Was tun gegen Ad Ware?

darkrider78 · 01.08.2013, 11:07

Hallo,
ich brauche Hilfe.
Ich habe Ad Ware, weiß aber nicht woher.
Also es werden bestimmte Wörter mit Werbung unterlegt.
Das stört.

Wie kann ich das beseitigen?

schrauber · 01.08.2013, 11:17

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

darkrider78 · 01.08.2013, 11:29

FRST.txt

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-07-2013 04
Ran by Tobias (administrator) on 01-08-2013 12:25:22
Running from C:\Users\Tobias\Desktop
Microsoft Windows 7 Home Premium  (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe
() C:\Windows\system32\PnkBstrA.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Windows\System32\tcpsvcs.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files\RealPlayer\Update\realsched.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFDE.EXE
(Skype Technologies S.A.) C:\Programme\Skype\Phone\Skype.exe
(ICQ) C:\Users\Tobias\AppData\Roaming\ICQM\icq.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Spotify Ltd) C:\Users\Tobias\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\system32\SndVol.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe
(RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
(EJIE Technology) C:\Programme\Clover\clover.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(FileZilla Project) C:\Programme\FileZilla FTP Client\filezilla.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-27] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [4StoryPrePatch] - C:\Spiele\Gameforge4D\4Story_DE\PrePatch.exe [327680 2013-02-19] (Zemi Interactive Inc.)
HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1313672 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [TkBellExe] - C:\Program Files\RealPlayer\Update\realsched.exe [295512 2013-06-29] (RealNetworks, Inc.)
HKLM\...\Run: [(De)Coder Cleaner] - C:\Programme\(De)Coder\Coder.exe [1251328 2007-03-01] (ViaThinkSoft)
HKLM\...\InprocServer32: [Default-cscui]  <==== ATTENTION!
HKCU\...\Run: [EPSON SX210 Series] - C:\Windows\TEMP\E_S2B7D.tmp [126 2013-01-22] ()
HKCU\...\Run: [AshSnap] - C:\Programme\Ashampoo\Ashampoo Snap 4\ashsnap.exe [1528176 2011-04-01] (ashampoo GmbH & Co. KG)
HKCU\...\Run: [Skype] - C:\Programme\Skype\Phone\Skype.exe [19876456 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [icq] - C:\Users\Tobias\AppData\Roaming\ICQM\icq.exe [27598184 2013-05-22] (ICQ)
HKCU\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Tobias\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-07] (Spotify Ltd)
MountPoints2: {7bc8f8a4-9144-11e2-87fe-6c626d60f91a} - I:\Launcher\LAUNCHER.EXE
MountPoints2: {97f7a171-4bbb-11e2-9840-806e6f6e6963} - E:\Launcher\LAUNCHER.EXE
HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [x]
HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()
HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [x]
Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Driver Parallel Lines.LNK
ShortcutTarget: Registration Driver Parallel Lines.LNK -> C:\Spiele\Driver Parallel Lines\Register\RegistrationReminder.exe ()
Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk
ShortcutTarget: SpeedFan.lnk -> C:\Programme\SpeedFan\speedfan.exe (Almico Software (www.almico.com))

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
SearchScopes: HKCU - DefaultScope {6D096609-3978-44B8-A0AF-15C92B77D9DF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKCU - {6D096609-3978-44B8-A0AF-15C92B77D9DF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=15527&prt=NIS&chn=retail&geo=DE&ver=20&locale=de_DE&tpr=111
SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC8} URL = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
BHO: ExplorerWatcher Class - {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - C:\Programme\Clover\TabHelper32.dll (EJIE Technology)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -&Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU -Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 83.169.185.225 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default
FF user.js: detected! => C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\user.js
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - C:\Program Files\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - C:\Program Files\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\searchplugins\safesearch.xml
FF SearchPlugin: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\searchplugins\speedfox.xml
FF SearchPlugin: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\searchplugins\webde-suche.xml
FF Extension: Battlefield Heroes Updater - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\battlefieldheroespatcher@ea.com
FF Extension: Battlefield Play4Free - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\battlefieldplay4free@ea.com
FF Extension: BrowserAdditions - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\toolbarbutton@browseradditions.com
FF Extension: No Name - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF Extension: WOT - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: about-addons-memory - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\about-addons-memory@tn123.org.xpi
FF Extension: autopager - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\autopager@mozilla.org.xpi
FF Extension: jid0-nEKQbsVUhSe9FRuGEdAV8hAphDI - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\jid0-nEKQbsVUhSe9FRuGEdAV8hAphDI@jetpack.xpi
FF Extension: jid1-uabu5A9hduqzCw - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\jid1-uabu5A9hduqzCw@jetpack.xpi
FF Extension: sharemenot - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\sharemenot@franziroesner.com.xpi
FF Extension: SkipScreen - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\SkipScreen@SkipScreen.xpi
FF Extension: support - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\support@free-hideip.com.xpi
FF Extension: toolbar - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\toolbar@gmx.net.xpi
FF Extension: No Name - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
FF Extension: No Name - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi
FF Extension: No Name - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
FF Extension: No Name - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
FF Extension: No Name - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF Extension: No Name - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: No Name - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: No Name - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: No Name - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF StartMenuInternet: FIREFOX.EXE - C:\Programme\Mozilla Firefox\firefox.exe

========================== Services (Whitelisted) =================

R2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-17] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
R2 MSSQLSERVER; c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [42884448 2010-04-03] (Microsoft Corporation)
R2 NIS; C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-02-13] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S4 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [162408 2013-06-21] (Skype Technologies)
S4 SQLSERVERAGENT; c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [367456 2010-04-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [19688 2012-09-21] (Logitech Inc.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-05-31] (Symantec Corporation)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130731.001\IDSvix86.sys [386720 2012-12-20] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130731.018\NAVENG.SYS [93272 2013-05-31] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130731.018\NAVEX15.SYS [1611992 2013-05-31] (Symantec Corporation)
S4 RsFx0150; C:\Windows\System32\DRIVERS\RsFx0150.sys [240608 2010-04-03] (Microsoft Corporation)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
R1 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1404000.028\SYMNETS.SYS [339544 2013-04-25] (Symantec Corporation)
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-01 12:25 - 2013-08-01 12:25 - 00000000 ____D C:\FRST
2013-08-01 12:23 - 2013-08-01 12:23 - 01222064 _____ (Farbar) C:\Users\Tobias\Desktop\FRST.exe
2013-07-28 13:59 - 2013-07-28 13:59 - 00001175 _____ C:\Users\Tobias\JannisTuer.schematic
2013-07-27 17:19 - 2013-07-27 17:19 - 00010059 _____ C:\Users\Tobias\config.yml
2013-07-27 05:32 - 2013-07-27 05:32 - 00006483 _____ C:\Users\Tobias\Documents\config bm.yml
2013-07-27 03:03 - 2013-07-27 03:03 - 00000094 _____ C:\Users\Tobias\Desktop\penny arbeitszeiten.txt
2013-07-26 17:37 - 2013-07-26 17:36 - 00001027 _____ C:\Users\Tobias\Desktop\healcommand.java
2013-07-26 15:22 - 2013-07-27 16:57 - 00000000 ____D C:\Users\Tobias\Desktop\server
2013-07-26 15:09 - 2013-07-27 16:26 - 00000000 ____D C:\Users\Tobias\workspace
2013-07-26 15:07 - 2013-07-26 15:14 - 00000000 ____D C:\Users\Tobias\Desktop\java
2013-07-26 15:04 - 2013-07-26 15:07 - 208584371 _____ C:\Users\Tobias\Downloads\eclipse-standard-kepler-R-win32.zip
2013-07-26 14:55 - 2013-07-26 14:55 - 00000000 ____D C:\Users\Tobias\Downloads\BanManager
2013-07-26 14:52 - 2013-07-26 14:52 - 00349473 _____ C:\Users\Tobias\Downloads\BanManager.zip
2013-07-26 13:12 - 2013-07-26 13:12 - 00000000 ____D C:\Users\Tobias\Downloads\Kontaktformular - 2013-07-26--13-09-49
2013-07-26 13:09 - 2013-07-26 13:09 - 00008870 _____ C:\Users\Tobias\Downloads\Kontaktformular - 2013-07-26--13-09-49.zip
2013-07-25 16:02 - 2013-07-25 16:02 - 00015312 _____ C:\Users\Tobias\Downloads\BastiBar.schematic
2013-07-23 20:15 - 2013-07-23 20:15 - 00000032 _____ C:\Users\Tobias\Desktop\ghyh.txt
2013-07-23 10:54 - 2013-07-23 10:54 - 00002527 _____ C:\Users\Tobias\Documents\index.yml
2013-07-23 09:33 - 2013-07-23 09:33 - 08755133 _____ C:\Users\Tobias\Downloads\server drasilx.log
2013-07-22 05:06 - 2013-07-22 05:06 - 00429035 _____ C:\Users\Tobias\Downloads\SeasideSetup_1.02.zip
2013-07-20 18:05 - 2013-07-20 18:05 - 04127501 _____ C:\Users\Tobias\Downloads\server2066.log
2013-07-19 17:28 - 2013-07-19 17:28 - 00367332 _____ (hxxp://magiclauncher.com) C:\Users\Tobias\Desktop\MagicLauncher_1.1.7.exe
2013-07-18 05:44 - 2013-07-18 05:44 - 00034048 _____ C:\Users\Tobias\Documents\knopf.mcx
2013-07-18 05:44 - 2013-07-18 05:44 - 00000631 _____ C:\Users\Tobias\Documents\B u E.txt
2013-07-18 05:43 - 2013-07-18 21:55 - 00000859 _____ C:\Users\Tobias\Desktop\Teamkonfi.txt
2013-07-18 05:28 - 2013-07-18 05:28 - 00113546 _____ C:\Users\Tobias\Downloads\SimpleRegionMarket.jar
2013-07-15 00:28 - 2013-07-23 10:54 - 00002738 _____ C:\Users\Tobias\Desktop\new  2.yml
2013-07-15 00:28 - 2013-07-15 00:28 - 00000773 _____ C:\Users\Tobias\Desktop\new  3.yml
2013-07-15 00:27 - 2013-07-15 00:27 - 00000152 _____ C:\Users\Tobias\Desktop\blop
2013-07-14 20:26 - 2013-07-14 20:27 - 24083257 _____ (Disruptive Innovations SAS                                  ) C:\Users\Tobias\Downloads\bluegriffon-1.7.2.exe
2013-07-14 18:08 - 2013-07-14 18:10 - 00000077 _____ C:\Users\Tobias\Desktop\versuch.bat
2013-07-13 13:26 - 2013-07-13 21:14 - 00000077 _____ C:\Users\Tobias\Desktop\frage.txt
2013-07-10 22:10 - 2013-07-10 22:10 - 00182242 _____ C:\Users\Tobias\Desktop\inventorytweaks-1.54b.jar
2013-07-09 22:13 - 2013-07-09 22:13 - 00143984 _____ C:\Windows\Minidump\070913-38142-01.dmp
2013-07-09 03:11 - 2013-07-09 20:35 - 00000000 ____D C:\Users\Tobias\Downloads\addons firefox
2013-07-09 00:23 - 2013-07-09 00:23 - 175751730 _____ C:\Users\Tobias\Desktop\sicherung 09.07.13.reg
2013-07-08 20:56 - 2013-07-08 20:56 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\SQL Maestro Group
2013-07-08 20:55 - 2013-07-08 20:55 - 00000904 _____ C:\Users\Tobias\Desktop\SQLite Maestro.lnk
2013-07-08 20:55 - 2013-07-08 20:55 - 00000000 ____D C:\Program Files\Common Files\SQL Maestro Group
2013-07-07 18:08 - 2013-07-08 20:48 - 00001228 _____ C:\Users\Tobias\Desktop\team.txt
2013-07-07 10:01 - 2013-07-07 10:01 - 00000000 ____D C:\Users\Tobias\Downloads\Nitrado Forum
2013-07-06 22:05 - 2013-07-06 22:05 - 00036366 _____ C:\Users\Tobias\Desktop\crash-2013-07-06_21.51.44-server.txt
2013-07-06 09:54 - 2013-07-06 09:55 - 00143984 _____ C:\Windows\Minidump\070613-52712-01.dmp
2013-07-05 14:13 - 2013-07-05 17:14 - 04709883 _____ C:\Users\Tobias\Downloads\server050713.log
2013-07-04 20:19 - 2013-07-04 20:20 - 00001290 _____ C:\Users\Tobias\Desktop\sssss.txt
2013-07-04 17:20 - 2013-07-04 17:20 - 05555594 _____ C:\Users\Tobias\Downloads\worldedit.log
2013-07-04 17:03 - 2013-07-04 17:03 - 00000076 _____ C:\Users\Tobias\Desktop\Minecraft.bat
2013-07-04 10:57 - 2013-07-04 10:57 - 00484992 _____ C:\Users\Tobias\Desktop\Minecraft 1.6.1.exe
2013-07-04 10:31 - 2013-07-04 10:31 - 00000000 ____D C:\Users\Tobias\AppData\Local\Craften_Dev_Team
2013-07-04 10:24 - 2013-07-04 10:24 - 03535048 _____ (PasswdFinder                                                ) C:\Users\Tobias\Downloads\PasswdFinderInstaller_1.0.0.22.exe
2013-07-04 10:24 - 2013-07-04 10:24 - 00000796 _____ C:\Users\Public\Desktop\PasswdFinder.lnk
2013-07-04 09:43 - 2013-07-04 09:44 - 00000000 ____D C:\Users\Tobias\workspace2
2013-07-04 09:43 - 2013-07-04 09:43 - 00000000 ____D C:\Users\Tobias\AppData\Local\Eclipse
2013-07-04 09:33 - 2013-07-04 09:35 - 00000000 ____D C:\Users\Tobias\Documents\workspace
2013-07-04 08:52 - 2013-07-04 08:52 - 34103034 _____ C:\Users\Tobias\Desktop\Ultimate_Server.zip
2013-07-04 08:40 - 2013-07-07 20:40 - 06579466 _____ C:\Users\Tobias\Desktop\server030713.log
2013-07-04 08:19 - 2013-07-06 18:40 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\ftblauncher
2013-07-03 16:51 - 2013-07-03 16:51 - 01567102 _____ C:\Users\Tobias\Documents\Multiverse-Core-2.5.jar
2013-07-03 16:51 - 2013-07-03 16:51 - 00000000 ____D C:\Users\Tobias\Documents\Multiverse-Core
2013-07-03 16:48 - 2013-07-03 16:49 - 00000000 ____D C:\Users\Tobias\Documents\WorldEdit

