (x32 Version: 1.3.10803.300)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
Bitcoin (HKCU Version: 0.8.1)
Blur (x32)
Bonjour (Version: 3.0.0.10)
calibre (x32 Version: 0.9.33)
Canon MP Navigator EX 3.0 (x32)
Canon MP550 series MP Drivers
Canon My Printer (x32)
Cisco Systems VPN Client 5.0.07.0290 (Version: 5.0.7)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Designer for Identity Manager (x32 Version: 4.0.0.0)
Desura (x32 Version: 100.53)
Diablo III (x32 Version: 1.0.2.9749)
DiRT (x32 Version: 1.00.0000)
DiRT 3 (x32 Version: 1.0.0000.130)
DiRT 3 (x32 Version: 1.0.0003.130)
DiRT Showdown (x32)
DiRT2 (x32 Version: 1.0.0002.133)
DiRT2 (x32 Version: 1.00.0000)
Dropbox (HKCU Version: 2.0.22)
EDGE (x32)
Edna & Harvey: Harvey's New Eyes Demo (x32)
Euro Truck Simulator 2 Demo (x32)
EVEREST Home Edition v2.20 (x32 Version: 2.20)
F1 2012 Demo (x32)
F1 Race Stars Demo (x32)
FastPictureViewer WIC Codec Pack 1.50 (x32 Version: 1.51.0.0)
Flyff (x32 Version: Flyff)
FLY'N (x32)
Google Chrome (HKCU Version: 27.0.1453.116)
Google Drive (x32 Version: 1.10.4769.632)
Google Update Helper (x32 Version: 1.3.21.149)
Grand Theft Auto IV (x32)
GRID (x32 Version: 1.00.0000)
GRID 2 (x32)
HP webOS SDK (Version: 3.0.676)
InfraRecorder 0.53 (x64 edition) (Version: 0.53.00.00)
IrfanView (remove only) (x32 Version: 4.35)
iTunes (Version: 11.0.4.4)
Java 7 Update 17 (64-bit) (Version: 7.0.170)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 31 (x32 Version: 6.0.310)
JavaFX 2.1.1 (x32 Version: 2.1.1)
KeePass Password Safe 2.22 (x32)
Kelly Slater's Pro Surfer(tm) (x32 Version: 1.00.0000)
Kobo (x32 Version: 3.0.1)
Ldap Admin Tool (x32 Version: 4.6)
LEGO® Der Herr der Ringe™ DEMO (x32 Version: 1.0.0.0)
LibreOffice 3.5 (x32 Version: 3.5.6.2)
LibreOffice 3.5 Help Pack (German) (x32 Version: 3.5.6.2)
Litecoin (HKCU Version: 0.6.3)
Lume (x32)
Mad Riders (x32)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 1.1 (x32)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser (x32 Version: 10.1.2531.0)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)
Microsoft SQL Server Compact 3.5 SP2 DEU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (Version: 3.5.8080.0)
Microsoft SQL Server System CLR Types (x32 Version: 10.50.1447.4)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft Visual C# 2010 Express - DEU (x32 Version: 10.0.30319)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2010 Express - DEU (x32 Version: 10.0.30319)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (Version: 2.0.50728)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (Version: 10.0.30319)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0)
Mozilla Firefox 19.0 (x86 de) (x32 Version: 19.0)
Mozilla Maintenance Service (x32 Version: 17.0.6)
Mozilla Thunderbird 17.0.6 (x86 de) (x32 Version: 17.0.6)
Napster 5 Beta (x32 Version: 1.0.61)
Napster Rienf Repair (x32 Version: 1.1.9)
NBA 2K10 (x32 Version: 1.0.0)
NBA 2K12 (x32)
NBA 2K13 (x32 Version: 1.0.0)
NBA 2K13 (x32)
Need for Speed: Hot Pursuit (x32)
Need For Speed™ World (x32 Version: 1.0.0.1229)
NICI (64 bit) (Version: 2.7.6)
NICI (Shared) U.S./Worldwide (128 bit) (2.7.6-1) (x32)
Notepad++ (x32 Version: 6.3.2)
NVIDIA 3D Vision Controller-Treiber 306.97 (Version: 306.97)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (x32 Version: 9.12.0604)
NVIDIA PhysX-Systemsoftware 9.12.0604 (Version: 9.12.0604)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OnLive (x32)
OpenAL (x32)
Oracle VM VirtualBox 4.0.16 (Version: 4.0.16)
PDF Architect (x32 Version: 1.0.41.8362)
PDFCreator (x32 Version: 1.6.0)
PokerStars.eu (x32)
PunkBuster Services (x32 Version: 0.991)
Python 2.6 pycrypto-2.1.0 (HKCU)
Python 2.6.2 (x32 Version: 2.6.2150)
QuickTime (x32 Version: 7.74.80.86)
R.U.S.E (x32)
RaceRoom Racing Experience  (x32)
Rapture3D 2.4.11 Game (x32)
Ridge Racer™ Unbounded Demo (x32)
Rocksmith Demo (x32)
RUSH (x32)
Secret Files 3 Demo (x32)
Service Pack 1 für SQL Server 2008 (KB 968369) (64-bit) (Version: 10.1.2531.0)
Shatter (x32)
ShootMania Storm Open Beta (x32)
SILKYPIX Developer Studio 3.0 SE (x32 Version: 3)
simfy (x32 Version: 1.7.3)
Spec Ops: The Line Demo (x32)
Splice Demo (x32)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)
SSH Secure Shell (x32)
Steam (x32 Version: 1.0.0.0)
The Banner Saga: Factions (x32)
The Tiny Bang Story (x32)
Toki Tori (x32)
tools-freebsd (x32 Version: 9.2.3.1031769)
tools-linux (x32 Version: 9.2.3.1031769)
tools-netware (x32 Version: 9.2.3.1031769)
tools-solaris (x32 Version: 9.2.3.1031769)
tools-windows (x32 Version: 9.2.3.1031769)
tools-winPre2k (x32 Version: 9.2.3.1031769)
TortoiseSVN 1.7.9.23248 (64 bit) (Version: 1.7.23248)
Total War: SHOGUN 2 (x32)
TrackMania Nations Forever (x32)
TrackMania² Stadium Open Beta (x32)
Trials Evolution Gold Edition - Demo (x32)
TuneUp Utilities (x32 Version: 9.0.6030.1)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 9.0.6030.1)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
Unity Web Player (HKCU Version: )
Unterstützungsdateien für Microsoft SQL Server 2008-Setup  (Version: 10.1.2731.0)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553092) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
uTorrentBar_DE Toolbar (x32 Version: 6.8.5.1)
VirtualCloneDrive (x32)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (x32 Version: 4.0.8080.0)
VLC media player 2.0.5 (x32 Version: 2.0.5)
VMware vSphere Client 5.0 (x32 Version: 5.0.0.29542)
VMware Workstation (Version: 9.0.2)
VMware Workstation (x32 Version: 9.0.2)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
WRC 3 FIA World Rally Championship Demo (x32 Version: 1.00.0000)
ZoneAlarm Antivirus (x32 Version: 10.2.081.000)
ZoneAlarm Firewall (x32 Version: 11.0.000.038)
ZoneAlarm Firewall (x32 Version: 11.0.000.504)
ZoneAlarm Free Firewall (x32 Version: 11.0.000.504)
ZoneAlarm Security (x32 Version: 11.0.000.038)
ZoneAlarm Security (x32 Version: 11.0.000.504)
ZoneAlarm Security Toolbar  (x32 Version: 1.8.11.11)

