MUSS man für das Programm ne Systemwiederherstellung machen?

Das liegt mittlerweile nen Monat zurück, dass ich den trojaner bekommen habe, es wäre also ziemlich viel verloren, wenn ich das System wiederherstelle.

Wo steht, dass eine Systemwiederherstellung gemacht werden soll? Normalerweise sind die Experten hier da eher dagegen.

Ach. Hab mir den Link durchgelesen da stand das.

War ja noch frueh :P

Naja werds heut nachmittag mal machen und dann den log posten

Ich verstehe das so, dass die Beschreibung unter dem Link für die Fälle ist, wenn der Computer sich nicht mehr normal starten lässt. Du sollst wohl nur das machen, was dir Cosinus aufgezählt hat.

So hier mal die Logs:

Ist also wohl der "Treiber" (den es gar nicht gibt!?) nicht installiert...


First:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-07-2013
Ran by praxo_000 (ATTENTION: The logged in user is not administrator) on 26-07-2013 12:39:05
Running from C:\Users\praxo_000\Downloads
Windows 8 Pro (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(ManyCam LLC) C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Ocs_SM] - C:\Users\wfe\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2013-03-11] (OCS)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [439392 2012-07-26] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [SPUpdSentinel] - "C:\Program Files (x86)\Common Files\Umbrella\umbrella_bkp.exe"  -SERVICEARGS=c [2723368 2013-06-29] (Iminent)
HKCU\...\Run: [Google Update] - "C:\Users\wfe\AppData\Local\Google\Update\GoogleUpdate.exe" /c [x]
HKCU\...\Run: [ManyCam] - C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe [5399888 2013-01-24] (ManyCam LLC)
HKCU\...\Run: [AdobeBridge] -  [x]
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1635752 2013-05-04] (Valve Corporation)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4270640 2013-03-23] ()
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Browser Infrastructure Helper] - C:\Users\praxo_000\AppData\Local\Smartbar\Application\QuickShare.exe startup [x]
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Iminent] - C:\Program Files (x86)\Iminent\Iminent.exe [1074736 2013-01-25] (Iminent)
HKLM-x32\...\Run: [IminentMessenger] - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe [884784 2013-01-25] (Iminent)
HKLM-x32\...\Run: [BambooCore] - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [TrayServer] - C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_17_Download_Version\TrayServer.exe [90112 2008-11-13] (MAGIX AG)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
AppInit_DLLs-x32: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll  [2212304 2013-01-16] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\praxo_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\wfe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\praxo_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\wfe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119828&tt=070312_xn2&babsrc=HP_ss&mntrId=ecd9a27100000000000000e04c1a9b14
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=f52d5790-8852-4fe3-92bf-e4dcb16e615a&searchtype=ds&q={searchTerms}&installDate=20/03/2013
SearchScopes: HKLM - DefaultScope {71588120-FC17-4463-B07D-2C71FE6E057B} URL = hxxp://go.findrsearch.com/search/web?q={searchTerms}
SearchScopes: HKLM - {71588120-FC17-4463-B07D-2C71FE6E057B} URL = hxxp://go.findrsearch.com/search/web?q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=f52d5790-8852-4fe3-92bf-e4dcb16e615a&searchtype=ds&q={searchTerms}&installDate=20/03/2013
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=f52d5790-8852-4fe3-92bf-e4dcb16e615a&searchtype=ds&q={searchTerms}&installDate=20/03/2013
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494531305352&st={searchTerms}&clid=4a6b96bb-d8b1-4c86-aad3-67f687815e96&pid=proxtubede&k=0
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119828&tt=070312_xn2&babsrc=SP_ss&mntrId=ecd9a27100000000000000e04c1a9b14
BHO: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MIF5BA~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll ()
BHO-x32: LyricsTube - {B399EDE8-1525-458C-8DD9-31EADF632D06} - C:\Program Files (x86)\LyricsTube\lrcstube.dll (Hansen & Destar Apps)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MIF5BA~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
Toolbar: HKLM - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
Toolbar: HKLM-x32 - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\praxo_000\AppData\Roaming\Mozilla\Firefox\Profiles\7qh896ho.default
FF NewTab: hxxp://www.delta-search.com/?affID=119370&babsrc=NT_ss&mntrId=ecd9a27100000000000000e04c1a9b14
FF SelectedSearchEngine: Delta Search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @protectdisc.com/NPMPDRM - C:\Program Files (x86)\Common Files\mpDRM\Binaries\NPMPDRM.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\praxo_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\praxo_000\AppData\Roaming\Mozilla\Firefox\Profiles\7qh896ho.default\Extensions\ich@maltegoetz.de
FF Extension: webbooster - C:\Users\praxo_000\AppData\Roaming\Mozilla\Firefox\Profiles\7qh896ho.default\Extensions\webbooster@iminent.com.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [downloader@finalvideotools.com] C:\Program Files (x86)\FinalVideoDownloader\Firefox
FF Extension: FinalVideoDownloader plugin for Mozilla Firefox - C:\Program Files (x86)\FinalVideoDownloader\Firefox
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (ProxTube) - C:\Users\PRAXO_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.3_0
CHR Extension: (FoxyDeal) - C:\Users\PRAXO_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiennapmieppnpfhhogglccgepbdajan\6.2.0_0
CHR Extension: (Google Docs) - C:\Users\PRAXO_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\PRAXO_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (LyricsTube) - C:\Users\PRAXO_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bebdghdpchfhbbmfeddkijldlpnkbjkk\1.111_0
CHR Extension: (YouTube) - C:\Users\PRAXO_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\PRAXO_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Freemake Video Converter) - C:\Users\PRAXO_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0
CHR Extension: (BrowserProtect) - C:\Users\PRAXO_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0
CHR Extension: (Gmail) - C:\Users\PRAXO_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\wfe\AppData\LocalLow\proxtube\CHROME\proxtube.crx
CHR HKLM-x32\...\Chrome\Extension: [aiennapmieppnpfhhogglccgepbdajan] - C:\Program Files (x86)\FoxyDeal\foxydeal.crx
CHR HKLM-x32\...\Chrome\Extension: [bebdghdpchfhbbmfeddkijldlpnkbjkk] - C:\Program Files (x86)\LyricsTube\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2550224 2013-01-16] ()
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 SearchAnonymizer; C:\Users\wfe\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2013-03-11] ()
R2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe [2859048 2013-07-15] (Iminent)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation)
R2 UsbClientService; C:\Program Files\Synology\Assistant\UsbClientService.exe [248704 2012-10-22] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-02-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130016 2013-02-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-02-26] (Avira Operations GmbH & Co. KG)
R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [44544 2013-01-15] (ManyCam LLC)
R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [29696 2012-10-11] (ManyCam LLC)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 RTL8023x64; C:\Windows\system32\DRIVERS\Rtnic64.sys [51712 2012-06-02] (Realtek Semiconductor Corporation                           )
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
S3 VSPerfDrv100; c:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-17] (Microsoft Corporation)
S3 VSPerfDrv100; c:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-17] (Microsoft Corporation)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-26] (Microsoft Corporation)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-26] (Microsoft Corporation)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [x]
S1 ipikqsbm; \??\C:\Windows\system32\drivers\ipikqsbm.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-26 12:38 - 2013-07-26 12:38 - 01779853 _____ (Farbar) C:\Users\praxo_000\Downloads\FRST64.exe
2013-07-26 12:38 - 2013-07-26 12:38 - 00000000 ____D C:\FRST
2013-07-25 20:47 - 2013-07-25 20:48 - 00000000 ____D C:\Users\praxo_000\Desktop\Unbenannt
2013-07-25 18:07 - 2013-07-25 18:09 - 734937088 _____ C:\Users\praxo_000\Downloads\KNOPPIX_V7.2.0CD-2013-06-16-DE.iso
2013-07-24 19:46 - 2013-07-24 19:46 - 23730176 _____ (Macrovision Corporation) C:\Users\praxo_000\Downloads\IATA89CD.exe
2013-07-24 19:46 - 2013-07-24 19:46 - 00000000 ____D C:\ProgramData\InstallShield
2013-07-24 18:57 - 2013-07-24 18:57 - 27696104 _____ (Advanced Micro Devices, Inc.) C:\Users\praxo_000\Downloads\13-4_vista_win7_win8_32-64_sb.exe
2013-07-24 18:09 - 2013-07-24 18:09 - 04179293 _____ (Lavalys, Inc.                                               ) C:\Users\praxo_000\Downloads\everesthome220.exe
2013-07-24 18:09 - 2013-07-24 18:09 - 00001106 _____ C:\Users\wfe\Desktop\EVEREST Home Edition.lnk
2013-07-24 18:09 - 2013-07-24 18:09 - 00001106 _____ C:\Users\praxo_000\Desktop\EVEREST Home Edition.lnk
2013-07-24 18:09 - 2013-07-24 18:09 - 00000000 ____D C:\Program Files (x86)\Lavalys
2013-07-23 21:01 - 2013-07-23 21:01 - 01067520 _____ () C:\Users\praxo_000\Downloads\WL0G(1).EXE
2013-07-23 21:01 - 2013-07-23 21:01 - 01064448 _____ () C:\Users\praxo_000\Downloads\WL0F.EXE
2013-07-23 21:00 - 2013-07-23 21:01 - 00039411 _____ C:\DEBUG.TXT
2013-07-23 21:00 - 2013-07-23 21:00 - 01067520 _____ () C:\Users\praxo_000\Downloads\WL0G.EXE
2013-07-23 20:57 - 2013-07-23 20:57 - 00000000 ____D C:\Users\praxo_000\Documents\SmartPack
2013-07-23 20:56 - 2013-07-23 20:56 - 00001905 _____ C:\Users\wfe\Desktop\PLDS SmartPack Utility.lnk
2013-07-23 20:56 - 2013-07-23 20:56 - 00000000 ____D C:\Program Files (x86)\SmartPack
2013-07-20 15:28 - 2013-07-20 15:28 - 02936240 _____ C:\Users\praxo_000\Downloads\installproXPN.exe
2013-07-20 15:28 - 2013-07-20 15:28 - 00001065 _____ C:\Users\wfe\Desktop\proXPN.lnk
2013-07-20 15:28 - 2013-07-20 15:28 - 00000000 ____D C:\Program Files (x86)\proXPN
2013-07-14 14:49 - 2013-07-14 14:49 - 00000000 ____D C:\Users\praxo_000\Documents\Benutzerdefinierte Office-Vorlagen
2013-07-14 14:15 - 2013-07-14 14:15 - 00000162 ____H C:\Users\praxo_000\Desktop\~$nährung.odt
2013-07-14 13:38 - 2013-07-14 13:38 - 12779056 _____ C:\Users\praxo_000\Downloads\LOOP 7.wmv
2013-07-13 14:57 - 2013-07-13 14:57 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-13 14:57 - 2013-07-13 14:57 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-13 14:57 - 2013-07-13 14:57 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-13 14:57 - 2013-07-13 14:57 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-13 14:55 - 2013-07-13 14:55 - 00903080 _____ (Oracle Corporation) C:\Users\praxo_000\Downloads\jxpiinstall.exe
2013-07-13 14:51 - 2013-07-13 14:51 - 00000000 ____D C:\Windows\system32\appmgmt
2013-07-13 12:55 - 2013-07-13 12:55 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce7fb78c30f148.job
2013-06-30 20:56 - 2013-06-30 20:56 - 00000404 _____ C:\Users\praxo_000\SciTE.session
2013-06-30 20:18 - 2013-06-30 20:18 - 00000000 ____D C:\Users\PRAXO_~1\AppData\Local\FileTypeAssistant
2013-06-30 11:00 - 2013-06-30 11:00 - 00000000 ____D C:\Users\praxo_000\Desktop\Aufnahmen
2013-06-29 14:11 - 2013-06-29 14:19 - 273399808 _____ C:\Users\praxo_000\Downloads\dd1_015.part2.rar
2013-06-29 14:11 - 2013-06-29 14:18 - 290311168 _____ C:\Users\praxo_000\Downloads\dd1_014.part2.rar
2013-06-29 14:11 - 2013-06-29 14:18 - 290311168 _____ C:\Users\praxo_000\Downloads\dd1_014.part1.rar
2013-06-29 14:11 - 2013-06-29 14:18 - 290307249 _____ C:\Users\praxo_000\Downloads\dd1_014.part3.rar
2013-06-29 14:11 - 2013-06-29 14:18 - 273395396 _____ C:\Users\praxo_000\Downloads\dd1_015.part3.rar
2013-06-29 14:11 - 2013-06-29 14:18 - 234689536 _____ C:\Users\praxo_000\Downloads\dd1_016.part1.rar
2013-06-29 14:11 - 2013-06-29 14:18 - 190826496 _____ C:\Users\praxo_000\Downloads\dd1_017.part2.rar
2013-06-29 14:11 - 2013-06-29 14:17 - 273399808 _____ C:\Users\praxo_000\Downloads\dd1_015.part1.rar
2013-06-29 14:11 - 2013-06-29 14:17 - 234689536 _____ C:\Users\praxo_000\Downloads\dd1_016.part2.rar
2013-06-29 14:11 - 2013-06-29 14:17 - 190826496 _____ C:\Users\praxo_000\Downloads\dd1_017.part1.rar
2013-06-29 14:11 - 2013-06-29 14:16 - 234683967 _____ C:\Users\praxo_000\Downloads\dd1_016.part3.rar
2013-06-29 14:11 - 2013-06-29 14:16 - 190822764 _____ C:\Users\praxo_000\Downloads\dd1_017.part3.rar
2013-06-28 20:10 - 2013-06-28 20:10 - 00000000 ____D C:\Users\praxo_000\AppData\Roaming\Unity
2013-06-28 19:57 - 2013-06-28 19:57 - 00643592 _____ (Unity Technologies ApS) C:\Users\praxo_000\Downloads\UnityWebPlayer.exe
2013-06-28 19:57 - 2013-06-28 19:57 - 00000000 ____D C:\Users\PRAXO_~1\AppData\Local\Unity
2013-06-28 14:37 - 2013-06-28 14:37 - 00001888 _____ C:\Users\praxo_000\Desktop\MotoGP13 spielen.lnk
2013-06-28 14:29 - 2013-06-28 14:29 - 00000000 ____D C:\Users\praxo_000\AppData\Roaming\Milestone
2013-06-28 14:29 - 2013-06-28 14:29 - 00000000 ____D C:\Users\praxo_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Milestone
2013-06-28 14:29 - 2013-06-28 14:29 - 00000000 ____D C:\Users\praxo_000\AppData\Roaming\InstallShield Installation Information
2013-06-27 19:31 - 2013-06-27 19:31 - 00000000 ____D C:\Users\praxo_000\AppData\Roaming\OpenOffice.org
2013-06-26 16:20 - 2013-07-25 20:49 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== One Month Modified Files and Folders =======