==================== One Month Modified Files and Folders =======

2013-08-01 12:24 - 2012-12-21 18:37 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Skype
2013-08-01 12:23 - 2013-08-01 12:23 - 01222064 _____ (Farbar) C:\Users\Tobias\Desktop\FRST.exe
2013-08-01 12:21 - 2012-12-21 18:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-01 12:04 - 2012-12-21 18:59 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\FileZilla
2013-08-01 10:59 - 2012-12-21 23:03 - 00000000 ____D C:\Users\Tobias\Downloads\plugins
2013-07-31 16:24 - 2013-05-26 18:33 - 00000000 ____D C:\Users\Tobias\Tracing
2013-07-31 16:19 - 2009-07-14 06:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-31 16:19 - 2009-07-14 06:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-31 16:15 - 2012-12-21 14:23 - 00632365 _____ C:\Windows\WindowsUpdate.log
2013-07-31 16:12 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-31 16:12 - 2009-07-14 06:39 - 00108147 _____ C:\Windows\setupact.log
2013-07-29 13:36 - 2012-12-23 17:10 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\SoftGrid Client
2013-07-29 09:19 - 2013-01-12 13:43 - 00000000 ____D C:\Users\Tobias\AppData\Local\Adobe
2013-07-29 09:19 - 2012-12-21 18:40 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-07-29 09:19 - 2012-12-21 18:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-07-29 00:38 - 2012-12-21 18:23 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\.minecraft
2013-07-28 19:32 - 2013-06-15 17:05 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Spotify
2013-07-28 13:59 - 2013-07-28 13:59 - 00001175 _____ C:\Users\Tobias\JannisTuer.schematic
2013-07-28 13:59 - 2012-12-21 14:30 - 00000000 ____D C:\Users\Tobias
2013-07-27 18:57 - 2012-12-21 18:45 - 00000000 ____D C:\Users\Tobias\Downloads\Mods
2013-07-27 17:19 - 2013-07-27 17:19 - 00010059 _____ C:\Users\Tobias\config.yml
2013-07-27 16:57 - 2013-07-26 15:22 - 00000000 ____D C:\Users\Tobias\Desktop\server
2013-07-27 16:26 - 2013-07-26 15:09 - 00000000 ____D C:\Users\Tobias\workspace
2013-07-27 05:32 - 2013-07-27 05:32 - 00006483 _____ C:\Users\Tobias\Documents\config bm.yml
2013-07-27 03:10 - 2012-12-23 16:16 - 00000000 ____D C:\Users\Tobias\Documents\My Games
2013-07-27 03:03 - 2013-07-27 03:03 - 00000094 _____ C:\Users\Tobias\Desktop\penny arbeitszeiten.txt
2013-07-26 18:25 - 2013-06-15 17:06 - 00000000 ____D C:\Users\Tobias\AppData\Local\Spotify
2013-07-26 17:36 - 2013-07-26 17:37 - 00001027 _____ C:\Users\Tobias\Desktop\healcommand.java
2013-07-26 15:14 - 2013-07-26 15:07 - 00000000 ____D C:\Users\Tobias\Desktop\java
2013-07-26 15:08 - 2012-12-21 17:30 - 00000000 ____D C:\Programme
2013-07-26 15:07 - 2013-07-26 15:04 - 208584371 _____ C:\Users\Tobias\Downloads\eclipse-standard-kepler-R-win32.zip
2013-07-26 14:55 - 2013-07-26 14:55 - 00000000 ____D C:\Users\Tobias\Downloads\BanManager
2013-07-26 14:52 - 2013-07-26 14:52 - 00349473 _____ C:\Users\Tobias\Downloads\BanManager.zip
2013-07-26 13:12 - 2013-07-26 13:12 - 00000000 ____D C:\Users\Tobias\Downloads\Kontaktformular - 2013-07-26--13-09-49
2013-07-26 13:09 - 2013-07-26 13:09 - 00008870 _____ C:\Users\Tobias\Downloads\Kontaktformular - 2013-07-26--13-09-49.zip
2013-07-25 16:02 - 2013-07-25 16:02 - 00015312 _____ C:\Users\Tobias\Downloads\BastiBar.schematic
2013-07-25 15:34 - 2010-06-29 15:26 - 01682084 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-23 20:15 - 2013-07-23 20:15 - 00000032 _____ C:\Users\Tobias\Desktop\ghyh.txt
2013-07-23 10:54 - 2013-07-23 10:54 - 00002527 _____ C:\Users\Tobias\Documents\index.yml
2013-07-23 10:54 - 2013-07-15 00:28 - 00002738 _____ C:\Users\Tobias\Desktop\new  2.yml
2013-07-23 09:33 - 2013-07-23 09:33 - 08755133 _____ C:\Users\Tobias\Downloads\server drasilx.log
2013-07-22 22:48 - 2012-12-21 19:05 - 00000000 ____D C:\Users\Tobias\Documents\Nitrado
2013-07-22 05:06 - 2013-07-22 05:06 - 00429035 _____ C:\Users\Tobias\Downloads\SeasideSetup_1.02.zip
2013-07-21 16:18 - 2012-12-21 18:11 - 00095216 _____ C:\Windows\PFRO.log
2013-07-20 18:05 - 2013-07-20 18:05 - 04127501 _____ C:\Users\Tobias\Downloads\server2066.log
2013-07-19 17:28 - 2013-07-19 17:28 - 00367332 _____ (hxxp://magiclauncher.com) C:\Users\Tobias\Desktop\MagicLauncher_1.1.7.exe
2013-07-18 21:55 - 2013-07-18 05:43 - 00000859 _____ C:\Users\Tobias\Desktop\Teamkonfi.txt
2013-07-18 05:44 - 2013-07-18 05:44 - 00034048 _____ C:\Users\Tobias\Documents\knopf.mcx
2013-07-18 05:44 - 2013-07-18 05:44 - 00000631 _____ C:\Users\Tobias\Documents\B u E.txt
2013-07-18 05:28 - 2013-07-18 05:28 - 00113546 _____ C:\Users\Tobias\Downloads\SimpleRegionMarket.jar
2013-07-15 04:50 - 2013-02-20 19:24 - 00000000 ____D C:\Users\Tobias\Downloads\Homepage
2013-07-15 02:20 - 2013-02-20 17:03 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Webocton - Scriptly
2013-07-15 00:32 - 2012-12-21 23:15 - 00000000 ____D C:\Users\Tobias\Downloads\Bukkit
2013-07-15 00:28 - 2013-07-15 00:28 - 00000773 _____ C:\Users\Tobias\Desktop\new  3.yml
2013-07-15 00:27 - 2013-07-15 00:27 - 00000152 _____ C:\Users\Tobias\Desktop\blop
2013-07-14 20:29 - 2013-02-20 14:57 - 00000784 _____ C:\Users\Public\Desktop\BlueGriffon.lnk
2013-07-14 20:27 - 2013-07-14 20:26 - 24083257 _____ (Disruptive Innovations SAS                                  ) C:\Users\Tobias\Downloads\bluegriffon-1.7.2.exe
2013-07-14 18:10 - 2013-07-14 18:08 - 00000077 _____ C:\Users\Tobias\Desktop\versuch.bat
2013-07-13 21:14 - 2013-07-13 13:26 - 00000077 _____ C:\Users\Tobias\Desktop\frage.txt
2013-07-13 20:49 - 2013-06-26 00:59 - 00000000 ____D C:\Users\Tobias\Documents\Prototype
2013-07-11 18:23 - 2012-12-25 23:51 - 00000048 _____ C:\Users\Tobias\Desktop\lastlogin
2013-07-11 12:33 - 2012-12-21 19:28 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\TS3Client
2013-07-10 22:10 - 2013-07-10 22:10 - 00182242 _____ C:\Users\Tobias\Desktop\inventorytweaks-1.54b.jar
2013-07-10 18:04 - 2012-12-21 18:37 - 00000000 ____D C:\ProgramData\Skype
2013-07-09 22:13 - 2013-07-09 22:13 - 00143984 _____ C:\Windows\Minidump\070913-38142-01.dmp
2013-07-09 22:13 - 2013-01-03 03:52 - 00000000 ____D C:\Windows\Minidump
2013-07-09 22:12 - 2013-01-03 03:52 - 345077490 _____ C:\Windows\MEMORY.DMP
2013-07-09 20:35 - 2013-07-09 03:11 - 00000000 ____D C:\Users\Tobias\Downloads\addons firefox
2013-07-09 00:52 - 2013-06-22 21:56 - 00000000 ____D C:\Users\Tobias\Downloads\Windows
2013-07-09 00:23 - 2013-07-09 00:23 - 175751730 _____ C:\Users\Tobias\Desktop\sicherung 09.07.13.reg
2013-07-08 20:56 - 2013-07-08 20:56 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\SQL Maestro Group
2013-07-08 20:55 - 2013-07-08 20:55 - 00000904 _____ C:\Users\Tobias\Desktop\SQLite Maestro.lnk
2013-07-08 20:55 - 2013-07-08 20:55 - 00000000 ____D C:\Program Files\Common Files\SQL Maestro Group
2013-07-08 20:48 - 2013-07-07 18:08 - 00001228 _____ C:\Users\Tobias\Desktop\team.txt
2013-07-07 20:40 - 2013-07-04 08:40 - 06579466 _____ C:\Users\Tobias\Desktop\server030713.log
2013-07-07 10:01 - 2013-07-07 10:01 - 00000000 ____D C:\Users\Tobias\Downloads\Nitrado Forum
2013-07-06 22:05 - 2013-07-06 22:05 - 00036366 _____ C:\Users\Tobias\Desktop\crash-2013-07-06_21.51.44-server.txt
2013-07-06 18:40 - 2013-07-04 08:19 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\ftblauncher
2013-07-06 09:55 - 2013-07-06 09:54 - 00143984 _____ C:\Windows\Minidump\070613-52712-01.dmp
2013-07-05 17:14 - 2013-07-05 14:13 - 04709883 _____ C:\Users\Tobias\Downloads\server050713.log
2013-07-04 20:20 - 2013-07-04 20:19 - 00001290 _____ C:\Users\Tobias\Desktop\sssss.txt
2013-07-04 17:20 - 2013-07-04 17:20 - 05555594 _____ C:\Users\Tobias\Downloads\worldedit.log
2013-07-04 17:03 - 2013-07-04 17:03 - 00000076 _____ C:\Users\Tobias\Desktop\Minecraft.bat
2013-07-04 10:57 - 2013-07-04 10:57 - 00484992 _____ C:\Users\Tobias\Desktop\Minecraft 1.6.1.exe
2013-07-04 10:35 - 2013-01-07 17:58 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Minecraft Version Changer
2013-07-04 10:31 - 2013-07-04 10:31 - 00000000 ____D C:\Users\Tobias\AppData\Local\Craften_Dev_Team
2013-07-04 10:24 - 2013-07-04 10:24 - 03535048 _____ (PasswdFinder                                                ) C:\Users\Tobias\Downloads\PasswdFinderInstaller_1.0.0.22.exe
2013-07-04 10:24 - 2013-07-04 10:24 - 00000796 _____ C:\Users\Public\Desktop\PasswdFinder.lnk
2013-07-04 09:44 - 2013-07-04 09:43 - 00000000 ____D C:\Users\Tobias\workspace2
2013-07-04 09:43 - 2013-07-04 09:43 - 00000000 ____D C:\Users\Tobias\AppData\Local\Eclipse
2013-07-04 09:35 - 2013-07-04 09:33 - 00000000 ____D C:\Users\Tobias\Documents\workspace
2013-07-04 08:52 - 2013-07-04 08:52 - 34103034 _____ C:\Users\Tobias\Desktop\Ultimate_Server.zip
2013-07-04 08:20 - 2012-12-21 19:08 - 00000000 ____D C:\Spiele
2013-07-03 18:11 - 2013-06-25 19:30 - 03019052 _____ C:\Users\Tobias\Desktop\server 250613.log
2013-07-03 16:51 - 2013-07-03 16:51 - 01567102 _____ C:\Users\Tobias\Documents\Multiverse-Core-2.5.jar
2013-07-03 16:51 - 2013-07-03 16:51 - 00000000 ____D C:\Users\Tobias\Documents\Multiverse-Core
2013-07-03 16:49 - 2013-07-03 16:48 - 00000000 ____D C:\Users\Tobias\Documents\WorldEdit
2013-07-03 16:49 - 2012-12-22 14:55 - 00828135 _____ C:\Users\Tobias\Documents\WorldEdit.jar

