Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Telekombrief "Hacking": Heimnetzwerk (2xTower, 2xLaptop, 2xNotebook)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 10.09.2013, 16:48   #1
Goeol2
 
Telekombrief "Hacking": Heimnetzwerk (2xTower, 2xLaptop, 2xNotebook) - Standard

Telekombrief "Hacking": Heimnetzwerk (2xTower, 2xLaptop, 2xNotebook)



Hallo, wir haben Post von der Telekom bekommen, dass von unseren Anschluss aus gehackt worden sei. Ich soll nun alle rechner des Anschlusses Kontrollieren.

Im Heimnetzwerk sind:
2xTower (1x Win7 1x Win Vista)
2xLaptops (2x Win7)
2xNotebooks (2xWin Vista)
3xAndroid Handys (von dennen kanns ja nicht kommen oder?)

Habe jetzt schonmal das Wlan PW geändert und alle Geräte rausgeworfen.
Werde jetzt nach und nach die Geräte verbinden die von euch als sicher und bereinigt gekennzeichnet worden sind.

Anfangen würde ich daher mit diesem Pc hier, das ist der Win7 Tower.

Hier die Logs des Pcs:

Defogger_disable.log:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:20 on 10/09/2013 (Sascha)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST.txt:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013 01
Ran by Sascha (administrator) on SASCHA-PC on 10-09-2013 17:22:35
Running from C:\Users\Sascha\Desktop\Anticheat
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
() C:\Windows\system32\dmwu.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(arvato digital services llc) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Windows\SysWOW64\jmdp\stij.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NANotify.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ASUS) C:\Program Files (x86)\ASUS\PCE-AC66 WLAN Card Utilities\WlanMgr.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Users\Sascha\Desktop\Anticheat\Defogger.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11842152 2011-05-03] (Realtek Semiconductor)
HKLM\...\Run: [THXCfg64] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [Launch LgDeviceAgent] - C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415816 2010-06-11] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2413128 2010-06-11] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-06-11] (Logitech Inc.)
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [Steam] - E:\steam\Steam.exe [1811880 2013-08-28] (Valve Corporation)
HKCU\...\Run: [AdBuck.exe] - C:\Program Files (x86)\AdBuck\AdBuck.exe
HKCU\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [35256 2013-08-22] (Overwolf)
MountPoints2: {14679d97-e302-11e1-a1d3-14dae947038b} - I:\LaunchU3.exe -a
MountPoints2: {abba61d8-c378-11e1-a9a1-806e6f6e6963} - F:\.\Bin\ASSETUP.exe
HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe [1349632 2010-06-11] (Creative Technology Ltd)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2013-04-18] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Logitech G35] - C:\Program Files (x86)\Logitech\G35\G35.exe [1811800 2010-10-05] (Logitech(c))
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
Startup: C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: (No Name) - {EEE6C35D-6118-11DC-9C72-001320C79847} -  No File
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\7tosl5tb.default
FF NewTab: user_pref("browser.newtab.url", "");
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\7tosl5tb.default\searchplugins\MyStart.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\7tosl5tb.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi
FF Extension: SQLiteManager - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\7tosl5tb.default\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi
FF Extension: No Name - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\7tosl5tb.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
FF Extension: No Name - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\7tosl5tb.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [webbooster@iminent.com] C:\Program Files (x86)\Iminent\webbooster@iminent.com

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\ab.crx

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2013-04-18] (Kaspersky Lab ZAO)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [221696 2012-05-02] ()
R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1447728 2013-05-21] ()
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-08-11] ()
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
S2 SystemStoreService; C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe [296448 2013-08-07] ()

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [36448 2011-03-23] (Asmedia Technology)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2013-04-18] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
R3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech)
R3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech)
R3 PcaSp60; C:\Windows\SysWow64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-10 17:20 - 2013-09-10 17:20 - 00000000 _____ C:\Users\Sascha\defogger_reenable
2013-09-10 17:15 - 2013-09-10 17:21 - 00000000 ____D C:\Users\Sascha\Desktop\Anticheat
2013-09-10 17:15 - 2013-09-10 17:15 - 00050477 _____ C:\Users\Sascha\Downloads\Defogger.exe
2013-09-10 16:44 - 2013-09-10 16:44 - 00000000 _____ C:\Users\Sascha\AppData\Roaming\.NANotifyHere
2013-09-09 16:57 - 2013-09-09 16:57 - 00001973 _____ C:\Users\Public\Desktop\Overwolf.lnk
2013-09-09 16:57 - 2013-09-09 16:57 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2013-09-09 16:56 - 2013-09-09 16:57 - 00000000 ____D C:\Program Files (x86)\Overwolf
2013-09-09 16:50 - 2013-09-09 16:59 - 00000000 ____D C:\Users\Sascha\AppData\Local\Overwolf
2013-09-07 11:04 - 2013-09-07 11:04 - 00001903 _____ C:\Users\Sascha\Downloads\new.pwn
2013-09-05 13:46 - 2013-09-05 13:46 - 00000022 _____ C:\Windows\S.dirmngr
2013-09-02 17:43 - 2013-09-09 19:46 - 00000000 ____D C:\Users\Sascha\AppData\Local\Game Dev Tycoon - Steam
2013-08-29 14:15 - 2013-08-29 14:15 - 00012985 _____ C:\Users\Sascha\Desktop\hs_err_pid103144.log
2013-08-23 16:24 - 2013-08-23 16:25 - 12683061 _____ C:\Users\Sascha\Downloads\s0nicTzProjectv0.35FIX2PUBLICVERSIONSAMP0.3x.zip
2013-08-21 16:37 - 2013-08-21 16:37 - 02820085 _____ C:\Users\Sascha\Downloads\3.zip
2013-08-21 16:36 - 2013-08-21 16:36 - 03552174 _____ C:\Users\Sascha\Downloads\93.zip
2013-08-21 16:33 - 2013-08-21 16:33 - 05030080 _____ C:\Users\Sascha\Downloads\151.zip
2013-08-21 16:31 - 2013-08-21 16:31 - 04173578 _____ C:\Users\Sascha\Downloads\163.zip
2013-08-21 16:30 - 2013-08-21 16:31 - 05810856 _____ C:\Users\Sascha\Downloads\164.zip
2013-08-21 16:27 - 2013-08-21 16:29 - 04777814 _____ C:\Users\Sascha\Downloads\146.zip
2013-08-21 16:25 - 2013-08-21 16:25 - 04344751 _____ C:\Users\Sascha\Downloads\145.zip
2013-08-18 12:51 - 2013-08-18 12:51 - 00000000 __SHD C:\ProgramData\DSS
2013-08-18 12:45 - 2013-08-18 12:45 - 00000000 ____D C:\Windows\1C4551A64743409391E41477CD655043.TMP
2013-08-17 12:09 - 2013-08-17 12:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 03:03 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-16 03:03 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-16 03:03 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-16 03:03 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-16 03:03 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-16 03:03 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-16 03:03 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-16 03:03 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-16 03:03 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-16 03:03 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-16 03:03 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-16 03:03 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-16 03:03 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-16 03:03 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-16 03:03 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-16 03:03 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-16 03:03 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-16 03:03 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-16 03:03 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-16 03:03 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-16 03:03 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-16 03:03 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-16 03:03 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-16 03:03 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-16 03:03 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-16 03:03 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-16 03:03 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-16 03:03 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-16 03:03 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-16 03:03 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-16 03:03 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 16:15 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 16:15 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 16:15 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 16:15 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 16:15 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 16:15 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 16:15 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 16:15 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 16:15 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 16:15 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 16:15 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 16:15 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 16:15 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 16:15 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 16:15 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 16:15 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 16:15 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 16:15 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 16:15 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 16:15 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 16:15 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 16:15 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 16:15 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 16:15 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 16:15 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 16:15 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 16:15 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-11 13:18 - 2013-08-11 13:18 - 00000000 ____D C:\Users\Sascha\Documents\Arktos
2013-08-11 13:18 - 2013-08-11 13:18 - 00000000 ____D C:\Users\Sascha\AppData\Local\CrashRpt
2013-08-11 13:18 - 2013-08-11 13:18 - 00000000 ____D C:\Users\Sascha\AppData\Local\Arktos

==================== One Month Modified Files and Folders =======

2013-09-10 17:21 - 2013-09-10 17:15 - 00000000 ____D C:\Users\Sascha\Desktop\Anticheat
2013-09-10 17:20 - 2013-09-10 17:20 - 00000000 _____ C:\Users\Sascha\defogger_reenable
2013-09-10 17:20 - 2012-07-01 15:05 - 00000000 ____D C:\Users\Sascha
2013-09-10 17:18 - 2012-07-05 19:10 - 00000600 _____ C:\Users\Sascha\AppData\Roaming\winscp.rnd
2013-09-10 17:17 - 2009-07-14 19:58 - 00707300 _____ C:\Windows\system32\perfh007.dat
2013-09-10 17:17 - 2009-07-14 19:58 - 00152892 _____ C:\Windows\system32\perfc007.dat
2013-09-10 17:17 - 2009-07-14 07:13 - 01642148 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-10 17:15 - 2013-09-10 17:15 - 00050477 _____ C:\Users\Sascha\Downloads\Defogger.exe
2013-09-10 17:13 - 2012-07-01 15:04 - 01934816 _____ C:\Windows\WindowsUpdate.log
2013-09-10 17:09 - 2012-07-01 21:31 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-10 17:07 - 2012-07-01 17:53 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-10 16:46 - 2013-08-07 20:01 - 00004206 _____ C:\Windows\System32\Tasks\Software Updater
2013-09-10 16:46 - 2013-08-07 20:01 - 00004172 _____ C:\Windows\System32\Tasks\Software Updater Ui
2013-09-10 16:44 - 2013-09-10 16:44 - 00000000 _____ C:\Users\Sascha\AppData\Roaming\.NANotifyHere
2013-09-09 23:51 - 2012-07-05 19:11 - 00000600 _____ C:\Users\Sascha\AppData\Local\PUTTY.RND
2013-09-09 23:32 - 2013-06-13 21:28 - 00010983 _____ C:\Windows\setupact.log
2013-09-09 19:46 - 2013-09-02 17:43 - 00000000 ____D C:\Users\Sascha\AppData\Local\Game Dev Tycoon - Steam
2013-09-09 19:46 - 2012-07-01 17:39 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Dropbox
2013-09-09 16:59 - 2013-09-09 16:50 - 00000000 ____D C:\Users\Sascha\AppData\Local\Overwolf
2013-09-09 16:57 - 2013-09-09 16:57 - 00001973 _____ C:\Users\Public\Desktop\Overwolf.lnk
2013-09-09 16:57 - 2013-09-09 16:57 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2013-09-09 16:57 - 2013-09-09 16:56 - 00000000 ____D C:\Program Files (x86)\Overwolf
2013-09-09 14:45 - 2013-05-13 19:48 - 00000000 ____D C:\Users\Sascha\AppData\Local\LogMeIn Hamachi
2013-09-09 11:11 - 2009-07-14 06:45 - 00014640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-09 11:11 - 2009-07-14 06:45 - 00014640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-07 11:04 - 2013-09-07 11:04 - 00001903 _____ C:\Users\Sascha\Downloads\new.pwn
2013-09-05 13:46 - 2013-09-05 13:46 - 00000022 _____ C:\Windows\S.dirmngr
2013-09-05 13:46 - 2012-07-01 17:40 - 00000000 ___RD C:\Users\Sascha\Dropbox
2013-09-05 13:46 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-04 18:50 - 2013-04-15 18:50 - 00000000 ____D C:\Users\Sascha\AppData\Local\CrashDumps
2013-09-03 19:58 - 2012-12-22 22:46 - 01619106 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-08-29 14:15 - 2013-08-29 14:15 - 00012985 _____ C:\Users\Sascha\Desktop\hs_err_pid103144.log
2013-08-23 17:01 - 2013-02-04 19:58 - 00000000 ____D C:\Users\Sascha\Documents\GTA San Andreas User Files
2013-08-23 16:25 - 2013-08-23 16:24 - 12683061 _____ C:\Users\Sascha\Downloads\s0nicTzProjectv0.35FIX2PUBLICVERSIONSAMP0.3x.zip
2013-08-22 09:12 - 2012-07-01 16:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-21 16:37 - 2013-08-21 16:37 - 02820085 _____ C:\Users\Sascha\Downloads\3.zip
2013-08-21 16:36 - 2013-08-21 16:36 - 03552174 _____ C:\Users\Sascha\Downloads\93.zip
2013-08-21 16:33 - 2013-08-21 16:33 - 05030080 _____ C:\Users\Sascha\Downloads\151.zip
2013-08-21 16:31 - 2013-08-21 16:31 - 04173578 _____ C:\Users\Sascha\Downloads\163.zip
2013-08-21 16:31 - 2013-08-21 16:30 - 05810856 _____ C:\Users\Sascha\Downloads\164.zip
2013-08-21 16:29 - 2013-08-21 16:27 - 04777814 _____ C:\Users\Sascha\Downloads\146.zip
2013-08-21 16:25 - 2013-08-21 16:25 - 04344751 _____ C:\Users\Sascha\Downloads\145.zip
2013-08-21 16:21 - 2012-10-30 21:18 - 00002362 _____ C:\Users\Sascha\Desktop\Daten.txt
2013-08-20 21:45 - 2012-07-01 21:31 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 21:45 - 2012-07-01 21:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-20 21:45 - 2012-07-01 21:31 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-18 18:34 - 2013-07-25 18:21 - 00000000 ____D C:\Users\Sascha\AppData\Local\PAYDAY 2
2013-08-18 12:51 - 2013-08-18 12:51 - 00000000 __SHD C:\ProgramData\DSS
2013-08-18 12:51 - 2012-12-22 11:08 - 00000000 ____D C:\Users\Sascha\Documents\EA Games
2013-08-18 12:50 - 2012-12-22 22:54 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-08-18 12:47 - 2013-06-21 18:52 - 00111066 _____ C:\Windows\DirectX.log
2013-08-18 12:45 - 2013-08-18 12:45 - 00000000 ____D C:\Windows\1C4551A64743409391E41477CD655043.TMP
2013-08-17 12:09 - 2013-08-17 12:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 04:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-12 22:48 - 2013-06-15 17:00 - 00003112 _____ C:\Windows\PFRO.log
2013-08-12 17:06 - 2013-03-18 18:46 - 00291128 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-08-12 17:06 - 2012-12-09 15:47 - 00291128 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-08-11 18:15 - 2012-12-09 15:47 - 00291128 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-08-11 13:19 - 2013-03-18 18:46 - 00000000 ____D C:\Users\Sascha\AppData\Local\PunkBuster
2013-08-11 13:18 - 2013-08-11 13:18 - 00000000 ____D C:\Users\Sascha\Documents\Arktos
2013-08-11 13:18 - 2013-08-11 13:18 - 00000000 ____D C:\Users\Sascha\AppData\Local\CrashRpt
2013-08-11 13:18 - 2013-08-11 13:18 - 00000000 ____D C:\Users\Sascha\AppData\Local\Arktos
2013-08-11 13:18 - 2012-12-09 15:46 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-01 18:00