==================== Restore Points  =========================

03-07-2013 04:58:25 Windows Update
04-07-2013 18:52:49 DirectX wurde installiert
06-07-2013 05:16:29 Windows Update
07-07-2013 19:41:42 DirectX wurde installiert

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {07281ADD-633C-48ED-8D79-736A16480EA1} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe [2011-11-21] (TuneUp Software)
Task: {1FE65329-0460-4CDA-9D5B-E6344DB98F0D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-23] (Google Inc.)
Task: {2CD7773E-02DF-4C78-96E5-48A5F0940B6F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {412064ED-70C2-42A9-B34A-F288910F4E5C} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {42A1B454-A738-429A-9189-675304109DAA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {529B5A7A-742D-4B31-9AE8-A88FAE7DEE60} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3451269569-2079452642-3206440045-1012Core => C:\Users\mUserXYZ\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-24] (Google Inc.)
Task: {549FBE98-E267-433C-AC52-C3AFC2314489} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3451269569-2079452642-3206440045-1001UA => C:\Users\UserXYZ\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-16] (Google Inc.)
Task: {643E2858-8070-4160-A1D2-60DA80A7AD45} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {96BB410D-81E4-409E-ACFB-F3EF6C812E83} - System32\Tasks\Google Updater and Installer => C:\Users\UserXYZ\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-16] (Google Inc.)
Task: {A67F537B-57CC-4701-803B-3FE01FEA1BFC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-23] (Google Inc.)
Task: {CE281AE6-D307-47CA-887C-39E420FE37A1} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe [2013-06-13] (Lavasoft Limited)
Task: {DB191A84-DBDE-47C4-9CFA-049EFFE62BF8} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe No File
Task: {DE5311B8-0F0C-4D04-85B2-70221B00D21B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3451269569-2079452642-3206440045-1001Core => C:\Users\UserXYZ\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-16] (Google Inc.)
Task: {E4BB8DB6-7E75-4CA5-B11F-B7C999EA7B28} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E9222AF4-ADA9-4C3E-B8D3-324A76039B10} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3451269569-2079452642-3206440045-1012UA => C:\Users\mUserXYZ\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-24] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3451269569-2079452642-3206440045-1001Core.job => C:\Users\UserXYZ\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3451269569-2079452642-3206440045-1001UA.job => C:\Users\UserXYZ\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3451269569-2079452642-3206440045-1012Core.job => C:\Users\mUserXYZ\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3451269569-2079452642-3206440045-1012UA.job => C:\Users\mUserXYZ\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/08/2013 00:21:23 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/06/2013 08:24:30 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/05/2013 00:13:44 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/05/2013 09:31:09 AM) (Source: Bonjour Service) (User: )
Description: Local Hostname UserXYZ-PC.local already in use; will try UserXYZ-PC-2.local instead

Error: (07/05/2013 09:31:09 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 UserXYZ-PC.local. Addr 192.168.178.26

Error: (07/05/2013 09:31:09 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.22:5353    4 UserXYZ-PC.local. Addr 192.168.178.22

Error: (07/05/2013 09:31:09 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 UserXYZ-PC.local. AAAA FE80:0000:0000:0000:59CA:0260:1C83:5502

Error: (07/05/2013 09:31:09 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.22:5353    4 UserXYZ-PC.local. Addr 192.168.178.22

Error: (07/05/2013 09:31:09 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:    4 UserXYZ-PC.local. Addr 192.168.178.26

Error: (07/05/2013 09:31:09 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.22:5353    4 UserXYZ-PC.local. Addr 192.168.178.22


System errors:
=============
Error: (07/07/2013 09:24:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/07/2013 09:24:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/07/2013 09:22:32 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
SBRE

Error: (07/07/2013 08:43:14 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/07/2013 08:43:14 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/07/2013 08:41:13 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
SBRE

Error: (07/06/2013 07:14:15 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/06/2013 07:14:15 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/06/2013 07:12:06 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
SBRE

Error: (07/05/2013 09:17:30 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR5 gefunden.


Microsoft Office Sessions:
=========================
Error: (07/08/2013 00:21:23 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Python26\Lib\distutils\command\wininst-8_d.exe

Error: (07/06/2013 08:24:30 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Python26\Lib\distutils\command\wininst-8_d.exe

Error: (07/05/2013 00:13:44 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Python26\Lib\distutils\command\wininst-8_d.exe

Error: (07/05/2013 09:31:09 AM) (Source: Bonjour Service)(User: )
Description: Local Hostname UserXYZ-PC.local already in use; will try UserXYZ-PC-2.local instead

Error: (07/05/2013 09:31:09 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 UserXYZ-PC.local. Addr 192.168.178.26

Error: (07/05/2013 09:31:09 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.22:5353    4 UserXYZ-PC.local. Addr 192.168.178.22

Error: (07/05/2013 09:31:09 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 UserXYZ-PC.local. AAAA FE80:0000:0000:0000:59CA:0260:1C83:5502

Error: (07/05/2013 09:31:09 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.22:5353    4 UserXYZ-PC.local. Addr 192.168.178.22

Error: (07/05/2013 09:31:09 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:    4 UserXYZ-PC.local. Addr 192.168.178.26

Error: (07/05/2013 09:31:09 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.22:5353    4 UserXYZ-PC.local. Addr 192.168.178.22


CodeIntegrity Errors:
===================================
  Date: 2013-07-08 13:25:37.583
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-08 08:51:43.382
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-07 21:50:18.445
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-07 21:00:41.892
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-07 20:47:20.002
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-07 19:42:51.439
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-07 15:54:24.384
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-07 12:46:28.361
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-06 22:13:39.301
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-05 22:02:35.272
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 54%
Total physical RAM: 6135.11 MB
Available physical RAM: 2788.97 MB
Total Pagefile: 12268.41 MB
Available Pagefile: 8310.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:116.3 GB) NTFS (Disk=0 Partition=2)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 2BAB359D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 09.07.2013, 07:31

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST Log bitte.