2013-07-26 12:39 - 2013-06-11 18:37 - 00000000 ____D C:\Users\PRAXO_~1\AppData\Local\PMB Files
2013-07-26 12:38 - 2013-07-26 12:38 - 01779853 _____ (Farbar) C:\Users\praxo_000\Downloads\FRST64.exe
2013-07-26 12:38 - 2013-07-26 12:38 - 00000000 ____D C:\FRST
2013-07-26 12:34 - 2013-06-11 18:38 - 00000000 ____D C:\Users\praxo_000\AppData\Roaming\Skype
2013-07-26 12:34 - 2013-06-11 18:37 - 00000000 ____D C:\Users\PRAXO_~1\AppData\Local\TSVNCache
2013-07-26 12:32 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-07-25 21:09 - 2013-04-01 20:08 - 00000000 ____D C:\Users\praxo_000\AppData\Roaming\vlc
2013-07-25 21:01 - 2013-06-16 13:06 - 00006656 _____ C:\Users\PRAXO_~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-25 20:49 - 2013-06-26 16:20 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-25 20:48 - 2013-07-25 20:47 - 00000000 ____D C:\Users\praxo_000\Desktop\Unbenannt
2013-07-25 18:09 - 2013-07-25 18:07 - 734937088 _____ C:\Users\praxo_000\Downloads\KNOPPIX_V7.2.0CD-2013-06-16-DE.iso
2013-07-24 19:46 - 2013-07-24 19:46 - 23730176 _____ (Macrovision Corporation) C:\Users\praxo_000\Downloads\IATA89CD.exe
2013-07-24 19:46 - 2013-07-24 19:46 - 00000000 ____D C:\ProgramData\InstallShield
2013-07-24 18:57 - 2013-07-24 18:57 - 27696104 _____ (Advanced Micro Devices, Inc.) C:\Users\praxo_000\Downloads\13-4_vista_win7_win8_32-64_sb.exe
2013-07-24 18:26 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-07-24 18:13 - 2012-07-26 07:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2013-07-24 18:09 - 2013-07-24 18:09 - 04179293 _____ (Lavalys, Inc.                                               ) C:\Users\praxo_000\Downloads\everesthome220.exe
2013-07-24 18:09 - 2013-07-24 18:09 - 00001106 _____ C:\Users\wfe\Desktop\EVEREST Home Edition.lnk
2013-07-24 18:09 - 2013-07-24 18:09 - 00001106 _____ C:\Users\praxo_000\Desktop\EVEREST Home Edition.lnk
2013-07-24 18:09 - 2013-07-24 18:09 - 00000000 ____D C:\Program Files (x86)\Lavalys
2013-07-23 21:01 - 2013-07-23 21:01 - 01067520 _____ () C:\Users\praxo_000\Downloads\WL0G(1).EXE
2013-07-23 21:01 - 2013-07-23 21:01 - 01064448 _____ () C:\Users\praxo_000\Downloads\WL0F.EXE
2013-07-23 21:01 - 2013-07-23 21:00 - 00039411 _____ C:\DEBUG.TXT
2013-07-23 21:00 - 2013-07-23 21:00 - 01067520 _____ () C:\Users\praxo_000\Downloads\WL0G.EXE
2013-07-23 20:57 - 2013-07-23 20:57 - 00000000 ____D C:\Users\praxo_000\Documents\SmartPack
2013-07-23 20:56 - 2013-07-23 20:56 - 00001905 _____ C:\Users\wfe\Desktop\PLDS SmartPack Utility.lnk
2013-07-23 20:56 - 2013-07-23 20:56 - 00000000 ____D C:\Program Files (x86)\SmartPack
2013-07-21 16:27 - 2013-04-01 20:08 - 00000000 ____D C:\Users\PRAXO_~1\AppData\Local\CrashDumps
2013-07-20 15:28 - 2013-07-20 15:28 - 02936240 _____ C:\Users\praxo_000\Downloads\installproXPN.exe
2013-07-20 15:28 - 2013-07-20 15:28 - 00001065 _____ C:\Users\wfe\Desktop\proXPN.lnk
2013-07-20 15:28 - 2013-07-20 15:28 - 00000000 ____D C:\Program Files (x86)\proXPN
2013-07-20 15:28 - 2012-07-26 07:26 - 00000190 _____ C:\Windows\win.ini
2013-07-20 14:53 - 2013-04-04 14:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-20 14:53 - 2013-04-04 14:11 - 00000000 ____D C:\ProgramData\Skype
2013-07-14 14:49 - 2013-07-14 14:49 - 00000000 ____D C:\Users\praxo_000\Documents\Benutzerdefinierte Office-Vorlagen
2013-07-14 14:36 - 2013-02-04 18:33 - 01409015 _____ C:\Windows\WindowsUpdate.log
2013-07-14 14:15 - 2013-07-14 14:15 - 00000162 ____H C:\Users\praxo_000\Desktop\~$nährung.odt
2013-07-13 14:57 - 2013-07-13 14:57 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-13 14:57 - 2013-07-13 14:57 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-13 14:57 - 2013-07-13 14:57 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-13 14:57 - 2013-07-13 14:57 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-13 14:57 - 2013-02-09 18:18 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-13 14:57 - 2013-02-09 18:18 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-13 14:55 - 2013-07-13 14:55 - 00903080 _____ (Oracle Corporation) C:\Users\praxo_000\Downloads\jxpiinstall.exe
2013-07-13 14:51 - 2013-07-13 14:51 - 00000000 ____D C:\Windows\system32\appmgmt
2013-07-13 12:55 - 2013-07-13 12:55 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce7fb78c30f148.job
2013-07-11 17:28 - 2013-07-11 17:28 - 00009166 _____ C:\Users\praxo_000\Downloads\1373556032.html
2013-07-01 19:11 - 2013-06-20 15:06 - 00000244 _____ C:\Users\praxo_000\Desktop\Neues Textdokument.txt
2013-07-01 17:11 - 2013-06-11 18:44 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-06-30 20:56 - 2013-06-30 20:56 - 00000404 _____ C:\Users\praxo_000\SciTE.session
2013-06-30 20:56 - 2013-04-01 15:20 - 00000000 ____D C:\Users\praxo_000
2013-06-30 20:18 - 2013-06-30 20:18 - 00000000 ____D C:\Users\PRAXO_~1\AppData\Local\FileTypeAssistant
2013-06-30 11:00 - 2013-06-30 11:00 - 00000000 ____D C:\Users\praxo_000\Desktop\Aufnahmen
2013-06-29 20:38 - 2013-02-09 01:20 - 00000000 ____D C:\Users\wfe\Desktop\Unbenannt