==================== End Of Log ============================
         
Addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-09-2013 01
Ran by Sascha at 2013-09-10 17:23:01
Running from C:\Users\Sascha\Desktop\Anticheat
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
[translation missing: EVERemoveOnly] (x32)
Adobe AIR (x32 Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Age of Empires II: HD Edition (x32)
Amazon MP3-Downloader 1.0.17 (x32 Version: 1.0.17)
AMD APP SDK Runtime (Version: 10.0.938.2)
AMD AVIVO64 Codecs (Version: 11.7.0.11229)
AMD Catalyst Install Manager (Version: 8.0.881.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.0806.1213.19931)
AMD Media Foundation Decoders (Version: 1.0.70727.2220)
AMD Steady Video Plug-In  (Version: 2.06.0000)
AMD VISION Engine Control Center (x32 Version: 2012.0806.1213.19931)
Android SDK Tools (x32 Version: 0.7)
Antichamber
Arma 2: DayZ Mod (x32)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.10.0.0)
Asmedia ASM106x SATA Host Controller Driver (x32 Version: 1.2.2.000)
ASUS PCE-AC66 WLAN Card Utilities/Driver (x32 Version: 2.0.2.4)
AVS Update Manager 1.0 (x32)
AVS Video Converter 8 (x32)
AVS4YOU Software Navigator 1.4 (x32)
Binary Domain (x32)
Bing Bar (x32 Version: 7.1.361.0)
BioShock (x32)
BioShock Infinite (x32)
Borderlands (x32)
Borderlands 2 (x32)
Burnout Paradise: The Ultimate Box (x32)
Call of Duty: Black Ops II - Multiplayer (x32)
Call of Duty: Black Ops II - Zombies (x32)
Call of Duty: Black Ops II (x32)
Camtasia Studio 8 (x32 Version: 8.0.4.1060)
Carrier Command: Gaea Mission (x32)
Castle Crashers (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1213.19931)
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1213.19931)
Catalyst Control Center Localization All (x32 Version: 2012.0806.1213.19931)
CCC Help Chinese Standard (x32 Version: 2012.0806.1212.19931)
CCC Help Chinese Traditional (x32 Version: 2012.0806.1212.19931)
CCC Help Czech (x32 Version: 2012.0806.1212.19931)
CCC Help Danish (x32 Version: 2012.0806.1212.19931)
CCC Help Dutch (x32 Version: 2012.0806.1212.19931)
CCC Help English (x32 Version: 2012.0806.1212.19931)
CCC Help Finnish (x32 Version: 2012.0806.1212.19931)
CCC Help French (x32 Version: 2012.0806.1212.19931)
CCC Help German (x32 Version: 2012.0806.1212.19931)
CCC Help Greek (x32 Version: 2012.0806.1212.19931)
CCC Help Hungarian (x32 Version: 2012.0806.1212.19931)
CCC Help Italian (x32 Version: 2012.0806.1212.19931)
CCC Help Japanese (x32 Version: 2012.0806.1212.19931)
CCC Help Korean (x32 Version: 2012.0806.1212.19931)
CCC Help Norwegian (x32 Version: 2012.0806.1212.19931)
CCC Help Polish (x32 Version: 2012.0806.1212.19931)
CCC Help Portuguese (x32 Version: 2012.0806.1212.19931)
CCC Help Russian (x32 Version: 2012.0806.1212.19931)
CCC Help Spanish (x32 Version: 2012.0806.1212.19931)
CCC Help Swedish (x32 Version: 2012.0806.1212.19931)
CCC Help Thai (x32 Version: 2012.0806.1212.19931)
CCC Help Turkish (x32 Version: 2012.0806.1212.19931)
ccc-utility64 (Version: 2012.0806.1213.19931)
Chivalry: Medieval Warfare (x32)
Construct 2 Free (x32)
Corel Graphics - Windows Shell Extension (Version: 16.1.0.843)
Corel Graphics - Windows Shell Extension (Version: 16.1.843)
Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.1.843)
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - DE (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - IPM (Version: 16.1)
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 (64-Bit) (Version: 16.1.0.843)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.1)
Counter-Strike: Global Offensive (x32)
Cube World version 0.0.1 (x32 Version: 0.0.1)
DarksidersInstaller (x32 Version: 1.00.1000)
Dead Island Riptide (x32)
DmC Devil May Cry (x32)
Dropbox (HKCU Version: 2.0.22)
eaner (Version: 4.02)
Emergency 2013 (x32)
Endless Space (x32)
Far Cry® 3 (x32)
FileZilla Client 3.2.7.1 (x32 Version: 3.2.7.1)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.27.0)
Fraps (remove only) (x32)
Free YouTube to MP3 Converter version 3.11.29.825 (x32 Version: 3.11.29.825)
Galcon Fusion (x32)
Game Dev Tycoon (x32)
GameSpy Comrade (x32 Version: 1.5.0.156)
GIMP 2.8.0 (Version: 2.8.0)
Gpg4win (2.1.1-34299-beta) (x32 Version: 2.1.1-34299-beta)
Guild Wars 2 (x32)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (x32 Version: 1)
HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (Version: 22.50.231.0)
HP Officejet Pro 8500 A910 Hilfe (x32 Version: 140.0.2.2)
HP Update (x32 Version: 5.002.006.003)
HydraVision (x32 Version: 4.2.220.0)
I Am Alive (x32)
I.R.I.S. OCR (x32 Version: 12.3.4.0)
IB Updater Service (x32 Version: 3.0.5.4)
Infestation: Survivor Stories (x32)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (x32 Version: 11.1.048)
Intel(R) Network Connections 15.6.25.0 (Version: 15.6.25.0)
Internet Explorer Toolbar 4.6 by SweetPacks (x32 Version: 4.6.0004)
Java 7 Update 9 (64-bit) (Version: 7.0.90)
Java Auto Updater (x32 Version: 2.0.6.1)
Java(TM) 6 Update 27 (x32 Version: 6.0.270)
Java(TM) SE Development Kit 6 Update 27 (x32 Version: 1.6.0.270)
Just Cause 2 (x32)
Kaspersky Anti-Virus 2012 (x32 Version: 12.0.0.374)
Killing Floor (x32)
Killing Floor Mod: Defence Alliance 2 (x32)
LightScribe System Software (x32 Version: 1.18.22.2)
Logitech G35 (Version: 1.1.178)
Logitech GamePanel Software 3.05.151 (Version: 3.05.151)
LogMeIn Hamachi (x32 Version: 2.1.0.374)
Look@LAN 2.50 Build 35 (x32)
MAGIX 3D Maker 7 (x32 Version: 7.0.0.476)
MAGIX Foto & Grafik Designer 2013 (Version: 8.1.2.22581)
MAGIX Foto & Grafik Designer 2013 (x32 Version: 8.1.2.22581)
MAGIX Music Maker 17 Premium (x32 Version: 17.0.0.16)
MAGIX Screenshare (Version: 4.3.6.1987)
MAGIX Screenshare (x32 Version: 4.3.6.1987)
MAGIX Speed burnR (MSI) (x32 Version: 7.0.2.6)
MAGIX Video deluxe 17 Plus Sonderedition (x32 Version: 10.0.11.0)
Marketsplash Schnellzugriffe (x32 Version: 1.0.1.7)
Mars: War Logs (x32)
Max Local Application (x32 Version: 1.3.6)
Max Payne 3 (x32)
Medal of Honor(TM) Multiplayer (x32)
Medal of Honor(TM) Single Player (x32)
Metro: Last Light (x32)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual Basic for Applications 7.1 (x64) (Version: 7.1.00.00)
Microsoft Visual Basic for Applications 7.1 (x64) English (Version: 7.1.0.0)
Microsoft Visual Basic for Applications 7.1 (x64) German (Version: 7.1.0.0)
Microsoft Visual Basic PowerPacks 10.0 (x32 Version: 10.0.30319)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (x32 Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (x32 Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (x32 Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (x32 Version: 9.0.30729)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 Refresh (x32 Version: 4.0.30901.0)
Monaco (x32)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
myphotobook.de (x32 Version: 1.4.3)
myphotobook.de (x32 Version: 1.4.3.893)
Nero 12 (x32 Version: 12.5.01300)
Nero 12 Content Pack (x32 Version: 12.0.00400)
Nero Abstract Themes (x32 Version: 12.0.11500)
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0)
Nero BackItUp (x32 Version: 12.5.1000)
Nero BackItUp Help (CHM) (x32 Version: 12.0.13000)
Nero Blu-ray Player (x32 Version: 12.0.20012)
Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.9000)
Nero Burning ROM (x32 Version: 12.5.5001)
Nero Burning ROM Help (CHM) (x32 Version: 12.0.3000)
Nero Cliparts (x32 Version: 12.0.11500)
Nero ControlCenter (x32 Version: 11.0.15600)
Nero ControlCenter Help (CHM) (x32 Version: 12.0.12000)
Nero Core Components (x32 Version: 11.0.20200)
Nero Disc Menus 1 (x32 Version: 12.0.11500)
Nero Disc Menus 2 (x32 Version: 12.0.11500)
Nero Disc Menus 3 (x32 Version: 12.0.11500)
Nero Disc Menus Basic (x32 Version: 12.0.11500)
Nero Effects Basic (x32 Version: 12.0.11500)
Nero Express (x32 Version: 12.5.5002)
Nero Express Help (CHM) (x32 Version: 12.0.13000)
Nero Family and Events Themes (x32 Version: 12.0.11500)
Nero Football (Soccer) Themes (x32 Version: 12.0.11500)
Nero Holiday and Sports Themes (x32 Version: 12.0.11500)
Nero Image Samples (x32 Version: 12.0.11500)
Nero Kwik Media (x32 Version: 1.18.20100)
Nero Kwik Media Help (CHM) (x32 Version: 12.0.12000)
Nero Kwik Themes Basic (x32 Version: 12.0.11500)
Nero PiP Effects 1 (x32 Version: 12.0.11500)
Nero PiP Effects Basic (x32 Version: 12.0.11500)
Nero Platinum Effects 12 (x32 Version: 12.0.11500)
Nero Recode (x32 Version: 12.5.6000)
Nero Recode Help (CHM) (x32 Version: 12.0.12000)
Nero RescueAgent (x32 Version: 12.0.10002)
Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000)
Nero Retro Film Themes (x32 Version: 12.0.11500)
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0)
Nero Update (x32 Version: 11.0.11800.31.0)
Nero Video (x32 Version: 12.5.2001)
Nero Video Help (CHM) (x32 Version: 12.0.12000)
Nero Video Samples (x32 Version: 12.0.11500)
Nero Video Transitions 1 (x32 Version: 12.0.11500)
neroxml (x32 Version: 1.0.0)
Notepad++ (x32 Version: 6.1.5)
NVIDIA PhysX (x32 Version: 9.12.1031)
Of Orcs And Men (x32)
Overwolf (x32 Version: 0.44.256)
PAWNit 0.8.4 Beta (x32 Version: 0.8.4)
PAYDAY 2 (x32)
PAYDAY 2 Beta (x32)
PAYDAY: The Heist (x32)
Poker Night 2 (x32)
PremiumSoft Navicat Lite 10.0 (x32)
Prerequisite installer (x32 Version: 12.0.0003)
PunkBuster Services (x32 Version: 0.993)
R.U.S.E (x32)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6363)
Rockstar Games Social Club (x32 Version: 1.1.0.6)
Saints Row IV (x32)
Six Updater (x32 Version: 2.09.7004)
Sleeping Dogs™ (x32)
Sound Blaster X-Fi MB 2 (x32 Version: 1.0)
Steam (x32 Version: 1.0.0.0)
Studie zur Verbesserung von HP Officejet Pro 8500 A910 Produkten (Version: 22.50.231.0)
SweetIM for Messenger 3.7 (x32 Version: 3.7.0007)
SweetPacks bundle uninstaller (x32 Version: 1.0.0001)
Take On Mars (x32)
TeamViewer 8 (x32 Version: 8.0.16642)
Text-To-Speech-Runtime (x32 Version: 1.0.0.0)
The Bureau: XCOM Declassified (x32)
The Haunted: Hells Reach (x32)
Tom Clancy's Rainbow Six: Lockdown (x32)
Tom Clancy's Rainbow Six: Vegas 2 (x32)
Tomb Raider (x32)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
UltraEdit (HKCU Version: 19.10.1012)
UltraEdit (x32 Version: 19.10.1012)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update Manager for SweetPacks 1.1 (x32 Version: 1.1.0008)
VLC media player 2.0.4 (x32 Version: 2.0.4)
Wargame: European Escalation (x32)
Welcome App (Start-up experience) (x32 Version: 12.0.15000)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
WinSCP 4.3.8 (x32 Version: 4.3.8)
Wurm Online (HKCU)
XCOM: Enemy Unknown (x32)

==================== Restore Points  =========================

27-08-2013 10:55:33 Windows Update
03-09-2013 13:25:32 Windows Update
03-09-2013 15:36:08 Free System Utilities
10-09-2013 14:58:33 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {2B85FD2D-FA83-4BBC-989F-092DD5AF72D6} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {48D78828-9F2C-46DC-9DB5-D4921D3A21F8} - System32\Tasks\PCEAC66WLANMGR => C:\Program Files (x86)\ASUS\PCE-AC66 WLAN Card Utilities\WlanMgr.exe [2013-01-24] (ASUS)
Task: {554B1F98-F94A-430B-B02D-BC39D31576C7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-20] (Adobe Systems Incorporated)
Task: {6C192C35-E959-4D74-B142-7652CB2F2CDA} - System32\Tasks\Software Updater Ui => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exe [2013-09-10] ()
Task: {8E202E14-8FA2-4923-ABDC-73CCCC6BDDAD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {BE14F86A-41D8-40EF-9802-6ACE0F052DDC} - System32\Tasks\HPCustParticipation HP Officejet Pro 8500 A910 => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {EF011C53-F3EB-4E1F-8305-AA0BF69B62E5} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {F3F97ECA-9729-4DA5-9CCE-4B55687B1E9F} - System32\Tasks\Freemium1ClickMaint => C:\Users\Sascha\Downloads\1Click.exe
Task: {FE1F87E0-69CE-41BF-B80F-AC11DD1ADD89} - System32\Tasks\Software Updater => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-08-07] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-05-25 02:36 - 2013-05-25 02:36 - 00164016 _____ (Dropbox, Inc.) C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
2009-08-23 19:24 - 2009-08-23 19:24 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-07-05 19:10 - 2012-06-07 21:46 - 00192208 _____ (Martin Prikryl) C:\Program Files (x86)\WinSCP\DragExt64.dll
2012-07-30 02:02 - 2012-07-30 02:02 - 00234424 _____ (Corel Corporation) c:\Program Files\Common Files\Corel\Shared\Shell Extension\x64\ShellXP.dll
2012-07-30 02:01 - 2012-07-30 02:01 - 00752072 _____ (Corel Corporation) c:\Program Files\Common Files\Corel\Shared\Shell Extension\x64\FileInfoProvider.dll
2012-07-14 18:03 - 2012-06-09 19:20 - 00196096 _____ (Alexander Roshal) C:\Program Files\WinRAR\rarext.dll
2012-07-01 15:20 - 2009-10-15 13:38 - 00017920 ____N (Creative Technology Ltd.) C:\Windows\system32\THXCfg64.dll
2012-07-01 15:20 - 2009-02-26 12:08 - 00017920 ____N (Creative Technology Ltd.) C:\Windows\system32\AmbRunE.dll
2011-04-24 23:14 - 2013-04-18 19:01 - 00169912 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\scrchpg.dll
2011-04-24 23:14 - 2011-04-24 23:14 - 00189840 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\prremote.dll
2011-04-24 23:14 - 2011-04-24 23:14 - 00405904 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\prloader.dll
2011-04-24 23:13 - 2013-04-18 18:57 - 00147896 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\scrchpg.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 00030096 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klscav.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 00147856 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\prremote.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 00270736 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\prloader.dll
2011-04-24 23:14 - 2013-09-10 01:00 - 01118400 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\params.ppl
2011-04-24 23:14 - 2013-04-18 19:00 - 00042896 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\pxstub.ppl
2011-04-24 23:13 - 2013-09-10 01:00 - 00274624 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\service.dll
2011-04-24 23:13 - 2013-09-10 01:00 - 00979136 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\eka_meta.dll
2011-04-24 23:13 - 2013-04-18 18:58 - 00090512 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ushata.dll
2011-04-24 23:12 - 2011-04-24 23:12 - 00012688 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avpinit.dll
2011-04-24 23:12 - 2013-04-18 18:54 - 00455096 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avpmain.dll
2011-04-24 23:13 - 2013-04-18 18:57 - 00098744 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\fssync.dll
2011-04-24 23:12 - 2011-04-24 23:12 - 00123280 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\DumpWriter.dll
2011-04-24 23:12 - 2011-04-24 23:12 - 00019856 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\CLLDR.DLL
2011-04-24 23:14 - 2011-04-24 23:14 - 00115088 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\nfio.ppl
2011-04-24 23:13 - 2011-04-24 23:13 - 00021392 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\fsdrvplg.ppl
2011-04-24 23:14 - 2011-04-24 23:14 - 00038288 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\winreg.ppl
2011-04-24 23:13 - 2011-04-24 23:13 - 00315792 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\esmgr.dll
2011-04-24 23:13 - 2013-09-10 01:00 - 04460736 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avpgui.ppl
2011-04-24 23:13 - 2011-04-24 23:13 - 02118032 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtCore4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 07008656 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtGui4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 02089360 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtDeclarative4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 01270160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtScript4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 00192912 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtSql4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 00758160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtNetwork4.dll
2011-04-24 23:13 - 2013-04-18 18:59 - 02154936 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\basegui.ppl
2011-04-24 23:14 - 2011-04-24 23:14 - 00041360 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\thpimpl.ppl
2011-04-24 23:13 - 2011-04-24 23:13 - 00074128 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\memmon.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 00582032 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\localization_manager.dll
2011-04-20 19:56 - 2011-04-20 19:56 - 00025088 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll
2011-04-24 23:14 - 2011-04-24 23:14 - 00090512 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\propmap.ppl
2013-02-05 09:25 - 2013-02-05 09:25 - 00773968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jmdp\MSVCR100.dll
2013-05-27 10:56 - 2013-05-27 10:56 - 00382976 _____ () C:\Windows\SysWOW64\jmdp\lmrn.dll
2013-02-05 09:25 - 2013-02-05 09:25 - 00362029 _____ () C:\Windows\SysWOW64\jmdp\sqlite3.dll
2013-02-05 09:25 - 2013-02-05 09:25 - 00421200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jmdp\MSVCP100.dll
2013-04-24 17:06 - 2013-04-15 18:37 - 01444360 ___SH (Microsoft Corporation) \\?\C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-21-3486586727-2579387296-1185174997-1000\Indiv01.key
2011-04-24 23:13 - 2011-04-24 23:13 - 00229776 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
2013-08-17 12:09 - 2013-08-17 12:09 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-05-25 02:36 - 2013-05-25 02:36 - 00130736 _____ (Dropbox, Inc.) C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
2012-07-13 17:27 - 2012-07-13 17:27 - 00048024 _____ (Nero AG) C:\Program Files (x86)\Nero\Update\NASvcPS.dll
2013-07-16 16:34 - 2011-01-03 19:17 - 00104448 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Program Files (x86)\ASUS\PCE-AC66 WLAN Card Utilities\ASUSW32N55.DLL

==================== Alternate Data Streams (whitelisted) ==========



==================== Faulty Device Manager Devices =============

Name: WD SES Device USB Device
Description: WD SES Device USB Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Xbox 360 Wireless Receiver for Windows
Description: Xbox 360 Wireless Receiver for Windows
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/10/2013 05:06:46 PM) (Source: Application Error) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm Kaspersky Anti-Virus wurde wegen dieses Fehlers geschlossen.