BBall247 · 09.07.2013, 08:00

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v2.304 - Datei am 09/07/2013 um 08:36:02 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : UserXYZ - UserXYZ-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\UserXYZ\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Gelöscht mit Neustart : C:\Users\UserXYZ\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0 (de)

Datei : C:\Users\UserXYZ\AppData\Roaming\Mozilla\Firefox\Profiles\n81625pk.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\mUserXYZ\AppData\Roaming\Mozilla\Firefox\Profiles\285nkh60.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v27.0.1453.116

Datei : C:\Users\UserXYZ\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\mUserXYZ\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [12489 octets] - [08/07/2013 17:05:46]
AdwCleaner[S2].txt - [1396 octets] - [08/07/2013 17:11:07]
AdwCleaner[S3].txt - [1456 octets] - [08/07/2013 17:49:52]
AdwCleaner[S4].txt - [1516 octets] - [08/07/2013 21:48:05]
AdwCleaner[S5].txt - [1447 octets] - [09/07/2013 08:36:02]

########## EOF - C:\AdwCleaner[S5].txt - [1507 octets] ##########

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.7 (07.08.2013:2)
OS: Windows 7 Home Premium x64
Ran by UserXYZ on 09.07.2013 at  8:46:14,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\UserXYZ\appdata\local\adawarebp"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.07.2013 at  8:53:05,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2013
Ran by UserXYZ (administrator) on 09-07-2013 08:55:46
Running from C:\Users\UserXYZ\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Palm) C:\Program Files (x86)\HP webOS\SDK\bin\novacomd\x86\novacomd.exe
() C:\Program Files (x86)\HP webOS\PDK\tcprelay.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Dropbox, Inc.) C:\Users\UserXYZ\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Lavasoft Limited) C:\PROGRA~2\AD-AWA~1\AdAware.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\UserXYZ\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden" [1127592 2012-11-22] (Check Point Software Technologies)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
MountPoints2: {5438a09c-3c9f-11e2-b68c-aa33643e05aa} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Start.hta
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [73832 2013-03-27] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [554408 2013-05-15] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
Startup: C:\Users\UserXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\UserXYZ\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\mUserXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\UserXYZ\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\mUserXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_1&ent=hp&u=F5A84FECF9C6DE24E3FE8651D9BD1FBD
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Expat Shield Class - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\zonealarmTlbr.dll (Check Point Software Technologies LTD)
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: msdaipp - No CLSID Value - 
Handler-x32: msdaipp - No CLSID Value - 
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\UserXYZ\AppData\Roaming\Mozilla\Firefox\Profiles\n81625pk.default
FF Homepage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_1&ent=hp&u=F5A84FECF9C6DE24E3FE8651D9BD1FBD
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @vmware.com/vmrc,version=2.5.0.00000 - C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @onlive.com/OnLiveGameClientDetector,version=1.0.0 - C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\UserXYZ\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: fhdp3 - C:\Users\UserXYZ\AppData\Roaming\Mozilla\Firefox\Profiles\n81625pk.default\Extensions\fhdp3@freehdsp.tv.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (VMware Remote Console and Client Integration Plug-in) - C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (OnLive Game Client Detector) - C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\UserXYZ\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (FreeHDSport TV 3) - C:\Users\UserXYZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdbmopeebalgaeghmjoegpkngglikgn\3.0_0