2013-06-28 20:10 - 2013-06-28 20:10 - 00000000 ____D C:\Users\praxo_000\AppData\Roaming\Unity
2013-06-28 19:57 - 2013-06-28 19:57 - 00643592 _____ (Unity Technologies ApS) C:\Users\praxo_000\Downloads\UnityWebPlayer.exe
2013-06-28 19:57 - 2013-06-28 19:57 - 00000000 ____D C:\Users\PRAXO_~1\AppData\Local\Unity
2013-06-28 14:37 - 2013-06-28 14:37 - 00001888 _____ C:\Users\praxo_000\Desktop\MotoGP13 spielen.lnk
2013-06-28 14:35 - 2013-02-04 18:41 - 00154400 _____ C:\Windows\DirectX.log
2013-06-28 14:29 - 2013-06-28 14:29 - 00000000 ____D C:\Users\praxo_000\AppData\Roaming\Milestone
2013-06-28 14:29 - 2013-06-28 14:29 - 00000000 ____D C:\Users\praxo_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Milestone
2013-06-28 14:29 - 2013-06-28 14:29 - 00000000 ____D C:\Users\praxo_000\AppData\Roaming\InstallShield Installation Information
2013-06-27 19:32 - 2013-04-01 15:22 - 00000000 ___RD C:\Users\praxo_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-06-27 19:31 - 2013-06-27 19:31 - 00000000 ____D C:\Users\praxo_000\AppData\Roaming\OpenOffice.org

Files to move or delete:
====================
C:\ProgramData\rundll32.exe
C:\ProgramData\23lldnur.pad
C:\ProgramData\l01dz.bat
C:\ProgramData\l01dz.pad
C:\ProgramData\l01dz.reg

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-12 17:02

==================== End Of Log ============================
         

--- --- ---



Addition:

Zitat:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-07-2013
Ran by praxo_000 at 2013-07-26 12:40:05
Running from C:\Users\praxo_000\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================