Programm: Kaspersky Anti-Virus
Datei: 

Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
	- diese sich im Netzwerk befindet, 
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
	- diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. 
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.

Zusätzliche Daten
Fehlerwert: 00000000
Datenträgertyp: 0

Error: (09/10/2013 05:06:46 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avp.exe, Version: 12.0.1.513, Zeitstempel: 0x506c673b
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000096
Fehleroffset: 0x00048665
ID des fehlerhaften Prozesses: 0x77c
Startzeit der fehlerhaften Anwendung: 0xavp.exe0
Pfad der fehlerhaften Anwendung: avp.exe1
Pfad des fehlerhaften Moduls: avp.exe2
Berichtskennung: avp.exe3

Error: (09/10/2013 05:05:14 PM) (Source: Application Hang) (User: )
Description: Programm WinSCP.exe, Version 4.3.8.1771 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 7980

Startzeit: 01cead6a58d84626

Endzeit: 4

Anwendungspfad: C:\Program Files (x86)\WinSCP\WinSCP.exe

Berichts-ID: 62a6a6e1-1a2a-11e3-a208-c8a407facc35

Error: (09/08/2013 07:22:56 PM) (Source: Application Hang) (User: )
Description: Programm SaintsRowIV.exe, Version 1.0.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 428c

Startzeit: 01ceacb61141f283

Endzeit: 1020

Anwendungspfad: E:\steam\steamapps\common\Saints Row IV\SaintsRowIV.exe

Berichts-ID:

Error: (09/08/2013 01:04:34 PM) (Source: MsiInstaller) (User: Sascha-PC)
Description: Produkt: NVIDIA PhysX -- Fehler 1316. Beim Lesen der Datei E:\steam\steamapps\common\The Bureau\_CommonRedist\PhysX\9.12.1031\PhysX_9.12.1031_SystemSoftware.msi ist ein Netzwerkfehler aufgetreten

Error: (09/07/2013 07:35:44 PM) (Source: MsiInstaller) (User: Sascha-PC)
Description: Produkt: NVIDIA PhysX -- Fehler 1316. Beim Lesen der Datei E:\steam\steamapps\common\The Bureau\_CommonRedist\PhysX\9.12.1031\PhysX_9.12.1031_SystemSoftware.msi ist ein Netzwerkfehler aufgetreten

Error: (09/07/2013 07:35:24 PM) (Source: Application Hang) (User: )
Description: Programm SaintsRowIV.exe, Version 1.0.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 6f8c

Startzeit: 01ceabef98453be9

Endzeit: 1010

Anwendungspfad: E:\steam\steamapps\common\Saints Row IV\SaintsRowIV.exe

Berichts-ID:

Error: (09/07/2013 05:39:15 PM) (Source: Application Hang) (User: )
Description: Programm SaintsRowIV.exe, Version 1.0.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 6ab8

Startzeit: 01ceabd6f8a503b2

Endzeit: 1326

Anwendungspfad: E:\steam\steamapps\common\Saints Row IV\SaintsRowIV.exe

Berichts-ID:

Error: (09/07/2013 02:16:16 PM) (Source: Application Hang) (User: )
Description: Programm SaintsRowIV.exe, Version 1.0.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: afdc

Startzeit: 01ceabbba3ca5ba4

Endzeit: 1220

Anwendungspfad: E:\steam\steamapps\common\Saints Row IV\SaintsRowIV.exe

Berichts-ID:

Error: (09/07/2013 01:15:16 PM) (Source: Application Hang) (User: )
Description: Programm SaintsRowIV.exe, Version 1.0.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 5254

Startzeit: 01ceabb3f3b25d16

Endzeit: 1290

Anwendungspfad: E:\steam\steamapps\common\Saints Row IV\SaintsRowIV.exe

Berichts-ID:


System errors:
=============
Error: (09/10/2013 05:23:07 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BCM42RLY" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (09/10/2013 05:23:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BCM42RLY" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (09/10/2013 05:22:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BCM42RLY" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (09/10/2013 05:22:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BCM42RLY" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (09/10/2013 05:22:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BCM42RLY" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (09/10/2013 05:22:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BCM42RLY" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (09/10/2013 05:22:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BCM42RLY" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (09/10/2013 05:22:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BCM42RLY" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (09/10/2013 05:22:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BCM42RLY" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (09/10/2013 05:22:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BCM42RLY" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (09/10/2013 05:06:46 PM) (Source: Application Error)(User: )
Description: Kaspersky Anti-Virus000000000

Error: (09/10/2013 05:06:46 PM) (Source: Application Error)(User: )
Description: avp.exe12.0.1.513506c673bole32.dll6.1.7601.175144ce7b96fc00000960004866577c01ceaa2d862599b3C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exeC:\Windows\syswow64\ole32.dll9c00b27d-1a2a-11e3-a208-c8a407facc35

Error: (09/10/2013 05:05:14 PM) (Source: Application Hang)(User: )
Description: WinSCP.exe4.3.8.1771798001cead6a58d846264C:\Program Files (x86)\WinSCP\WinSCP.exe62a6a6e1-1a2a-11e3-a208-c8a407facc35

Error: (09/08/2013 07:22:56 PM) (Source: Application Hang)(User: )
Description: SaintsRowIV.exe1.0.0.1428c01ceacb61141f2831020E:\steam\steamapps\common\Saints Row IV\SaintsRowIV.exe

Error: (09/08/2013 01:04:34 PM) (Source: MsiInstaller)(User: Sascha-PC)
Description: Produkt: NVIDIA PhysX -- Fehler 1316. Beim Lesen der Datei E:\steam\steamapps\common\The Bureau\_CommonRedist\PhysX\9.12.1031\PhysX_9.12.1031_SystemSoftware.msi ist ein Netzwerkfehler aufgetreten(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/07/2013 07:35:44 PM) (Source: MsiInstaller)(User: Sascha-PC)
Description: Produkt: NVIDIA PhysX -- Fehler 1316. Beim Lesen der Datei E:\steam\steamapps\common\The Bureau\_CommonRedist\PhysX\9.12.1031\PhysX_9.12.1031_SystemSoftware.msi ist ein Netzwerkfehler aufgetreten(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/07/2013 07:35:24 PM) (Source: Application Hang)(User: )
Description: SaintsRowIV.exe1.0.0.16f8c01ceabef98453be91010E:\steam\steamapps\common\Saints Row IV\SaintsRowIV.exe

Error: (09/07/2013 05:39:15 PM) (Source: Application Hang)(User: )
Description: SaintsRowIV.exe1.0.0.16ab801ceabd6f8a503b21326E:\steam\steamapps\common\Saints Row IV\SaintsRowIV.exe

Error: (09/07/2013 02:16:16 PM) (Source: Application Hang)(User: )
Description: SaintsRowIV.exe1.0.0.1afdc01ceabbba3ca5ba41220E:\steam\steamapps\common\Saints Row IV\SaintsRowIV.exe

Error: (09/07/2013 01:15:16 PM) (Source: Application Hang)(User: )
Description: SaintsRowIV.exe1.0.0.1525401ceabb3f3b25d161290E:\steam\steamapps\common\Saints Row IV\SaintsRowIV.exe


==================== Memory info =========================== 

Percentage of memory in use: 20%
Total physical RAM: 12232.28 MB
Available physical RAM: 9731.7 MB
Total Pagefile: 24462.74 MB
Available Pagefile: 20660.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.34 GB) (Free:98.13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Programme) (Fixed) (Total:642.61 GB) (Free:69.64 GB) NTFS
Drive f: (Dateien) (Fixed) (Total:911.98 GB) (Free:263.46 GB) NTFS
Drive i: (INTENSO) (Removable) (Total:14.44 GB) (Free:14.27 GB) FAT32
Drive j: (My Passport) (Fixed) (Total:465.73 GB) (Free:90.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: D73F389F)
Partition 1: (Not Active) - (Size=912 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 9859A435)
Partition 1: (Not Active) - (Size=100 MB) - (Type=06)
Partition 2: (Active) - (Size=231 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=643 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 00038A56)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 14 GB) (Disk ID: 990D2936)
Partition 1: (Not Active) - (Size=14 GB) - (Type=0B)

==================== End Of Log ============================
         
Gmer.txt:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-10 17:43:59
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\00000074 WDC_WD10 rev.05.0 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Sascha\AppData\Local\Temp\fwdiqpog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 682                                                                fffff800033b208a 7 bytes [00, 00, 00, 00, 00, 00, 03]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 690                                                                fffff800033b2092 4 bytes [00, 00, 00, 00]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 682                                                                fffff800033b208a 7 bytes [00, 00, 00, 00, 00, 00, 03]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 690                                                                fffff800033b2092 4 bytes [00, 00, 00, 00]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000077771465 2 bytes [77, 77]
.text     C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000777714bb 2 bytes [77, 77]
.text     ...                                                                                                                               * 2
.text     C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000077771465 2 bytes [77, 77]
.text     C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000777714bb 2 bytes [77, 77]
.text     ...                                                                                                                               * 2
.text     C:\Windows\SysWOW64\jmdp\stij.exe[1148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   
.text     C:\Windows\SysWOW64\jmdp\stij.exe[1148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   0000000077771465 2 bytes [77, 77]
.text     C:\Windows\SysWOW64\jmdp\stij.exe[1148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  
.text     C:\Windows\SysWOW64\jmdp\stij.exe[1148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  00000000777714bb 2 bytes [77, 77]
.text     ...                                                                                                                               
.text     ...                                                                                                                               * 2
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[23508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69              0000000077771465 2 bytes [77, 77]
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[23508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155             00000000777714bb 2 bytes [77, 77]
.text     ...                                                                                                                               * 2
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[23508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69              0000000077771465 2 bytes [77, 77]
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[23508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155             00000000777714bb 2 bytes [77, 77]
.text     ...                                                                                                                               * 2
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[8404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69               0000000077771465 2 bytes [77, 77]
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[8404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155              00000000777714bb 2 bytes [77, 77]
.text     ...                                                                                                                               * 2
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[8404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69               0000000077771465 2 bytes [77, 77]
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[8404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155              00000000777714bb 2 bytes [77, 77]
.text     ...                                                                                                                               * 2
.text     C:\Users\Sascha\Desktop\Anticheat\Defogger.exe[42976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                     0000000077771465 2 bytes [77, 77]
.text     C:\Users\Sascha\Desktop\Anticheat\Defogger.exe[42976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    00000000777714bb 2 bytes [77, 77]
.text     ...                                                                                                                               * 2
.text     C:\Users\Sascha\Desktop\Anticheat\Defogger.exe[42976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                     0000000077771465 2 bytes [77, 77]
.text     C:\Users\Sascha\Desktop\Anticheat\Defogger.exe[42976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    00000000777714bb 2 bytes [77, 77]
.text     ...                                                                                                                               * 2

---- Threads - GMER 2.1 ----

Thread    C:\Windows\System32\spoolsv.exe [1720:1936]                                                                                       000007fef88610c8
Thread    C:\Windows\System32\spoolsv.exe [1720:2056]                                                                                       000007fef8826144
Thread    C:\Windows\System32\spoolsv.exe [1720:2060]                                                                                       000007fefa385fd0
Thread    C:\Windows\System32\spoolsv.exe [1720:2068]                                                                                       000007fefa373438
Thread    C:\Windows\System32\spoolsv.exe [1720:2072]                                                                                       000007fefa3863ec
Thread    C:\Windows\System32\spoolsv.exe [1720:2084]                                                                                       000007fefa373438
Thread    C:\Windows\System32\spoolsv.exe [1720:2088]                                                                                       000007fefa3863ec
Thread    C:\Windows\System32\spoolsv.exe [1720:2112]                                                                                       000007fef9995e5c
Thread    C:\Windows\System32\spoolsv.exe [1720:2116]                                                                                       000007fef9c25074
Thread                                                                                                                                      
Thread    C:\Windows\System32\spoolsv.exe [1720:1936]                                                                                       000007fef88610c8
Thread                                                                                                                                      
Thread    C:\Windows\System32\spoolsv.exe [1720:2056]                                                                                       000007fef8826144
Thread    C:\Windows\System32\spoolsv.exe [1720:2060]                                                                                       000007fefa385fd0
Thread    C:\Windows\system32\svchost.exe [3984:1880]                                                                                       
Thread    C:\Windows\System32\spoolsv.exe [1720:2068]                                                                                       000007fefa373438
Thread    C:\Windows\system32\svchost.exe [3984:3880]                                                                                       
Thread    C:\Windows\System32\spoolsv.exe [1720:2072]                                                                                       000007fefa3863ec
Thread    C:\Windows\system32\svchost.exe [3984:3896]                                                                                       
Thread    C:\Windows\System32\spoolsv.exe [1720:2084]                                                                                       000007fefa373438
Thread    C:\Windows\System32\spoolsv.exe [1720:2088]                                                                                       000007fefa3863ec
Thread    C:\Windows\System32\spoolsv.exe [1720:2112]                                                                                       000007fef9995e5c
Thread    C:\Windows\System32\spoolsv.exe [1720:2116]                                                                                       000007fef9c25074
Thread    C:\Windows\System32\WUDFHost.exe [4880:4912]                                                                                      000007fefbed2a7c
Thread    C:\Windows\System32\WUDFHost.exe [4880:5296]                                                                                      000000007284ee4c
Thread    C:\Windows\System32\WUDFHost.exe [4880:5364]                                                                                      0000000180007448
Thread    C:\Windows\System32\WUDFHost.exe [4880:5368]                                                                                      0000000180007448
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [6132:6284]                                                                    000007fefbed2a7c
Thread    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [6020:5248]                                               000007fef49eb6cc
Thread    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [6020:3456]                                               000007fef48ab62c
Thread    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [6020:5696]                                               000007fef48ab62c
Thread    C:\Windows\system32\taskhost.exe [3756:3800]                                                                                      000007fefa442f9c
Thread    C:\Windows\system32\taskhost.exe [3756:3804]                                                                                      000007fefc266204
Thread    C:\Windows\system32\svchost.exe [3984:1880]                                                                                       000007fefa385fd0
Thread    C:\Windows\system32\svchost.exe [3984:3880]                                                                                       000007fefa373438
Thread    C:\Windows\system32\svchost.exe [3984:3896]                                                                                       000007fefa3863ec
Thread    C:\Windows\System32\WUDFHost.exe [4880:4912]                                                                                      000007fefbed2a7c
Thread    C:\Windows\System32\WUDFHost.exe [4880:5296]                                                                                      000000007284ee4c
Thread    C:\Windows\System32\WUDFHost.exe [4880:5364]                                                                                      0000000180007448
Thread    C:\Windows\System32\WUDFHost.exe [4880:5368]                                                                                      0000000180007448
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [6132:6284]                                                                    000007fefbed2a7c
Thread    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [6020:5248]                                               000007fef49eb6cc
Thread    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [6020:3456]                                               000007fef48ab62c
Thread    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [6020:5696]                                               000007fef48ab62c

---- EOF - GMER 2.1 ----
         
Ich hoffe auf schnelle Hilfe und danke jetzt schon, es ist toll, dass es Leute wie euch gibt.

Mit freundlichem Gruß
Sascha "Goeol"

Alt 10.09.2013, 16:52   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Telekombrief "Hacking": Heimnetzwerk (2xTower, 2xLaptop, 2xNotebook) - Standard

Telekombrief "Hacking": Heimnetzwerk (2xTower, 2xLaptop, 2xNotebook)



dann mal los
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________

__________________

Alt 10.09.2013, 17:27   #3
Goeol2
 
Telekombrief "Hacking": Heimnetzwerk (2xTower, 2xLaptop, 2xNotebook) - Standard

Telekombrief "Hacking": Heimnetzwerk (2xTower, 2xLaptop, 2xNotebook)



Ich danke dir, dass du dich meiner annimmst.