==================== Services (Whitelisted) =================

R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 NovacomD; C:\Program Files (x86)\HP webOS\SDK\bin\novacomd\x86\novacomd.exe [61440 2011-09-19] (Palm)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4229912 2011-11-28] (INCA Internet Co., Ltd.)
R2 Palm_TCP_Relay; C:\Program Files (x86)\HP webOS\PDK\tcprelay.exe [11776 2011-12-21] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-07-04] ()
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2013-03-09] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-11-21] (TuneUp Software)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [13242960 2013-02-26] ()
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-03-27] (Check Point Software Technologies LTD)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] ()
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-07] (GFI Software)
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2012-01-09] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2012-01-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [485680 2012-01-09] (Kaspersky Lab)
S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [29184 2011-12-20] (hxxp://libusb-win32.sourceforge.net)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-03-20] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-03-20] (RapidSolution Software AG)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-24] (TuneUp Software)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
S3 EverestDriver; \??\C:\Users\UserXYZ\AppData\Local\Temp\EverestDriver.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-09 08:54 - 2013-07-09 08:54 - 00000704 ____A C:\Users\UserXYZ\Desktop\JRTmod.txt
2013-07-09 08:53 - 2013-07-09 08:53 - 00000700 ____A C:\Users\UserXYZ\Desktop\JRT.txt
2013-07-09 08:42 - 2013-07-09 08:42 - 00001590 ____A C:\Users\UserXYZ\Desktop\AdwCleaner[S5]mod.txt
2013-07-09 08:41 - 2013-07-09 08:36 - 00001576 ____A C:\Users\UserXYZ\Desktop\AdwCleaner[S5].txt
2013-07-09 08:36 - 2013-07-09 08:36 - 00001576 ____A C:\AdwCleaner[S5].txt
2013-07-09 08:23 - 2013-07-09 08:23 - 00029485 ____A C:\Users\UserXYZ\Downloads\AdditionMOD.txt
2013-07-09 08:22 - 2013-07-09 08:22 - 00052773 ____A C:\Users\UserXYZ\Downloads\FRSTmod.txt
2013-07-09 08:16 - 2013-07-09 08:16 - 01776219 ____A (Farbar) C:\Users\UserXYZ\Downloads\FRST64 (1).exe
2013-07-09 07:55 - 2013-07-09 07:55 - 00102152 ____A C:\Users\UserXYZ\Downloads\OTLmod.txt
2013-07-09 07:53 - 2013-07-09 07:53 - 00012773 ____A C:\Users\UserXYZ\Downloads\hijackthisMOD.txt
2013-07-09 07:36 - 2013-07-09 07:36 - 00000472 ____A C:\Users\UserXYZ\Downloads\defogger_disable.log
2013-07-09 07:36 - 2013-07-09 07:36 - 00000000 ____A C:\Users\UserXYZ\defogger_reenable
2013-07-09 07:35 - 2013-07-09 07:35 - 00050477 ____A C:\Users\UserXYZ\Downloads\Defogger.exe
2013-07-08 22:15 - 2013-07-09 07:37 - 00000000 ____D C:\Users\UserXYZ\Downloads\backups
2013-07-08 22:11 - 2013-07-09 06:06 - 00012767 ____A C:\Users\UserXYZ\Downloads\hijackthis.log
2013-07-08 22:10 - 2013-07-08 22:10 - 00388608 ____A (Trend Micro Inc.) C:\Users\UserXYZ\Downloads\hijackthis.exe
2013-07-08 22:01 - 2013-07-08 22:01 - 00002259 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-08 21:53 - 2013-07-08 21:53 - 00536125 ____A C:\Users\UserXYZ\Documents\bookmarks_08.07.13.html
2013-07-08 21:48 - 2013-07-08 21:48 - 00001516 ____A C:\AdwCleaner[S4].txt
2013-07-08 21:10 - 2013-07-09 07:46 - 00101816 ____A C:\Users\UserXYZ\Downloads\OTL.Txt
2013-07-08 21:10 - 2013-07-08 21:10 - 00121126 ____A C:\Users\UserXYZ\Downloads\Extras.Txt
2013-07-08 20:25 - 2013-07-08 20:25 - 00602112 ____A (OldTimer Tools) C:\Users\UserXYZ\Downloads\OTL.exe
2013-07-08 20:22 - 2013-07-08 21:47 - 00023764 ____A C:\Users\UserXYZ\Downloads\SystemLook.txt
2013-07-08 20:21 - 2013-07-08 20:21 - 00139264 ____A C:\Users\UserXYZ\Downloads\SystemLook.exe
2013-07-08 20:21 - 2013-07-08 20:21 - 00001796 ____A C:\sc-cleaner.txt
2013-07-08 20:20 - 2013-07-08 20:20 - 00406144 ____A (Bleeping Computer, LLC) C:\Users\UserXYZ\Downloads\sc-cleaner.exe
2013-07-08 19:55 - 2013-07-08 19:55 - 00000000 ____D C:\Windows\pss
2013-07-08 17:49 - 2013-07-08 17:50 - 00001456 ____A C:\AdwCleaner[S3].txt
2013-07-08 17:27 - 2013-07-08 17:27 - 00001994 ____A C:\Users\UserXYZ\Downloads\JRT.txt
2013-07-08 17:20 - 2013-07-08 17:20 - 00000000 ____D C:\Windows\ERUNT
2013-07-08 17:19 - 2013-07-09 08:45 - 00000000 ____D C:\JRT
2013-07-08 17:19 - 2013-07-08 17:19 - 00547139 ____A (Oleg N. Scherbakov) C:\Users\UserXYZ\Downloads\JRT.exe
2013-07-08 17:11 - 2013-07-08 17:12 - 00001396 ____A C:\AdwCleaner[S2].txt
2013-07-08 17:06 - 2013-07-09 08:36 - 00000655 ____A C:\Windows\DeleteOnReboot.bat
2013-07-08 17:05 - 2013-07-08 17:06 - 00012489 ____A C:\AdwCleaner[S1].txt
2013-07-08 17:03 - 2013-07-08 17:03 - 00029435 ____A C:\Users\UserXYZ\Downloads\Addition.txt
2013-07-08 17:02 - 2013-07-08 17:02 - 00000000 ____D C:\FRST
2013-07-08 17:01 - 2013-07-08 17:01 - 00650027 ____A C:\Users\UserXYZ\Downloads\adwcleaner.exe
2013-07-08 17:00 - 2013-07-08 17:00 - 01934636 ____A (Farbar) C:\Users\UserXYZ\Downloads\FRST64.exe
2013-07-07 21:20 - 2013-07-07 21:20 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-07-07 21:18 - 2013-07-07 21:18 - 00000000 ____D C:\Users\UserXYZ\AppData\Roaming\LavasoftStatistics
2013-07-07 21:11 - 2013-07-07 21:22 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-07-07 21:11 - 2013-07-07 21:11 - 00000000 ____D C:\ProgramData\Lavasoft
2013-07-07 21:10 - 2013-07-07 21:10 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-07-07 21:10 - 2013-07-07 21:10 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-07-07 21:10 - 2013-07-07 21:10 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-07-07 21:09 - 2013-07-08 17:35 - 00000000 ____D C:\Users\UserXYZ\AppData\Roaming\Ad-Aware Antivirus
2013-07-07 21:09 - 2013-07-07 21:09 - 00047496 ____A (GFI Software) C:\Windows\System32\sbbd.exe
2013-07-07 21:09 - 2013-07-07 21:09 - 00014456 ____A (GFI Software) C:\Windows\System32\Drivers\gfibto.sys
2013-07-07 21:08 - 2013-07-07 21:08 - 05616264 ____A (Lavasoft Limited) C:\Users\UserXYZ\Downloads\Adaware_Installer.exe
2013-07-07 15:52 - 2013-07-07 19:46 - 00000000 ____D C:\Program Files (x86)\FirstRowSportApp.com
2013-07-07 15:52 - 2013-07-07 15:52 - 00000000 ____D C:\Program Files (x86)\FreeHDSport.TV
2013-07-05 07:34 - 2013-07-05 07:34 - 00065694 ____A C:\Users\UserXYZ\Downloads\B - Modulbeschreibung + Stoffverteilungsplan + Prüfungshinweise.zip
2013-07-05 07:34 - 2013-07-05 07:34 - 00000000 ____D C:\Users\UserXYZ\Downloads\B - Modulbeschreibung + Stoffverteilungsplan + Prüfungshinweise
2013-07-04 20:55 - 2013-07-04 20:58 - 00000000 ____D C:\Users\UserXYZ\Documents\Assassin's Creed III
2013-07-04 20:55 - 2013-07-04 20:09 - 03123272 ____A C:\Windows\SysWOW64\pbsvc.exe
2013-07-03 19:51 - 2013-07-03 19:51 - 00983408 ____A (Amazon Services LLC) C:\Users\UserXYZ\Downloads\R_U_S_E_Downloader.exe
2013-07-03 19:43 - 2013-07-03 19:43 - 00000000 ____D C:\Users\UserXYZ\Documents\Assassin's Creed III (Online Game Code)