Tools for .Net 3.5 - DEU Lang Pack (x32 Version: 3.11.50727)
Tools for .Net 3.5 (x32 Version: 3.11.50727)
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Illustrator CS6 (x32 Version: 16.0)
Adobe Photoshop CS6 (x32 Version: 13.0)
Adobe Reader XI (11.0.01) - Deutsch (x32 Version: 11.0.01)
Alice: Madness Returns (x32)
AMD Accelerated Video Transcoding (Version: 12.5.100.21116)
AMD APP SDK Runtime (Version: 10.0.937.2)
AMD Catalyst Install Manager (Version: 8.0.911.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71116.1554)
Amnesia - The Dark Descent (x32 Version: 1.0.0)
Amnesia: The Dark Descent (x32)
Apple Application Support (x32 Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Audacity 2.0.3 (x32 Version: 2.0.3)
AutoIt v3.3.8.1 (x32)
Avira Free Antivirus (x32 Version: 13.0.0.3884)
B.U.T.T.O.N. (x32)
Bamboo Dock (x32 Version: 4.1)
Bamboo Dock (x32 Version: 4.1.0)
BIT.TRIP BEAT (x32)
BIT.TRIP RUNNER (x32)
Blend for Visual Studio 2012 (x32 Version: 5.0.30709.0)
Blend for Visual Studio 2012 DEU resources (x32 Version: 5.0.30709.0)
Bonjour (Version: 3.0.0.10)
BrowserProtect (x32)
Camtasia Studio 8 (x32 Version: 8.0.4.1060)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.1116.1515.27190)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1116.1515.27190)
Catalyst Control Center Localization All (x32 Version: 2012.1116.1515.27190)
CCC Help Chinese Standard (x32 Version: 2012.1116.1514.27190)
CCC Help Chinese Traditional (x32 Version: 2012.1116.1514.27190)
CCC Help Czech (x32 Version: 2012.1116.1514.27190)
CCC Help Danish (x32 Version: 2012.1116.1514.27190)
CCC Help Dutch (x32 Version: 2012.1116.1514.27190)
CCC Help English (x32 Version: 2012.1116.1514.27190)
CCC Help Finnish (x32 Version: 2012.1116.1514.27190)
CCC Help French (x32 Version: 2012.1116.1514.27190)
CCC Help German (x32 Version: 2012.1116.1514.27190)
CCC Help Greek (x32 Version: 2012.1116.1514.27190)
CCC Help Hungarian (x32 Version: 2012.1116.1514.27190)
CCC Help Italian (x32 Version: 2012.1116.1514.27190)
CCC Help Japanese (x32 Version: 2012.1116.1514.27190)
CCC Help Korean (x32 Version: 2012.1116.1514.27190)
CCC Help Norwegian (x32 Version: 2012.1116.1514.27190)
CCC Help Polish (x32 Version: 2012.1116.1514.27190)
CCC Help Portuguese (x32 Version: 2012.1116.1514.27190)
CCC Help Russian (x32 Version: 2012.1116.1514.27190)
CCC Help Spanish (x32 Version: 2012.1116.1514.27190)
CCC Help Swedish (x32 Version: 2012.1116.1514.27190)
CCC Help Thai (x32 Version: 2012.1116.1514.27190)
CCC Help Turkish (x32 Version: 2012.1116.1514.27190)
ccc-utility64 (Version: 2012.1116.1515.27190)
CDBurnerXP (x32 Version: 4.5.1.4003)
Cheat Engine 6.1 (x32)
Citrix Online Plug-in - Web (x32 Version: 12.1.0.30)
Citrix Online Plug-in (DV) (x32 Version: 12.1.0.30)
Citrix Online Plug-in (HDX) (x32 Version: 12.1.0.30)
Citrix Online Plug-in (USB) (x32 Version: 12.1.0.30)
Citrix Online Plug-in (Web) (x32 Version: 12.1.0.30)
Counter-Strike: Source (x32)
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition
Delta Chrome Toolbar (x32)
Delta toolbar (x32 Version: 1.8.10.0)
Devenv-Ressourcen für Microsoft Visual Studio 2012 (x32 Version: 11.0.50727)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298)
Dotfuscator and Analytics Community Edition Language Pack (x32 Version: 5.5.4521.29298)
Dotfuscator Software Services - Community Edition - DEU (x32 Version: 5.0.2300.0)
Dotfuscator Software Services - Community Edition (x32 Version: 5.0.2300.0)
Dropbox (HKCU Version: 2.0.5)
Druckerdeinstallation für EPSON BX635FWD Series
Entity Framework Designer für Visual Studio 2012 - DEU (x32 Version: 11.1.20810.00)
Erforderliche Komponenten für SSDT (x32 Version: 11.0.2100.60)
Euro Truck Simulator 2 (x32 Version: 1.0.2)
EVEREST Home Edition v2.20 (x32 Version: 2.20)
File Type Assistant (x32 Version: 2013.4.8.0)
Final Video Downloader 2013 (x32)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.27.0)
Fotogalerie (x32 Version: 16.4.3505.0912)
FoxyDeal version 1.0.0 (x32 Version: 1.0.0)
Freemake Video Converter Version 4.0.0 (x32 Version: 4.0.0)
Futuremark SystemInfo (x32 Version: 4.15.0)
Google Chrome (x32 Version: 28.0.1500.72)
Google Earth (x32 Version: 7.1.1.1580)
Google Update Helper (x32 Version: 1.3.21.153)
Grand Theft Auto IV (x32)
GRID 2 (c) Codemasters version 1 (x32 Version: 1)
Guild Wars 2 (x32)
iCloud (Version: 2.1.2.8)
ID3-TagIT 3 (x32 Version: 3)
iFunbox (v2.6.2375.747), iFunbox DevTeam (x32 Version: v2.6.2375.747)
IIS 8.0 Express (Version: 8.0.1557)
IIS Express Application Compatibility Database for x64
IIS Express Application Compatibility Database for x86
Iminent (x32 Version: 6.4.56.0)
iTunes (Version: 11.0.2.26)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
JDownloader 0.9 (x32 Version: 0.9)
JDownloader 2 (x32 Version: 2)
KaloMa 4.94 (x32)
ktop Icon für Amazon (Version: 1.0.1 (de))
League of Legends (x32 Version: 1.3)
LocalESPC (x32 Version: 8.59.25584)
LocalESPCui for de-de (x32 Version: 8.59.25584)
LyricsTube (x32)
MAGIX Movie Edit Pro 17 Download Version (x32 Version: 10.0.0.1)
MAGIX Screenshare (x32 Version: 4.3.6.1987)
MAGIX Speed 2 (MSI) (x32 Version: 6.0.1.2)
ManyCam 3.1.41 (x32 Version: 3.1.41)
Marc Ecko's Getting Up - Contents Under Pressure (x32 Version: 1.00.0000)
McAfee Security Scan Plus (x32 Version: 3.0.318.3)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (x32 Version: 4.5.50709)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (x32 Version: 4.5.50709)
Microsoft .NET Framework 4.5 SDK (x32 Version: 4.5.50709)
Microsoft Access MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft ASP.NET MVC 2 - DEU (x32 Version: 2.0.50331.0)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU (x32 Version: 2.0.50331.0)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (x32 Version: 2.0.50217.0)
Microsoft ASP.NET MVC 2 (x32 Version: 2.0.50217.0)
Microsoft ASP.NET MVC 3 - DEU (x32 Version: 3.0.20105.0)
Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update - DEU (x32 Version: 3.0.30710.0)
Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update (x32 Version: 3.0.30710.0)
Microsoft ASP.NET MVC 3 (x32 Version: 3.0.20105.0)
Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools - DEU (x32 Version: 4.0.20710.0)
Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools (x32 Version: 4.0.20710.0)
Microsoft ASP.NET MVC 4 Runtime - DEU (x32 Version: 4.0.20710.0)
Microsoft ASP.NET MVC 4 Runtime (x32 Version: 4.0.20710.0)
Microsoft ASP.NET Web Pages - DEU (x32 Version: 1.0.20105.0)
Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools - DEU (x32 Version: 1.0.20710.0)
Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools (x32 Version: 1.0.20710.0)
Microsoft ASP.NET Web Pages (x32 Version: 1.0.20105.0)
Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools - DEU (x32 Version: 2.0.20710.0)
Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools (x32 Version: 2.0.20710.0)
Microsoft ASP.NET Web Pages 2 Runtime - DEU (x32 Version: 2.0.20710.0)
Microsoft ASP.NET Web Pages 2 Runtime (x32 Version: 2.0.20710.0)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (x32 Version: 3.5.0.0)
Microsoft DCF MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Excel MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Groove MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319)
Microsoft Help Viewer 2.0 (x32 Version: 2.0.50727)
Microsoft Help Viewer 2.0 Language Pack - DEU (x32 Version: 2.0.50727)
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft LightSwitch for Visual Studio 2012 Core (x32 Version: 11.0.50727)
Microsoft LightSwitch für Visual Studio 2012 CoreRes - DEU (x32 Version: 11.0.50727)
Microsoft Lync MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft NuGet - Visual Studio 2012 (x32 Version: 2.0.30625.9003)
Microsoft NuGet - Visual Studio Express 2012 for Windows Desktop (x32 Version: 2.0.30717.9005)
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017)
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4420.1017)
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4420.1017)
Microsoft Office Shared 32-bit MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Portable Library Multi-Targeting Pack (x32 Version: 11.0.50709.17929)
Microsoft Portable Library Multi-Targeting Pack Language Pack - deu (x32 Version: 11.0.50709.17929)
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Report Viewer Add-On for Visual Studio 2012 (x32 Version: 11.1.2802.16)
Microsoft Report Viewer Add-On für Visual Studio 2012 (x32 Version: 11.1.2802.16)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Silverlight 3 SDK - Deutsch (x32 Version: 3.0.40818.0)
Microsoft Silverlight 4 SDK - Deutsch (x32 Version: 4.0.60310.0)
Microsoft Silverlight 5 SDK - DEU (x32 Version: 5.0.61118.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser (x32 Version: 10.1.2531.0)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)
Microsoft SQL Server 2012 Command Line Utilities (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Data-Tier App Framework (Version: 11.0.2316.0)
Microsoft SQL Server 2012 Data-Tier App Framework (x32 Version: 11.0.2316.0)
Microsoft SQL Server 2012 Express LocalDB (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Management Objects (x32 Version: 11.0.2100.60)
Microsoft SQL Server 2012 Management Objects (x64) (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Native Client (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (Version: 11.0.2100.60)
Microsoft SQL Server 2012 T-SQL Language Service (x32 Version: 11.0.2100.60)
Microsoft SQL Server Compact 3.5 SP2 DEU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU (Version: 4.0.8876.1)
Microsoft SQL Server Data Tools - DEU (11.1.20828.01) (x32 Version: 11.1.20828.01)
Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20828.01) (x32 Version: 11.1.20828.01)
Microsoft SQL Server Database Publishing Wizard 1.4 (x32 Version: 10.1.2512.8)
Microsoft SQL Server System CLR Types (x32 Version: 10.50.1600.1)
Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1600.1)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) de (Version: 1.0.3010.0)
Microsoft Sync Framework SDK v1.0 SP1 de (x32 Version: 1.0.3010.0)
Microsoft Sync Framework Services v1.0 SP1 (x64) de (Version: 1.0.3010.0)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de (Version: 2.0.3010.0)
Microsoft Team Foundation Server 2010 Object Model - DEU (Version: 10.0.30319)
Microsoft Team Foundation Server 2010-Objektmodell - DEU (Version: 10.0.30319)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft Visual C++ 2010 Express - DEU (x32 Version: 10.0.30319)
Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 32bit Compilers - DEU Resources (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 Compilers - DEU Resources (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 Compilers (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 Core Libraries (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 Extended Libraries (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 x86-x64 Compilers (x32 Version: 11.0.50727)
Microsoft Visual F# 2.0 Runtime (x32 Version: 10.0.30319)
Microsoft Visual F# 2.0 Runtime Language Pack - DEU (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (Version: 10.0.30319)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (Version: 10.0.30319)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.30319)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 11.0.50727)
Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU (Version: 10.0.30319)
Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU (Version: 11.0.50727)
Microsoft Visual Studio 2010 Performance Collection Tools - DEU (Version: 10.0.30319)
Microsoft Visual Studio 2010 SharePoint Developer Tools (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.40303)
Microsoft Visual Studio 2010 Ultimate - DEU (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (Version: 10.0.40303)
Microsoft Visual Studio 2012 Devenv (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 Express Prerequisites x64 - DEU (Version: 11.0.50727)
Microsoft Visual Studio 2012 IntelliTrace Core amd64 (Version: 11.0.50727)
Microsoft Visual Studio 2012 IntelliTrace Core x86 (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 IntelliTrace Front End x86 (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 IntelliTraceFrontEndLoc (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 IntelliTraceLoc (Version: 11.0.50727)
Microsoft Visual Studio 2012 IntelliTraceLoc (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 SharePoint Developer Tools (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 SharePoint Developer Tools DEU Language Pack (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 Shell (Minimum) (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 Shell-(Mindest)-Ressourcen (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 Tools für SQL Server Compact 4.0 SP1 DEU (x32 Version: 4.0.8876.1)
Microsoft Visual Studio 2012-Leistungserfassungstools - DEU (Version: 11.0.50727)
Microsoft Visual Studio 2012-Leistungserfassungstools (Version: 11.0.50727)
Microsoft Visual Studio 2012-Vorbereitung (x32 Version: 11.0.50727)
Microsoft Visual Studio Express 2012 for Windows Desktop (x32 Version: 11.0.50727)
Microsoft Visual Studio Express 2012 für Windows Desktop - DEU (x32 Version: 11.0.50727)
Microsoft Visual Studio Express 2012 für Windows Desktop - DEU (x32 Version: 11.0.50727.42)
Microsoft Visual Studio Macro Tools - DEU Language Pack (x32 Version: 9.0.30729)
Microsoft Visual Studio Macro Tools (x32 Version: 9.0.30729)
Microsoft Visual Studio Premium 2012 - DEU (x32 Version: 11.0.50727)
Microsoft Visual Studio Premium 2012 (x32 Version: 11.0.50727)
Microsoft Visual Studio Professional 2012 - DEU (x32 Version: 11.0.50727)
Microsoft Visual Studio Professional 2012 (x32 Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Object Model (Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - DEU (Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Storyboarding (Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Storyboarding Language Pack - DEU (Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer (x32 Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - DEU (x32 Version: 11.0.50727)
Microsoft Visual Studio Ultimate 2012 - DEU (x32 Version: 11.0.50727)
Microsoft Visual Studio Ultimate 2012 (x32 Version: 11.0.50727)
Microsoft Visual Studio Ultimate 2012 (x32 Version: 11.0.50727.1)
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core (x32 Version: 11.0.50727)
Microsoft Visual Studio Ultimate 2012 XAML UI Designer deu Resources (x32 Version: 11.0.50727)
Microsoft Web Deploy 3.0 (Version: 3.1236.1631)
Microsoft Web Deploy dbSqlPackage Provider - DEU (x32 Version: 10.3.20225.0)
Microsoft Web Developer Tools - Visual Studio 2012 - DEU (x32 Version: 1.0.30710.0)
Microsoft Web Developer Tools - Visual Studio 2012 (x32 Version: 1.0.30710.0)
Microsoft Web Platform Installer 4.0 (Version: 4.0.1622)
Microsoft Word MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)
Microsoft XNA Framework Redistributable 4.0 Refresh (x32 Version: 4.0.30901.0)
Microsoft XNA Game Studio 4.0 (ARP entry) (x32 Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 (Redists) (x32 Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 (Shared Components) (x32 Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 (Visual Studio) (x32 Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 (x32 Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 (XnaLiveProxy) (x32 Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 Documentation (x32 Version: 4.0.20823.0)
Microsoft XNA Game Studio Platform Tools (x32 Version: 1.3.0.0)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft-System-CLR-Typen für SQL Server 2012 (x32 Version: 11.0.2100.60)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (Version: 11.0.2100.60)
Midtown Madness Complete Edition (x32 Version: v1.0)
MoodTuner (x32 Version: 1.1)
MotoGP(TM)13 (HKCU Version: 1.00.0000)
Movie Maker (x32 Version: 16.4.3505.0912)
Mozilla Firefox 21.0 (x86 de) (x32 Version: 21.0)
Mozilla Maintenance Service (x32 Version: 21.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
My Game Long Name
OpenAL (x32)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Opera 12.14 (x32 Version: 12.14.1738)
Origin (x32 Version: 9.1.13.85)
osu! (x32 Version: 0.0.0.0)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017)
Pando Media Booster (x32 Version: 2.6.0.9)
PDF Settings CS6 (x32 Version: 11.0)
Pflanzen gegen Zombies (x32)
Photo Gallery (x32 Version: 16.4.3505.0912)
PreEmptive Analytics Client German Language Pack (x32 Version: 1.0.2180.1)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1)
proXPN 2.5.2 (x32 Version: 2.5.2)
QuickShare (x32 Version: 1.6.1.952)
QuickTime (x32 Version: 7.73.80.64)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6873)
Rinse (x32 Version: 1.255)
Rinse (x32 Version: 1.912)
Schlag den Raab - Das 3. Spiel (x32 Version: 1.0)
SciTE4AutoIt3 6/10/2012 (x32 Version: 6/10/2012)
SearchAnonymizer (Version: 1.0.1 (de))
Service Pack 1 für SQL Server 2008 (KB 968369) (64-bit) (Version: 10.1.2531.0)
SimCity™ (x32 Version: 1.0.0.0)
Skype™ 6.6 (x32 Version: 6.6.106)
Smooth Operators - Indie Gala Edition (HKCU Version: 1.0.0.14)
Source SDK Base 2006 (x32)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)
Steam (x32 Version: 1.0.0.0)
Sumo Paint Bamboo 2.2 (x32 Version: 2.2)
Sumo Paint Bamboo 2.2 (x32 Version: v2.2)
Synology Assistant (remove only) (x32)
The Tetris Game (x32)
TortoiseSVN 1.7.12.24070 (64 bit) (Version: 1.7.24070)
Trials Evolution Gold Edition (x32 Version: 1.0.0.1)
Trials Evolution Gold Edition (x32)
Unity Web Player (HKCU Version: )
Unterstützungsdateien für Microsoft SQL Server 2008-Setup (Version: 10.1.2731.0)
Update for Microsoft Access 2013 (KB2760350) 64-Bit Edition
Update for Microsoft Excel 2013 (KB2760339) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2768004) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726961) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition
Update for Microsoft Office 2013 (KB2737954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2752025) 64-Bit Edition
Update for Microsoft Office 2013 (KB2752094) 64-Bit Edition
Update for Microsoft Office 2013 (KB2752101) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760343) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767860) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767861) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767864) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768333) 64-Bit Edition
Update for Microsoft Office 2013 (KB2810010) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2760334) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2768011) 64-Bit Edition
Update for Microsoft Outlook 2013 (KB2810015) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2727013) 64-Bit Edition
Update for Microsoft SkyDrive Pro (KB2810019) 64-Bit Edition
Update for Microsoft Visio 2013 (KB2810008) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition
Update for Microsoft Visual Studio 2012 (KB2781514) (x32 Version: 11.0.51219)
Update for Microsoft Word 2013 (KB2752073) 64-Bit Edition
Update for Microsoft Word 2013 (KB2768007) 64-Bit Edition
Update for Microsoft Word 2013 (KB2768337) 64-Bit Edition
Uplay (x32 Version: 2.0)
Visual Studio 2010 Prerequisites - English (Version: 10.0.30319)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (x32 Version: 4.0.8080.0)
Visual Studio 2012 Prerequisites - DEU Language Pack (Version: 11.0.50727)
Visual Studio 2012 Prerequisites (Version: 11.0.50727)
Visual Studio Extensions for Windows Library for JavaScript (x32 Version: 1.0.8514.0)
VLC media player 2.0.5 (Version: 2.0.5)
Wacom (Version: 5.3.2-1)
WCF Data Services 5.0 (for OData v3) DEU Language Pack (x32 Version: 5.0.50628.0)
WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0)
WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0)
WCF Data Services Tools for Visual Studio 11 DEU Language Pack (x32 Version: 5.0.50710.0)
WCF RIA Services V1.0 SP2 (x32 Version: 4.1.61829.0)
Web Deployment Tool (Version: 1.1.0618)
WebTablet FB Plugin 32 bit (x32 Version: 2.1.0.2)
WebTablet FB Plugin 64 bit (Version: 2.1.0.2)
Windows App Certification Kit Native Components (Version: 8.59.25584)
Windows App Certification Kit x64 (x32 Version: 8.59.25584)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
Windows Runtime Intellisense Content - de-de (x32 Version: 8.59.25584)
Windows Software Development Kit (x32 Version: 8.59.25584)
Windows Software Development Kit DirectX x64 Remote (Version: 8.59.25584)
Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.59.25584)
Windows Software Development Kit for Windows Store Apps (x32 Version: 8.59.25584)
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote (Version: 8.59.25584)
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (x32 Version: 8.59.25584)
WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
XBMC (HKCU)
XviD Video Codec (remove only) (x32)