Hier die angefragte Log des Combofix Programms:
Code:
ATTFilter
ComboFix 13-09-10.01 - Sascha 10.09.2013  18:16:50.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.12232.9832 [GMT 2:00]
ausgeführt von:: c:\users\Sascha\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\tmp5782.tmp
c:\windows\SysWow64\tmp580F.tmp
F:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-08-10 bis 2013-09-10  ))))))))))))))))))))))))))))))
.
.
2013-09-10 16:24 . 2013-09-10 16:24	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-09-10 15:22 . 2013-09-10 15:22	--------	d-----w-	C:\FRST
2013-09-10 15:09 . 2013-09-10 15:09	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3B077F09-5996-43B5-8888-4948CFE1AEAA}\offreg.dll
2013-09-10 14:58 . 2013-08-06 08:58	9515512	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3B077F09-5996-43B5-8888-4948CFE1AEAA}\mpengine.dll
2013-09-09 14:56 . 2013-09-09 14:57	--------	d-----w-	c:\program files (x86)\Overwolf
2013-09-09 14:56 . 2013-09-09 14:56	--------	d-----w-	c:\program files (x86)\Common Files\Overwolf
2013-09-09 14:56 . 2013-09-09 14:56	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-09-09 14:50 . 2013-09-09 14:59	--------	d-----w-	c:\users\Sascha\AppData\Local\Overwolf
2013-09-02 15:43 . 2013-09-09 17:46	--------	d-----w-	c:\users\Sascha\AppData\Local\Game Dev Tycoon - Steam
2013-08-18 10:51 . 2013-08-18 10:51	--------	d-sh--w-	c:\programdata\DSS
2013-08-18 10:45 . 2013-08-18 10:45	--------	d-----w-	c:\windows\1C4551A64743409391E41477CD655043.TMP
2013-08-15 14:15 . 2013-07-09 05:52	224256	----a-w-	c:\windows\system32\wintrust.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-20 19:45 . 2012-07-01 19:31	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-20 19:45 . 2012-07-01 19:31	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-12 15:06 . 2013-03-18 16:46	291128	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-08-12 15:06 . 2012-12-09 13:47	291128	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-08-11 16:15 . 2012-12-09 13:47	291128	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-08-11 11:18 . 2012-12-09 13:46	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2013-08-02 22:05 . 2013-08-02 22:05	71696	----a-r-	c:\users\Sascha\AppData\Roaming\Microsoft\Installer\{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}\NewShortcut6_CEDF2A7130D2471AB3B13EF1D573DD53.exe
2013-08-02 22:05 . 2013-08-02 22:05	71696	----a-r-	c:\users\Sascha\AppData\Roaming\Microsoft\Installer\{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}\NewShortcut5_558954F9DF924C7399B417F63F5DA7B1.exe
2013-08-02 22:05 . 2013-08-02 22:05	47120	----a-r-	c:\users\Sascha\AppData\Roaming\Microsoft\Installer\{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}\NewShortcut3_267040F8A43742AD8EDF80343D5833E8.exe
2013-08-02 22:05 . 2013-08-02 22:05	129040	----a-r-	c:\users\Sascha\AppData\Roaming\Microsoft\Installer\{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}\Uedit32.exe1_46C2EE1D1BF7413C88B676D4EED3F0D7.exe
2013-08-02 22:05 . 2013-08-02 22:05	129040	----a-r-	c:\users\Sascha\AppData\Roaming\Microsoft\Installer\{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}\NewShortcut4_064411F7E08647FC81D5FF8EA6C653D1.exe
2013-08-02 22:05 . 2013-08-02 22:05	129040	----a-r-	c:\users\Sascha\AppData\Roaming\Microsoft\Installer\{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}\NewShortcut2_D0D69A169B9945AA81CE8FDF4476CA6B.exe
2013-08-02 22:05 . 2013-08-02 22:05	129040	----a-r-	c:\users\Sascha\AppData\Roaming\Microsoft\Installer\{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}\ARPPRODUCTICON.exe
2013-07-09 04:45 . 2013-08-15 14:15	44032	----a-w-	c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 10:28	1307928	----a-w-	c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 13:03	1310040	----a-r-	c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="e:\steam\Steam.exe" [2013-08-28 1811880]
"Overwolf"="c:\program files (x86)\Overwolf\Overwolf.exe" [2013-08-22 35256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"THX Audio Control Panel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe" [2010-06-11 1349632]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2013-04-18 206448]
"Logitech G35"="c:\program files (x86)\Logitech\G35\G35.exe" [2010-10-05 1811800]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184]
.
c:\users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sascha\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]
R2 SystemStoreService;System Store;c:\program files (x86)\SoftwareUpdater\SystemStore.exe  -displayname System Store -servicename SystemStoreService;c:\program files (x86)\SoftwareUpdater\SystemStore.exe  -displayname System Store -servicename SystemStoreService [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys;c:\windows\SYSNATIVE\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe;c:\windows\SYSNATIVE\dmwu.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfDHP2amd64.sys [x]
S3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfSBVMamd64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FWDIQPOG
*Deregistered* - fwdiqpog
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 11:29	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 19:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-03 11842152]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-06-11 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-06-11 2413128]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-06-11 4725320]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Sascha\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
FF - ProfilePath - c:\users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\7tosl5tb.default\
FF - prefs.js: browser.search.selectedEngine - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdBuck.exe - c:\program files (x86)\AdBuck\AdBuck.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3486586727-2579387296-1185174997-1000\Software\SecuROM\License information*]
"datasecu"=hex:b9,b4,7d,99,15,c8,67,dd,94,c0,7b,3b,d2,37,25,6c,f5,0a,d7,b1,50,
   eb,fe,f3,35,1c,bd,74,b9,89,0e,8f,3c,93,ee,ff,63,76,7f,d9,b9,da,12,f1,d4,55,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-09-10  18:26:23
ComboFix-quarantined-files.txt  2013-09-10 16:26
.
Vor Suchlauf: 10 Verzeichnis(se), 104.994.832.384 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 104.912.154.624 Bytes frei
.
- - End Of File - - A3546F9D2967BD751BECF31C68F25804
4606A12AED5E4CE105136C6C9C8EA568
         
__________________

Alt 10.09.2013, 20:03   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Telekombrief "Hacking": Heimnetzwerk (2xTower, 2xLaptop, 2xNotebook) - Standard

Telekombrief "Hacking": Heimnetzwerk (2xTower, 2xLaptop, 2xNotebook)



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.09.2013, 06:55   #5
Goeol2
 
Telekombrief "Hacking": Heimnetzwerk (2xTower, 2xLaptop, 2xNotebook) - Standard

Telekombrief "Hacking": Heimnetzwerk (2xTower, 2xLaptop, 2xNotebook)



Malwarebystes Log vom quick-search:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.10.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Sascha :: SASCHA-PC [Administrator]

Schutz: Aktiviert

10.09.2013 22:27:47
mbam-log-2013-09-10 (22-27-47).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 226220
Laufzeit: 2 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 12
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {CBADC8E6-8F36-4E5E-9A66-8FE683F104E2} -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {CBADC8E6-8F36-4E5E-9A66-8FE683F104E2} -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 7
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sascha\Downloads\s0nicTzProjectv0.35FIX2PUBLICVERSIONSAMP0.3x.zip (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sascha\Downloads\VLCMediaPlayerSDM.exe (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\ed640c.msi (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\ed6415.msi (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\ed641e.msi (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\ed6427.msi (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Adware:
Code:
ATTFilter
# AdwCleaner v3.003 - Bericht erstellt am 11/09/2013 um 07:33:27
# Updated 07/09/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Sascha - SASCHA-PC
# Gestartet von : C:\Users\Sascha\Desktop\Anticheat\Folge Progs\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : SystemStoreService

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\simplitec
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec
Ordner Gelöscht : C:\Program Files (x86)\SoftwareUpdater
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Windows\SysWOW64\ARFC
Ordner Gelöscht : C:\Windows\SysWOW64\jmdp
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT
Ordner Gelöscht : C:\Users\Sascha\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\Sascha\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Sascha\AppData\LocalLow\SweetIM
Ordner Gelöscht : C:\Users\Sascha\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Sascha\AppData\Roaming\simplitec
Ordner Gelöscht : C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\7tosl5tb.default\jetpack
Datei Gelöscht : C:\Windows\System32\dmwu.exe
Datei Gelöscht : C:\Windows\System32\ImhxxpComm.dll
Datei Gelöscht : C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\7tosl5tb.default\searchplugins\MyStart.xml
Datei Gelöscht : C:\Windows\System32\Tasks\Software Updater Ui
Datei Gelöscht : C:\Windows\System32\Tasks\Software Updater

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\WNLT

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (de)

[ Datei : C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\7tosl5tb.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [10201 octets] - [10/09/2013 22:51:48]
AdwCleaner[R1].txt - [10262 octets] - [10/09/2013 22:54:54]
AdwCleaner[S0].txt - [9935 octets] - [11/09/2013 07:33:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9995 octets] ##########
         
Junkware Removal Tool:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.9 (09.07.2013:1)
OS: Windows 7 Professional x64
Ran by Sascha on 11.09.2013 at  7:38:48,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3486586727-2579387296-1185174997-1000\Software\SweetIM



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Sascha\AppData\Roaming\mozilla\firefox\profiles\7tosl5tb.default\minidumps [53 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.09.2013 at  7:47:22,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Frische FRST.log:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013 01
Ran by Sascha (administrator) on SASCHA-PC on 11-09-2013 07:48:26
Running from C:\Users\Sascha\Desktop\Anticheat
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(arvato digital services llc) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Windows\DAODx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
(Overwolf) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Dropbox, Inc.) C:\Users\Sascha\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ASUS) C:\Program Files (x86)\ASUS\PCE-AC66 WLAN Card Utilities\WlanMgr.exe
(Logitech(c)) C:\Program Files (x86)\Logitech\G35\G35.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(Valve Corporation) E:\steam\Steam.exe
(Microsoft) C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Overwolf) C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper64.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11842152 2011-05-03] (Realtek Semiconductor)
HKLM\...\Run: [THXCfg64] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [Launch LgDeviceAgent] - C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415816 2010-06-11] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2413128 2010-06-11] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-06-11] (Logitech Inc.)
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)
HKCU\...\Run: [Steam] - E:\steam\Steam.exe [1811368 2013-09-06] (Valve Corporation)
HKCU\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [35256 2013-08-22] (Overwolf)
HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe [1349632 2010-06-11] (Creative Technology Ltd)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2013-04-18] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Logitech G35] - C:\Program Files (x86)\Logitech\G35\G35.exe [1811800 2010-10-05] (Logitech(c))
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
Startup: C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\7tosl5tb.default
FF NewTab: user_pref("browser.newtab.url", "");
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\7tosl5tb.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi
FF Extension: SQLiteManager - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\7tosl5tb.default\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi
FF Extension: No Name - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\7tosl5tb.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
FF Extension: No Name - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\7tosl5tb.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\ab.crx

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2013-04-18] (Kaspersky Lab ZAO)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [221696 2012-05-02] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-08-11] ()
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [36448 2011-03-23] (Asmedia Technology)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2013-04-18] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
R3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech)
R3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 PcaSp60; C:\Windows\SysWow64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-11 07:38 - 2013-09-11 07:38 - 00000000 ____D C:\Windows\ERUNT
2013-09-11 07:35 - 2013-09-11 07:35 - 00000022 _____ C:\Windows\S.dirmngr
2013-09-10 22:51 - 2013-09-11 07:33 - 00000000 ____D C:\AdwCleaner
2013-09-10 22:45 - 2013-09-10 22:45 - 967616410 _____ C:\Windows\MEMORY.DMP
2013-09-10 22:45 - 2013-09-10 22:45 - 00498880 _____ C:\Windows\Minidump\091013-25116-01.dmp
2013-09-10 22:25 - 2013-09-10 22:25 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Malwarebytes
2013-09-10 22:25 - 2013-09-10 22:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-10 22:25 - 2013-09-10 22:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-10 22:25 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-10 18:26 - 2013-09-10 18:26 - 00022278 _____ C:\ComboFix.txt
2013-09-10 18:14 - 2013-09-10 18:26 - 00000000 ____D C:\Qoobox
2013-09-10 18:14 - 2013-09-10 18:25 - 00000000 ____D C:\Windows\erdnt
2013-09-10 18:14 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-10 18:14 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-10 18:14 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-10 18:14 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-10 18:14 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-10 18:14 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-10 18:14 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-10 18:14 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-10 17:22 - 2013-09-10 17:22 - 00000000 ____D C:\FRST
2013-09-10 17:20 - 2013-09-10 17:20 - 00000000 _____ C:\Users\Sascha\defogger_reenable
2013-09-10 17:15 - 2013-09-10 22:29 - 00000000 ____D C:\Users\Sascha\Desktop\Anticheat
2013-09-10 17:15 - 2013-09-10 17:15 - 00050477 _____ C:\Users\Sascha\Downloads\Defogger.exe
2013-09-09 16:57 - 2013-09-09 16:57 - 00001973 _____ C:\Users\Public\Desktop\Overwolf.lnk
2013-09-09 16:57 - 2013-09-09 16:57 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2013-09-09 16:56 - 2013-09-09 16:57 - 00000000 ____D C:\Program Files (x86)\Overwolf
2013-09-09 16:50 - 2013-09-11 07:38 - 00000000 ____D C:\Users\Sascha\AppData\Local\Overwolf
2013-09-07 11:04 - 2013-09-07 11:04 - 00001903 _____ C:\Users\Sascha\Downloads\new.pwn
2013-09-02 17:43 - 2013-09-09 19:46 - 00000000 ____D C:\Users\Sascha\AppData\Local\Game Dev Tycoon - Steam
2013-08-29 14:15 - 2013-08-29 14:15 - 00012985 _____ C:\Users\Sascha\Desktop\hs_err_pid103144.log
2013-08-21 16:37 - 2013-08-21 16:37 - 02820085 _____ C:\Users\Sascha\Downloads\3.zip
2013-08-21 16:36 - 2013-08-21 16:36 - 03552174 _____ C:\Users\Sascha\Downloads\93.zip
2013-08-21 16:33 - 2013-08-21 16:33 - 05030080 _____ C:\Users\Sascha\Downloads\151.zip
2013-08-21 16:31 - 2013-08-21 16:31 - 04173578 _____ C:\Users\Sascha\Downloads\163.zip
2013-08-21 16:30 - 2013-08-21 16:31 - 05810856 _____ C:\Users\Sascha\Downloads\164.zip
2013-08-21 16:27 - 2013-08-21 16:29 - 04777814 _____ C:\Users\Sascha\Downloads\146.zip
2013-08-21 16:25 - 2013-08-21 16:25 - 04344751 _____ C:\Users\Sascha\Downloads\145.zip
2013-08-18 12:51 - 2013-08-18 12:51 - 00000000 __SHD C:\ProgramData\DSS
2013-08-18 12:45 - 2013-08-18 12:45 - 00000000 ____D C:\Windows\1C4551A64743409391E41477CD655043.TMP
2013-08-17 12:09 - 2013-08-17 12:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 03:03 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-16 03:03 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-16 03:03 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-16 03:03 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-16 03:03 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-16 03:03 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-16 03:03 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-16 03:03 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-16 03:03 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-16 03:03 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-16 03:03 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-16 03:03 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-16 03:03 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-16 03:03 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-16 03:03 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-16 03:03 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-16 03:03 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-16 03:03 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-16 03:03 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-16 03:03 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-16 03:03 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-16 03:03 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-16 03:03 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-16 03:03 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-16 03:03 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-16 03:03 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-16 03:03 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-16 03:03 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-16 03:03 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-16 03:03 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-16 03:03 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 16:15 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 16:15 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 16:15 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 16:15 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 16:15 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 16:15 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 16:15 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 16:15 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 16:15 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 16:15 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 16:15 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 16:15 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 16:15 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 16:15 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 16:15 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 16:15 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 16:15 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 16:15 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 16:15 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 16:15 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 16:15 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 16:15 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 16:15 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 16:15 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 16:15 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 16:15 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 16:15 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-11 07:47 - 2013-09-11 07:47 - 00001054 _____ C:\Users\Sascha\Desktop\JRT.txt
2013-09-11 07:47 - 2009-07-14 06:45 - 00014640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-11 07:47 - 2009-07-14 06:45 - 00014640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-11 07:39 - 2012-07-01 17:39 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Dropbox
2013-09-11 07:38 - 2013-09-11 07:38 - 00000000 ____D C:\Windows\ERUNT
2013-09-11 07:38 - 2013-09-09 16:50 - 00000000 ____D C:\Users\Sascha\AppData\Local\Overwolf
2013-09-11 07:36 - 2013-05-13 19:48 - 00000000 ____D C:\Users\Sascha\AppData\Local\LogMeIn Hamachi
2013-09-11 07:36 - 2012-07-01 17:53 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-11 07:36 - 2012-07-01 17:40 - 00000000 ___RD C:\Users\Sascha\Dropbox
2013-09-11 07:35 - 2013-09-11 07:35 - 00000022 _____ C:\Windows\S.dirmngr
2013-09-11 07:35 - 2013-06-13 21:28 - 00011431 _____ C:\Windows\setupact.log
2013-09-11 07:35 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-11 07:33 - 2013-09-10 22:51 - 00000000 ____D C:\AdwCleaner
2013-09-11 07:33 - 2012-07-01 15:04 - 01955173 _____ C:\Windows\WindowsUpdate.log
2013-09-11 07:32 - 2012-07-01 21:31 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-10 22:45 - 2013-09-10 22:45 - 967616410 _____ C:\Windows\MEMORY.DMP
2013-09-10 22:45 - 2013-09-10 22:45 - 00498880 _____ C:\Windows\Minidump\091013-25116-01.dmp
2013-09-10 22:45 - 2013-06-15 17:00 - 00005294 _____ C:\Windows\PFRO.log
2013-09-10 22:45 - 2012-08-24 18:05 - 00000000 ____D C:\Windows\Minidump
2013-09-10 22:29 - 2013-09-10 17:15 - 00000000 ____D C:\Users\Sascha\Desktop\Anticheat
2013-09-10 22:25 - 2013-09-10 22:25 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Malwarebytes
2013-09-10 22:25 - 2013-09-10 22:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-10 22:25 - 2013-09-10 22:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-10 18:26 - 2013-09-10 18:26 - 00022278 _____ C:\ComboFix.txt
2013-09-10 18:26 - 2013-09-10 18:14 - 00000000 ____D C:\Qoobox
2013-09-10 18:26 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-10 18:25 - 2013-09-10 18:14 - 00000000 ____D C:\Windows\erdnt
2013-09-10 18:24 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-10 17:22 - 2013-09-10 17:22 - 00000000 ____D C:\FRST
2013-09-10 17:20 - 2013-09-10 17:20 - 00000000 _____ C:\Users\Sascha\defogger_reenable
2013-09-10 17:20 - 2012-07-01 15:05 - 00000000 ____D C:\Users\Sascha
2013-09-10 17:18 - 2012-07-05 19:10 - 00000600 _____ C:\Users\Sascha\AppData\Roaming\winscp.rnd
2013-09-10 17:17 - 2009-07-14 19:58 - 00707300 _____ C:\Windows\system32\perfh007.dat
2013-09-10 17:17 - 2009-07-14 19:58 - 00152892 _____ C:\Windows\system32\perfc007.dat
2013-09-10 17:17 - 2009-07-14 07:13 - 01642148 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-10 17:15 - 2013-09-10 17:15 - 00050477 _____ C:\Users\Sascha\Downloads\Defogger.exe
2013-09-09 23:51 - 2012-07-05 19:11 - 00000600 _____ C:\Users\Sascha\AppData\Local\PUTTY.RND
2013-09-09 19:46 - 2013-09-02 17:43 - 00000000 ____D C:\Users\Sascha\AppData\Local\Game Dev Tycoon - Steam
2013-09-09 16:57 - 2013-09-09 16:57 - 00001973 _____ C:\Users\Public\Desktop\Overwolf.lnk
2013-09-09 16:57 - 2013-09-09 16:57 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2013-09-09 16:57 - 2013-09-09 16:56 - 00000000 ____D C:\Program Files (x86)\Overwolf
2013-09-07 11:04 - 2013-09-07 11:04 - 00001903 _____ C:\Users\Sascha\Downloads\new.pwn
2013-09-04 18:50 - 2013-04-15 18:50 - 00000000 ____D C:\Users\Sascha\AppData\Local\CrashDumps
2013-09-03 19:58 - 2012-12-22 22:46 - 01619106 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-08-29 14:15 - 2013-08-29 14:15 - 00012985 _____ C:\Users\Sascha\Desktop\hs_err_pid103144.log
2013-08-23 17:01 - 2013-02-04 19:58 - 00000000 ____D C:\Users\Sascha\Documents\GTA San Andreas User Files
2013-08-22 09:12 - 2012-07-01 16:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-21 16:37 - 2013-08-21 16:37 - 02820085 _____ C:\Users\Sascha\Downloads\3.zip
2013-08-21 16:36 - 2013-08-21 16:36 - 03552174 _____ C:\Users\Sascha\Downloads\93.zip
2013-08-21 16:33 - 2013-08-21 16:33 - 05030080 _____ C:\Users\Sascha\Downloads\151.zip
2013-08-21 16:31 - 2013-08-21 16:31 - 04173578 _____ C:\Users\Sascha\Downloads\163.zip
2013-08-21 16:31 - 2013-08-21 16:30 - 05810856 _____ C:\Users\Sascha\Downloads\164.zip
2013-08-21 16:29 - 2013-08-21 16:27 - 04777814 _____ C:\Users\Sascha\Downloads\146.zip
2013-08-21 16:25 - 2013-08-21 16:25 - 04344751 _____ C:\Users\Sascha\Downloads\145.zip
2013-08-21 16:21 - 2012-10-30 21:18 - 00002362 _____ C:\Users\Sascha\Desktop\Daten.txt
2013-08-20 21:45 - 2012-07-01 21:31 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 21:45 - 2012-07-01 21:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-20 21:45 - 2012-07-01 21:31 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-18 18:34 - 2013-07-25 18:21 - 00000000 ____D C:\Users\Sascha\AppData\Local\PAYDAY 2
2013-08-18 12:51 - 2013-08-18 12:51 - 00000000 __SHD C:\ProgramData\DSS
2013-08-18 12:51 - 2012-12-22 11:08 - 00000000 ____D C:\Users\Sascha\Documents\EA Games
2013-08-18 12:50 - 2012-12-22 22:54 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-08-18 12:47 - 2013-06-21 18:52 - 00111066 _____ C:\Windows\DirectX.log
2013-08-18 12:45 - 2013-08-18 12:45 - 00000000 ____D C:\Windows\1C4551A64743409391E41477CD655043.TMP
2013-08-17 12:09 - 2013-08-17 12:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 04:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-12 17:06 - 2013-03-18 18:46 - 00291128 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-08-12 17:06 - 2012-12-09 15:47 - 00291128 _____ C:\Windows\SysWOW64\PnkBstrB.exe