2013-07-03 19:42 - 2013-07-03 19:42 - 00983408 ____A (Amazon Services LLC) C:\Users\UserXYZ\Downloads\Assassin_s_Creed_III_Online_Game_Code_Downloader.exe
2013-06-29 15:35 - 2013-06-29 15:35 - 01670182 ____A C:\Users\UserXYZ\Desktop\Das geraubte Leben des Waisen Jun Do - R - Suhrkamp-Verlag _Berlin_.epub
2013-06-29 15:33 - 2013-06-29 15:42 - 386149070 ____A C:\Users\UserXYZ\Downloads\Platzhirsch.wma
2013-06-29 15:33 - 2013-06-29 15:33 - 00001622 ____A C:\Users\UserXYZ\Downloads\URLLink (26).acsm
2013-06-28 05:59 - 2013-06-28 05:59 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-26 20:55 - 2013-06-28 05:59 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-26 20:55 - 2013-06-28 05:59 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-25 20:45 - 2013-06-25 20:45 - 00001106 ____A C:\Users\UpdatusUser\Desktop\EVEREST Home Edition.lnk
2013-06-25 20:45 - 2013-06-25 20:45 - 00000000 ____D C:\Program Files (x86)\Lavalys
2013-06-25 20:44 - 2013-06-25 20:44 - 04179293 ____A (Lavalys, Inc.                                               ) C:\Users\UserXYZ\Downloads\everesthome220.exe
2013-06-25 10:01 - 2013-06-25 10:01 - 00001659 ____A C:\Users\UserXYZ\Downloads\URLLink (23).acsm
2013-06-25 10:01 - 2013-06-25 10:01 - 00001656 ____A C:\Users\UserXYZ\Downloads\URLLink (25).acsm
2013-06-25 10:01 - 2013-06-25 10:01 - 00001496 ____A C:\Users\UserXYZ\Downloads\URLLink (24).acsm
2013-06-25 10:00 - 2013-06-25 10:00 - 00001533 ____A C:\Users\UserXYZ\Downloads\URLLink (22).acsm
2013-06-23 12:06 - 2013-06-23 12:06 - 00019456 ____A C:\Users\UserXYZ\Downloads\2008 - 05.xls
2013-06-23 11:43 - 2013-06-23 11:44 - 00000000 ____D C:\Users\UserXYZ\Downloads\Hohe (4)
2013-06-23 11:43 - 2013-06-23 11:43 - 14710116 ____A C:\Users\UserXYZ\Downloads\Hohe (4).zip
2013-06-23 09:37 - 2013-06-23 09:37 - 00000000 ____D C:\Users\UserXYZ\AppData\LocalGoogle
2013-06-23 09:36 - 2013-07-09 08:51 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-23 09:36 - 2013-07-09 08:38 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-23 09:35 - 2013-07-08 22:00 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-20 14:02 - 2013-06-20 14:02 - 00000000 ____D C:\Users\UserXYZ\Downloads\Mediencenter
2013-06-20 14:01 - 2013-06-20 14:01 - 07565804 ____A C:\Users\UserXYZ\Downloads\Mediencenter.zip
2013-06-18 20:32 - 2013-06-18 20:32 - 00019456 ____A C:\Users\UserXYZ\Downloads\2013 - 01.xls
2013-06-18 20:31 - 2013-06-18 20:31 - 00020480 ____A C:\Users\UserXYZ\Downloads\2013 - 03.xls
2013-06-18 20:31 - 2013-06-18 20:31 - 00019968 ____A C:\Users\UserXYZ\Downloads\2013 - 05.xls
2013-06-18 20:31 - 2013-06-18 20:31 - 00019968 ____A C:\Users\UserXYZ\Downloads\2013 - 02.xls
2013-06-18 20:31 - 2013-06-18 20:31 - 00019456 ____A C:\Users\UserXYZ\Downloads\2013 - 04.xls
2013-06-18 20:29 - 2013-06-18 20:29 - 00020480 ____A C:\Users\UserXYZ\Downloads\2012 - 03.xls
2013-06-18 10:56 - 2013-06-24 22:01 - 00000000 ____D C:\Users\UserXYZ\Documents\NBA 2K Audio Editor
2013-06-18 10:44 - 2013-06-18 10:44 - 01005568 ____A (Microsoft Corporation) C:\Users\UserXYZ\Downloads\dotNetFx45_Full_setup.exe
2013-06-17 21:42 - 2013-06-17 21:51 - 259574738 ____A C:\Users\UserXYZ\Downloads\Bastian Pastewka liest -Jochen oder die Nacht des Hasen-.wma
2013-06-16 16:00 - 2013-06-16 16:09 - 292466642 ____A C:\Users\UserXYZ\Downloads\Cordula Stratmann liest -Danke für meine Aufmerksamkeit-.wma
2013-06-15 23:27 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 23:27 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 23:27 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 23:27 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 23:27 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 23:27 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 23:27 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 23:27 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 23:27 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 23:27 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 23:27 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 23:27 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 21:41 - 2013-06-13 21:53 - 303623912 ____A C:\Users\UserXYZ\Downloads\Oliver Kalkofe liest Roger Schmelzer -Die besten zehn Sekunden meines Lebens.wma
2013-06-12 22:48 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 22:48 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 22:48 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 22:48 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 22:48 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 22:48 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 22:48 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 22:48 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 22:48 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 22:48 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 22:48 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 22:48 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 22:48 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 22:48 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 22:48 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 22:48 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 22:48 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 22:48 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 22:48 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 19:33 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 19:33 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 19:33 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 19:33 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 19:33 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 19:33 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 19:33 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 19:33 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 19:33 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 19:33 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 19:33 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 19:33 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 19:33 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 19:33 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 19:33 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 19:33 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 19:33 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 19:33 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 19:33 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 16:30 - 2013-06-11 16:30 - 00169472 ____A C:\Users\UserXYZ\Downloads\_Thumbs (3).db
2013-06-11 09:10 - 2013-06-11 09:10 - 00000000 ____D C:\Users\mUserXYZ\AppData\Roaming\2K Sports
2013-06-11 09:03 - 2013-07-05 06:01 - 02369024 ____A C:\Users\mUserXYZ\Desktop\Arbeitszeitnachweis_2013.xls
2013-06-09 13:21 - 2013-06-09 13:21 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-09 13:21 - 2013-06-09 13:21 - 00000000 ____D C:\Program Files\iTunes
2013-06-09 13:21 - 2013-06-09 13:21 - 00000000 ____D C:\Program Files\iPod
2013-06-09 13:21 - 2013-06-09 13:21 - 00000000 ____D C:\Program Files (x86)\iTunes