==================== Restore Points =========================

Could not list Restore Points.


==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce7fb78c30f148.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: ATAPI iHOS104 ATA Device
Description: ATAPI iHOS104 ATA Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/25/2013 05:47:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5132

Error: (07/25/2013 05:47:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5132

Error: (07/25/2013 05:47:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/25/2013 05:47:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3884

Error: (07/25/2013 05:47:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3884

Error: (07/25/2013 05:47:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/25/2013 05:47:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2636

Error: (07/25/2013 05:47:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2636

Error: (07/25/2013 05:47:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/25/2013 05:47:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1295


System errors:
=============
Error: (07/26/2013 00:32:21 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (07/26/2013 00:32:18 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (07/26/2013 00:32:16 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (07/26/2013 00:32:16 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (07/25/2013 09:30:34 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (07/25/2013 09:30:34 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (07/25/2013 08:49:20 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (07/25/2013 08:49:20 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (07/25/2013 08:48:03 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (07/25/2013 08:48:03 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.


Microsoft Office Sessions:
=========================
Error: (07/25/2013 05:47:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5132

Error: (07/25/2013 05:47:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5132

Error: (07/25/2013 05:47:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/25/2013 05:47:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3884

Error: (07/25/2013 05:47:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3884

Error: (07/25/2013 05:47:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/25/2013 05:47:45 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2636

Error: (07/25/2013 05:47:45 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2636

Error: (07/25/2013 05:47:45 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/25/2013 05:47:44 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1295


CodeIntegrity Errors:
===================================
Date: 2013-07-24 18:10:16.814
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\wfe\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-24 18:10:16.736
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 4095.04 MB
Available physical RAM: 2594.73 MB
Total Pagefile: 4863.04 MB
Available Pagefile: 2841.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:595.83 GB) (Free:301.64 GB) NTFS (Disk=0 Partition=2)
Drive v: (Downloads) (Network) (Total:1829.34 GB) (Free:1466.72 GB) NTFS
Drive w: (Filme) (Network) (Total:2746.22 GB) (Free:1166.54 GB) NTFS
Drive x: (Musik) (Network) (Total:1829.34 GB) (Free:1466.72 GB) NTFS
Drive y: (Musik) (Network) (Total:1829.34 GB) (Free:1466.72 GB) NTFS
Drive z: (Wichtig) (Network) (Total:2746.22 GB) (Free:1166.54 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

FSS:

Zitat:

Farbar Service Scanner Version: 26-07-2013
Ran by praxo_000 (ATTENTION: The logged in user is not administrator) on 26-07-2013 at 13:21:56
Running from "C:\Users\praxo_000\Downloads"
Microsoft Windows 8 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Demand. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-04-12 19:59] - [2013-03-02 11:59] - 2231528 ____A (Microsoft Corporation) B6D52E2C38B49A156E58FF5B9C6CA8BE

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2013-04-12 19:59] - [2013-03-02 04:45] - 3240448 ____A (Microsoft Corporation) 79F95469604B77296346DE7DB463EA2A

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Zitat:

Ran by praxo_000 (ATTENTION: The logged in user is not administrator)

Was hast du bei der Erstellung der Logs keine Adminrechte??

Hab doch geschrieben, dass ich auf dem Pc 2 Nutzer habe. Einmal admin und einmal nen mormalen user.

Auf dem adminAxcount ist atm der gvu Trojaner, weshalb ich mich immer mit dem anderen Account einlogge.

Dass mit dem GVU les ich jetzt erst, hab dein Edit aus dem Post zuvor wohl nicht mitbekommen

Ohne Adminrechte hat man keine reellen Chancen. Versuch mal das:

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

• Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit
• Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
• Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

• Starte den Rechner neu.
• Während dem Hochfahren drücke mehrmals die F8 Taste
• Wähle nun Computer reparieren.
• Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

• Lege die Windows CD in dein Laufwerk.
• Starte den Rechner neu und starte von der CD.
• Wähle die Spracheinstellungen und klicke "Weiter".
• Klicke auf Computerreparaturoptionen !
• Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

• Gib nun bitte notepad ein und drücke Enter.
• Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
  Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
• Schließe Notepad wieder
• Gib nun bitte folgenden Befehl ein.
  e:\frst.exe bzw. e:\frst64.exe
  Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
• Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

Ich koennte das Programm auch einfach "Als Admin starten" oder nutzt das nichts?

Ein Versuch ist es wert.

So hier nochmal das gleiche wie vorhin, nur als Admin ausgeführt, hat sich meiner Meinung nach aber nicht viel geändert:


FIRST.txt:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-07-2013
Ran by admin (administrator) on 26-07-2013 19:31:12
Running from C:\Users\praxo_000\Downloads
Windows 8 Pro (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Users\wfe\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
(Iminent) C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files\Synology\Assistant\UsbClientService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ManyCam LLC) C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Ocs_SM] - C:\Users\wfe\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2013-03-11] (OCS)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [439392 2012-07-26] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [SPUpdSentinel] - "C:\Program Files (x86)\Common Files\Umbrella\umbrella_bkp.exe"  -SERVICEARGS=c [2723368 2013-06-29] (Iminent)
HKCU\...\Run: [ManyCam] - C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe [5399888 2013-01-24] (ManyCam LLC)
HKCU\...\Run: [AdobeBridge] -  [x]
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1635752 2013-05-04] (Valve Corporation)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4270640 2013-03-23] ()
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [Browser Infrastructure Helper] - C:\Users\wfe\AppData\Local\Smartbar\Application\QuickShare.exe [20248 2013-05-12] (Smartbar)
HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVE.EXE [241280 2012-07-12] (SEIKO EPSON CORPORATION)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin [814472 2013-06-16] (Adobe Systems Incorporated)
HKCU\...\Winlogon: [Shell] cmd.exe [404992 2012-07-26] (Microsoft Corporation) <==== ATTENTION 
HKCU\...\Command Processor: "C:\Users\wfe\AppData\Local\Temp\b34btbztdb0vavaw.exe" <======= ATTENTION
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Iminent] - C:\Program Files (x86)\Iminent\Iminent.exe [1074736 2013-01-25] (Iminent)
HKLM-x32\...\Run: [IminentMessenger] - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe [884784 2013-01-25] (Iminent)
HKLM-x32\...\Run: [BambooCore] - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [TrayServer] - C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_17_Download_Version\TrayServer.exe [90112 2008-11-13] (MAGIX AG)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
AppInit_DLLs-x32: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll  [2212304 2013-01-16] ()
Startup: C:\Users\wfe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\wfe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\wfe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\praxo_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\wfe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\wfe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\wfe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=f52d5790-8852-4fe3-92bf-e4dcb16e615a&searchtype=ds&q={searchTerms}&installDate=20/03/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=f52d5790-8852-4fe3-92bf-e4dcb16e615a&searchtype=hp&installDate=20/03/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119828&tt=070312_xn2&babsrc=HP_ss&mntrId=ecd9a27100000000000000e04c1a9b14
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=f52d5790-8852-4fe3-92bf-e4dcb16e615a&searchtype=ds&q={searchTerms}&installDate=20/03/2013
SearchScopes: HKLM - DefaultScope {71588120-FC17-4463-B07D-2C71FE6E057B} URL = hxxp://go.findrsearch.com/search/web?q={searchTerms}
SearchScopes: HKLM - {71588120-FC17-4463-B07D-2C71FE6E057B} URL = hxxp://go.findrsearch.com/search/web?q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=f52d5790-8852-4fe3-92bf-e4dcb16e615a&searchtype=ds&q={searchTerms}&installDate=20/03/2013
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=f52d5790-8852-4fe3-92bf-e4dcb16e615a&searchtype=ds&q={searchTerms}&installDate=20/03/2013
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494531305352&st={searchTerms}&clid=4a6b96bb-d8b1-4c86-aad3-67f687815e96&pid=proxtubede&k=0
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119828&tt=070312_xn2&babsrc=SP_ss&mntrId=ecd9a27100000000000000e04c1a9b14
BHO: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MIF5BA~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
BHO-x32: LyricsTube - {B399EDE8-1525-458C-8DD9-31EADF632D06} - C:\Program Files (x86)\LyricsTube\lrcstube.dll (Hansen & Destar Apps)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MIF5BA~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
Toolbar: HKLM - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
Toolbar: HKLM-x32 - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\wfe\AppData\Roaming\Mozilla\Firefox\Profiles\jhb3q8jg.default
FF user.js: detected! => C:\Users\wfe\AppData\Roaming\Mozilla\Firefox\Profiles\jhb3q8jg.default\user.js
FF NewTab: hxxp://www.delta-search.com/?affID=119370&babsrc=NT_ss&mntrId=ecd9a27100000000000000e04c1a9b14
FF SelectedSearchEngine: Delta Search
FF Homepage: hxxp://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=ecd9a27100000000000000e04c1a9b14
FF NetworkProxy: "autoconfig_url", "data:application/x-ns-proxy-autoconfig;base64,ZnVuY3Rpb24gRmluZFByb3h5Rm9yVVJMKHVybCwgaG9zdCkgewogIGlmICgoaG9zdCA9PSAnd3d3LnlvdXR1YmUuY29tJyAmJiB1cmwuaW5kZXhPZigneW91dHViZS5jb20vd2F0Y2g/dj1RSzhtSkpKdmFlcyZweHRyeT0yJykgIT0gLTEpIHx8IChob3N0LmluZGV4T2YoJ2MueW91dHViZS5jb20nKSAhPSAtMSAmJiB1cmwuaW5kZXhPZignYy55b3V0dWJlLmNvbS92aWRlb3BsYXliYWNrJykgIT0gLTEgJiYgdXJsLmluZGV4T2YoJ2djcj11cycpICE9IC0xKSkKICAgIHJldHVybiAnUFJPWFkgMjA5LjIzOS4xMjAuMTA3OjMxMzEnOwogIHJldHVybiAnRElSRUNUJzsKfQ=="
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @protectdisc.com/NPMPDRM - C:\Program Files (x86)\Common Files\mpDRM\Binaries\NPMPDRM.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\wfe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Users\wfe\AppData\Roaming\Mozilla\Firefox\Profiles\jhb3q8jg.default\searchplugins\Web Search.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\wfe\AppData\Roaming\Mozilla\Firefox\Profiles\jhb3q8jg.default\Extensions\ich@maltegoetz.de
FF Extension: No Name - C:\Users\wfe\AppData\Roaming\Mozilla\Firefox\Profiles\jhb3q8jg.default\Extensions\{f52d5790-8852-4fe3-92bf-e4dcb16e615a}
FF Extension: webbooster - C:\Users\wfe\AppData\Roaming\Mozilla\Firefox\Profiles\jhb3q8jg.default\Extensions\webbooster@iminent.com.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [downloader@finalvideotools.com] C:\Program Files (x86)\FinalVideoDownloader\Firefox
FF Extension: FinalVideoDownloader plugin for Mozilla Firefox - C:\Program Files (x86)\FinalVideoDownloader\Firefox
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF HKCU\...\Firefox\Extensions: [{58bd07eb-0ee0-4df0-8121-dc9b693373df}] C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
FF Extension: BrowserProtect - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
FF HKCU\...\Firefox\Extensions: [lrcsTube@hansanddeta.com] C:\Program Files (x86)\LyricsTube\FF\
FF Extension: No Name - C:\Program Files (x86)\LyricsTube\FF\

Chrome: 
=======
CHR DefaultSearchURL: (Web) - hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=f52d5790-8852-4fe3-92bf-e4dcb16e615a&searchtype=ds&q={searchTerms}&installDate=20/03/2013
CHR DefaultSuggestURL: (Web) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (fluxDVD Browser Plugin) - C:\Program Files (x86)\Common Files\mpDRM\Binaries\NPMPDRM.dll ( )
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\wfe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (ProxTube) - C:\Users\wfe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.1_0
CHR Extension: (FoxyDeal) - C:\Users\wfe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiennapmieppnpfhhogglccgepbdajan\6.2.0_0
CHR Extension: (QuickShare Widget) - C:\Users\wfe\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0
CHR Extension: (LyricsTube) - C:\Users\wfe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bebdghdpchfhbbmfeddkijldlpnkbjkk\1.111_0
CHR Extension: (Freemake Video Converter) - C:\Users\wfe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0
CHR Extension: (BrowserProtect) - C:\Users\wfe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0
CHR HKLM-x32\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\wfe\AppData\LocalLow\proxtube\CHROME\proxtube.crx
CHR HKLM-x32\...\Chrome\Extension: [aiennapmieppnpfhhogglccgepbdajan] - C:\Program Files (x86)\FoxyDeal\foxydeal.crx
CHR HKLM-x32\...\Chrome\Extension: [bebdghdpchfhbbmfeddkijldlpnkbjkk] - C:\Program Files (x86)\LyricsTube\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2550224 2013-01-16] ()
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 SearchAnonymizer; C:\Users\wfe\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2013-03-11] ()
R2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe [2859048 2013-07-15] (Iminent)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation)
R2 UsbClientService; C:\Program Files\Synology\Assistant\UsbClientService.exe [248704 2012-10-22] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-02-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130016 2013-02-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-02-26] (Avira Operations GmbH & Co. KG)
R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [44544 2013-01-15] (ManyCam LLC)
R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [29696 2012-10-11] (ManyCam LLC)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 RTL8023x64; C:\Windows\system32\DRIVERS\Rtnic64.sys [51712 2012-06-02] (Realtek Semiconductor Corporation                           )
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
S3 VSPerfDrv100; c:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-17] (Microsoft Corporation)
S3 VSPerfDrv100; c:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-17] (Microsoft Corporation)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-26] (Microsoft Corporation)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-26] (Microsoft Corporation)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [x]
S1 ipikqsbm; \??\C:\Windows\system32\drivers\ipikqsbm.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-26 19:30 - 2013-07-26 19:30 - 00080529 _____ C:\Users\wfe\Desktop\FRST.txt
2013-07-26 19:30 - 2013-07-26 19:30 - 00080529 _____ C:\Users\wfe\Desktop\FRST.txt
2013-07-26 15:03 - 2013-07-26 15:03 - 03441528 _____ (Solvusoft Corporation                                       ) C:\Users\praxo_000\Downloads\LiteOn_iHOS104_Treiber_Update_07-2013.exe
2013-07-26 13:22 - 2013-07-26 13:22 - 00003554 _____ C:\Users\praxo_000\Desktop\FSS.txt
2013-07-26 13:21 - 2013-07-26 13:21 - 00003554 _____ C:\Users\praxo_000\Downloads\FSS.txt
2013-07-26 13:20 - 2013-07-26 13:20 - 00357145 _____ (Farbar) C:\Users\praxo_000\Downloads\FSS.exe
2013-07-26 13:19 - 2013-07-26 13:32 - 00035252 _____ C:\Users\praxo_000\Desktop\Addition.txt
2013-07-26 13:19 - 2013-07-26 13:30 - 00039186 _____ C:\Users\praxo_000\Desktop\FRST.txt
2013-07-26 12:40 - 2013-07-26 12:40 - 00035252 _____ C:\Users\praxo_000\Downloads\Addition.txt
2013-07-26 12:38 - 2013-07-26 12:38 - 01779853 _____ (Farbar) C:\Users\praxo_000\Downloads\FRST64.exe
2013-07-26 12:38 - 2013-07-26 12:38 - 00000000 ____D C:\FRST
2013-07-25 20:47 - 2013-07-25 20:48 - 00000000 ____D C:\Users\praxo_000\Desktop\Unbenannt
2013-07-25 18:07 - 2013-07-25 18:09 - 734937088 _____ C:\Users\praxo_000\Downloads\KNOPPIX_V7.2.0CD-2013-06-16-DE.iso
2013-07-24 19:46 - 2013-07-24 19:46 - 23730176 _____ (Macrovision Corporation) C:\Users\praxo_000\Downloads\IATA89CD.exe
2013-07-24 19:46 - 2013-07-24 19:46 - 00000000 ____D C:\ProgramData\InstallShield
2013-07-24 18:57 - 2013-07-24 18:57 - 27696104 _____ (Advanced Micro Devices, Inc.) C:\Users\praxo_000\Downloads\13-4_vista_win7_win8_32-64_sb.exe
2013-07-24 18:09 - 2013-07-24 18:09 - 04179293 _____ (Lavalys, Inc.                                               ) C:\Users\praxo_000\Downloads\everesthome220.exe
2013-07-24 18:09 - 2013-07-24 18:09 - 00001106 _____ C:\Users\wfe\Desktop\EVEREST Home Edition.lnk
2013-07-24 18:09 - 2013-07-24 18:09 - 00001106 _____ C:\Users\wfe\Desktop\EVEREST Home Edition.lnk
2013-07-24 18:09 - 2013-07-24 18:09 - 00001106 _____ C:\Users\praxo_000\Desktop\EVEREST Home Edition.lnk
2013-07-24 18:09 - 2013-07-24 18:09 - 00000000 ____D C:\Program Files (x86)\Lavalys
2013-07-23 21:01 - 2013-07-23 21:01 - 01067520 _____ () C:\Users\praxo_000\Downloads\WL0G(1).EXE
2013-07-23 21:01 - 2013-07-23 21:01 - 01064448 _____ () C:\Users\praxo_000\Downloads\WL0F.EXE
2013-07-23 21:00 - 2013-07-23 21:01 - 00039411 _____ C:\DEBUG.TXT
2013-07-23 21:00 - 2013-07-23 21:00 - 01067520 _____ () C:\Users\praxo_000\Downloads\WL0G.EXE
2013-07-23 20:57 - 2013-07-23 20:57 - 00000000 ____D C:\Users\praxo_000\Documents\SmartPack
2013-07-23 20:56 - 2013-07-26 15:03 - 00001905 _____ C:\Users\wfe\Desktop\PLDS SmartPack Utility.lnk
2013-07-23 20:56 - 2013-07-26 15:03 - 00001905 _____ C:\Users\wfe\Desktop\PLDS SmartPack Utility.lnk
2013-07-23 20:56 - 2013-07-26 15:03 - 00000000 ____D C:\Users\wfe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartPack
2013-07-23 20:56 - 2013-07-26 15:03 - 00000000 ____D C:\Program Files (x86)\SmartPack
2013-07-20 15:28 - 2013-07-20 15:28 - 02936240 _____ C:\Users\praxo_000\Downloads\installproXPN.exe
2013-07-20 15:28 - 2013-07-20 15:28 - 00001065 _____ C:\Users\wfe\Desktop\proXPN.lnk
2013-07-20 15:28 - 2013-07-20 15:28 - 00001065 _____ C:\Users\wfe\Desktop\proXPN.lnk
2013-07-20 15:28 - 2013-07-20 15:28 - 00000000 ____D C:\Users\wfe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\proXPN
2013-07-20 15:28 - 2013-07-20 15:28 - 00000000 ____D C:\Program Files (x86)\proXPN