Files to move or delete:
====================
C:\Users\Sascha\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 00:15

==================== End Of Log ============================
         
--- --- ---


So, zur Info, bin mit nem Großteil meiner Famile ab morgen bis Montag im Ausland.
Daher schlage ich vor mit nem Notebook weiter zu machen (sofern dieser Rechner clear ist).
Ich kann auch von allen verbliebenen Geräten die Logs erstellen verpacken und hochladen, wenn du willst. Ich danke dir schonmal für die Hilfe bis jetzt


Alt 11.09.2013, 09:07   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Telekombrief "Hacking": Heimnetzwerk (2xTower, 2xLaptop, 2xNotebook) - Standard

Telekombrief "Hacking": Heimnetzwerk (2xTower, 2xLaptop, 2xNotebook)



Hi, für diesen Rechner noch:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?


====================

Für den nächsten rechner nur FRST scannen lassen. markier mir die Logfiles damit ich weiß was was ist, aber bitte nicht anhängen.
__________________
--> Telekombrief "Hacking": Heimnetzwerk (2xTower, 2xLaptop, 2xNotebook)

Alt 11.09.2013, 12:25   #7
Goeol2
 
Telekombrief "Hacking": Heimnetzwerk (2xTower, 2xLaptop, 2xNotebook) - Standard

Telekombrief "Hacking": Heimnetzwerk (2xTower, 2xLaptop, 2xNotebook)



Das mit dem Eset kann dauern, da der mir immer wieder errors beim downloaden der signautren rauswirft.

Liegt wohl an meinen super "stabilen" internet...

Soll ich dir FRST logs von den anderen PCs schonmal geben?

Alt 11.09.2013, 17:02   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Telekombrief "Hacking": Heimnetzwerk (2xTower, 2xLaptop, 2xNotebook) - Standard

Telekombrief "Hacking": Heimnetzwerk (2xTower, 2xLaptop, 2xNotebook)



jep
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.09.2013, 19:08   #9
Goeol2
 
Telekombrief "Hacking": Heimnetzwerk (2xTower, 2xLaptop, 2xNotebook) - Standard

Telekombrief "Hacking": Heimnetzwerk (2xTower, 2xLaptop, 2xNotebook)



Eset Log:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=36882
esets_scanner_update returned -1 esets_gle=36882
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3ce77f57366c90429b5a6ec85b10fb9f
# engine=15088
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-11 04:19:33
# local_time=2013-09-11 06:19:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1284 16777214 100 98 37767 75240323 0 0
# compatibility_mode=5893 16776573 100 94 38030 130546223 0 0
# scanned=810597
# found=1
# cleaned=0
# scan_time=13917
sh=2CA944A2DB09DE46205A18F800697C609221B73D ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OPF trojan" ac=I fn="C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\3609a060-38de4554"
         
Checkup.txt
Code:
ATTFilter
 UNSUPPORTED OPERATING SYSTEM! ABORTED!
         
Habe die Security Check.exe sowohl normal als auch als admin ausgeführt...
Das das Programm dir aber nur sagt, was für nen Antivirus ich habe etc. kann ich dir sagen, dass ich Kaspersky (Version 12.0.0.374) besitze.

FRST:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013
Ran by Sascha (administrator) on SASCHA-PC on 11-09-2013 20:06:27
Running from C:\Users\Sascha\Desktop\Anticheat
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(arvato digital services llc) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Windows\DAODx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
(Dropbox, Inc.) C:\Users\Sascha\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Logitech(c)) C:\Program Files (x86)\Logitech\G35\G35.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(Valve Corporation) E:\steam\Steam.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ASUS) C:\Program Files (x86)\ASUS\PCE-AC66 WLAN Card Utilities\WlanMgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtblfs.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11842152 2011-05-03] (Realtek Semiconductor)
HKLM\...\Run: [THXCfg64] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [Launch LgDeviceAgent] - C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415816 2010-06-11] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2413128 2010-06-11] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-06-11] (Logitech Inc.)
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)
HKCU\...\Run: [Steam] - E:\steam\Steam.exe [1811368 2013-09-06] (Valve Corporation)
HKCU\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [35256 2013-08-22] (Overwolf)
HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe [1349632 2010-06-11] (Creative Technology Ltd)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2013-04-18] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Logitech G35] - C:\Program Files (x86)\Logitech\G35\G35.exe [1811800 2010-10-05] (Logitech(c))
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
Startup: C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2FF6C3C2C057CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\7tosl5tb.default
FF NewTab: user_pref("browser.newtab.url", "");
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\7tosl5tb.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi
FF Extension: SQLiteManager - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\7tosl5tb.default\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi
FF Extension: No Name - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\7tosl5tb.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
FF Extension: No Name - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\7tosl5tb.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\ab.crx

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2013-04-18] (Kaspersky Lab ZAO)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [221696 2012-05-02] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-08-11] ()
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [36448 2011-03-23] (Asmedia Technology)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2013-04-18] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
R3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech)
R3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 PcaSp60; C:\Windows\SysWow64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-11 10:15 - 2013-09-11 10:15 - 02347384 _____ (ESET) C:\Users\Sascha\Downloads\esetsmartinstaller_enu(1).exe
2013-09-11 10:15 - 2013-09-11 10:15 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-11 07:38 - 2013-09-11 07:38 - 00000000 ____D C:\Windows\ERUNT
2013-09-11 07:35 - 2013-09-11 07:35 - 00000022 _____ C:\Windows\S.dirmngr
2013-09-10 22:51 - 2013-09-11 07:33 - 00000000 ____D C:\AdwCleaner
2013-09-10 22:45 - 2013-09-10 22:45 - 967616410 _____ C:\Windows\MEMORY.DMP
2013-09-10 22:45 - 2013-09-10 22:45 - 00498880 _____ C:\Windows\Minidump\091013-25116-01.dmp
2013-09-10 22:25 - 2013-09-10 22:25 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Malwarebytes
2013-09-10 22:25 - 2013-09-10 22:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-10 22:25 - 2013-09-10 22:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-10 22:25 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-10 18:26 - 2013-09-10 18:26 - 00022278 _____ C:\ComboFix.txt
2013-09-10 18:14 - 2013-09-10 18:26 - 00000000 ____D C:\Qoobox
2013-09-10 18:14 - 2013-09-10 18:25 - 00000000 ____D C:\Windows\erdnt
2013-09-10 18:14 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-10 18:14 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-10 18:14 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-10 18:14 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-10 18:14 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-10 18:14 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-10 18:14 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-10 18:14 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-10 17:22 - 2013-09-10 17:22 - 00000000 ____D C:\FRST
2013-09-10 17:20 - 2013-09-10 17:20 - 00000000 _____ C:\Users\Sascha\defogger_reenable
2013-09-10 17:15 - 2013-09-11 20:06 - 00000000 ____D C:\Users\Sascha\Desktop\Anticheat
2013-09-10 17:15 - 2013-09-10 17:15 - 00050477 _____ C:\Users\Sascha\Downloads\Defogger.exe
2013-09-09 16:57 - 2013-09-09 16:57 - 00001973 _____ C:\Users\Public\Desktop\Overwolf.lnk
2013-09-09 16:57 - 2013-09-09 16:57 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2013-09-09 16:56 - 2013-09-09 16:57 - 00000000 ____D C:\Program Files (x86)\Overwolf
2013-09-09 16:50 - 2013-09-11 07:38 - 00000000 ____D C:\Users\Sascha\AppData\Local\Overwolf
2013-09-07 11:04 - 2013-09-07 11:04 - 00001903 _____ C:\Users\Sascha\Downloads\new.pwn
2013-09-02 17:43 - 2013-09-09 19:46 - 00000000 ____D C:\Users\Sascha\AppData\Local\Game Dev Tycoon - Steam
2013-08-29 14:15 - 2013-08-29 14:15 - 00012985 _____ C:\Users\Sascha\Desktop\hs_err_pid103144.log
2013-08-21 16:37 - 2013-08-21 16:37 - 02820085 _____ C:\Users\Sascha\Downloads\3.zip
2013-08-21 16:36 - 2013-08-21 16:36 - 03552174 _____ C:\Users\Sascha\Downloads\93.zip
2013-08-21 16:33 - 2013-08-21 16:33 - 05030080 _____ C:\Users\Sascha\Downloads\151.zip
2013-08-21 16:31 - 2013-08-21 16:31 - 04173578 _____ C:\Users\Sascha\Downloads\163.zip
2013-08-21 16:30 - 2013-08-21 16:31 - 05810856 _____ C:\Users\Sascha\Downloads\164.zip
2013-08-21 16:27 - 2013-08-21 16:29 - 04777814 _____ C:\Users\Sascha\Downloads\146.zip
2013-08-21 16:25 - 2013-08-21 16:25 - 04344751 _____ C:\Users\Sascha\Downloads\145.zip
2013-08-18 12:51 - 2013-08-18 12:51 - 00000000 __SHD C:\ProgramData\DSS
2013-08-18 12:45 - 2013-08-18 12:45 - 00000000 ____D C:\Windows\1C4551A64743409391E41477CD655043.TMP
2013-08-17 12:09 - 2013-08-17 12:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 03:03 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-16 03:03 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-16 03:03 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-16 03:03 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-16 03:03 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-16 03:03 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-16 03:03 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-16 03:03 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-16 03:03 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-16 03:03 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-16 03:03 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-16 03:03 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-16 03:03 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-16 03:03 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-16 03:03 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-16 03:03 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-16 03:03 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-16 03:03 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-16 03:03 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-16 03:03 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-16 03:03 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-16 03:03 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-16 03:03 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-16 03:03 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-16 03:03 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-16 03:03 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-16 03:03 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-16 03:03 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-16 03:03 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-16 03:03 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-16 03:03 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 16:15 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 16:15 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 16:15 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 16:15 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 16:15 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 16:15 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 16:15 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 16:15 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 16:15 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 16:15 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 16:15 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 16:15 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 16:15 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 16:15 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 16:15 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 16:15 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 16:15 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 16:15 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 16:15 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 16:15 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 16:15 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 16:15 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 16:15 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 16:15 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 16:15 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 16:15 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 16:15 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-11 20:06 - 2013-09-10 17:15 - 00000000 ____D C:\Users\Sascha\Desktop\Anticheat
2013-09-11 20:03 - 2012-07-01 17:53 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-11 19:09 - 2012-07-01 21:31 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-11 18:10 - 2012-07-01 21:31 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-11 18:09 - 2012-07-01 21:31 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-11 18:09 - 2012-07-01 21:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-11 15:44 - 2012-07-01 15:04 - 01770148 _____ C:\Windows\WindowsUpdate.log
2013-09-11 10:17 - 2013-09-11 10:17 - 00891144 _____ C:\Users\Sascha\Desktop\SecurityCheck.exe
2013-09-11 10:15 - 2013-09-11 10:15 - 02347384 _____ (ESET) C:\Users\Sascha\Downloads\esetsmartinstaller_enu(1).exe
2013-09-11 10:15 - 2013-09-11 10:15 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-11 07:47 - 2009-07-14 06:45 - 00014640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-11 07:47 - 2009-07-14 06:45 - 00014640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-11 07:39 - 2012-07-01 17:39 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Dropbox
2013-09-11 07:38 - 2013-09-11 07:38 - 00000000 ____D C:\Windows\ERUNT
2013-09-11 07:38 - 2013-09-09 16:50 - 00000000 ____D C:\Users\Sascha\AppData\Local\Overwolf
2013-09-11 07:36 - 2013-05-13 19:48 - 00000000 ____D C:\Users\Sascha\AppData\Local\LogMeIn Hamachi
2013-09-11 07:36 - 2012-07-01 17:40 - 00000000 ___RD C:\Users\Sascha\Dropbox
2013-09-11 07:35 - 2013-09-11 07:35 - 00000022 _____ C:\Windows\S.dirmngr
2013-09-11 07:35 - 2013-06-13 21:28 - 00011431 _____ C:\Windows\setupact.log
2013-09-11 07:35 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-11 07:33 - 2013-09-10 22:51 - 00000000 ____D C:\AdwCleaner
2013-09-10 22:45 - 2013-09-10 22:45 - 967616410 _____ C:\Windows\MEMORY.DMP
2013-09-10 22:45 - 2013-09-10 22:45 - 00498880 _____ C:\Windows\Minidump\091013-25116-01.dmp
2013-09-10 22:45 - 2013-06-15 17:00 - 00005294 _____ C:\Windows\PFRO.log
2013-09-10 22:45 - 2012-08-24 18:05 - 00000000 ____D C:\Windows\Minidump
2013-09-10 22:25 - 2013-09-10 22:25 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Malwarebytes
2013-09-10 22:25 - 2013-09-10 22:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-10 22:25 - 2013-09-10 22:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-10 18:26 - 2013-09-10 18:26 - 00022278 _____ C:\ComboFix.txt
2013-09-10 18:26 - 2013-09-10 18:14 - 00000000 ____D C:\Qoobox
2013-09-10 18:26 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-10 18:25 - 2013-09-10 18:14 - 00000000 ____D C:\Windows\erdnt
2013-09-10 18:24 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-10 17:22 - 2013-09-10 17:22 - 00000000 ____D C:\FRST
2013-09-10 17:20 - 2013-09-10 17:20 - 00000000 _____ C:\Users\Sascha\defogger_reenable
2013-09-10 17:20 - 2012-07-01 15:05 - 00000000 ____D C:\Users\Sascha
2013-09-10 17:18 - 2012-07-05 19:10 - 00000600 _____ C:\Users\Sascha\AppData\Roaming\winscp.rnd
2013-09-10 17:17 - 2009-07-14 19:58 - 00707300 _____ C:\Windows\system32\perfh007.dat
2013-09-10 17:17 - 2009-07-14 19:58 - 00152892 _____ C:\Windows\system32\perfc007.dat
2013-09-10 17:17 - 2009-07-14 07:13 - 01642148 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-10 17:15 - 2013-09-10 17:15 - 00050477 _____ C:\Users\Sascha\Downloads\Defogger.exe
2013-09-09 23:51 - 2012-07-05 19:11 - 00000600 _____ C:\Users\Sascha\AppData\Local\PUTTY.RND
2013-09-09 19:46 - 2013-09-02 17:43 - 00000000 ____D C:\Users\Sascha\AppData\Local\Game Dev Tycoon - Steam
2013-09-09 16:57 - 2013-09-09 16:57 - 00001973 _____ C:\Users\Public\Desktop\Overwolf.lnk
2013-09-09 16:57 - 2013-09-09 16:57 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2013-09-09 16:57 - 2013-09-09 16:56 - 00000000 ____D C:\Program Files (x86)\Overwolf
2013-09-07 11:04 - 2013-09-07 11:04 - 00001903 _____ C:\Users\Sascha\Downloads\new.pwn
2013-09-04 18:50 - 2013-04-15 18:50 - 00000000 ____D C:\Users\Sascha\AppData\Local\CrashDumps
2013-09-03 19:58 - 2012-12-22 22:46 - 01619106 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-08-29 14:15 - 2013-08-29 14:15 - 00012985 _____ C:\Users\Sascha\Desktop\hs_err_pid103144.log
2013-08-23 17:01 - 2013-02-04 19:58 - 00000000 ____D C:\Users\Sascha\Documents\GTA San Andreas User Files
2013-08-22 09:12 - 2012-07-01 16:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-21 16:37 - 2013-08-21 16:37 - 02820085 _____ C:\Users\Sascha\Downloads\3.zip
2013-08-21 16:36 - 2013-08-21 16:36 - 03552174 _____ C:\Users\Sascha\Downloads\93.zip
2013-08-21 16:33 - 2013-08-21 16:33 - 05030080 _____ C:\Users\Sascha\Downloads\151.zip
2013-08-21 16:31 - 2013-08-21 16:31 - 04173578 _____ C:\Users\Sascha\Downloads\163.zip
2013-08-21 16:31 - 2013-08-21 16:30 - 05810856 _____ C:\Users\Sascha\Downloads\164.zip
2013-08-21 16:29 - 2013-08-21 16:27 - 04777814 _____ C:\Users\Sascha\Downloads\146.zip
2013-08-21 16:25 - 2013-08-21 16:25 - 04344751 _____ C:\Users\Sascha\Downloads\145.zip
2013-08-21 16:21 - 2012-10-30 21:18 - 00002362 _____ C:\Users\Sascha\Desktop\Daten.txt
2013-08-18 18:34 - 2013-07-25 18:21 - 00000000 ____D C:\Users\Sascha\AppData\Local\PAYDAY 2
2013-08-18 12:51 - 2013-08-18 12:51 - 00000000 __SHD C:\ProgramData\DSS
2013-08-18 12:51 - 2012-12-22 11:08 - 00000000 ____D C:\Users\Sascha\Documents\EA Games
2013-08-18 12:50 - 2012-12-22 22:54 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-08-18 12:47 - 2013-06-21 18:52 - 00111066 _____ C:\Windows\DirectX.log
2013-08-18 12:45 - 2013-08-18 12:45 - 00000000 ____D C:\Windows\1C4551A64743409391E41477CD655043.TMP
2013-08-17 12:09 - 2013-08-17 12:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 04:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-12 17:06 - 2013-03-18 18:46 - 00291128 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-08-12 17:06 - 2012-12-09 15:47 - 00291128 _____ C:\Windows\SysWOW64\PnkBstrB.exe