==================== One Month Modified Files and Folders =======

2013-07-09 08:54 - 2013-07-09 08:54 - 00000704 ____A C:\Users\UserXYZ\Desktop\JRTmod.txt
2013-07-09 08:53 - 2013-07-09 08:53 - 00000700 ____A C:\Users\UserXYZ\Desktop\JRT.txt
2013-07-09 08:51 - 2013-06-23 09:36 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-09 08:50 - 2012-09-24 12:00 - 00001128 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3451269569-2079452642-3206440045-1012UA.job
2013-07-09 08:47 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-09 08:47 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-09 08:45 - 2013-07-08 17:19 - 00000000 ____D C:\JRT
2013-07-09 08:42 - 2013-07-09 08:42 - 00001590 ____A C:\Users\UserXYZ\Desktop\AdwCleaner[S5]mod.txt
2013-07-09 08:41 - 2012-09-25 19:04 - 00000000 ____D C:\Users\UserXYZ\AppData\Roaming\Dropbox
2013-07-09 08:40 - 2012-09-25 19:07 - 00000000 ___RD C:\Users\UserXYZ\Dropbox
2013-07-09 08:38 - 2013-06-23 09:36 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-09 08:38 - 2012-10-01 08:20 - 00000000 ____D C:\ProgramData\VMware
2013-07-09 08:37 - 2012-02-16 13:28 - 00321028 ____A C:\Windows\PFRO.log
2013-07-09 08:37 - 2012-02-16 11:38 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-09 08:37 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-09 08:37 - 2009-07-14 06:51 - 00072027 ____A C:\Windows\setupact.log
2013-07-09 08:36 - 2013-07-09 08:41 - 00001576 ____A C:\Users\UserXYZ\Desktop\AdwCleaner[S5].txt
2013-07-09 08:36 - 2013-07-09 08:36 - 00001576 ____A C:\AdwCleaner[S5].txt
2013-07-09 08:36 - 2013-07-08 17:06 - 00000655 ____A C:\Windows\DeleteOnReboot.bat
2013-07-09 08:36 - 2012-02-16 11:34 - 01729661 ____A C:\Windows\WindowsUpdate.log
2013-07-09 08:23 - 2013-07-09 08:23 - 00029485 ____A C:\Users\UserXYZ\Downloads\AdditionMOD.txt
2013-07-09 08:22 - 2013-07-09 08:22 - 00052773 ____A C:\Users\UserXYZ\Downloads\FRSTmod.txt
2013-07-09 08:16 - 2013-07-09 08:16 - 01776219 ____A (Farbar) C:\Users\UserXYZ\Downloads\FRST64 (1).exe
2013-07-09 08:12 - 2012-05-05 09:45 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-09 07:55 - 2013-07-09 07:55 - 00102152 ____A C:\Users\UserXYZ\Downloads\OTLmod.txt
2013-07-09 07:53 - 2013-07-09 07:53 - 00012773 ____A C:\Users\UserXYZ\Downloads\hijackthisMOD.txt
2013-07-09 07:46 - 2013-07-08 21:10 - 00101816 ____A C:\Users\UserXYZ\Downloads\OTL.Txt
2013-07-09 07:37 - 2013-07-08 22:15 - 00000000 ____D C:\Users\UserXYZ\Downloads\backups
2013-07-09 07:36 - 2013-07-09 07:36 - 00000472 ____A C:\Users\UserXYZ\Downloads\defogger_disable.log
2013-07-09 07:36 - 2013-07-09 07:36 - 00000000 ____A C:\Users\UserXYZ\defogger_reenable
2013-07-09 07:36 - 2012-02-16 11:35 - 00000000 ____D C:\users\UserXYZ
2013-07-09 07:35 - 2013-07-09 07:35 - 00050477 ____A C:\Users\UserXYZ\Downloads\Defogger.exe
2013-07-09 06:06 - 2013-07-08 22:11 - 00012767 ____A C:\Users\UserXYZ\Downloads\hijackthis.log
2013-07-09 06:03 - 2012-09-24 13:38 - 00000000 ____D C:\Users\UserXYZ\AppData\Local\TSVNCache
2013-07-08 22:23 - 2009-07-14 19:58 - 00779858 ____A C:\Windows\System32\perfh007.dat
2013-07-08 22:23 - 2009-07-14 19:58 - 00181698 ____A C:\Windows\System32\perfc007.dat
2013-07-08 22:23 - 2009-07-14 07:13 - 01848388 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-08 22:17 - 2013-03-29 23:37 - 00011007 ____A C:\Windows\IE10_main.log
2013-07-08 22:11 - 2012-02-16 11:35 - 00000000 ____D C:\Users\UserXYZ\AppData\Local\VirtualStore
2013-07-08 22:10 - 2013-07-08 22:10 - 00388608 ____A (Trend Micro Inc.) C:\Users\UserXYZ\Downloads\hijackthis.exe
2013-07-08 22:01 - 2013-07-08 22:01 - 00002259 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-08 22:01 - 2012-02-16 11:39 - 00000000 ____D C:\Users\UserXYZ\AppData\Local\Google
2013-07-08 22:00 - 2013-06-23 09:35 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-08 21:53 - 2013-07-08 21:53 - 00536125 ____A C:\Users\UserXYZ\Documents\bookmarks_08.07.13.html
2013-07-08 21:48 - 2013-07-08 21:48 - 00001516 ____A C:\AdwCleaner[S4].txt
2013-07-08 21:47 - 2013-07-08 20:22 - 00023764 ____A C:\Users\UserXYZ\Downloads\SystemLook.txt
2013-07-08 21:10 - 2013-07-08 21:10 - 00121126 ____A C:\Users\UserXYZ\Downloads\Extras.Txt
2013-07-08 20:25 - 2013-07-08 20:25 - 00602112 ____A (OldTimer Tools) C:\Users\UserXYZ\Downloads\OTL.exe
2013-07-08 20:21 - 2013-07-08 20:21 - 00139264 ____A C:\Users\UserXYZ\Downloads\SystemLook.exe
2013-07-08 20:21 - 2013-07-08 20:21 - 00001796 ____A C:\sc-cleaner.txt
2013-07-08 20:20 - 2013-07-08 20:20 - 00406144 ____A (Bleeping Computer, LLC) C:\Users\UserXYZ\Downloads\sc-cleaner.exe
2013-07-08 19:55 - 2013-07-08 19:55 - 00000000 ____D C:\Windows\pss
2013-07-08 17:50 - 2013-07-08 17:49 - 00001456 ____A C:\AdwCleaner[S3].txt
2013-07-08 17:35 - 2013-07-07 21:09 - 00000000 ____D C:\Users\UserXYZ\AppData\Roaming\Ad-Aware Antivirus
2013-07-08 17:27 - 2013-07-08 17:27 - 00001994 ____A C:\Users\UserXYZ\Downloads\JRT.txt
2013-07-08 17:20 - 2013-07-08 17:20 - 00000000 ____D C:\Windows\ERUNT
2013-07-08 17:19 - 2013-07-08 17:19 - 00547139 ____A (Oleg N. Scherbakov) C:\Users\UserXYZ\Downloads\JRT.exe
2013-07-08 17:12 - 2013-07-08 17:11 - 00001396 ____A C:\AdwCleaner[S2].txt
2013-07-08 17:06 - 2013-07-08 17:05 - 00012489 ____A C:\AdwCleaner[S1].txt
2013-07-08 17:06 - 2012-10-22 07:17 - 00000000 ____D C:\Users\mUserXYZ\AppData\Roaming\CheckPoint
2013-07-08 17:03 - 2013-07-08 17:03 - 00029435 ____A C:\Users\UserXYZ\Downloads\Addition.txt
2013-07-08 17:02 - 2013-07-08 17:02 - 00000000 ____D C:\FRST
2013-07-08 17:01 - 2013-07-08 17:01 - 00650027 ____A C:\Users\UserXYZ\Downloads\adwcleaner.exe
2013-07-08 17:00 - 2013-07-08 17:00 - 01934636 ____A (Farbar) C:\Users\UserXYZ\Downloads\FRST64.exe
2013-07-08 12:50 - 2012-09-24 12:00 - 00001076 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3451269569-2079452642-3206440045-1012Core.job
2013-07-07 22:14 - 2012-02-20 14:14 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-07 21:45 - 2012-02-20 19:37 - 00893117 ____A C:\Windows\DirectX.log
2013-07-07 21:22 - 2013-07-07 21:11 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-07-07 21:20 - 2013-07-07 21:20 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-07-07 21:18 - 2013-07-07 21:18 - 00000000 ____D C:\Users\UserXYZ\AppData\Roaming\LavasoftStatistics
2013-07-07 21:11 - 2013-07-07 21:11 - 00000000 ____D C:\ProgramData\Lavasoft
2013-07-07 21:10 - 2013-07-07 21:10 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-07-07 21:10 - 2013-07-07 21:10 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-07-07 21:10 - 2013-07-07 21:10 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-07-07 21:09 - 2013-07-07 21:09 - 00047496 ____A (GFI Software) C:\Windows\System32\sbbd.exe
2013-07-07 21:09 - 2013-07-07 21:09 - 00014456 ____A (GFI Software) C:\Windows\System32\Drivers\gfibto.sys
2013-07-07 21:08 - 2013-07-07 21:08 - 05616264 ____A (Lavasoft Limited) C:\Users\UserXYZ\Downloads\Adaware_Installer.exe
2013-07-07 19:46 - 2013-07-07 15:52 - 00000000 ____D C:\Program Files (x86)\FirstRowSportApp.com