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 12:11

==================== End Of Log ============================

--- --- ---

Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-07-2013 04
Ran by Tobias at 2013-08-01 12:26:26
Running from C:\Users\Tobias\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

(De)Coder 4.1 Public Beta 4b (Version: 4.1.0.0)
4Story DE 4.1.176
Access 97rt PAN EURO G
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 3.2.0.2070)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader XI (11.0.02) - Deutsch (Version: 11.0.02)
Adobe Shockwave Player 12.0 (Version: 12.0.0.112)
AMP WinOFF 5.0.1 (Version: 5.0.1)
Anti-Twin (Installation 6/5/2013)
Any Video Converter 5 5.0.2
Ashampoo Snap 4 v.4.3.0 (Version: 4.3.0)
ATI Catalyst Install Manager (Version: 3.0.778.0)
Battlefield Heroes
Battlefield Play4Free
BlueGriffon Version 1.7.2 (Version: 1.7.2)
CameraHelperMsi (Version: 13.51.815.0)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0527.1242.20909)
Catalyst Control Center InstallProxy (Version: 2010.0527.1242.20909)
Catalyst Control Center Localization All (Version: 2010.0527.1242.20909)
CCC Help Danish (Version: 2010.0527.1241.20909)
CCC Help Dutch (Version: 2010.0527.1241.20909)
CCC Help English (Version: 2010.0527.1241.20909)
CCC Help Finnish (Version: 2010.0527.1241.20909)
CCC Help French (Version: 2010.0527.1241.20909)
CCC Help German (Version: 2010.0527.1241.20909)
CCC Help Italian (Version: 2010.0527.1241.20909)
CCC Help Japanese (Version: 2010.0527.1241.20909)
CCC Help Norwegian (Version: 2010.0527.1241.20909)
CCC Help Spanish (Version: 2010.0527.1241.20909)
CCC Help Swedish (Version: 2010.0527.1241.20909)
ccc-core-static (Version: 2010.0527.1242.20909)
ccc-utility (Version: 2010.0527.1242.20909)
Cheat Engine 6.2
Clover 3.0 (Version: 3.0)
CorelDRAW Essentials 4
CorelDRAW Essentials 4 - Content (Version: 4.0)
CorelDRAW Essentials 4 - Draw (Version: 4.0)
CorelDRAW Essentials 4 - Filters (Version: 4.0)
CorelDRAW Essentials 4 - ICA (Version: 4.0)
CorelDRAW Essentials 4 - IPM - No VBA (Version: 4.0)
CorelDRAW Essentials 4 - Lang BR (Version: 4.0)
CorelDRAW Essentials 4 - Lang DE (Version: 4.0)
CorelDRAW Essentials 4 - Lang EN (Version: 4.0)
CorelDRAW Essentials 4 - Lang ES (Version: 4.0)
CorelDRAW Essentials 4 - Lang FR (Version: 4.0)
CorelDRAW Essentials 4 - Lang IT (Version: 4.0)
CorelDRAW Essentials 4 - Lang NL (Version: 4.0)
CorelDRAW Essentials 4 - PHOTO-PAINT (Version: 4.0)
CorelDRAW Essentials 4 - Windows Shell Extension
CorelDRAW Essentials 4 - Windows Shell Extension (Version: 1.1)
CorelDRAW Essentials 4 (Version: 4.0)
Counter-Strike: Source
Counter-Strike: Source Beta
Craften Terminal 3.3.4897.28268 (Version: 3.3.4897.28268)
Cross Fire En
CyberLink LabelPrint (Version: 2.5.2515)
CyberLink Power2Go (Version: 6.1.3602c)
CyberLink PowerDVD Copy (Version: 1.5.1306)
Day of Defeat: Source
Driver: Parallel Lines (Version: 1.00.0000)
Druckerdeinstallation für EPSON SX210 Series
EPSON Scan
erLT (Version: 1.20.138.34)
FileZilla Client 3.7.1 (HKCU Version: 3.7.1)
Gameforge Live 1.4.0 "Legend" (Version: 1.4.0)
Half-Life 2: Deathmatch
Half-Life 2: Lost Coast
ICQ 8.0 (build 6019) (HKCU Version: 8.0.6019.0)
Intel(R) Rapid Storage Technology (Version: 9.6.0.1014)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
jose (Version: 1.3)
Junk Mail filter update (Version: 14.0.8117.416)
KC Softwares SUMo (Version: 3.7.0.203)
Logitech Webcam-Software (Version: 2.51)
LWS Facebook (Version: 13.50.854.0)
LWS Gallery (Version: 13.51.827.0)
LWS Help_main (Version: 13.51.828.0)
LWS Launcher (Version: 13.51.828.0)
LWS Motion Detection (Version: 13.51.815.0)
LWS Pictures And Video (Version: 13.51.815.0)
LWS Twitter (Version: 13.30.1346.0)
LWS Webcam Software (Version: 13.51.815.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.31.1038.0)
MacroX 3.1 (Version: 3.1)
Magical Jelly Bean PasswdFinder (Version: 1.0.0.22)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Medion Home Cinema (Version: 6.0.0000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft IntelliType Pro 8.2 (Version: 8.20.468.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (Version: 14.0.4763.1000)
Microsoft Search Enhancement Pack (Version: 3.0.126.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [DEU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2 Native Client (Version: 10.50.1600.1)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.50.1600.1)
Microsoft SQL Server 2008 R2 Setup (English) (Version: 10.50.1600.1)
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.1.2731.0)
Microsoft SQL Server Browser (Version: 10.50.1600.1)
Microsoft SQL Server VSS Writer (Version: 10.50.1600.1)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MozBackup 1.5.1
Mozilla Firefox 19.0 (x86 de) (Version: 19.0)
Mozilla Firefox 22.0 (x86 de) (HKCU Version: 22.0)
Mozilla Maintenance Service (Version: 19.0)
MSVCRT (Version: 14.0.1468.721)
Need For Speed™ World (Version: 1.0.0.1229)
No23 Recorder (Version: 2.1.0.3)
Norton Internet Security CBE (Version: 20.4.0.40)
Nostale(DE)
Notepad++ (Version: 6.3.2)
Pando Media Booster (Version: 2.6.0.9)
Pinnacle VideoSpin (Version: 2.0.0.669)
PlayReady PC Runtime x86 (Version: 1.3.0)
PunkBuster Services (Version: 0.990)
RealDownloader (Version: 1.3.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.2)
Realtek Ethernet Controller Driver (Version: 7.53.216.2012)
Realtek High Definition Audio Driver (Version: 6.0.1.6591)
RealUpgrade 1.1 (Version: 1.1.0)
SimCity 3000 Deutschland
Skype Click to Call (Version: 6.3.11079)
Skype™ 6.6 (Version: 6.6.106)
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Spotify (HKCU Version: 0.9.1.57.ge7405149)
SQL Server 2008 R2 Common Files (Version: 10.50.1600.1)
SQL Server 2008 R2 Database Engine Services (Version: 10.50.1600.1)
SQL Server 2008 R2 Database Engine Shared (Version: 10.50.1600.1)
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1)
SQLite Maestro 12.11
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
Team Fortress 2
TeamSpeak 3 Client (Version: 3.0.10.1)
Tunatic
VLC media player 2.0.5 (Version: 2.0.5)
Webocton - Scriptly 0.8.95.6 (Version: 0.8.95.6)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Fotogalerie (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Toolbar (Version: 14.0.8117.416)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
WinRAR 4.20 (32-Bit) (Version: 4.20.0)
 

==================== Restore Points  =========================

13-07-2013 00:05:55 Geplanter Prüfpunkt
23-07-2013 10:18:30 Geplanter Prüfpunkt
31-07-2013 20:33:28 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {08EE6401-DD14-4FE7-92D9-D71573A72BCC} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2009-07-14] (Microsoft Corporation)
Task: {10960DDD-FD47-45F3-AB88-7CE6A1CB7B75} - System32\Tasks\{741E510B-C728-4BEB-B0B1-276EFE0C5610} => c:\programme\mozilla firefox\firefox.exe [2013-07-04] (Mozilla Corporation)
Task: {12FB7E7B-D571-4C3C-80F1-DB612BC06C40} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-567156585-1928788911-4159497032-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {1DDFBC1E-F1C5-426C-A4DE-0D5DF4E7206D} - System32\Tasks\{CEAFC4C6-E2DD-4E3B-A129-F6C2919C1F26} => C:\Spiele\SimCity 3000 Deutschland\Apps\SC3U.EXE [2000-04-19] (Maxis)
Task: {24B3D032-0556-4489-829F-0B2F137F7F06} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {35B4517D-47F9-4D6B-8292-0DEF8C925CC2} - System32\Tasks\Norton Internet Security CBE\Norton Error Analyzer => C:\Program Files\Norton Internet Security CBE\Engine\20.2.0.19\SymErr.exe No File
Task: {4DC810C2-9751-423E-BA7D-0DE6491DE08A} - System32\Tasks\User_Feed_Synchronization-{CF7F7EEC-ACD2-47A7-9E12-44282BFD08E6} => C:\Windows\system32\msfeedssync.exe [2009-07-14] (Microsoft Corporation)
Task: {774AEA1F-AB47-479D-B9BC-B4E054B2963A} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {7AB7ED5E-09C9-4BC0-9EE3-67FE2E0D2F55} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-567156585-1928788911-4159497032-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16] (RealNetworks, Inc.)
Task: {86EADBB3-E958-4EB6-8B7A-C11288A1C05F} - System32\Tasks\Norton Internet Security CBE\Norton Error Processor => C:\Program Files\Norton Internet Security CBE\Engine\20.2.0.19\SymErr.exe No File
Task: {8D084488-D752-4B75-BDAB-76E2FFC4A21B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-567156585-1928788911-4159497032-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {8FD4A386-8413-42BA-98B6-A9F9E4BF4134} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-567156585-1928788911-4159497032-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {B67E83D3-AF2C-48FD-B910-497FACA5CC4B} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-18] (Adobe Systems Incorporated)
Task: {CE0B34C3-264D-4D7F-BA4C-F22A938632A6} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {D934B984-38DC-4E0E-A52A-F5C5C2AB0E2E} - System32\Tasks\{F238D279-F2C6-483A-9923-D843D07165FC} => C:\Programme\Netscape\Communicator\Program\netscape.exe No File
Task: {E3A661AF-8BBB-419C-BF10-3136D7F088F4} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-567156585-1928788911-4159497032-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {EF524401-CEFD-428D-BCB2-93AC8CC89C79} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {FC54CCAA-D724-48EE-9629-658022575FF0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-05-09] (Microsoft Corporation)
Task: {FFA45FB0-A9C6-4379-9ABE-52877354EFB0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-29] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/31/2013 10:29:44 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/31/2013 10:27:33 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/29/2013 00:38:59 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: taskmgr.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc13c
Name des fehlerhaften Moduls: dpgcmd.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4e320af3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x61c5d8b0
ID des fehlerhaften Prozesses: 0x2b1c
Startzeit der fehlerhaften Anwendung: 0xtaskmgr.exe0
Pfad der fehlerhaften Anwendung: taskmgr.exe1
Pfad des fehlerhaften Moduls: taskmgr.exe2
Berichtskennung: taskmgr.exe3