2013-07-14 14:49 - 2013-07-14 14:49 - 00000000 ____D C:\Users\praxo_000\Documents\Benutzerdefinierte Office-Vorlagen
2013-07-14 14:15 - 2013-07-14 14:15 - 00000162 ____H C:\Users\praxo_000\Desktop\~$nährung.odt
2013-07-14 13:38 - 2013-07-14 13:38 - 12779056 _____ C:\Users\praxo_000\Downloads\LOOP 7.wmv

2013-07-13 14:57 - 2013-07-13 14:57 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-13 14:57 - 2013-07-13 14:57 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-13 14:57 - 2013-07-13 14:57 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-13 14:57 - 2013-07-13 14:57 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-13 14:55 - 2013-07-13 14:55 - 00903080 _____ (Oracle Corporation) C:\Users\praxo_000\Downloads\jxpiinstall.exe
2013-07-13 14:51 - 2013-07-13 14:51 - 00000000 ____D C:\Windows\system32\appmgmt
2013-07-13 12:55 - 2013-07-13 12:55 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce7fb78c30f148.job
2013-07-11 17:28 - 2013-07-11 17:28 - 00009166 _____ C:\Users\praxo_000\Downloads\1373556032.html
2013-06-30 20:56 - 2013-06-30 20:56 - 00000404 _____ C:\Users\praxo_000\SciTE.session
2013-06-30 20:18 - 2013-06-30 20:18 - 00000000 ____D C:\Users\praxo_000\AppData\Local\FileTypeAssistant
2013-06-30 11:00 - 2013-06-30 11:00 - 00000000 ____D C:\Users\praxo_000\Desktop\Aufnahmen

2013-06-28 20:10 - 2013-06-28 20:10 - 00000000 ____D C:\Users\praxo_000\AppData\Roaming\Unity
2013-06-28 19:57 - 2013-06-28 19:57 - 00643592 _____ (Unity Technologies ApS) C:\Users\praxo_000\Downloads\UnityWebPlayer.exe
2013-06-28 19:57 - 2013-06-28 19:57 - 00000000 ____D C:\Users\praxo_000\AppData\Local\Unity
2013-06-28 14:29 - 2013-06-28 14:29 - 00000000 ____D C:\Users\praxo_000\AppData\Roaming\Milestone
2013-06-28 14:29 - 2013-06-28 14:29 - 00000000 ____D C:\Users\praxo_000\AppData\Roaming\InstallShield Installation Information
2013-06-27 19:31 - 2013-06-27 19:31 - 00000000 ____D C:\Users\praxo_000\AppData\Roaming\OpenOffice.org
2013-06-26 16:20 - 2013-07-25 20:49 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== One Month Modified Files and Folders =======

2013-07-26 19:31 - 2013-06-11 18:37 - 00000000 ____D C:\Users\praxo_000\AppData\Local\PMB Files
2013-07-26 19:30 - 2013-07-26 19:30 - 00080529 _____ C:\Users\wfe\Desktop\FRST.txt
2013-07-26 19:30 - 2013-07-26 19:30 - 00080529 _____ C:\Users\wfe\Desktop\FRST.txt
2013-07-26 19:23 - 2013-06-11 18:38 - 00000000 ____D C:\Users\praxo_000\AppData\Roaming\Skype
2013-07-26 15:26 - 2013-04-01 20:08 - 00000000 ____D C:\Users\praxo_000\AppData\Roaming\vlc
2013-07-26 15:03 - 2013-07-26 15:03 - 03441528 _____ (Solvusoft Corporation                                       ) C:\Users\praxo_000\Downloads\LiteOn_iHOS104_Treiber_Update_07-2013.exe
2013-07-26 15:03 - 2013-07-23 20:56 - 00001905 _____ C:\Users\wfe\Desktop\PLDS SmartPack Utility.lnk
2013-07-26 15:03 - 2013-07-23 20:56 - 00001905 _____ C:\Users\wfe\Desktop\PLDS SmartPack Utility.lnk
2013-07-26 15:03 - 2013-07-23 20:56 - 00000000 ____D C:\Users\wfe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartPack
2013-07-26 15:03 - 2013-07-23 20:56 - 00000000 ____D C:\Program Files (x86)\SmartPack
2013-07-26 14:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-07-26 13:32 - 2013-07-26 13:19 - 00035252 _____ C:\Users\praxo_000\Desktop\Addition.txt
2013-07-26 13:30 - 2013-07-26 13:19 - 00039186 _____ C:\Users\praxo_000\Desktop\FRST.txt
2013-07-26 13:22 - 2013-07-26 13:22 - 00003554 _____ C:\Users\praxo_000\Desktop\FSS.txt
2013-07-26 13:21 - 2013-07-26 13:21 - 00003554 _____ C:\Users\praxo_000\Downloads\FSS.txt
2013-07-26 13:20 - 2013-07-26 13:20 - 00357145 _____ (Farbar) C:\Users\praxo_000\Downloads\FSS.exe
2013-07-26 12:40 - 2013-07-26 12:40 - 00035252 _____ C:\Users\praxo_000\Downloads\Addition.txt
2013-07-26 12:38 - 2013-07-26 12:38 - 01779853 _____ (Farbar) C:\Users\praxo_000\Downloads\FRST64.exe
2013-07-26 12:38 - 2013-07-26 12:38 - 00000000 ____D C:\FRST
2013-07-26 12:34 - 2013-06-11 18:37 - 00000000 ____D C:\Users\praxo_000\AppData\Local\TSVNCache
2013-07-25 21:01 - 2013-06-16 13:06 - 00006656 _____ C:\Users\praxo_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-25 20:49 - 2013-06-26 16:20 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-25 20:48 - 2013-07-25 20:47 - 00000000 ____D C:\Users\praxo_000\Desktop\Unbenannt
2013-07-25 18:09 - 2013-07-25 18:07 - 734937088 _____ C:\Users\praxo_000\Downloads\KNOPPIX_V7.2.0CD-2013-06-16-DE.iso
2013-07-24 19:46 - 2013-07-24 19:46 - 23730176 _____ (Macrovision Corporation) C:\Users\praxo_000\Downloads\IATA89CD.exe
2013-07-24 19:46 - 2013-07-24 19:46 - 00000000 ____D C:\ProgramData\InstallShield
2013-07-24 18:57 - 2013-07-24 18:57 - 27696104 _____ (Advanced Micro Devices, Inc.) C:\Users\praxo_000\Downloads\13-4_vista_win7_win8_32-64_sb.exe
2013-07-24 18:26 - 2013-02-04 18:33 - 01409015 _____ C:\Windows\WindowsUpdate.log
2013-07-24 18:26 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-07-24 18:13 - 2012-07-26 07:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2013-07-24 18:09 - 2013-07-24 18:09 - 04179293 _____ (Lavalys, Inc.                                               ) C:\Users\praxo_000\Downloads\everesthome220.exe
2013-07-24 18:09 - 2013-07-24 18:09 - 00001106 _____ C:\Users\wfe\Desktop\EVEREST Home Edition.lnk
2013-07-24 18:09 - 2013-07-24 18:09 - 00001106 _____ C:\Users\wfe\Desktop\EVEREST Home Edition.lnk
2013-07-24 18:09 - 2013-07-24 18:09 - 00001106 _____ C:\Users\praxo_000\Desktop\EVEREST Home Edition.lnk
2013-07-24 18:09 - 2013-07-24 18:09 - 00000000 ____D C:\Program Files (x86)\Lavalys
2013-07-23 21:01 - 2013-07-23 21:01 - 01067520 _____ () C:\Users\praxo_000\Downloads\WL0G(1).EXE
2013-07-23 21:01 - 2013-07-23 21:01 - 01064448 _____ () C:\Users\praxo_000\Downloads\WL0F.EXE
2013-07-23 21:01 - 2013-07-23 21:00 - 00039411 _____ C:\DEBUG.TXT
2013-07-23 21:00 - 2013-07-23 21:00 - 01067520 _____ () C:\Users\praxo_000\Downloads\WL0G.EXE
2013-07-23 20:57 - 2013-07-23 20:57 - 00000000 ____D C:\Users\praxo_000\Documents\SmartPack
2013-07-21 16:27 - 2013-04-01 20:08 - 00000000 ____D C:\Users\praxo_000\AppData\Local\CrashDumps
2013-07-20 15:28 - 2013-07-20 15:28 - 02936240 _____ C:\Users\praxo_000\Downloads\installproXPN.exe
2013-07-20 15:28 - 2013-07-20 15:28 - 00001065 _____ C:\Users\wfe\Desktop\proXPN.lnk
2013-07-20 15:28 - 2013-07-20 15:28 - 00001065 _____ C:\Users\wfe\Desktop\proXPN.lnk
2013-07-20 15:28 - 2013-07-20 15:28 - 00000000 ____D C:\Users\wfe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\proXPN
2013-07-20 15:28 - 2013-07-20 15:28 - 00000000 ____D C:\Program Files (x86)\proXPN
2013-07-20 15:28 - 2012-07-26 07:26 - 00000190 _____ C:\Windows\win.ini
2013-07-20 14:53 - 2013-04-04 14:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-20 14:53 - 2013-04-04 14:11 - 00000000 ____D C:\ProgramData\Skype
2013-07-14 14:49 - 2013-07-14 14:49 - 00000000 ____D C:\Users\praxo_000\Documents\Benutzerdefinierte Office-Vorlagen
2013-07-14 14:15 - 2013-07-14 14:15 - 00000162 ____H C:\Users\praxo_000\Desktop\~$nährung.odt
2013-07-13 14:57 - 2013-07-13 14:57 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-13 14:57 - 2013-07-13 14:57 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-13 14:57 - 2013-07-13 14:57 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-13 14:57 - 2013-07-13 14:57 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-13 14:57 - 2013-02-09 18:18 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-13 14:57 - 2013-02-09 18:18 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-13 14:55 - 2013-07-13 14:55 - 00903080 _____ (Oracle Corporation) C:\Users\praxo_000\Downloads\jxpiinstall.exe
2013-07-13 14:51 - 2013-07-13 14:51 - 00000000 ____D C:\Windows\system32\appmgmt
2013-07-13 12:55 - 2013-07-13 12:55 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce7fb78c30f148.job
2013-07-11 17:28 - 2013-07-11 17:28 - 00009166 _____ C:\Users\praxo_000\Downloads\1373556032.html
2013-07-01 19:11 - 2013-06-20 15:06 - 00000244 _____ C:\Users\praxo_000\Desktop\Neues Textdokument.txt
2013-07-01 17:11 - 2013-06-11 18:44 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-06-30 20:56 - 2013-06-30 20:56 - 00000404 _____ C:\Users\praxo_000\SciTE.session
2013-06-30 20:56 - 2013-04-01 15:20 - 00000000 ____D C:\Users\praxo_000
2013-06-30 20:18 - 2013-06-30 20:18 - 00000000 ____D C:\Users\praxo_000\AppData\Local\FileTypeAssistant
2013-06-30 11:00 - 2013-06-30 11:00 - 00000000 ____D C:\Users\praxo_000\Desktop\Aufnahmen
2013-06-29 20:38 - 2013-02-09 01:20 - 00000000 ____D C:\Users\wfe\Desktop\Unbenannt
2013-06-29 20:38 - 2013-02-09 01:20 - 00000000 ____D C:\Users\wfe\Desktop\Unbenannt
2013-06-28 20:10 - 2013-06-28 20:10 - 00000000 ____D C:\Users\praxo_000\AppData\Roaming\Unity
2013-06-28 19:57 - 2013-06-28 19:57 - 00643592 _____ (Unity Technologies ApS) C:\Users\praxo_000\Downloads\UnityWebPlayer.exe
2013-06-28 19:57 - 2013-06-28 19:57 - 00000000 ____D C:\Users\praxo_000\AppData\Local\Unity
2013-06-28 14:35 - 2013-02-04 18:41 - 00154400 _____ C:\Windows\DirectX.log
2013-06-28 14:29 - 2013-06-28 14:29 - 00000000 ____D C:\Users\praxo_000\AppData\Roaming\Milestone
2013-06-28 14:29 - 2013-06-28 14:29 - 00000000 ____D C:\Users\praxo_000\AppData\Roaming\InstallShield Installation Information
2013-06-27 19:31 - 2013-06-27 19:31 - 00000000 ____D C:\Users\praxo_000\AppData\Roaming\OpenOffice.org