2013-07-07 15:52 - 2013-07-07 15:52 - 00000000 ____D C:\Program Files (x86)\FreeHDSport.TV
2013-07-05 11:39 - 2012-10-01 08:22 - 00000000 ____D C:\Users\mUserXYZ\AppData\Roaming\VMware
2013-07-05 11:39 - 2012-10-01 08:21 - 00000000 ____D C:\Users\mUserXYZ\AppData\Local\VMware
2013-07-05 07:34 - 2013-07-05 07:34 - 00065694 ____A C:\Users\UserXYZ\Downloads\B - Modulbeschreibung + Stoffverteilungsplan + Prüfungshinweise.zip
2013-07-05 07:34 - 2013-07-05 07:34 - 00000000 ____D C:\Users\UserXYZ\Downloads\B - Modulbeschreibung + Stoffverteilungsplan + Prüfungshinweise
2013-07-05 07:18 - 2012-10-30 15:28 - 00000000 ____D C:\Users\mUserXYZ\AppData\Roaming\KeePass
2013-07-05 07:00 - 2013-05-21 08:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-05 06:04 - 2012-09-25 09:33 - 00000000 ____D C:\Users\mUserXYZ\AppData\Roaming\Dropbox
2013-07-05 06:01 - 2013-06-11 09:03 - 02369024 ____A C:\Users\mUserXYZ\Desktop\Arbeitszeitnachweis_2013.xls
2013-07-05 05:59 - 2012-09-25 09:35 - 00000000 ___RD C:\Users\mUserXYZ\Dropbox
2013-07-04 20:58 - 2013-07-04 20:55 - 00000000 ____D C:\Users\UserXYZ\Documents\Assassin's Creed III
2013-07-04 20:55 - 2013-03-17 21:31 - 00189248 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2013-07-04 20:55 - 2013-03-17 21:31 - 00075136 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2013-07-04 20:09 - 2013-07-04 20:55 - 03123272 ____A C:\Windows\SysWOW64\pbsvc.exe
2013-07-03 19:51 - 2013-07-03 19:51 - 00983408 ____A (Amazon Services LLC) C:\Users\UserXYZ\Downloads\R_U_S_E_Downloader.exe
2013-07-03 19:43 - 2013-07-03 19:43 - 00000000 ____D C:\Users\UserXYZ\Documents\Assassin's Creed III (Online Game Code)
2013-07-03 19:42 - 2013-07-03 19:42 - 00983408 ____A (Amazon Services LLC) C:\Users\UserXYZ\Downloads\Assassin_s_Creed_III_Online_Game_Code_Downloader.exe
2013-07-02 15:36 - 2012-10-01 07:38 - 00009486 ____A C:\Users\mUserXYZ\Documents\UserXYZUserXYZ.kdbx
2013-06-29 15:42 - 2013-06-29 15:33 - 386149070 ____A C:\Users\UserXYZ\Downloads\Platzhirsch.wma
2013-06-29 15:35 - 2013-06-29 15:35 - 01670182 ____A C:\Users\UserXYZ\Desktop\Das geraubte Leben des Waisen Jun Do - R - Suhrkamp-Verlag _Berlin_.epub
2013-06-29 15:35 - 2012-02-16 13:56 - 00000000 ____D C:\Users\UserXYZ\Calibre Bibliothek
2013-06-29 15:34 - 2012-02-16 14:07 - 00000000 ____D C:\Users\UserXYZ\Documents\My Digital Editions
2013-06-29 15:33 - 2013-06-29 15:33 - 00001622 ____A C:\Users\UserXYZ\Downloads\URLLink (26).acsm
2013-06-28 19:00 - 2012-09-09 18:36 - 00000000 ____D C:\Users\UserXYZ\AppData\Local\Akamai
2013-06-28 05:59 - 2013-06-28 05:59 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-28 05:59 - 2013-06-26 20:55 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-28 05:59 - 2013-06-26 20:55 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-28 05:59 - 2013-03-19 14:57 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-06-28 05:59 - 2012-02-16 11:47 - 01030952 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-06-28 05:59 - 2012-02-16 11:47 - 00378944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-06-25 20:45 - 2013-06-25 20:45 - 00001106 ____A C:\Users\UpdatusUser\Desktop\EVEREST Home Edition.lnk
2013-06-25 20:45 - 2013-06-25 20:45 - 00000000 ____D C:\Program Files (x86)\Lavalys
2013-06-25 20:44 - 2013-06-25 20:44 - 04179293 ____A (Lavalys, Inc.                                               ) C:\Users\UserXYZ\Downloads\everesthome220.exe
2013-06-25 10:09 - 2012-02-28 13:44 - 00000000 ____D C:\Users\UserXYZ\Documents\Reading
2013-06-25 10:01 - 2013-06-25 10:01 - 00001659 ____A C:\Users\UserXYZ\Downloads\URLLink (23).acsm
2013-06-25 10:01 - 2013-06-25 10:01 - 00001656 ____A C:\Users\UserXYZ\Downloads\URLLink (25).acsm
2013-06-25 10:01 - 2013-06-25 10:01 - 00001496 ____A C:\Users\UserXYZ\Downloads\URLLink (24).acsm
2013-06-25 10:00 - 2013-06-25 10:00 - 00001533 ____A C:\Users\UserXYZ\Downloads\URLLink (22).acsm
2013-06-25 07:34 - 2012-09-24 12:00 - 00000000 ____D C:\Users\mUserXYZ\AppData\Local\Google
2013-06-25 06:42 - 2012-09-25 09:27 - 00000000 ____D C:\Users\mUserXYZ\AppData\Local\TSVNCache
2013-06-24 22:01 - 2013-06-18 10:56 - 00000000 ____D C:\Users\UserXYZ\Documents\NBA 2K Audio Editor
2013-06-24 21:28 - 2012-10-21 20:10 - 00000000 ____D C:\Users\UserXYZ\Desktop\2k13
2013-06-23 12:06 - 2013-06-23 12:06 - 00019456 ____A C:\Users\UserXYZ\Downloads\2008 - 05.xls
2013-06-23 11:44 - 2013-06-23 11:43 - 00000000 ____D C:\Users\UserXYZ\Downloads\Hohe (4)
2013-06-23 11:43 - 2013-06-23 11:43 - 14710116 ____A C:\Users\UserXYZ\Downloads\Hohe (4).zip
2013-06-23 09:37 - 2013-06-23 09:37 - 00000000 ____D C:\Users\UserXYZ\AppData\LocalGoogle
2013-06-22 08:55 - 2012-02-16 11:47 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-06-21 23:36 - 2013-04-21 09:45 - 00010601 ____A C:\Users\UserXYZ\Documents\Playoffs2013.xlsx
2013-06-20 14:02 - 2013-06-20 14:02 - 00000000 ____D C:\Users\UserXYZ\Downloads\Mediencenter
2013-06-20 14:01 - 2013-06-20 14:01 - 07565804 ____A C:\Users\UserXYZ\Downloads\Mediencenter.zip
2013-06-19 22:21 - 2012-02-20 14:45 - 01821732 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-18 20:32 - 2013-06-18 20:32 - 00019456 ____A C:\Users\UserXYZ\Downloads\2013 - 01.xls
2013-06-18 20:31 - 2013-06-18 20:31 - 00020480 ____A C:\Users\UserXYZ\Downloads\2013 - 03.xls
2013-06-18 20:31 - 2013-06-18 20:31 - 00019968 ____A C:\Users\UserXYZ\Downloads\2013 - 05.xls
2013-06-18 20:31 - 2013-06-18 20:31 - 00019968 ____A C:\Users\UserXYZ\Downloads\2013 - 02.xls
2013-06-18 20:31 - 2013-06-18 20:31 - 00019456 ____A C:\Users\UserXYZ\Downloads\2013 - 04.xls
2013-06-18 20:29 - 2013-06-18 20:29 - 00020480 ____A C:\Users\UserXYZ\Downloads\2012 - 03.xls
2013-06-18 10:44 - 2013-06-18 10:44 - 01005568 ____A (Microsoft Corporation) C:\Users\UserXYZ\Downloads\dotNetFx45_Full_setup.exe
2013-06-17 21:51 - 2013-06-17 21:42 - 259574738 ____A C:\Users\UserXYZ\Downloads\Bastian Pastewka liest -Jochen oder die Nacht des Hasen-.wma
2013-06-16 16:09 - 2013-06-16 16:00 - 292466642 ____A C:\Users\UserXYZ\Downloads\Cordula Stratmann liest -Danke für meine Aufmerksamkeit-.wma
2013-06-13 21:53 - 2013-06-13 21:41 - 303623912 ____A C:\Users\UserXYZ\Downloads\Oliver Kalkofe liest Roger Schmelzer -Die besten zehn Sekunden meines Lebens.wma
2013-06-13 21:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-12 22:49 - 2012-04-25 20:28 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-11 21:13 - 2012-05-05 09:45 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 21:13 - 2012-03-22 09:49 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 16:30 - 2013-06-11 16:30 - 00169472 ____A C:\Users\UserXYZ\Downloads\_Thumbs (3).db
2013-06-11 09:10 - 2013-06-11 09:10 - 00000000 ____D C:\Users\mUserXYZ\AppData\Roaming\2K Sports
2013-06-09 13:21 - 2013-06-09 13:21 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-09 13:21 - 2013-06-09 13:21 - 00000000 ____D C:\Program Files\iTunes
2013-06-09 13:21 - 2013-06-09 13:21 - 00000000 ____D C:\Program Files\iPod
2013-06-09 13:21 - 2013-06-09 13:21 - 00000000 ____D C:\Program Files (x86)\iTunes