Error: (07/29/2013 00:38:41 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450, Zeitstempel: 0x4aeba271
Name des fehlerhaften Moduls: dpgcmd.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4e320af3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x61c5d8b0
ID des fehlerhaften Prozesses: 0xba0
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (07/27/2013 06:59:53 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 22.0.0.4917, Zeitstempel: 0x51c06ab5
Name des fehlerhaften Moduls: mozalloc.dll, Version: 22.0.0.4917, Zeitstempel: 0x51c05025
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001988
ID des fehlerhaften Prozesses: 0xff8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (07/27/2013 03:24:59 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: taskmgr.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc13c
Name des fehlerhaften Moduls: dpgcmd.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4e320af3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x61c5d8b0
ID des fehlerhaften Prozesses: 0x1494
Startzeit der fehlerhaften Anwendung: 0xtaskmgr.exe0
Pfad der fehlerhaften Anwendung: taskmgr.exe1
Pfad des fehlerhaften Moduls: taskmgr.exe2
Berichtskennung: taskmgr.exe3

Error: (07/27/2013 03:24:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: taskmgr.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc13c
Name des fehlerhaften Moduls: dpgcmd.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4e320af3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x61c5d8b0
ID des fehlerhaften Prozesses: 0x1494
Startzeit der fehlerhaften Anwendung: 0xtaskmgr.exe0
Pfad der fehlerhaften Anwendung: taskmgr.exe1
Pfad des fehlerhaften Moduls: taskmgr.exe2
Berichtskennung: taskmgr.exe3

Error: (07/27/2013 00:32:25 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/27/2013 00:30:57 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/26/2013 00:15:15 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Dwm.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc225
Name des fehlerhaften Moduls: dpgcmd.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4e320af3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x61c5d8b0
ID des fehlerhaften Prozesses: 0xd34
Startzeit der fehlerhaften Anwendung: 0xDwm.exe0
Pfad der fehlerhaften Anwendung: Dwm.exe1
Pfad des fehlerhaften Moduls: Dwm.exe2
Berichtskennung: Dwm.exe3


System errors:
=============
Error: (07/29/2013 09:15:49 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.

Error: (07/27/2013 07:15:34 PM) (Source: DCOM) (User: Tobias-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Tobias-PCTobiasS-1-5-21-567156585-1928788911-4159497032-1000LocalHost (unter Verwendung von LRPC)

Error: (07/27/2013 07:15:28 PM) (Source: DCOM) (User: Tobias-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Tobias-PCTobiasS-1-5-21-567156585-1928788911-4159497032-1000LocalHost (unter Verwendung von LRPC)

Error: (07/27/2013 07:15:21 PM) (Source: DCOM) (User: Tobias-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Tobias-PCTobiasS-1-5-21-567156585-1928788911-4159497032-1000LocalHost (unter Verwendung von LRPC)

Error: (07/27/2013 07:15:15 PM) (Source: DCOM) (User: Tobias-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Tobias-PCTobiasS-1-5-21-567156585-1928788911-4159497032-1000LocalHost (unter Verwendung von LRPC)

Error: (07/21/2013 03:47:08 AM) (Source: WMPNetworkSvc) (User: )
Description: 0x80004004-1

Error: (07/20/2013 11:17:10 AM) (Source: WMPNetworkSvc) (User: )
Description: 0x80004004-1

Error: (07/19/2013 11:17:12 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80004004-1

Error: (07/19/2013 11:17:10 AM) (Source: WMPNetworkSvc) (User: )
Description: 0x80004004-1

Error: (07/18/2013 11:17:12 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80004004-1


Microsoft Office Sessions:
=========================
Error: (07/31/2013 10:29:44 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

Error: (07/31/2013 10:27:33 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\Spiele\crossfire na\Aegis64.exe

Error: (07/29/2013 00:38:59 AM) (Source: Application Error)(User: )
Description: taskmgr.exe6.1.7600.163854a5bc13cdpgcmd.dll_unloaded0.0.0.04e320af3c000000561c5d8b02b1c01ce8ae984aa55ebC:\Windows\system32\taskmgr.exedpgcmd.dll7e1e43a2-f7d6-11e2-87d0-74f06d6cdb9e

Error: (07/29/2013 00:38:41 AM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7600.164504aeba271dpgcmd.dll_unloaded0.0.0.04e320af3c000000561c5d8b0ba001ce888e44d51ac0C:\Windows\Explorer.EXEdpgcmd.dll730e604b-f7d6-11e2-87d0-74f06d6cdb9e

Error: (07/27/2013 06:59:53 PM) (Source: Application Error)(User: )
Description: plugin-container.exe22.0.0.491751c06ab5mozalloc.dll22.0.0.491751c050258000000300001988ff801ce8ada8413a3cfC:\Programme\Mozilla Firefox\plugin-container.exeC:\Programme\Mozilla Firefox\mozalloc.dllf4189ca1-f6dd-11e2-87d0-74f06d6cdb9e

Error: (07/27/2013 03:24:59 PM) (Source: Application Error)(User: )
Description: taskmgr.exe6.1.7600.163854a5bc13cdpgcmd.dll_unloaded0.0.0.04e320af3c000000561c5d8b0149401ce89e65c72987cC:\Windows\System32\taskmgr.exedpgcmd.dllef5532f7-f6bf-11e2-87d0-74f06d6cdb9e

Error: (07/27/2013 03:24:44 PM) (Source: Application Error)(User: )
Description: taskmgr.exe6.1.7600.163854a5bc13cdpgcmd.dll_unloaded0.0.0.04e320af3c000000561c5d8b0149401ce89e65c72987cC:\Windows\System32\taskmgr.exedpgcmd.dlle5e019e4-f6bf-11e2-87d0-74f06d6cdb9e

Error: (07/27/2013 00:32:25 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

Error: (07/27/2013 00:30:57 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\Spiele\crossfire na\Aegis64.exe

Error: (07/26/2013 00:15:15 PM) (Source: Application Error)(User: )
Description: Dwm.exe6.1.7600.163854a5bc225dpgcmd.dll_unloaded0.0.0.04e320af3c000000561c5d8b0d3401ce888e44c6d27eC:\Windows\system32\Dwm.exedpgcmd.dll4387df0f-f5dc-11e2-87d0-74f06d6cdb9e


==================== Memory info =========================== 

Percentage of memory in use: 72%
Total physical RAM: 3071.24 MB
Available physical RAM: 842.07 MB
Total Pagefile: 6140.76 MB
Available Pagefile: 3207.9 MB
Total Virtual: 2047.88 MB
Available Virtual: 1889.23 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:841.58 GB) (Free:561.62 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:23.48 GB) NTFS
Drive e: (SimCity3000) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=842 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================

schrauber · 01.08.2013, 12:44

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

und ein frisches FRST log bitte.

darkrider78 · 01.08.2013, 14:09

AdwCleaner.txt

Code:

ATTFilter

# AdwCleaner v2.306 - Datei am 01/08/2013 um 14:34:37 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium  (32 bits)
# Benutzer : Tobias - TOBIAS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Tobias\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\searchplugins\safesearch.xml
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\Tobias\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Tobias\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Tobias\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\jetpack

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\Software\PIP

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0 (de)

Datei : C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\prefs.js

C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\user.js ... Gelöscht !

Gelöscht : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir[...]

Datei : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\8e3r3t2i.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [2825 octets] - [01/08/2013 14:34:37]

########## EOF - C:\AdwCleaner[S1].txt - [2885 octets] ##########

JRT.txt

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.9 (07.30.2013:1)
OS: Windows 7 Home Premium x86
Ran by Tobias on 01.08.2013 at 14:44:57,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.08.2013 at 14:46:45,42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

MBAM-Log:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.01.04

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Tobias :: TOBIAS-PC [Administrator]

01.08.2013 14:49:10
mbam-log-2013-08-01 (14-49-10).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 241915
Laufzeit: 9 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\Tobias\AppData\Local\Temp\ICReinstall_FTB.exe (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tobias\AppData\Local\Temp\aeFclIuN.exe.part (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tobias\AppData\Local\Temp\OptimizerPro.exe (PUP.Optional.OptimizePro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tobias\AppData\Local\Temp\is1971879534\Setup-D502DD2B71B5.exe (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tobias\Downloads\CheatEngine62.exe (PUP.Optional.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

FRST.txt

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-07-2013 04
Ran by Tobias (administrator) on 01-08-2013 15:04:11
Running from C:\Users\Tobias\Desktop
Microsoft Windows 7 Home Premium  (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe
() C:\Windows\system32\PnkBstrA.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Windows\System32\tcpsvcs.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Symantec Corporation) C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFDE.EXE
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Skype Technologies S.A.) C:\Programme\Skype\Phone\Skype.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Spotify Ltd) C:\Users\Tobias\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe
(Almico Software (www.almico.com)) C:\Programme\SpeedFan\speedfan.exe
(RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-27] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [4StoryPrePatch] - C:\Spiele\Gameforge4D\4Story_DE\PrePatch.exe [327680 2013-02-19] (Zemi Interactive Inc.)
HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1313672 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [TkBellExe] - C:\Program Files\RealPlayer\Update\realsched.exe [295512 2013-06-29] (RealNetworks, Inc.)
HKLM\...\Run: [(De)Coder Cleaner] - C:\Programme\(De)Coder\Coder.exe [1251328 2007-03-01] (ViaThinkSoft)
HKLM\...\InprocServer32: [Default-cscui]  <==== ATTENTION!
HKCU\...\Run: [EPSON SX210 Series] - C:\Windows\TEMP\E_S2B7D.tmp [126 2013-01-22] ()
HKCU\...\Run: [AshSnap] - C:\Programme\Ashampoo\Ashampoo Snap 4\ashsnap.exe [1528176 2011-04-01] (ashampoo GmbH & Co. KG)
HKCU\...\Run: [Skype] - C:\Programme\Skype\Phone\Skype.exe [19876456 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [icq] - C:\Users\Tobias\AppData\Roaming\ICQM\icq.exe [27598184 2013-05-22] (ICQ)
HKCU\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Tobias\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-07] (Spotify Ltd)
MountPoints2: {7bc8f8a4-9144-11e2-87fe-6c626d60f91a} - I:\Launcher\LAUNCHER.EXE
MountPoints2: {97f7a171-4bbb-11e2-9840-806e6f6e6963} - E:\Launcher\LAUNCHER.EXE
HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [x]
HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()
HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [x]
Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Driver Parallel Lines.LNK
ShortcutTarget: Registration Driver Parallel Lines.LNK -> C:\Spiele\Driver Parallel Lines\Register\RegistrationReminder.exe ()
Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk
ShortcutTarget: SpeedFan.lnk -> C:\Programme\SpeedFan\speedfan.exe (Almico Software (www.almico.com))

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6D096609-3978-44B8-A0AF-15C92B77D9DF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
BHO: ExplorerWatcher Class - {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - C:\Programme\Clover\TabHelper32.dll (EJIE Technology)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -&Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU -Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 83.169.185.225 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - C:\Program Files\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - C:\Program Files\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\searchplugins\speedfox.xml
FF SearchPlugin: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\searchplugins\webde-suche.xml
FF Extension: Battlefield Heroes Updater - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\battlefieldheroespatcher@ea.com
FF Extension: Battlefield Play4Free - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\battlefieldplay4free@ea.com
FF Extension: BrowserAdditions - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\toolbarbutton@browseradditions.com
FF Extension: No Name - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF Extension: WOT - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: about-addons-memory - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\about-addons-memory@tn123.org.xpi
FF Extension: autopager - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\autopager@mozilla.org.xpi
FF Extension: jid0-nEKQbsVUhSe9FRuGEdAV8hAphDI - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\jid0-nEKQbsVUhSe9FRuGEdAV8hAphDI@jetpack.xpi
FF Extension: jid1-uabu5A9hduqzCw - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\jid1-uabu5A9hduqzCw@jetpack.xpi
FF Extension: sharemenot - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\sharemenot@franziroesner.com.xpi
FF Extension: SkipScreen - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\SkipScreen@SkipScreen.xpi
FF Extension: support - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\support@free-hideip.com.xpi
FF Extension: toolbar - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\toolbar@gmx.net.xpi
FF Extension: No Name - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
FF Extension: No Name - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi
FF Extension: No Name - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
FF Extension: No Name - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
FF Extension: No Name - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF Extension: No Name - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: No Name - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: No Name - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: No Name - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF StartMenuInternet: FIREFOX.EXE - C:\Programme\Mozilla Firefox\firefox.exe