Files to move or delete:
====================
C:\Users\Sascha\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 00:15

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Die anderen Rechner reiche ich gleich nach.
Da ich eh morgen ins Ausland muss komme ich warscheinlich nicht dazu alle noch fertig zu bekommen, naja, mal kucken, dass ich wenigsten den Rechner der Person hinbekomme die hier bleibt.

edit:
Hier die anderen Rechner nach wichtigkeit geordnet:

-----------------------[Vaio Silver]-----------------------
FRST log:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-09-2013
Ran by geli (administrator) on GELI-PC on 11-09-2013 20:15:37
Running from C:\Users\geli\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Realtek Semiconductor) C:\Windows\RtkAudioService.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
(B.H.A Corporation) C:\Windows\System32\bgsvcgen.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Sony Corporation) C:\Program Files\Sony\Network Utility\NSUService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [x]
HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [352976 2011-04-03] (Kaspersky Lab ZAO)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll (Kaspersky Lab ZAO)
Winlogon\Notify\VESWinlogon: VESWinlogon.dll (Sony Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [ 2008-07-30] (Sony Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [ 2008-07-30] (Sony Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.sonystyle-europe.com
hxxp://www.club-vaio.com/vbc/ebay/index.html
hxxp://www.club-vaio.com/vbc
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
SearchScopes: HKLM - DefaultScope {21F1008E-EDF3-4413-B050-0A9FA7E1EBF7} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
SearchScopes: HKLM - {21F1008E-EDF3-4413-B050-0A9FA7E1EBF7} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll (Your Company Name)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\24.0.1312.57\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Chrome NaCl) - C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.1591.6512\npCIDetect13.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File

========================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [352976 2011-04-03] (Kaspersky Lab ZAO)
R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)
R2 NSUService; C:\Program Files\Sony\Network Utility\NSUService.exe [299008 2008-07-30] (Sony Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2008-05-22] (Sony Corporation)
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182112 2008-07-15] (Sony Corporation)
R2 VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [411488 2008-08-06] (Sony Corporation)
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [337184 2008-06-11] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [279848 2008-06-19] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2008-05-22] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [132184 2010-06-09] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11352 2010-06-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [488024 2011-04-03] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [22104 2010-04-22] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19984 2009-11-02] (Kaspersky Lab)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [147168 2008-07-09] (Realtek Semiconductor Corp.)
R0 shpf; C:\Windows\System32\DRIVERS\shpf.sys [22944 2008-06-26] (Sony Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [x]
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-11 20:14 - 2013-09-11 20:14 - 00000000 ____D C:\FRST
2013-09-03 13:52 - 2013-09-03 13:53 - 00001830 _____ C:\Users\geli\Documents\Geli pc.rdp
2013-09-03 13:52 - 2013-09-03 13:52 - 00001778 _____ C:\Users\geli\Documents\Addi PC.rdp
2013-09-03 13:36 - 2013-09-03 13:36 - 00000000 ____D C:\Users\geli\AppData\Roaming\Cinspiration
2013-09-03 13:28 - 2013-09-03 13:29 - 18416904 _____ (Pierre Doll                                                 ) C:\Users\geli\Downloads\rdp-manager.exe
2013-09-03 13:17 - 2013-09-03 13:51 - 00001579 _____ C:\Users\geli\Desktop\Addi Pc.lnk
2013-08-30 18:38 - 2013-09-11 20:13 - 00001592 _____ C:\Windows\setupact.log
2013-08-30 18:38 - 2013-08-30 18:38 - 00000000 _____ C:\Windows\setuperr.log
2013-08-30 17:04 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-19 03:02 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-19 03:02 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-19 03:02 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-19 03:02 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-19 03:02 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-19 03:02 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-19 03:02 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-19 03:02 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-19 03:02 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-19 03:02 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-19 03:02 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-19 03:02 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-19 03:02 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-19 03:02 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-19 03:02 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-19 03:02 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-18 16:08 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-18 16:08 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-18 16:08 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-18 16:08 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-18 16:08 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-18 16:08 - 2013-07-05 06:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-18 16:08 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-18 16:08 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-18 16:07 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-18 16:07 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-18 16:07 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-18 16:07 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

==================== One Month Modified Files and Folders =======

2013-09-11 20:17 - 2008-01-21 09:16 - 01560216 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-11 20:15 - 2009-02-25 21:21 - 01606906 _____ C:\Windows\WindowsUpdate.log
2013-09-11 20:14 - 2013-09-11 20:14 - 00000000 ____D C:\FRST
2013-09-11 20:13 - 2013-08-30 18:38 - 00001592 _____ C:\Windows\setupact.log
2013-09-11 20:13 - 2011-04-03 13:50 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-11 20:11 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-11 20:11 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-11 20:11 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-11 20:08 - 2013-09-11 20:15 - 01082455 _____ (Farbar) C:\Users\geli\Desktop\FRST.exe
2013-09-10 22:20 - 2012-07-01 17:49 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-10 22:20 - 2008-08-12 11:42 - 00001076 _____ C:\Windows\bthservsdp.dat
2013-09-10 22:20 - 2006-11-02 15:01 - 00032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-10 15:13 - 2013-05-16 13:01 - 00001778 _____ C:\Users\geli\Documents\Default.rdp
2013-09-10 11:20 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-03 13:53 - 2013-09-03 13:52 - 00001830 _____ C:\Users\geli\Documents\Geli pc.rdp
2013-09-03 13:52 - 2013-09-03 13:52 - 00001778 _____ C:\Users\geli\Documents\Addi PC.rdp
2013-09-03 13:51 - 2013-09-03 13:17 - 00001579 _____ C:\Users\geli\Desktop\Addi Pc.lnk
2013-09-03 13:36 - 2013-09-03 13:36 - 00000000 ____D C:\Users\geli\AppData\Roaming\Cinspiration
2013-09-03 13:29 - 2013-09-03 13:28 - 18416904 _____ (Pierre Doll                                                 ) C:\Users\geli\Downloads\rdp-manager.exe
2013-08-30 18:38 - 2013-08-30 18:38 - 00000000 _____ C:\Windows\setuperr.log
2013-08-30 18:32 - 2009-03-14 20:17 - 00017408 _____ C:\Users\geli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-22 19:31 - 2012-07-01 17:49 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-22 19:31 - 2012-01-18 18:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-19 03:50 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-08-19 03:30 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-19 03:14 - 2013-08-05 03:01 - 00000000 ____D C:\Windows\system32\MRT
2013-08-19 03:11 - 2006-11-02 12:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-19 03:09 - 2008-09-09 04:46 - 00000000 ____D C:\ProgramData\Microsoft Help

Files to move or delete:
====================
C:\Users\geli\AppData\Local\Temp\gtalkwmp1.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 20:17

==================== End Of Log ============================
         
--- --- ---


Addition Log:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-09-2013
Ran by geli at 2013-09-11 20:18:21
Running from C:\Users\geli\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer (Version: 1.0.0)
4660_4680_Help (Version: 1.00.0000)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Acrobat  8 Standard - English, Français, Deutsch (Version: 8.0.0)
Adobe Common File Installer (Version: 1.00.002)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Photoshop Elements 6.0 (Version: 6.0)
Adobe Premiere Elements 4.0 (Version: 4.0)
Adobe Premiere Elements 4.0 Templates (Version: 4.0.0)
Apple Application Support (Version: 2.3.2)
Apple Software Update (Version: 2.1.3.127)
ArcSoft WebCam Companion 2
ATI Catalyst Install Manager (Version: 3.0.682.0)
Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter (Version: 2.5)
BPD_HPSU (Version: 1.00.0000)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
Browser Address Error Redirector
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2008.0717.2343.40629)
Catalyst Control Center Graphics Full Existing (Version: 2008.0717.2343.40629)
Catalyst Control Center Graphics Full New (Version: 2008.0717.2343.40629)
Catalyst Control Center Graphics Light (Version: 2008.0717.2343.40629)
Catalyst Control Center Graphics Previews Common (Version: 2008.0717.2343.40629)
Catalyst Control Center Graphics Previews Vista (Version: 2008.0717.2343.40629)
Catalyst Control Center InstallProxy (Version: 2008.0717.2343.40629)
Catalyst Control Center Localization Chinese Standard (Version: 2008.0717.2343.40629)
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0717.2343.40629)
Catalyst Control Center Localization Czech (Version: 2008.0717.2343.40629)
Catalyst Control Center Localization Danish (Version: 2008.0717.2343.40629)
Catalyst Control Center Localization Dutch (Version: 2008.0717.2343.40629)
Catalyst Control Center Localization Finnish (Version: 2008.0717.2343.40629)
Catalyst Control Center Localization French (Version: 2008.0717.2343.40629)
Catalyst Control Center Localization German (Version: 2008.0717.2343.40629)
Catalyst Control Center Localization Greek (Version: 2008.0717.2343.40629)
Catalyst Control Center Localization Hungarian (Version: 2008.0717.2343.40629)
Catalyst Control Center Localization Italian (Version: 2008.0717.2343.40629)
Catalyst Control Center Localization Japanese (Version: 2008.0717.2343.40629)
Catalyst Control Center Localization Korean (Version: 2008.0717.2343.40629)
Catalyst Control Center Localization Norwegian (Version: 2008.0717.2343.40629)
Catalyst Control Center Localization Polish (Version: 2008.0717.2343.40629)
Catalyst Control Center Localization Portuguese (Version: 2008.0717.2343.40629)
Catalyst Control Center Localization Russian (Version: 2008.0717.2343.40629)
Catalyst Control Center Localization Spanish (Version: 2008.0717.2343.40629)
Catalyst Control Center Localization Swedish (Version: 2008.0717.2343.40629)
Catalyst Control Center Localization Thai (Version: 2008.0717.2343.40629)
Catalyst Control Center Localization Turkish (Version: 2008.0717.2343.40629)
CCC Help Chinese Standard (Version: 2008.0717.2342.40629)
CCC Help Chinese Traditional (Version: 2008.0717.2342.40629)
CCC Help Czech (Version: 2008.0717.2342.40629)
CCC Help Danish (Version: 2008.0717.2342.40629)
CCC Help Dutch (Version: 2008.0717.2342.40629)
CCC Help English (Version: 2008.0717.2342.40629)
CCC Help Finnish (Version: 2008.0717.2342.40629)
CCC Help French (Version: 2008.0717.2342.40629)
CCC Help German (Version: 2008.0717.2342.40629)
CCC Help Greek (Version: 2008.0717.2342.40629)
CCC Help Hungarian (Version: 2008.0717.2342.40629)
CCC Help Italian (Version: 2008.0717.2342.40629)
CCC Help Japanese (Version: 2008.0717.2342.40629)
CCC Help Korean (Version: 2008.0717.2342.40629)
CCC Help Norwegian (Version: 2008.0717.2342.40629)
CCC Help Polish (Version: 2008.0717.2342.40629)
CCC Help Portuguese (Version: 2008.0717.2342.40629)
CCC Help Russian (Version: 2008.0717.2342.40629)
CCC Help Spanish (Version: 2008.0717.2342.40629)
CCC Help Swedish (Version: 2008.0717.2342.40629)
CCC Help Thai (Version: 2008.0717.2342.40629)
CCC Help Turkish (Version: 2008.0717.2342.40629)
ccc-core-static (Version: 2008.0717.2343.40629)
ccc-utility (Version: 2008.0717.2343.40629)
CCleaner (Version: 4.01)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
Fax (Version: 100.0.272.000)
HDAUDIO SoftV92 Data Fax Modem with SmartCP
HP Officejet All-In-One Series (Version: 1.0)
HPSSupply (Version: 100.0.170.000)
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi-Software (Version: 12.00.0004)
iTunes (Version: 10.0.0.68)
J4680 (Version: 50.0.165.000)
Kaspersky Anti-Virus 2011 (Version: 11.0.1.400)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
NetDeviceManager (Version: 100.0.170.000)
PHOTOfunSTUDIO HD Edition (Version: 3.00.126)
Primo (Version: 1.00.0000)
ProductContext (Version: 50.0.165.000)
QuickTime (Version: 7.74.80.86)
Realtek High Definition Audio Driver (Version: 6.0.1.5653)
Roxio Central Audio (Version: 3.7.0)
Roxio Central Copy (Version: 3.7.0)
Roxio Central Core (Version: 3.7.0)
Roxio Central Data (Version: 3.7.0)
Roxio Central Tools (Version: 3.7.0)
Roxio Easy Media Creator 10 LJ (Version: 10.1)
Roxio Easy Media Creator Home (Version: 10.1.177)
Scan (Version: 10.1.0.0)
Setting Utility Series (Version: 4.1.00.07300)
Shop for HP Supplies (Version: 10.0)
Skins (Version: 2008.0717.2343.40629)
Skype™ 6.1 (Version: 6.1.129)
SonicStage Mastering Studio (Version: 2.6)
SonicStage Mastering Studio Audio Filter (Version: 2.5)
SonicStage Mastering Studio Plugins (Version: 2.5)
Sony Picture Utility (Version: 3.2.02.06170)
Sony Video Shared Library (Version: 3.4.00)
Synaptics Pointing Device Driver (Version: 9.1.13.0)
Toolbox (Version: 100.0.170.000)
Unterstützung für VAIO-Präsentation (Version: 1.0.00.04240)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VAIO Content Folder Setting (Version: 2.0.00.17290)
VAIO Content Metadata Intelligent Analyzing Manager (Version: 3.2.00.06115)
VAIO Content Metadata Manager Setting (Version: 3.2.00.06062)
VAIO Content Metadata XML Interface Library (Version: 3.2.00.06112)
VAIO Control Center (Version: 3.1.00.07110)
VAIO Data Restore Tool (Version: 1.0.04.01170)
VAIO DVD Menu Data Basic (Version: 1.0.00.08130)
VAIO Edit Components 6.4 (Version: 6.4)
VAIO Energie Verwaltung (Version: 3.1.00.08060)
VAIO Entertainment Platform (Version: 3.2.00.06200)
VAIO Event Service (Version: 4.1.00.07150)
VAIO Guide (Version: 2.4.00.06190)
VAIO Marketing Tools
VAIO Mode Switch (Version: 1.1.00.07250)
VAIO Original Function Setting (Version: 1.4.00.04230)
VAIO Smart Network (Version: 2.1.00.07300)
VAIO Update 4 (Version: 4.0.0.06110)
VAIO Wallpaper Contents (Version: 1.2.00.05200)
WebReg (Version: 100.0.170.000)
WIDCOMM Bluetooth Software 6.2.0.4100 (Version: 6.2.0.4100)