Files to move or delete:
====================
C:\ProgramData\rundll32.exe
C:\ProgramData\23lldnur.pad
C:\ProgramData\l01dz.bat
C:\ProgramData\l01dz.pad
C:\ProgramData\l01dz.reg

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-12 17:02

==================== End Of Log ============================
         

--- --- ---



FSS.txt:

Code: Alles auswählenAufklappen

ATTFilter

Farbar Service Scanner Version: 26-07-2013
Ran by admin (administrator) on 26-07-2013 at 19:34:28
Running from "C:\Users\praxo_000\Downloads"
Microsoft Windows 8 Pro  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Demand. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-04-12 19:59] - [2013-03-02 11:59] - 2231528 ____A (Microsoft Corporation) B6D52E2C38B49A156E58FF5B9C6CA8BE

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2013-04-12 19:59] - [2013-03-02 04:45] - 3240448 ____A (Microsoft Corporation) 79F95469604B77296346DE7DB463EA2A

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
         

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code: Alles auswählenAufklappen

ATTFilter

HKCU\...\Winlogon: [Shell] cmd.exe [404992 2012-07-26] (Microsoft Corporation) <==== ATTENTION 
HKCU\...\Command Processor: "C:\Users\wfe\AppData\Local\Temp\b34btbztdb0vavaw.exe" <======= ATTENTION
C:\Users\wfe\AppData\Local\Temp\b34btbztdb0vavaw.exe
C:\Windows\system32\drivers\ipikqsbm.sys
C:\ProgramData\rundll32.exe
C:\ProgramData\23lldnur.pad
C:\ProgramData\l01dz.bat
C:\ProgramData\l01dz.pad
C:\ProgramData\l01dz.reg
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

• Starte nun FRST erneut und klicke den Entfernen Button.
• Das Tool erstellt eine Fixlog.txt.
• Poste mir deren Inhalt.

Code: Alles auswählenAufklappen

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-07-2013
Ran by admin at 2013-07-27 03:27:56 Run:2
Running from C:\Users\praxo_000\Downloads
Boot Mode: Normal
==============================================

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKCU\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
"C:\Users\wfe\AppData\Local\Temp\b34btbztdb0vavaw.exe" => File/Directory not found.
"C:\Windows\system32\drivers\ipikqsbm.sys" => File/Directory not found.
C:\ProgramData\rundll32.exe => Moved successfully.
C:\ProgramData\23lldnur.pad => Moved successfully.
C:\ProgramData\l01dz.bat => Moved successfully.
C:\ProgramData\l01dz.pad => Moved successfully.
C:\ProgramData\l01dz.reg => Moved successfully.

==== End of Fixlog ====
         

Rootkitscan mit GMER

Bitte lade dir GMER herunter: (Dateiname zufällig)

• Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
• Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:

  WARNING !!!
  GMER has found system modification, which might have been caused by ROOTKIT activity.
  Do you want to fully scan your system ?
  

  Unbedingt auf "No" klicken.
• Entferne rechts den Haken bei: IAT/EAT und Show All
• Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
• Starte den Scan mit "Scan".
• Mache nichts am Computer während der Scan läuft.
• Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

• Probiere alternativ den abgesicherten Modus.
• Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

• Starte bitte die mbar.exe.
• Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
• Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
• Klicke auf den CleanUp Button und erlaube den Neustart.
• Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
• Nach dem Neustart starte die mbar.exe erneut.
• Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

So hier mal die 3 Logs.

Habe MBAR 2x durchlaufen lassen. Einmal wurden 3 und einmal 1 Malware entdeckt.

Eine Möglichkeit zum "Neustart" konnt ich allerdings nicht wählen.

GMER-LOG:

Code: Alles auswählenAufklappen

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-29 15:23:33
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD6400AAKS-65A7B0 rev.01.03B01 596,17GB
Running: tmvmht09.exe; Driver: C:\Users\wfe\AppData\Local\Temp\pxloapow.sys


---- Kernel code sections - GMER 2.1 ----

.text   C:\Windows\system32\ntoskrnl.exe!KiCpuId + 988                                                                             fffff8014b07241c 1 byte [21]

---- User code sections - GMER 2.1 ----

.text   C:\Windows\system32\atieclxx.exe[5944] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                        000007f8fe4b177a 4 bytes [4B, FE, F8, 07]
.text   C:\Windows\system32\atieclxx.exe[5944] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                        000007f8fe4b1782 4 bytes [4B, FE, F8, 07]
.text   C:\Windows\system32\atieclxx.exe[5944] C:\Windows\system32\WSOCK32.dll!recvfrom + 742                                      000007f8f9f61b32 4 bytes [F6, F9, F8, 07]
.text   C:\Windows\system32\atieclxx.exe[5944] C:\Windows\system32\WSOCK32.dll!recvfrom + 750                                      000007f8f9f61b3a 4 bytes [F6, F9, F8, 07]
.text   C:\Program Files\Tablet\Pen\Pen_Tablet.exe[4896] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306              000007f8fe4b177a 4 bytes [4B, FE, F8, 07]
.text   C:\Program Files\Tablet\Pen\Pen_Tablet.exe[4896] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314              000007f8fe4b1782 4 bytes [4B, FE, F8, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3740] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                   000007f8f76c1532 4 bytes [6C, F7, F8, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3740] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                   000007f8f76c153a 4 bytes [6C, F7, F8, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3740] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                 000007f8f76c165a 4 bytes [6C, F7, F8, 07]

---- Threads - GMER 2.1 ----

Thread  c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1860:1948]                               00000000517f3810
Thread  c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1860:1952]                               00000000517f3810
Thread  c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1860:1956]                               00000000517f3810
Thread  c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1860:1960]                               00000000517f3810
Thread  c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1860:1964]                               00000000517f3810
Thread  c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1860:1968]                               00000000517f3810
Thread  c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1860:1972]                               00000000517f3810
Thread  c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1860:1976]                               00000000517f3810
Thread  c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1860:1980]                               00000000517f3810
Thread  c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1860:2008]                               00000000517f3810
Thread  c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1860:2012]                               00000000517f3810
Thread  c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1860:1312]                               00000000517f3810
Thread  c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1860:1324]                               00000000517f3810
Thread  c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1860:704]                                00000000517f3810
Thread  c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1860:748]                                00000000517f3810
Thread  c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1860:932]                                00000000517f3810
Thread  c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1860:1372]                               00000000517f3810
Thread  c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1860:328]                                00000000517f3810
Thread  c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1860:2056]                               00000000517f3810
Thread  c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1860:2080]                               00000000517f3810
Thread  c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1860:2324]                               00000000517f3810
Thread  c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1860:2332]                               00000000517f3810
Thread  c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1860:2340]                               00000000517f3810
Thread  c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1860:2344]                               00000000517f3810
Thread  c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1860:3420]                               00000000517f3810
Thread  C:\Windows\system32\csrss.exe [3864:2304]                                                                                  fffff960009ac5e8
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [452:5824]  000007f8f09877b0
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [452:1504]  000007f8f09877b0
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [452:3404]  000007f8fc67e400
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [452:2404]  000007f8fc57b248
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [452:5244]  000007f8fb215990
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [452:1912]  000007f8fbb9b364

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                          2072649943

---- EOF - GMER 2.1 ----
         

MBAR-Log 1:

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.29.04

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16580
admin :: P [limited]

29.07.2013 15:29:47
mbar-log-2013-07-29 (15-29-47).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 335552
Time elapsed: 13 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|shell (PUM.Shell.CMD) -> Data: cmd.exe -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
c:\Users\wfe\AppData\Roaming\2433f433 (Trojan.Agent.TPL) -> Delete on reboot.
c:\Users\wfe\AppData\Local\2433f433 (Trojan.Agent.TPL) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

MBAR-Log2:

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.29.04

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16580
admin :: P [limited]

29.07.2013 15:44:57
mbar-log-2013-07-29 (15-44-57).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 335371
Time elapsed: 12 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|shell (PUM.Shell.CMD) -> Data: cmd.exe -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)