========================== Services (Whitelisted) =================

R2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-17] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
R2 MSSQLSERVER; c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [42884448 2010-04-03] (Microsoft Corporation)
R2 NIS; C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-02-13] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S4 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [162408 2013-06-21] (Skype Technologies)
S4 SQLSERVERAGENT; c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [367456 2010-04-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [19688 2012-09-21] (Logitech Inc.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-05-31] (Symantec Corporation)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130731.001\IDSvix86.sys [386720 2012-12-20] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130731.018\NAVENG.SYS [93272 2013-05-31] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130731.018\NAVEX15.SYS [1611992 2013-05-31] (Symantec Corporation)
S4 RsFx0150; C:\Windows\System32\DRIVERS\RsFx0150.sys [240608 2010-04-03] (Microsoft Corporation)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
R1 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1404000.028\SYMNETS.SYS [339544 2013-04-25] (Symantec Corporation)
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-01 14:46 - 2013-08-01 14:46 - 00000773 _____ C:\Users\Tobias\Desktop\JRT.txt
2013-08-01 14:44 - 2013-08-01 14:44 - 00000000 ____D C:\Windows\ERUNT
2013-08-01 14:42 - 2013-08-01 14:42 - 00562430 _____ (Oleg N. Scherbakov) C:\Users\Tobias\Desktop\JRT.exe
2013-08-01 14:34 - 2013-08-01 14:36 - 00002954 _____ C:\AdwCleaner[S1].txt
2013-08-01 14:02 - 2013-08-01 14:02 - 00666633 _____ C:\Users\Tobias\Desktop\adwcleaner.exe
2013-08-01 12:25 - 2013-08-01 12:25 - 00000000 ____D C:\FRST
2013-08-01 12:23 - 2013-08-01 12:23 - 01222064 _____ (Farbar) C:\Users\Tobias\Desktop\FRST.exe
2013-07-28 13:59 - 2013-07-28 13:59 - 00001175 _____ C:\Users\Tobias\JannisTuer.schematic
2013-07-27 17:19 - 2013-07-27 17:19 - 00010059 _____ C:\Users\Tobias\config.yml
2013-07-27 05:32 - 2013-07-27 05:32 - 00006483 _____ C:\Users\Tobias\Documents\config bm.yml
2013-07-27 03:03 - 2013-07-27 03:03 - 00000094 _____ C:\Users\Tobias\Desktop\penny arbeitszeiten.txt
2013-07-26 17:37 - 2013-07-26 17:36 - 00001027 _____ C:\Users\Tobias\Desktop\healcommand.java
2013-07-26 15:22 - 2013-07-27 16:57 - 00000000 ____D C:\Users\Tobias\Desktop\server
2013-07-26 15:09 - 2013-07-27 16:26 - 00000000 ____D C:\Users\Tobias\workspace
2013-07-26 15:07 - 2013-07-26 15:14 - 00000000 ____D C:\Users\Tobias\Desktop\java
2013-07-26 15:04 - 2013-07-26 15:07 - 208584371 _____ C:\Users\Tobias\Downloads\eclipse-standard-kepler-R-win32.zip
2013-07-26 14:55 - 2013-07-26 14:55 - 00000000 ____D C:\Users\Tobias\Downloads\BanManager
2013-07-26 14:52 - 2013-07-26 14:52 - 00349473 _____ C:\Users\Tobias\Downloads\BanManager.zip
2013-07-26 13:12 - 2013-07-26 13:12 - 00000000 ____D C:\Users\Tobias\Downloads\Kontaktformular - 2013-07-26--13-09-49
2013-07-26 13:09 - 2013-07-26 13:09 - 00008870 _____ C:\Users\Tobias\Downloads\Kontaktformular - 2013-07-26--13-09-49.zip
2013-07-25 16:02 - 2013-07-25 16:02 - 00015312 _____ C:\Users\Tobias\Downloads\BastiBar.schematic
2013-07-23 20:15 - 2013-07-23 20:15 - 00000032 _____ C:\Users\Tobias\Desktop\ghyh.txt
2013-07-23 10:54 - 2013-07-23 10:54 - 00002527 _____ C:\Users\Tobias\Documents\index.yml
2013-07-23 09:33 - 2013-07-23 09:33 - 08755133 _____ C:\Users\Tobias\Downloads\server drasilx.log
2013-07-22 05:06 - 2013-07-22 05:06 - 00429035 _____ C:\Users\Tobias\Downloads\SeasideSetup_1.02.zip
2013-07-20 18:05 - 2013-07-20 18:05 - 04127501 _____ C:\Users\Tobias\Downloads\server2066.log
2013-07-19 17:28 - 2013-07-19 17:28 - 00367332 _____ (hxxp://magiclauncher.com) C:\Users\Tobias\Desktop\MagicLauncher_1.1.7.exe
2013-07-18 05:44 - 2013-07-18 05:44 - 00034048 _____ C:\Users\Tobias\Documents\knopf.mcx
2013-07-18 05:44 - 2013-07-18 05:44 - 00000631 _____ C:\Users\Tobias\Documents\B u E.txt
2013-07-18 05:43 - 2013-07-18 21:55 - 00000859 _____ C:\Users\Tobias\Desktop\Teamkonfi.txt
2013-07-18 05:28 - 2013-07-18 05:28 - 00113546 _____ C:\Users\Tobias\Downloads\SimpleRegionMarket.jar
2013-07-14 20:26 - 2013-07-14 20:27 - 24083257 _____ (Disruptive Innovations SAS                                  ) C:\Users\Tobias\Downloads\bluegriffon-1.7.2.exe
2013-07-13 13:26 - 2013-07-13 21:14 - 00000077 _____ C:\Users\Tobias\Desktop\frage.txt
2013-07-10 22:10 - 2013-07-10 22:10 - 00182242 _____ C:\Users\Tobias\Desktop\inventorytweaks-1.54b.jar
2013-07-09 22:13 - 2013-07-09 22:13 - 00143984 _____ C:\Windows\Minidump\070913-38142-01.dmp
2013-07-09 03:11 - 2013-07-09 20:35 - 00000000 ____D C:\Users\Tobias\Downloads\addons firefox
2013-07-09 00:23 - 2013-07-09 00:23 - 175751730 _____ C:\Users\Tobias\Desktop\sicherung 09.07.13.reg
2013-07-08 20:56 - 2013-07-08 20:56 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\SQL Maestro Group
2013-07-08 20:55 - 2013-07-08 20:55 - 00000904 _____ C:\Users\Tobias\Desktop\SQLite Maestro.lnk
2013-07-08 20:55 - 2013-07-08 20:55 - 00000000 ____D C:\Program Files\Common Files\SQL Maestro Group
2013-07-07 18:08 - 2013-07-08 20:48 - 00001228 _____ C:\Users\Tobias\Desktop\team.txt
2013-07-07 10:01 - 2013-07-07 10:01 - 00000000 ____D C:\Users\Tobias\Downloads\Nitrado Forum
2013-07-06 09:54 - 2013-07-06 09:55 - 00143984 _____ C:\Windows\Minidump\070613-52712-01.dmp
2013-07-05 14:13 - 2013-07-05 17:14 - 04709883 _____ C:\Users\Tobias\Downloads\server050713.log
2013-07-04 17:20 - 2013-07-04 17:20 - 05555594 _____ C:\Users\Tobias\Downloads\worldedit.log
2013-07-04 17:03 - 2013-07-04 17:03 - 00000076 _____ C:\Users\Tobias\Desktop\Minecraft.bat
2013-07-04 10:57 - 2013-07-04 10:57 - 00484992 _____ C:\Users\Tobias\Desktop\Minecraft 1.6.1.exe
2013-07-04 10:31 - 2013-07-04 10:31 - 00000000 ____D C:\Users\Tobias\AppData\Local\Craften_Dev_Team
2013-07-04 10:24 - 2013-07-04 10:24 - 03535048 _____ (PasswdFinder                                                ) C:\Users\Tobias\Downloads\PasswdFinderInstaller_1.0.0.22.exe
2013-07-04 10:24 - 2013-07-04 10:24 - 00000796 _____ C:\Users\Public\Desktop\PasswdFinder.lnk
2013-07-04 09:43 - 2013-07-04 09:44 - 00000000 ____D C:\Users\Tobias\workspace2
2013-07-04 09:43 - 2013-07-04 09:43 - 00000000 ____D C:\Users\Tobias\AppData\Local\Eclipse
2013-07-04 09:33 - 2013-07-04 09:35 - 00000000 ____D C:\Users\Tobias\Documents\workspace
2013-07-04 08:19 - 2013-07-06 18:40 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\ftblauncher
2013-07-03 16:51 - 2013-07-03 16:51 - 01567102 _____ C:\Users\Tobias\Documents\Multiverse-Core-2.5.jar
2013-07-03 16:51 - 2013-07-03 16:51 - 00000000 ____D C:\Users\Tobias\Documents\Multiverse-Core
2013-07-03 16:48 - 2013-07-03 16:49 - 00000000 ____D C:\Users\Tobias\Documents\WorldEdit