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-03 08:34

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 09.07.2013, 08:33

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST Log bitte.

BBall247 · 09.07.2013, 17:01

Nach über 5 Stunden Scan

ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=95cf3e277214d141be2b0731a57342a2
# engine=14322
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-09 01:17:56
# local_time=2013-07-09 03:17:56 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 427267 150085748 0 0
# compatibility_mode=5893 16776574 100 94 151142 125005726 0 0
# compatibility_mode=9217 16776893 100 13 4506699 23589410 0 0
# scanned=659509
# found=0
# cleaned=0
# scan_time=18658

Bei SecurityCheck bekomme ich:

Code:

ATTFilter

 UNSUPPORTED OPERATING SYSTEM! ABORTED!

schrauber · 09.07.2013, 17:09

frisches frst log bitte. Noch Probleme?

BBall247 · 09.07.2013, 19:00

Ich habe jetzt ein paar Neustarts gemacht und zwischendrin meinen Browser wieder so eingerichtet wie vorher.
Das Problem scheint weg zu sein.
Super

.

Vielen, vielen Dank für die schnelle Hilfe.
Ich hatte zuvor schon mal den AdwCleaner und den FRST durchlaufen lassen, aber das Problem war noch da, nun scheint alles wieder ok zu sein.

Sollte nochmal was auftauchen melde ich mich nochmal.

schrauber · 09.07.2013, 19:48

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

BBall247 · 09.07.2013, 21:34

Bereinigung ist erledigt.

Scheint alles soweit ok zu sein.

Vielen Dank nochmal!

schrauber · 10.07.2013, 08:52

Gern Geschehen

09.07.2013, 17:09	#8
schrauber /// the machine /// TB-Ausbilder	Automatische Add-Ons in Browser frisches frst log bitte. Noch Probleme? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

10.07.2013, 08:52	#12
schrauber /// the machine /// TB-Ausbilder	Automatische Add-Ons in Browser Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Automatische Add-Ons in Browser

Log-Analyse und Auswertung: Automatische Add-Ons in Browser