==================== Restore Points  =========================

17-07-2013 11:13:34 Windows Update
20-07-2013 11:00:25 Geplanter Prüfpunkt
21-07-2013 13:11:22 Geplanter Prüfpunkt
24-07-2013 17:35:06 Windows Update
25-07-2013 18:17:34 Geplanter Prüfpunkt
27-07-2013 07:16:14 Geplanter Prüfpunkt
28-07-2013 11:20:27 Geplanter Prüfpunkt
30-07-2013 18:51:25 Windows Update
04-08-2013 17:27:01 Geplanter Prüfpunkt
05-08-2013 01:00:19 Windows Update
05-08-2013 18:47:37 Geplanter Prüfpunkt
09-08-2013 16:38:46 Windows Update
10-08-2013 15:47:07 Geplanter Prüfpunkt
18-08-2013 14:05:15 Windows Update
19-08-2013 01:00:29 Windows Update
21-08-2013 16:54:41 Geplanter Prüfpunkt
30-08-2013 15:04:03 Windows Update
31-08-2013 10:45:08 Windows Update
03-09-2013 11:10:40 Windows Update
08-09-2013 08:25:07 Windows Update
09-09-2013 01:00:20 Windows Update
09-09-2013 01:00:21 Geplanter Prüfpunkt
10-09-2013 09:13:59 Windows Update


==================== Scheduled Tasks (whitelisted) =============

Task: {09D50FF5-DA05-4147-988A-6D1B1F16A61F} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3FEA84B2-B020-485A-AA46-08AFD49A9EA7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-22] (Adobe Systems Incorporated)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {695A5B25-39DD-473E-B439-7012714B033C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {88B0123A-C8D5-424B-9DB0-BDABEAA9590B} - System32\Tasks\SONY\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe [2008-06-11] (Sony Corporation)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {B0E1968A-360D-4C75-B608-BFB3D4041C55} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {D574F0B3-1F0A-4478-95B5-C0F64920D0B7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {EA5AF857-E746-4AED-AA61-8086B8A77A34} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2008-08-12 21:16 - 2008-07-30 02:06 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2008-07-01 08:01 - 2008-07-01 08:01 - 00184320 _____ (Broadcom Corporation.) C:\Windows\system32\btncopy.dll
2010-07-01 21:35 - 2010-07-01 21:35 - 00146104 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\prremote.dll
2010-07-01 21:35 - 2010-07-01 21:35 - 00252600 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\prloader.dll
2008-08-12 14:15 - 2008-08-12 14:15 - 00086016 _____ (Sony Corporation) C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll
2008-08-12 14:15 - 2008-08-12 14:15 - 00045056 _____ (Sony Corporation) C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll
2008-08-12 14:15 - 2008-08-06 18:06 - 00036864 _____ (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMDrv.dll
2008-08-12 14:15 - 2008-08-06 18:06 - 00008704 _____ (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\de\SPMgr.resources.dll
2008-08-12 14:08 - 2008-07-11 16:42 - 00102400 _____ (Sony Corporation) C:\Program Files\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll
2008-09-09 05:23 - 2008-06-11 19:46 - 00385024 _____ (Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VURes.dll
2010-07-01 21:35 - 2010-07-01 21:35 - 00088760 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\fssync.dll
2010-07-01 21:35 - 2011-04-03 14:44 - 00117432 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\DumpWriter.dll
2010-07-01 21:35 - 2010-07-01 21:35 - 00016568 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\memmng.dll
2010-07-01 21:35 - 2010-07-01 21:35 - 00055992 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\Ushata.dll
2010-07-01 21:34 - 2010-07-01 21:34 - 00018104 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\CLLDR.DLL
2010-07-01 21:36 - 2010-07-01 21:36 - 00039608 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\pxstub.ppl
2010-07-01 21:35 - 2010-07-01 21:35 - 01051320 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\params.ppl
2010-07-01 21:36 - 2010-07-01 21:36 - 00036536 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\winreg.ppl
2010-07-01 21:35 - 2010-07-01 21:35 - 00015544 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\hashmd5.ppl
2010-07-01 21:35 - 2010-07-01 21:35 - 00113336 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\nfio.ppl
2010-07-01 21:35 - 2010-07-01 21:35 - 00019128 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\fsdrvplg.ppl
2010-07-01 21:35 - 2012-12-22 01:16 - 01352712 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avpgui.ppl
2010-07-01 21:35 - 2010-07-01 21:35 - 00191160 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\service.dll
2010-07-01 21:35 - 2010-07-01 21:35 - 00469688 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\eka_meta.dll
2010-07-01 21:35 - 2010-07-01 21:35 - 00268984 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\esmgr.dll
2010-07-01 21:35 - 2011-04-03 14:44 - 01694392 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\basegui.ppl
2010-07-01 21:36 - 2010-07-01 21:36 - 00039608 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\thpimpl.ppl
2010-07-01 21:35 - 2010-07-01 21:35 - 00109240 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Users\geli\Downloads\Gehälter 07_2012.eml:OECustomProperty

==================== Faulty Device Manager Devices =============

Name: HP Officejet J4680
Description: HP Officejet J4680
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Hewlett-Packard
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet J4680 series
Description: Officejet J4680 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP Color LaserJet 2605dn
Description: HP Color LaserJet 2605dn
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet J4680 series
Description: Officejet J4680 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet J4680 series
Description: Officejet J4680 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/11/2013 08:12:19 PM) (Source: VzCdbSvc) (User: )
Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019)

Error: (09/11/2013 08:12:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2013 11:10:39 AM) (Source: VzCdbSvc) (User: )
Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019)

Error: (09/10/2013 11:10:32 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2013 08:02:21 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (09/08/2013 11:55:27 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/08/2013 11:55:25 AM) (Source: VzCdbSvc) (User: )
Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019)

Error: (09/08/2013 11:38:34 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (09/08/2013 10:21:50 AM) (Source: VzCdbSvc) (User: )
Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019)

Error: (09/08/2013 10:21:49 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/19/2010 07:59:33 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (01/19/2010 07:59:29 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (01/19/2010 07:57:55 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (01/18/2010 09:40:22 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (01/18/2010 09:38:58 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (01/18/2010 09:38:50 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (01/17/2010 07:59:15 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (01/17/2010 07:57:48 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (01/17/2010 07:57:41 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (01/16/2010 11:45:39 AM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2012-10-11 21:11:34.893
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\KLIFX86\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-11 21:11:34.674
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\KLIFX86\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-11 21:11:34.425
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\KLIFX86\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-11 21:11:34.175
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\KLIFX86\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-11 21:11:33.832
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\KLIFX86\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-11 21:11:33.614
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\KLIFX86\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-11 21:11:33.333
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\KLIFX86\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-11 21:11:33.021
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\KLIFX86\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-01-12 03:31:39.991
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-01-12 03:31:39.819
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 42%
Total physical RAM: 3038.12 MB
Available physical RAM: 1760.73 MB
Total Pagefile: 6279.1 MB
Available Pagefile: 4942.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1924.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:286.92 GB) (Free:155.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive g: (INTENSO) (Removable) (Total:14.44 GB) (Free:14.24 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 7447F01A)
Partition 1: (Not Active) - (Size=11 GB) - (Type=27)
Partition 2: (Active) - (Size=287 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 14 GB) (Disk ID: 990D2936)
Partition 1: (Not Active) - (Size=14 GB) - (Type=0B)

==================== End Of Log ============================
         

Geändert von Goeol2 (11.09.2013 um 19:57 Uhr)

Alt 11.09.2013, 20:02   #10
Goeol2
 
Telekombrief "Hacking": Heimnetzwerk (2xTower, 2xLaptop, 2xNotebook) - Standard

Telekombrief "Hacking": Heimnetzwerk (2xTower, 2xLaptop, 2xNotebook)



Sorry für Doppelpost, aber dann muss ich nichts anhängen

-----------------------[Asus]-----------------------
FRST Log:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013
Ran by Anwender (administrator) on ASUS_PRO7B on 11-09-2013 20:29:47
Running from C:\Users\Anwender\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
() C:\ExpressGateUtil\VAWinService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(ICQ) C:\Users\Anwender\AppData\Roaming\ICQM\icq.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(ASUS) C:\Windows\AsScrPro.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4156 2010-04-17] ()
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2168424 2010-10-13] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-05-03] (Alcor Micro Corp.)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Setwallpaper] - c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [IntelliType Pro] - C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$3779d65b2d5ed12127ead109ebaabb5c\n. ATTENTION! ====> ZeroAccess?
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1811880 2013-08-28] (Valve Corporation)
HKCU\...\Run: [icq] - C:\Users\Anwender\AppData\Roaming\ICQM\icq.exe [27310440 2013-02-24] (ICQ)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18643560 2013-03-01] (Skype Technologies S.A.)
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3438240998-748192676-2937609824-1002\$3779d65b2d5ed12127ead109ebaabb5c\n. ATTENTION! ====> ZeroAccess?
MountPoints2: {584778a8-4c0e-11e2-896a-14dae9acfac1} - F:\LaunchU3.exe -a
MountPoints2: {65ace122-9cf3-11e1-bd0d-14dae9acfac1} - F:\Startme.exe
MountPoints2: {91807e57-2b9b-11e1-84fa-806e6f6e6963} - E:\Autorun_CCD.exe
MountPoints2: {bdd66835-3a19-11e1-b3bc-14dae9acfac1} - F:\iStudio.exe
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] - C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini [370 2013-09-11] ()
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [FLxHCIm] - C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [43008 2011-04-09] (Windows (R) Win 7 DDK provider)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe [45448 2011-04-08] ()
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-11-12] (cyberlink)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [222504 2010-11-25] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-02-02] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [226920 2011-03-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [193128 2011-03-27] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0307411A-F144-496D-ADD7-EAB5DE409EB5} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=9AD5FACB-950A-42F1-9EAA-13D1CCC15CC2&apn_sauid=3CBBC95D-A3B8-466D-B15E-6E3D09926F27
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC8} URL = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 06 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 11 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 06 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 11 mswsock.dll File Not found (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\nzzfd4bx.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\nzzfd4bx.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions:  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\npSkypeChromePlugin.dll (Skype Technologies S.A.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Extension: (Google Drive) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Skype Click to Call) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0
CHR Extension: (Gmail) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-02-02] (Kaspersky Lab ZAO)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2010-11-13] (CyberLink)
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-03-26] ()

==================== Drivers (Whitelisted) ====================

R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [56320 2011-04-09] (Fresco Logic)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-21] ( )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2013-02-02] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2013-02-02] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-20] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-24] (Kaspersky Lab ZAO)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-04-24] (Kaspersky Lab ZAO)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-11 20:29 - 2013-09-11 20:06 - 01949408 _____ (Farbar) C:\Users\Anwender\Desktop\FRST64.exe
2013-09-08 14:37 - 2013-09-08 14:37 - 00000222 _____ C:\Users\Anwender\Desktop\Total War ROME II.url
2013-08-17 16:59 - 2013-08-17 16:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-14 21:30 - 2013-08-14 21:30 - 00000558 _____ C:\Windows\KB893803v2.log
2013-08-14 17:52 - 2013-08-14 20:28 - 958422277 _____ (Gothic 3 CPT                                                ) C:\Users\Anwender\Downloads\Gothic_3_Community_Patch_v1.74_Int_Full.exe
2013-08-13 23:22 - 2013-09-08 14:31 - 00000000 ____D C:\Users\Anwender\Documents\gothic3
2013-08-13 23:21 - 2013-08-13 23:21 - 00000000 ____D C:\Windows\SysWOW64\AGEIA
2013-08-13 23:21 - 2013-08-13 23:21 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-08-13 17:41 - 2013-08-13 17:41 - 00000221 _____ C:\Users\Anwender\Desktop\Gothic 3.url
2013-08-12 21:58 - 2013-08-13 17:41 - 00000000 ____D C:\Users\Anwender\Documents\Gothic3ForsakenGods

==================== One Month Modified Files and Folders =======

2013-09-11 20:30 - 2011-02-19 06:24 - 00665812 _____ C:\Windows\system32\perfh007.dat
2013-09-11 20:30 - 2011-02-19 06:24 - 00133992 _____ C:\Windows\system32\perfc007.dat
2013-09-11 20:30 - 2009-07-14 07:13 - 01529328 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-11 20:29 - 2013-09-11 20:29 - 00000000 ____D C:\FRST
2013-09-11 20:28 - 2009-07-14 06:51 - 00141609 _____ C:\Windows\setupact.log
2013-09-11 20:20 - 2012-01-22 05:35 - 00000000 ____D C:\Program Files (x86)\Steam
2013-09-11 20:06 - 2013-09-11 20:29 - 01949408 _____ (Farbar) C:\Users\Anwender\Desktop\FRST64.exe
2013-09-11 19:49 - 2013-02-23 10:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-11 19:45 - 2011-04-13 04:33 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-11 17:38 - 2011-12-29 20:44 - 00000000 ____D C:\Users\Anwender\AppData\Roaming\Skype
2013-09-11 17:04 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-11 17:04 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-11 16:58 - 2013-02-02 15:31 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-11 16:56 - 2011-10-12 03:18 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2013-09-11 16:56 - 2011-04-13 04:33 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-11 16:56 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-08 22:59 - 2011-04-13 04:35 - 00369850 _____ C:\Windows\DirectX.log
2013-09-08 14:37 - 2013-09-08 14:37 - 00000222 _____ C:\Users\Anwender\Desktop\Total War ROME II.url
2013-09-08 14:31 - 2013-08-13 23:22 - 00000000 ____D C:\Users\Anwender\Documents\gothic3
2013-08-21 19:50 - 2013-02-23 10:32 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 19:50 - 2012-12-23 13:39 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 19:50 - 2012-12-23 13:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-18 09:32 - 2012-05-21 17:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-17 16:59 - 2013-08-17 16:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-14 21:30 - 2013-08-14 21:30 - 00000558 _____ C:\Windows\KB893803v2.log
2013-08-14 20:28 - 2013-08-14 17:52 - 958422277 _____ (Gothic 3 CPT                                                ) C:\Users\Anwender\Downloads\Gothic_3_Community_Patch_v1.74_Int_Full.exe
2013-08-13 23:22 - 2012-03-26 03:39 - 00000000 ____D C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-08-13 23:21 - 2013-08-13 23:21 - 00000000 ____D C:\Windows\SysWOW64\AGEIA
2013-08-13 23:21 - 2013-08-13 23:21 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-08-13 17:41 - 2013-08-13 17:41 - 00000221 _____ C:\Users\Anwender\Desktop\Gothic 3.url
2013-08-13 17:41 - 2013-08-12 21:58 - 00000000 ____D C:\Users\Anwender\Documents\Gothic3ForsakenGods