==================== One Month Modified Files and Folders =======

2013-08-01 15:02 - 2012-12-21 18:37 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Skype
2013-08-01 15:01 - 2013-05-26 18:33 - 00000000 ____D C:\Users\Tobias\Tracing
2013-08-01 15:01 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-01 15:01 - 2009-07-14 06:39 - 00108371 _____ C:\Windows\setupact.log
2013-08-01 15:00 - 2012-12-21 18:11 - 00096548 _____ C:\Windows\PFRO.log
2013-08-01 15:00 - 2009-07-14 06:56 - 00000000 ____D C:\Windows\DigitalLocker
2013-08-01 14:59 - 2012-12-21 14:23 - 00636331 _____ C:\Windows\WindowsUpdate.log
2013-08-01 14:46 - 2013-08-01 14:46 - 00000773 _____ C:\Users\Tobias\Desktop\JRT.txt
2013-08-01 14:46 - 2009-07-14 06:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-01 14:46 - 2009-07-14 06:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-01 14:44 - 2013-08-01 14:44 - 00000000 ____D C:\Windows\ERUNT
2013-08-01 14:42 - 2013-08-01 14:42 - 00562430 _____ (Oleg N. Scherbakov) C:\Users\Tobias\Desktop\JRT.exe
2013-08-01 14:36 - 2013-08-01 14:34 - 00002954 _____ C:\AdwCleaner[S1].txt
2013-08-01 14:32 - 2012-12-21 18:23 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\.minecraft
2013-08-01 14:31 - 2012-12-21 18:59 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\FileZilla
2013-08-01 14:21 - 2012-12-21 18:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-01 14:02 - 2013-08-01 14:02 - 00666633 _____ C:\Users\Tobias\Desktop\adwcleaner.exe
2013-08-01 13:02 - 2012-12-21 19:05 - 00000000 ____D C:\Users\Tobias\Documents\Nitrado
2013-08-01 12:25 - 2013-08-01 12:25 - 00000000 ____D C:\FRST
2013-08-01 12:23 - 2013-08-01 12:23 - 01222064 _____ (Farbar) C:\Users\Tobias\Desktop\FRST.exe
2013-08-01 10:59 - 2012-12-21 23:03 - 00000000 ____D C:\Users\Tobias\Downloads\plugins
2013-07-29 13:36 - 2012-12-23 17:10 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\SoftGrid Client
2013-07-29 09:19 - 2013-01-12 13:43 - 00000000 ____D C:\Users\Tobias\AppData\Local\Adobe
2013-07-29 09:19 - 2012-12-21 18:40 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-07-29 09:19 - 2012-12-21 18:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-07-28 19:32 - 2013-06-15 17:05 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Spotify
2013-07-28 13:59 - 2013-07-28 13:59 - 00001175 _____ C:\Users\Tobias\JannisTuer.schematic
2013-07-28 13:59 - 2012-12-21 14:30 - 00000000 ____D C:\Users\Tobias
2013-07-27 18:57 - 2012-12-21 18:45 - 00000000 ____D C:\Users\Tobias\Downloads\Mods
2013-07-27 17:19 - 2013-07-27 17:19 - 00010059 _____ C:\Users\Tobias\config.yml
2013-07-27 16:57 - 2013-07-26 15:22 - 00000000 ____D C:\Users\Tobias\Desktop\server
2013-07-27 16:26 - 2013-07-26 15:09 - 00000000 ____D C:\Users\Tobias\workspace
2013-07-27 05:32 - 2013-07-27 05:32 - 00006483 _____ C:\Users\Tobias\Documents\config bm.yml
2013-07-27 03:10 - 2012-12-23 16:16 - 00000000 ____D C:\Users\Tobias\Documents\My Games
2013-07-27 03:03 - 2013-07-27 03:03 - 00000094 _____ C:\Users\Tobias\Desktop\penny arbeitszeiten.txt
2013-07-26 18:25 - 2013-06-15 17:06 - 00000000 ____D C:\Users\Tobias\AppData\Local\Spotify
2013-07-26 17:36 - 2013-07-26 17:37 - 00001027 _____ C:\Users\Tobias\Desktop\healcommand.java
2013-07-26 15:14 - 2013-07-26 15:07 - 00000000 ____D C:\Users\Tobias\Desktop\java
2013-07-26 15:08 - 2012-12-21 17:30 - 00000000 ____D C:\Programme
2013-07-26 15:07 - 2013-07-26 15:04 - 208584371 _____ C:\Users\Tobias\Downloads\eclipse-standard-kepler-R-win32.zip
2013-07-26 14:55 - 2013-07-26 14:55 - 00000000 ____D C:\Users\Tobias\Downloads\BanManager
2013-07-26 14:52 - 2013-07-26 14:52 - 00349473 _____ C:\Users\Tobias\Downloads\BanManager.zip
2013-07-26 13:12 - 2013-07-26 13:12 - 00000000 ____D C:\Users\Tobias\Downloads\Kontaktformular - 2013-07-26--13-09-49
2013-07-26 13:09 - 2013-07-26 13:09 - 00008870 _____ C:\Users\Tobias\Downloads\Kontaktformular - 2013-07-26--13-09-49.zip
2013-07-25 16:02 - 2013-07-25 16:02 - 00015312 _____ C:\Users\Tobias\Downloads\BastiBar.schematic
2013-07-25 15:34 - 2010-06-29 15:26 - 01682084 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-23 20:15 - 2013-07-23 20:15 - 00000032 _____ C:\Users\Tobias\Desktop\ghyh.txt
2013-07-23 10:54 - 2013-07-23 10:54 - 00002527 _____ C:\Users\Tobias\Documents\index.yml
2013-07-23 09:33 - 2013-07-23 09:33 - 08755133 _____ C:\Users\Tobias\Downloads\server drasilx.log
2013-07-22 05:06 - 2013-07-22 05:06 - 00429035 _____ C:\Users\Tobias\Downloads\SeasideSetup_1.02.zip
2013-07-20 18:05 - 2013-07-20 18:05 - 04127501 _____ C:\Users\Tobias\Downloads\server2066.log
2013-07-19 17:28 - 2013-07-19 17:28 - 00367332 _____ (hxxp://magiclauncher.com) C:\Users\Tobias\Desktop\MagicLauncher_1.1.7.exe
2013-07-18 21:55 - 2013-07-18 05:43 - 00000859 _____ C:\Users\Tobias\Desktop\Teamkonfi.txt
2013-07-18 05:44 - 2013-07-18 05:44 - 00034048 _____ C:\Users\Tobias\Documents\knopf.mcx
2013-07-18 05:44 - 2013-07-18 05:44 - 00000631 _____ C:\Users\Tobias\Documents\B u E.txt
2013-07-18 05:28 - 2013-07-18 05:28 - 00113546 _____ C:\Users\Tobias\Downloads\SimpleRegionMarket.jar
2013-07-15 04:50 - 2013-02-20 19:24 - 00000000 ____D C:\Users\Tobias\Downloads\Homepage
2013-07-15 02:20 - 2013-02-20 17:03 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Webocton - Scriptly
2013-07-15 00:32 - 2012-12-21 23:15 - 00000000 ____D C:\Users\Tobias\Downloads\Bukkit
2013-07-14 20:29 - 2013-02-20 14:57 - 00000784 _____ C:\Users\Public\Desktop\BlueGriffon.lnk
2013-07-14 20:27 - 2013-07-14 20:26 - 24083257 _____ (Disruptive Innovations SAS                                  ) C:\Users\Tobias\Downloads\bluegriffon-1.7.2.exe
2013-07-13 21:14 - 2013-07-13 13:26 - 00000077 _____ C:\Users\Tobias\Desktop\frage.txt
2013-07-13 20:49 - 2013-06-26 00:59 - 00000000 ____D C:\Users\Tobias\Documents\Prototype
2013-07-11 18:23 - 2012-12-25 23:51 - 00000048 _____ C:\Users\Tobias\Desktop\lastlogin
2013-07-11 12:33 - 2012-12-21 19:28 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\TS3Client
2013-07-10 22:10 - 2013-07-10 22:10 - 00182242 _____ C:\Users\Tobias\Desktop\inventorytweaks-1.54b.jar
2013-07-10 18:04 - 2012-12-21 18:37 - 00000000 ____D C:\ProgramData\Skype
2013-07-09 22:13 - 2013-07-09 22:13 - 00143984 _____ C:\Windows\Minidump\070913-38142-01.dmp
2013-07-09 22:13 - 2013-01-03 03:52 - 00000000 ____D C:\Windows\Minidump
2013-07-09 22:12 - 2013-01-03 03:52 - 345077490 _____ C:\Windows\MEMORY.DMP
2013-07-09 20:35 - 2013-07-09 03:11 - 00000000 ____D C:\Users\Tobias\Downloads\addons firefox
2013-07-09 00:52 - 2013-06-22 21:56 - 00000000 ____D C:\Users\Tobias\Downloads\Windows
2013-07-09 00:23 - 2013-07-09 00:23 - 175751730 _____ C:\Users\Tobias\Desktop\sicherung 09.07.13.reg
2013-07-08 20:56 - 2013-07-08 20:56 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\SQL Maestro Group
2013-07-08 20:55 - 2013-07-08 20:55 - 00000904 _____ C:\Users\Tobias\Desktop\SQLite Maestro.lnk
2013-07-08 20:55 - 2013-07-08 20:55 - 00000000 ____D C:\Program Files\Common Files\SQL Maestro Group
2013-07-08 20:48 - 2013-07-07 18:08 - 00001228 _____ C:\Users\Tobias\Desktop\team.txt
2013-07-07 10:01 - 2013-07-07 10:01 - 00000000 ____D C:\Users\Tobias\Downloads\Nitrado Forum
2013-07-06 18:40 - 2013-07-04 08:19 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\ftblauncher
2013-07-06 09:55 - 2013-07-06 09:54 - 00143984 _____ C:\Windows\Minidump\070613-52712-01.dmp
2013-07-05 17:14 - 2013-07-05 14:13 - 04709883 _____ C:\Users\Tobias\Downloads\server050713.log
2013-07-04 17:20 - 2013-07-04 17:20 - 05555594 _____ C:\Users\Tobias\Downloads\worldedit.log
2013-07-04 17:03 - 2013-07-04 17:03 - 00000076 _____ C:\Users\Tobias\Desktop\Minecraft.bat
2013-07-04 10:57 - 2013-07-04 10:57 - 00484992 _____ C:\Users\Tobias\Desktop\Minecraft 1.6.1.exe
2013-07-04 10:35 - 2013-01-07 17:58 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Minecraft Version Changer
2013-07-04 10:31 - 2013-07-04 10:31 - 00000000 ____D C:\Users\Tobias\AppData\Local\Craften_Dev_Team
2013-07-04 10:24 - 2013-07-04 10:24 - 03535048 _____ (PasswdFinder                                                ) C:\Users\Tobias\Downloads\PasswdFinderInstaller_1.0.0.22.exe
2013-07-04 10:24 - 2013-07-04 10:24 - 00000796 _____ C:\Users\Public\Desktop\PasswdFinder.lnk
2013-07-04 09:44 - 2013-07-04 09:43 - 00000000 ____D C:\Users\Tobias\workspace2
2013-07-04 09:43 - 2013-07-04 09:43 - 00000000 ____D C:\Users\Tobias\AppData\Local\Eclipse
2013-07-04 09:35 - 2013-07-04 09:33 - 00000000 ____D C:\Users\Tobias\Documents\workspace
2013-07-04 08:20 - 2012-12-21 19:08 - 00000000 ____D C:\Spiele
2013-07-03 16:51 - 2013-07-03 16:51 - 01567102 _____ C:\Users\Tobias\Documents\Multiverse-Core-2.5.jar
2013-07-03 16:51 - 2013-07-03 16:51 - 00000000 ____D C:\Users\Tobias\Documents\Multiverse-Core
2013-07-03 16:49 - 2013-07-03 16:48 - 00000000 ____D C:\Users\Tobias\Documents\WorldEdit
2013-07-03 16:49 - 2012-12-22 14:55 - 00828135 _____ C:\Users\Tobias\Documents\WorldEdit.jar

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 12:11

==================== End Of Log ============================

--- --- ---

schrauber · 01.08.2013, 21:15

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

darkrider78 · 07.08.2013, 15:28

Eset-Log:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=30c23cc701e70e4a8272cf2749b4bd6f
# engine=14665
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-06 11:57:53
# local_time=2013-08-07 01:57:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=3591 16777213 100 93 116910 138430058 0 0
# compatibility_mode=5893 16776574 100 94 19607246 127464664 0 0
# scanned=1615992
# found=2
# cleaned=0
# scan_time=576
sh=AA36F078D0FFC9B1FDA010712B860D15EA9B6E07 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.PAH trojan" ac=I fn="C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\2ab99afa-51290a1b"
sh=F5E6E0D4D22BE5E161DDDBAE50A14F128AB92B89 ft=1 fh=81787384a3e07826 vn="Win32/Adware.ToolPlugin application" ac=I fn="J:\Users\Tobias\AppData\Roaming\toolplugin\toolbar.dll"

SecurityCheck:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.71  
 Windows 7  x86 (UAC is enabled)  
 Out of date service pack!! 
``````````````Antivirus/Firewall Check:`````````````` 
Norton Internet Security CBE   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 25  
 Adobe Flash Player 	11.8.800.94  
 Adobe Reader 9  
 Adobe Reader XI  
 Mozilla Firefox 19.0 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST.txt

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-08-2013
Ran by Tobias (administrator) on 07-08-2013 14:24:30
Running from C:\Users\Tobias\Desktop
Microsoft Windows 7 Home Premium  (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe
() C:\Windows\system32\PnkBstrA.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Windows\System32\tcpsvcs.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFDE.EXE
(Skype Technologies S.A.) C:\Programme\Skype\Phone\Skype.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\virtualization handler\cvh.exe
() C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Almico Software (www.almico.com)) C:\Programme\SpeedFan\speedfan.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\java.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe
(RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(EJIE Technology) C:\Programme\Clover\clover.exe
(RealNetworks, Inc.) C:\Program Files\RealPlayer\update\realsched.exe
(FileZilla Project) C:\Programme\FileZilla FTP Client\filezilla.exe
(Almico Software (www.almico.com)) C:\Programme\SpeedFan\speedfan.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-27] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [4StoryPrePatch] - C:\Spiele\Gameforge4D\4Story_DE\PrePatch.exe [327680 2013-02-19] (Zemi Interactive Inc.)
HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1313672 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [TkBellExe] - C:\Program Files\RealPlayer\Update\realsched.exe [295512 2013-06-29] (RealNetworks, Inc.)
HKLM\...\Run: [(De)Coder Cleaner] - C:\Programme\(De)Coder\Coder.exe [1251328 2007-03-01] (ViaThinkSoft)
HKCU\...\Run: [EPSON SX210 Series] - C:\Windows\TEMP\E_S2B7D.tmp [126 2013-01-22] ()
HKCU\...\Run: [AshSnap] - C:\Programme\Ashampoo\Ashampoo Snap 4\ashsnap.exe [1528176 2011-04-01] (ashampoo GmbH & Co. KG)
HKCU\...\Run: [Skype] - C:\Programme\Skype\Phone\Skype.exe [19876456 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [icq] - C:\Users\Tobias\AppData\Roaming\ICQM\icq.exe [27598184 2013-05-22] (ICQ)
HKCU\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Tobias\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-07] (Spotify Ltd)
MountPoints2: {7bc8f8a4-9144-11e2-87fe-6c626d60f91a} - I:\Launcher\LAUNCHER.EXE
MountPoints2: {97f7a171-4bbb-11e2-9840-806e6f6e6963} - E:\Launcher\LAUNCHER.EXE
HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [x]
HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()
HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [x]
Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Driver Parallel Lines.LNK
ShortcutTarget: Registration Driver Parallel Lines.LNK -> C:\Spiele\Driver Parallel Lines\Register\RegistrationReminder.exe ()
Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk
ShortcutTarget: SpeedFan.lnk -> C:\Programme\SpeedFan\speedfan.exe (Almico Software (www.almico.com))

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6D096609-3978-44B8-A0AF-15C92B77D9DF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKCU - {6D096609-3978-44B8-A0AF-15C92B77D9DF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
BHO: ExplorerWatcher Class - {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - C:\Programme\Clover\TabHelper32.dll (EJIE Technology)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -&Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU -Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 83.169.185.225 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - C:\Program Files\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - C:\Program Files\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\searchplugins\speedfox.xml
FF SearchPlugin: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\searchplugins\webde-suche.xml
FF Extension: Battlefield Heroes Updater - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\battlefieldheroespatcher@ea.com
FF Extension: Battlefield Play4Free - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\battlefieldplay4free@ea.com
FF Extension: BrowserAdditions - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\toolbarbutton@browseradditions.com
FF Extension: No Name - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF Extension: WOT - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: about-addons-memory - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\about-addons-memory@tn123.org.xpi
FF Extension: autopager - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\autopager@mozilla.org.xpi
FF Extension: jid0-nEKQbsVUhSe9FRuGEdAV8hAphDI - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\jid0-nEKQbsVUhSe9FRuGEdAV8hAphDI@jetpack.xpi
FF Extension: jid1-uabu5A9hduqzCw - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\jid1-uabu5A9hduqzCw@jetpack.xpi
FF Extension: sharemenot - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\sharemenot@franziroesner.com.xpi
FF Extension: SkipScreen - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\SkipScreen@SkipScreen.xpi
FF Extension: support - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\support@free-hideip.com.xpi
FF Extension: toolbar - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\toolbar@gmx.net.xpi
FF Extension: No Name - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
FF Extension: No Name - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi
FF Extension: No Name - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
FF Extension: No Name - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
FF Extension: No Name - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF Extension: No Name - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: No Name - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: No Name - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\fxvzl8v1.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: No Name - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF StartMenuInternet: FIREFOX.EXE - C:\Programme\Mozilla Firefox\firefox.exe

========================== Services (Whitelisted) =================

R2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-17] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
R2 MSSQLSERVER; c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [42884448 2010-04-03] (Microsoft Corporation)
R2 NIS; C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-02-13] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S4 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [162408 2013-06-21] (Skype Technologies)
S4 SQLSERVERAGENT; c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [367456 2010-04-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [19688 2012-09-21] (Logitech Inc.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-05-31] (Symantec Corporation)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130806.001\IDSvix86.sys [386720 2012-12-20] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130806.019\NAVENG.SYS [93272 2013-05-31] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130806.019\NAVEX15.SYS [1611992 2013-05-31] (Symantec Corporation)
S4 RsFx0150; C:\Windows\System32\DRIVERS\RsFx0150.sys [240608 2010-04-03] (Microsoft Corporation)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
R1 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1404000.028\SYMNETS.SYS [339544 2013-04-25] (Symantec Corporation)
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-07 14:23 - 2013-08-07 14:23 - 01229076 _____ (Farbar) C:\Users\Tobias\Desktop\FRST.exe
2013-08-07 11:53 - 2013-08-07 11:53 - 00891098 _____ C:\Users\Tobias\Desktop\SecurityCheck.exe
2013-08-06 01:45 - 2013-08-06 01:45 - 00000000 ____D C:\Program Files\ESET
2013-08-06 01:44 - 2013-08-06 01:44 - 02347384 _____ (ESET) C:\Users\Tobias\Downloads\esetsmartinstaller_enu.exe
2013-08-05 00:03 - 2012-12-06 23:33 - 00000199 _____ C:\Users\Tobias\Documents\Groax.txt
2013-08-05 00:03 - 2012-12-05 22:33 - 00000342 _____ C:\Users\Tobias\Documents\dan hdy-nr..txt
2013-08-05 00:03 - 2012-10-27 19:44 - 00003176 _____ C:\Users\Tobias\Documents\verlauf meldung gemeinsame ip nutzung dan (ghetto15).txt
2013-08-05 00:03 - 2012-10-05 13:34 - 00000453 _____ C:\Users\Tobias\Documents\we.txt
2013-08-05 00:03 - 2012-09-16 03:19 - 00000385 _____ C:\Users\Tobias\Documents\konfi 15.09.12.txt
2013-08-03 22:26 - 2013-08-03 22:26 - 00000000 ____D C:\Users\Tobias\.SquashOccurrences
2013-08-03 20:21 - 2013-08-03 20:22 - 11918007 _____ C:\Users\Tobias\Downloads\dynmap-1.9-alpha-1.jar
2013-08-03 16:05 - 2012-02-15 19:50 - 53549600 _____ C:\Users\Tobias\Desktop\Michel Telo - Ai Se Eu Te Pego (Official Video 1080p Full HD).avi
2013-08-02 17:08 - 2013-08-02 17:09 - 00000079 _____ C:\Users\Tobias\Desktop\MinecraftSP.bat
2013-08-01 18:23 - 2013-08-01 18:23 - 00004789 _____ C:\Users\Tobias\Desktop\new  24.yml
2013-08-01 18:20 - 2013-08-04 17:10 - 00000000 ____D C:\Users\Tobias\minecraft
2013-08-01 18:14 - 2013-08-01 18:14 - 00506821 _____ C:\Users\Tobias\Desktop\MinecraftSP.jar
2013-08-01 16:13 - 2013-08-01 16:13 - 00008778 _____ C:\Users\Tobias\Documents\vippx.yml
2013-08-01 15:53 - 2013-08-04 16:52 - 15249388 _____ C:\Users\Tobias\Downloads\craftbukkit-1.6.2-R0.1-20130731.060227-17.jar
2013-08-01 14:46 - 2013-08-01 14:46 - 00000773 _____ C:\Users\Tobias\Desktop\JRT.txt
2013-08-01 14:44 - 2013-08-01 14:44 - 00000000 ____D C:\Windows\ERUNT
2013-08-01 14:42 - 2013-08-01 14:42 - 00562430 _____ (Oleg N. Scherbakov) C:\Users\Tobias\Desktop\JRT.exe
2013-08-01 14:34 - 2013-08-01 14:36 - 00002954 _____ C:\AdwCleaner[S1].txt
2013-08-01 14:02 - 2013-08-01 14:02 - 00666633 _____ C:\Users\Tobias\Desktop\adwcleaner.exe
2013-08-01 12:25 - 2013-08-01 12:25 - 00000000 ____D C:\FRST
2013-07-28 13:59 - 2013-07-28 13:59 - 00001175 _____ C:\Users\Tobias\JannisTuer.schematic
2013-07-27 17:19 - 2013-07-27 17:19 - 00010059 _____ C:\Users\Tobias\config.yml
2013-07-27 05:32 - 2013-07-27 05:32 - 00006483 _____ C:\Users\Tobias\Documents\config bm.yml
2013-07-27 03:03 - 2013-07-27 03:03 - 00000094 _____ C:\Users\Tobias\Desktop\penny arbeitszeiten.txt
2013-07-26 17:37 - 2013-07-26 17:36 - 00001027 _____ C:\Users\Tobias\Desktop\healcommand.java
2013-07-26 15:22 - 2013-08-02 21:34 - 00000000 ____D C:\Users\Tobias\Desktop\server
2013-07-26 15:09 - 2013-07-27 16:26 - 00000000 ____D C:\Users\Tobias\workspace
2013-07-26 15:07 - 2013-07-26 15:14 - 00000000 ____D C:\Users\Tobias\Desktop\java
2013-07-26 15:04 - 2013-07-26 15:07 - 208584371 _____ C:\Users\Tobias\Downloads\eclipse-standard-kepler-R-win32.zip
2013-07-26 14:55 - 2013-07-26 14:55 - 00000000 ____D C:\Users\Tobias\Downloads\BanManager
2013-07-26 14:52 - 2013-07-26 14:52 - 00349473 _____ C:\Users\Tobias\Downloads\BanManager.zip
2013-07-26 13:12 - 2013-07-26 13:12 - 00000000 ____D C:\Users\Tobias\Downloads\Kontaktformular - 2013-07-26--13-09-49
2013-07-26 13:09 - 2013-07-26 13:09 - 00008870 _____ C:\Users\Tobias\Downloads\Kontaktformular - 2013-07-26--13-09-49.zip
2013-07-25 16:02 - 2013-07-25 16:02 - 00015312 _____ C:\Users\Tobias\Downloads\BastiBar.schematic
2013-07-23 10:54 - 2013-07-23 10:54 - 00002527 _____ C:\Users\Tobias\Documents\index.yml
2013-07-23 09:33 - 2013-07-23 09:33 - 08755133 _____ C:\Users\Tobias\Downloads\server drasilx.log
2013-07-22 05:06 - 2013-07-22 05:06 - 00429035 _____ C:\Users\Tobias\Downloads\SeasideSetup_1.02.zip
2013-07-20 18:05 - 2013-07-20 18:05 - 04127501 _____ C:\Users\Tobias\Downloads\server2066.log
2013-07-19 17:28 - 2013-07-19 17:28 - 00367332 _____ (hxxp://magiclauncher.com) C:\Users\Tobias\Desktop\MagicLauncher_1.1.7.exe
2013-07-18 05:44 - 2013-07-18 05:44 - 00034048 _____ C:\Users\Tobias\Documents\knopf.mcx
2013-07-18 05:44 - 2013-07-18 05:44 - 00000631 _____ C:\Users\Tobias\Documents\B u E.txt
2013-07-18 05:43 - 2013-07-18 21:55 - 00000859 _____ C:\Users\Tobias\Desktop\Teamkonfi.txt
2013-07-18 05:28 - 2013-07-18 05:28 - 00113546 _____ C:\Users\Tobias\Downloads\SimpleRegionMarket.jar
2013-07-14 20:26 - 2013-07-14 20:27 - 24083257 _____ (Disruptive Innovations SAS                                  ) C:\Users\Tobias\Downloads\bluegriffon-1.7.2.exe
2013-07-13 13:26 - 2013-07-13 21:14 - 00000077 _____ C:\Users\Tobias\Desktop\frage.txt
2013-07-10 22:10 - 2013-07-10 22:10 - 00182242 _____ C:\Users\Tobias\Desktop\inventorytweaks-1.54b.jar
2013-07-09 22:13 - 2013-07-09 22:13 - 00143984 _____ C:\Windows\Minidump\070913-38142-01.dmp
2013-07-09 03:11 - 2013-07-09 20:35 - 00000000 ____D C:\Users\Tobias\Downloads\addons firefox
2013-07-09 00:23 - 2013-07-09 00:23 - 175751730 _____ C:\Users\Tobias\Desktop\sicherung 09.07.13.reg
2013-07-08 20:56 - 2013-07-08 20:56 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\SQL Maestro Group
2013-07-08 20:55 - 2013-07-08 20:55 - 00000904 _____ C:\Users\Tobias\Desktop\SQLite Maestro.lnk
2013-07-08 20:55 - 2013-07-08 20:55 - 00000000 ____D C:\Program Files\Common Files\SQL Maestro Group

==================== One Month Modified Files and Folders =======

2013-08-07 14:23 - 2013-08-07 14:23 - 01229076 _____ (Farbar) C:\Users\Tobias\Desktop\FRST.exe
2013-08-07 14:21 - 2012-12-21 18:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-07 14:15 - 2012-12-21 18:37 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Skype
2013-08-07 12:44 - 2012-12-21 19:05 - 00000000 ____D C:\Users\Tobias\Documents\Nitrado
2013-08-07 12:44 - 2012-12-21 18:59 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\FileZilla
2013-08-07 11:53 - 2013-08-07 11:53 - 00891098 _____ C:\Users\Tobias\Desktop\SecurityCheck.exe
2013-08-07 00:09 - 2013-06-15 17:05 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Spotify
2013-08-07 00:03 - 2012-12-21 14:30 - 00069840 _____ C:\Users\Tobias\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-06 16:15 - 2012-12-21 14:23 - 00647872 _____ C:\Windows\WindowsUpdate.log
2013-08-06 15:21 - 2012-12-22 12:22 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\TeamViewer
2013-08-06 01:45 - 2013-08-06 01:45 - 00000000 ____D C:\Program Files\ESET
2013-08-06 01:44 - 2013-08-06 01:44 - 02347384 _____ (ESET) C:\Users\Tobias\Downloads\esetsmartinstaller_enu.exe
2013-08-05 23:26 - 2012-12-21 18:23 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\.minecraft
2013-08-05 13:39 - 2013-06-15 17:06 - 00000000 ____D C:\Users\Tobias\AppData\Local\Spotify
2013-08-04 19:52 - 2009-07-14 06:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-04 19:52 - 2009-07-14 06:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-04 19:46 - 2013-05-26 18:33 - 00000000 ____D C:\Users\Tobias\Tracing
2013-08-04 19:45 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-04 19:45 - 2009-07-14 06:39 - 00108595 _____ C:\Windows\setupact.log
2013-08-04 17:55 - 2010-06-29 15:26 - 01682084 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-04 17:10 - 2013-08-01 18:20 - 00000000 ____D C:\Users\Tobias\minecraft
2013-08-04 16:52 - 2013-08-01 15:53 - 15249388 _____ C:\Users\Tobias\Downloads\craftbukkit-1.6.2-R0.1-20130731.060227-17.jar
2013-08-04 13:46 - 2012-12-21 18:45 - 00000000 ____D C:\Users\Tobias\Downloads\Mods
2013-08-03 22:26 - 2013-08-03 22:26 - 00000000 ____D C:\Users\Tobias\.SquashOccurrences
2013-08-03 22:26 - 2012-12-21 14:30 - 00000000 ____D C:\Users\Tobias
2013-08-03 22:09 - 2012-12-21 17:30 - 00000000 ____D C:\Programme
2013-08-03 20:22 - 2013-08-03 20:21 - 11918007 _____ C:\Users\Tobias\Downloads\dynmap-1.9-alpha-1.jar
2013-08-03 09:55 - 2012-12-23 17:10 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\SoftGrid Client
2013-08-02 21:34 - 2013-07-26 15:22 - 00000000 ____D C:\Users\Tobias\Desktop\server
2013-08-02 21:14 - 2013-07-07 10:01 - 00000000 ____D C:\Users\Tobias\Downloads\Nitrado Forum
2013-08-02 17:09 - 2013-08-02 17:08 - 00000079 _____ C:\Users\Tobias\Desktop\MinecraftSP.bat
2013-08-01 18:43 - 2013-07-04 17:03 - 00000078 _____ C:\Users\Tobias\Desktop\Minecraft.bat
2013-08-01 18:23 - 2013-08-01 18:23 - 00004789 _____ C:\Users\Tobias\Desktop\new  24.yml
2013-08-01 18:14 - 2013-08-01 18:14 - 00506821 _____ C:\Users\Tobias\Desktop\MinecraftSP.jar
2013-08-01 16:13 - 2013-08-01 16:13 - 00008778 _____ C:\Users\Tobias\Documents\vippx.yml
2013-08-01 15:00 - 2012-12-21 18:11 - 00096548 _____ C:\Windows\PFRO.log
2013-08-01 15:00 - 2009-07-14 06:56 - 00000000 ____D C:\Windows\DigitalLocker
2013-08-01 14:46 - 2013-08-01 14:46 - 00000773 _____ C:\Users\Tobias\Desktop\JRT.txt
2013-08-01 14:44 - 2013-08-01 14:44 - 00000000 ____D C:\Windows\ERUNT
2013-08-01 14:42 - 2013-08-01 14:42 - 00562430 _____ (Oleg N. Scherbakov) C:\Users\Tobias\Desktop\JRT.exe
2013-08-01 14:36 - 2013-08-01 14:34 - 00002954 _____ C:\AdwCleaner[S1].txt
2013-08-01 14:02 - 2013-08-01 14:02 - 00666633 _____ C:\Users\Tobias\Desktop\adwcleaner.exe
2013-08-01 12:25 - 2013-08-01 12:25 - 00000000 ____D C:\FRST
2013-08-01 10:59 - 2012-12-21 23:03 - 00000000 ____D C:\Users\Tobias\Downloads\plugins
2013-07-29 09:19 - 2013-01-12 13:43 - 00000000 ____D C:\Users\Tobias\AppData\Local\Adobe
2013-07-29 09:19 - 2012-12-21 18:40 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-07-29 09:19 - 2012-12-21 18:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-07-28 13:59 - 2013-07-28 13:59 - 00001175 _____ C:\Users\Tobias\JannisTuer.schematic
2013-07-27 17:19 - 2013-07-27 17:19 - 00010059 _____ C:\Users\Tobias\config.yml
2013-07-27 16:26 - 2013-07-26 15:09 - 00000000 ____D C:\Users\Tobias\workspace
2013-07-27 05:32 - 2013-07-27 05:32 - 00006483 _____ C:\Users\Tobias\Documents\config bm.yml
2013-07-27 03:10 - 2012-12-23 16:16 - 00000000 ____D C:\Users\Tobias\Documents\My Games
2013-07-27 03:03 - 2013-07-27 03:03 - 00000094 _____ C:\Users\Tobias\Desktop\penny arbeitszeiten.txt
2013-07-26 17:36 - 2013-07-26 17:37 - 00001027 _____ C:\Users\Tobias\Desktop\healcommand.java
2013-07-26 15:14 - 2013-07-26 15:07 - 00000000 ____D C:\Users\Tobias\Desktop\java
2013-07-26 15:07 - 2013-07-26 15:04 - 208584371 _____ C:\Users\Tobias\Downloads\eclipse-standard-kepler-R-win32.zip
2013-07-26 14:55 - 2013-07-26 14:55 - 00000000 ____D C:\Users\Tobias\Downloads\BanManager
2013-07-26 14:52 - 2013-07-26 14:52 - 00349473 _____ C:\Users\Tobias\Downloads\BanManager.zip
2013-07-26 13:12 - 2013-07-26 13:12 - 00000000 ____D C:\Users\Tobias\Downloads\Kontaktformular - 2013-07-26--13-09-49
2013-07-26 13:09 - 2013-07-26 13:09 - 00008870 _____ C:\Users\Tobias\Downloads\Kontaktformular - 2013-07-26--13-09-49.zip
2013-07-25 16:02 - 2013-07-25 16:02 - 00015312 _____ C:\Users\Tobias\Downloads\BastiBar.schematic
2013-07-23 10:54 - 2013-07-23 10:54 - 00002527 _____ C:\Users\Tobias\Documents\index.yml
2013-07-23 09:33 - 2013-07-23 09:33 - 08755133 _____ C:\Users\Tobias\Downloads\server drasilx.log
2013-07-22 05:06 - 2013-07-22 05:06 - 00429035 _____ C:\Users\Tobias\Downloads\SeasideSetup_1.02.zip
2013-07-20 18:05 - 2013-07-20 18:05 - 04127501 _____ C:\Users\Tobias\Downloads\server2066.log
2013-07-19 17:28 - 2013-07-19 17:28 - 00367332 _____ (hxxp://magiclauncher.com) C:\Users\Tobias\Desktop\MagicLauncher_1.1.7.exe
2013-07-18 21:55 - 2013-07-18 05:43 - 00000859 _____ C:\Users\Tobias\Desktop\Teamkonfi.txt
2013-07-18 05:44 - 2013-07-18 05:44 - 00034048 _____ C:\Users\Tobias\Documents\knopf.mcx
2013-07-18 05:44 - 2013-07-18 05:44 - 00000631 _____ C:\Users\Tobias\Documents\B u E.txt
2013-07-18 05:28 - 2013-07-18 05:28 - 00113546 _____ C:\Users\Tobias\Downloads\SimpleRegionMarket.jar
2013-07-15 04:50 - 2013-02-20 19:24 - 00000000 ____D C:\Users\Tobias\Downloads\Homepage
2013-07-15 02:20 - 2013-02-20 17:03 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Webocton - Scriptly
2013-07-15 00:32 - 2012-12-21 23:15 - 00000000 ____D C:\Users\Tobias\Downloads\Bukkit
2013-07-14 20:29 - 2013-02-20 14:57 - 00000784 _____ C:\Users\Public\Desktop\BlueGriffon.lnk
2013-07-14 20:27 - 2013-07-14 20:26 - 24083257 _____ (Disruptive Innovations SAS                                  ) C:\Users\Tobias\Downloads\bluegriffon-1.7.2.exe
2013-07-13 21:14 - 2013-07-13 13:26 - 00000077 _____ C:\Users\Tobias\Desktop\frage.txt
2013-07-13 20:49 - 2013-06-26 00:59 - 00000000 ____D C:\Users\Tobias\Documents\Prototype
2013-07-11 18:23 - 2012-12-25 23:51 - 00000048 _____ C:\Users\Tobias\Desktop\lastlogin
2013-07-11 12:33 - 2012-12-21 19:28 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\TS3Client
2013-07-10 22:10 - 2013-07-10 22:10 - 00182242 _____ C:\Users\Tobias\Desktop\inventorytweaks-1.54b.jar
2013-07-10 18:04 - 2012-12-21 18:37 - 00000000 ____D C:\ProgramData\Skype
2013-07-09 22:13 - 2013-07-09 22:13 - 00143984 _____ C:\Windows\Minidump\070913-38142-01.dmp
2013-07-09 22:13 - 2013-01-03 03:52 - 00000000 ____D C:\Windows\Minidump
2013-07-09 22:12 - 2013-01-03 03:52 - 345077490 _____ C:\Windows\MEMORY.DMP
2013-07-09 20:35 - 2013-07-09 03:11 - 00000000 ____D C:\Users\Tobias\Downloads\addons firefox
2013-07-09 00:52 - 2013-06-22 21:56 - 00000000 ____D C:\Users\Tobias\Downloads\Windows
2013-07-09 00:23 - 2013-07-09 00:23 - 175751730 _____ C:\Users\Tobias\Desktop\sicherung 09.07.13.reg
2013-07-08 20:56 - 2013-07-08 20:56 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\SQL Maestro Group
2013-07-08 20:55 - 2013-07-08 20:55 - 00000904 _____ C:\Users\Tobias\Desktop\SQLite Maestro.lnk
2013-07-08 20:55 - 2013-07-08 20:55 - 00000000 ____D C:\Program Files\Common Files\SQL Maestro Group
2013-07-08 20:48 - 2013-07-07 18:08 - 00001228 _____ C:\Users\Tobias\Desktop\team.txt

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-03 14:42

==================== End Of Log ============================

--- --- ---

--- --- ---

Firefox aktualisiert.
Ad Ware bleibt bestehen.

schrauber · 07.08.2013, 20:20

Zitat:

Ad Ware bleibt bestehen.

geht das genauer?

darkrider78 · 07.08.2013, 21:36

Hallo,
also einige Wörter werden immer noch grün (doppelt)unterstrichen. Fährt man mit dem Mauszeiger über diese(s) Wort/Wörter, kommt ein kleines Fenster mit Werbung.

Ausserdem gibt es bei Youtube auch Werbung.
Also das Video wird 1 Sekunde lang angespielt und dann kommt da ein Fenster mit Werbung. Rechts unten steht dann Skip Ad. Nach 10 Sekunden geht es dann automatisch weiter.

Ausserdem ist mir aufgefallen, dass das eines der von dir genannten Programme nur FF 19 durchgescannt hat. Ich benutzte aber FF 22. Ich hatte beide Versionen installiert.

schrauber · 08.08.2013, 09:06

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Firefox deinstallieren, keine DAten behalten, neu installieren. Problem weg?

darkrider78 · 15.08.2013, 01:32

Erledigt. Meine externe Festplatte war dabei nicht angeschlossen ist das schlimm?
Die unterlegten Wörter scheinen weg zu sein, sollte sich das ändern, werde ich mich melden.

(Ich warte erst mal auf deine Antwort, bevor ich Firefox resete, da ich ja nicht weiß, ob es was mit der externen Festplatte zutun haben könnte.)

Die Werbung bei sämtlichen Portalen vor Videos bleiben.
Die Werbung kommt nicht vor jedem Video, aber öfters.

Das sieht dann so aus:
Die Werbung ist mittig im Videofenster:

Folgenden Funde habe ich von meinem Virenscanner entfernen lassen:

schrauber · 15.08.2013, 12:44

Mach das mit Firefox, externe ist dabei egal. Installiere dann das Addon Adblock Plus und teste

darkrider78 · 15.08.2013, 16:58

Also ich habe FF noch nicht resetet.

Unterlegte Wörter sind immer noch da.
Adblock Plus habe ich schon lange installiert.

Darf ich noch nicht mal Lesezeichen mit MozBackup sichern?

schrauber · 15.08.2013, 19:03

Lesezeichen manuell exportieren, nicht mit dem Backup-Tool. Sonst nix, das angelegte Profil ist versaut.

darkrider78 · 01.09.2013, 14:51

Hallo Schrauber.
Ich habe neulich nochmal mit Malewarebytes gescannt und der hat 60 PuPs gefunden.
Ich habe seitdem keine Anzeichen von Adware mehr gesehen.

Mein Profil scheint wohl wieder sauber zu sein.

15.08.2013, 12:44	#12
schrauber /// the machine /// TB-Ausbilder	Was tun gegen Ad Ware? Mach das mit Firefox, externe ist dabei egal. Installiere dann das Addon Adblock Plus und teste __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

15.08.2013, 19:03	#14
schrauber /// the machine /// TB-Ausbilder	Was tun gegen Ad Ware? Lesezeichen manuell exportieren, nicht mit dem Backup-Tool. Sonst nix, das angelegte Profil ist versaut. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Was tun gegen Ad Ware?

Plagegeister aller Art und deren Bekämpfung: Was tun gegen Ad Ware?