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3438240998-748192676-2937609824-1002\$3779d65b2d5ed12127ead109ebaabb5c

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$3779d65b2d5ed12127ead109ebaabb5c

Files to move or delete:
====================
C:\Users\Anwender\AppData\Local\Temp\ApnStub.exe
C:\Users\Anwender\AppData\Local\Temp\COMAP.EXE
C:\Users\Anwender\AppData\Local\Temp\Gw2.exe
C:\Users\Anwender\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Anwender\AppData\Local\Temp\install_flashplayer11x32_mssd_aih.exe
C:\Users\Anwender\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\Anwender\AppData\Local\Temp\ose00000.exe
C:\Users\Anwender\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 17:17

==================== End Of Log ============================
         
--- --- ---

Addition log:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-09-2013
Ran by Anwender at 2013-09-11 20:30:35
Running from C:\Users\Anwender\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

[translation missing: EVERemoveOnly] (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Alcor Micro USB Card Reader (x32 Version: 1.7.17.25416)
Anno 2070 (x32)
ASUS AI Recovery (x32 Version: 1.0.13)
ASUS FancyStart (x32 Version: 1.0.8)
ASUS LifeFrame3 (x32 Version: 3.0.20)
ASUS Live Update (x32 Version: 2.5.9)
ASUS Power4Gear Hybrid (Version: 1.1.43)
ASUS SmartLogon (x32 Version: 1.0.0011)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.02.0030)
ASUS Video Magic (x32 Version: 6.0.4710)
ASUS Virtual Camera (x32 Version: 1.0.21)
ASUS WebStorage (x32 Version: 3.0.84.161)
ASUS_N3_Series (x32 Version: 1.0.0001)
AsusVibe2.0 (x32 Version: 2.0.4.617)
ATK Package (x32 Version: 1.0.0007)
Bing Bar (x32 Version: 7.0.610.0)
Bookworm Deluxe (x32)
Chivalry: Medieval Warfare (x32)
Complément Messenger (x32 Version: 15.4.3502.0922)
Complemento Messenger (x32 Version: 15.4.3502.0922)
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2)
Cooking Dash (x32)
CyberLink LabelPrint (x32 Version: 2.5.1908)
CyberLink MediaEspresso (x32 Version: 6.0.1123_32710)
CyberLink Power2Go (x32 Version: 6.1.3602c)
CyberLink PowerDirector (x32 Version: 8.0.3327)
CyberLink PowerDVD 10 (x32 Version: 10.0.2312.52)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition update for Microsoft Office 2010 (KB982726) (x32)
Empire: Total War (x32)
Endless Space (x32)
ETDWare PS/2-x64 7.0.5.15_WHQL (Version: 7.0.5.15)
ExpressGateCloud (x32 Version: 2.6.27.160)
Fast Boot (Version: 1.0.10)
Fresco Logic USB3.0 Host Controller (Version: 3.0.119.1)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Game Park Console (x32 Version: 6.2.1.1)
Google Chrome (x32 Version: 29.0.1547.66)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32)
Google Update Helper (x32 Version: 1.3.21.153)
Gothic (x32)
Gothic 3 (x32)
Gothic 3 Forsaken Gods Enhanced Edition (x32)
Gothic II: Gold Edition (x32)
Governor of Poker (x32)
Guild Wars 2 (x32)
Hotel Dash Suite Success (x32)
ICQ 8.0 (build 6003, für aktuellen Benutzer) (HKCU Version: 8.0.6003.0)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2291)
Intel(R) Turbo Boost Technology Monitor (Version: 1.0.400.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 31 (x32 Version: 6.0.310)
Jewel Quest 3 (x32)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190)
Luxor 3 (x32)
MAGIX Web Designer 6 (x32 Version: 6.0.1.12177)
Mahjongg dimensions (x32)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Messenger 分享元件 (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft PowerPoint Viewer (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (x32 Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft-Maus- und Tastatur-Center (Version: 2.0.162.0)
Might & Magic ® Heroes ® VI (x32)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nuance PDF Reader (x32 Version: 6.00.0041)
NVIDIA Control Panel 267.92 (Version: 267.92)
NVIDIA Graphics Driver 267.92 (Version: 267.92)
NVIDIA Install Application (Version: 2.265.39.0)
NVIDIA Optimus 1.0.22 (Version: 1.0.22)
NVIDIA PhysX (x32 Version: 9.09.0428)
NVIDIA Update Components (Version: 1.0.22)
Omerta - City of Gangsters (x32)
Plants vs Zombies (x32)
R.U.S.E (x32)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6221)
Sid Meier's Civilization V (x32)
Skype Click to Call (x32 Version: 5.8.8855)
Skype™ 6.3 (x32 Version: 6.3.105)
SonicMaster (x32 Version: 1.00.0000)
Star Wars - Battlefront II (x32)
Star Wars: Empire at War Gold (x32)
Star Wars: Knights of the Old Republic (x32)
Steam (x32 Version: 1.0.0.0)
syncables desktop SE (x32 Version: 5.5.746.11492)
TeamSpeak 3 Client (Version: 3.0.6)
Total War: ROME II (x32)
Tropico 3: Absolute Power (x32)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Live 影像中心 (x32 Version: 15.4.3502.0922)
Windows Live 程式集 (x32 Version: 15.4.3502.0922)
WinFlash (x32 Version: 2.31.0)
WinRAR 4.11 (32-Bit) (x32 Version: 4.11.0)
Wireless Console 3 (x32 Version: 3.0.19)
World of Goo (x32)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (x32 Version: 15.4.5722.2)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)
Компаньон Messenger (x32 Version: 15.4.3502.0922)
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922)
Почта Windows Live (x32 Version: 15.4.3502.0922)
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922)
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (x32 Version: 15.4.5722.2)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922)
מסייע Messenger (x32 Version: 15.4.3502.0922)
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (x32 Version: 15.4.5722.2)
بريد Windows Live (x32 Version: 15.4.3502.0922)
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (x32 Version: 15.4.5722.2)
معرض صور Windows Live (x32 Version: 15.4.3502.0922)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (x32 Version: 15.4.5722.2)

==================== Restore Points  =========================

21-08-2013 17:04:32 Geplanter Prüfpunkt
29-08-2013 16:52:53 Geplanter Prüfpunkt
07-09-2013 17:49:03 Geplanter Prüfpunkt
08-09-2013 20:57:14 DirectX wurde installiert

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {09556F2E-3C35-41E6-9764-6968BDB12F8C} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: {128AAD2A-360A-454D-817C-86BDAC4AF0EC} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3438240998-748192676-2937609824-1002 => C:\Windows\System32\portabledeviceapi.dll [2010-11-20] (Microsoft Corporation)
Task: {14EF29AD-134F-41D0-BA74-61A6B6ED8544} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {2334CEF8-91BD-4979-96C9-D44EC798809B} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2010-11-24] (CyberLink)
Task: {38BDF22E-07CD-4335-8B00-AF50416DC578} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)
Task: {60F398C6-F009-4FEB-B4EF-955537F134F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13] (Google Inc.)
Task: {713687C7-5616-4EC2-BDD3-0281AE599E72} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {7D4F86D4-D58D-4439-8E88-857E06AF00DD} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {7E99C3C5-18D0-45B2-B201-20586815C7FB} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-02] (ASUS)
Task: {84A77F86-B445-48DE-B57F-B89B693CD5C2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13] (Google Inc.)
Task: {8671B723-909C-4EC5-81D5-0CF0BAB6D9CB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {94429FBE-4301-4171-BD2F-B04919492527} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21] (Adobe Systems Incorporated)
Task: {9AB913B9-F5EE-4C51-BB76-988BDCB6F276} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)
Task: {CEEE023F-8E4A-452C-8159-3DC68C759299} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {D02FCF48-91BA-424B-89AD-30C91DFD2D45} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {EED34FF9-4032-4ACE-9C8F-A05C19A966E4} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)
Task: {FA798E2D-6251-4262-9E5E-36AAE91612BA} - System32\Tasks\AIRecoveryRemind => C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe [2010-12-18] (ASUSTek Computer Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-10-12 02:48 - 2011-03-27 16:10 - 00226920 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2009-03-02 04:07 - 2009-03-02 04:07 - 00200704 _____ ( ) C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\LogicNP.EZShellExtensions.dll
2011-02-21 06:05 - 2011-02-21 06:05 - 00266240 _____ (.) C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\eCaremeDLL.dll
2012-08-17 22:41 - 2012-08-17 22:41 - 00188344 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\prremote.dll
2012-08-17 22:43 - 2012-08-17 22:43 - 00507320 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\prloader.dll
2011-10-12 02:48 - 2011-03-27 16:10 - 02221672 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2011-03-28 08:16 - 2011-03-28 08:16 - 00053864 _____ (NVIDIA Corporation) C:\Windows\system32\Nv3DAppShExtR.dll
2010-04-01 04:55 - 2010-04-01 04:55 - 00221184 _____ ( ) C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\LogicNP.EZNamespaceExtensions.dll
2012-03-13 16:31 - 2012-02-17 21:55 - 00193536 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2010-04-03 04:21 - 2008-10-01 08:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-07-15 01:11 - 2010-07-15 01:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2011-04-20 09:59 - 2011-01-27 02:25 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrDEU.lrc
2011-04-20 09:59 - 2011-01-27 02:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-10-12 02:52 - 2010-10-13 13:00 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2011-10-12 02:52 - 2010-10-13 13:00 - 02628200 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2011-10-12 02:52 - 2010-07-22 10:48 - 00081232 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\system32\SFCom64.dll
2011-10-12 02:48 - 2011-03-27 16:10 - 00193128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-02-24 20:52 - 2013-02-24 20:52 - 03189248 _____ (goober Networks, Inc.) C:\Users\Anwender\AppData\Roaming\ICQM\vivo.dll
2013-02-24 20:52 - 2013-02-24 20:52 - 00851456 _____ () C:\Users\Anwender\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll
2013-02-24 20:52 - 2013-02-24 20:52 - 00049152 _____ ( ) C:\Users\Anwender\AppData\Roaming\ICQM\ICQ\dll\MousePhone.dll
2005-09-22 02:30 - 2005-09-22 02:30 - 00036864 _____ (ATK) C:\Program Files (x86)\ASUS\Wireless Console 3\inter_f2.dll
2004-05-28 03:13 - 2004-05-28 03:13 - 00080384 _____ (ACTIONTEC Electronics,Inc) C:\Program Files (x86)\ASUS\Wireless Console 3\ATKWLIOC.DLL
2005-01-13 09:36 - 2005-01-13 09:36 - 00303104 _____ (Silicon Integrated Systems Corp.) C:\Program Files (x86)\ASUS\Wireless Console 3\SiSPkt.dll
2012-08-17 22:40 - 2013-06-20 20:49 - 00083648 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ushata.dll
2011-10-12 02:48 - 2011-03-27 16:10 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2012-08-17 22:38 - 2012-08-17 22:38 - 00013240 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avpinit.dll
2012-08-17 22:38 - 2013-04-24 17:16 - 00828096 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avpmain.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00097720 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\fssync.DLL
2012-08-17 22:39 - 2012-08-17 22:39 - 00147896 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\DumpWriter.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00611768 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\service.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00159672 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\prremote.DLL
2012-08-17 22:39 - 2012-08-17 22:39 - 00369080 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\prloader.dll
2012-08-17 22:41 - 2012-08-17 22:41 - 00110008 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\nfio.ppl
2012-08-17 22:41 - 2012-08-17 22:41 - 00021432 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\fsdrvplg.ppl
2012-08-17 22:41 - 2012-08-17 22:41 - 00038840 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\winreg.ppl
2012-08-17 22:41 - 2013-02-02 15:50 - 00045576 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\pxstub.ppl
2012-08-17 22:41 - 2013-02-28 20:30 - 01329008 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\params.ppl
2012-08-17 22:38 - 2012-08-17 22:38 - 01108408 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\app_core_legacy.dll
2012-08-17 22:39 - 2013-02-02 15:50 - 00609288 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\key_value_storage.DLL
2012-08-17 22:39 - 2012-08-17 22:39 - 00254392 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\eka_meta.dll
2012-08-17 22:40 - 2012-08-17 22:40 - 00253368 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\updater_meta.dll
2012-08-17 22:38 - 2012-08-17 22:38 - 00126904 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\content_filtering_meta.dll
2012-08-17 22:38 - 2012-08-17 22:38 - 00256440 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\am_meta.dll
2012-08-17 22:38 - 2012-08-17 22:38 - 00434616 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ac_meta.dll
2012-08-17 22:38 - 2012-08-17 22:38 - 00362936 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\app_core_meta.dll
2012-08-17 22:39 - 2013-02-02 15:50 - 00825784 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\product_metainfo.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00208824 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\plugins_meta.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00297400 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ksn_meta.dll
2012-08-17 22:40 - 2013-04-24 17:17 - 00238272 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ucp_meta.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00183224 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klifpp_meta.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00097720 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\instrumental_meta.dll
2012-08-17 22:40 - 2012-08-17 22:40 - 00395192 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\storage.dll
2012-08-17 22:38 - 2012-08-17 22:38 - 00036280 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avpservice.dll
2012-08-17 22:41 - 2013-02-28 20:30 - 04885872 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avpgui.ppl
2012-08-17 22:39 - 2012-08-17 22:39 - 02321336 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtCore4.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 02289080 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtDeclarative4.dll
2012-08-17 22:40 - 2012-08-17 22:40 - 01296824 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtScript4.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00182200 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtSql4.dll
2012-08-17 22:40 - 2012-08-17 22:40 - 07269816 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtGui4.dll
2012-08-17 22:40 - 2012-08-17 22:40 - 02051512 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtNetwork4.dll
2012-08-17 22:38 - 2012-08-17 22:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2012-08-17 22:41 - 2013-02-02 15:50 - 02162616 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\basegui.ppl
2012-08-17 22:41 - 2013-02-28 20:30 - 00041328 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\thpimpl.ppl
2012-08-17 22:39 - 2012-08-17 22:39 - 00085944 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\memmon.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00657336 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\localization_manager.dll
2012-08-17 22:39 - 2013-02-02 15:50 - 00288696 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\parental_control_gui.dll
2012-08-17 22:41 - 2012-08-17 22:41 - 00018360 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\hashmd5.ppl
2012-08-17 22:40 - 2012-08-17 22:40 - 00034232 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\imageformats\qgif4.dll
2012-08-17 22:40 - 2012-08-17 22:40 - 00036792 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\imageformats\qico4.dll
2012-08-17 22:40 - 2012-08-17 22:40 - 00189368 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\imageformats\qjpeg4.dll
2012-08-17 22:41 - 2012-08-17 22:41 - 00088504 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\propmap.ppl
2009-11-02 23:20 - 2009-11-02 23:20 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 23:23 - 2009-11-02 23:23 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-03-12 18:10 - 2013-08-22 00:18 - 00687104 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2012-01-22 05:36 - 2013-08-28 23:47 - 01120680 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2012-01-22 05:36 - 2013-08-07 21:31 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-03-15 21:22 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-03-15 21:22 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-03-15 21:22 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll

==================== Alternate Data Streams (whitelisted) ==========



==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/10/2013 09:24:06 PM) (Source: Application Hang) (User: )
Description: Programm AIRecoveryRemind.exe, Version 1.0.13.3 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: ad0

Startzeit: 01ceae35cc570577

Endzeit: 43

Anwendungspfad: C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe

Berichts-ID: 79a043b5-1a4e-11e3-9a80-14dae9acfac1

Error: (09/10/2013 09:21:18 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: rome2.exe, Version: 1.0.0.1, Zeitstempel: 0x522a2d8b
Name des fehlerhaften Moduls: Rome2.dll, Version: 1.0.0.1, Zeitstempel: 0x522a2c8c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x007a6bea
ID des fehlerhaften Prozesses: 0x135c
Startzeit der fehlerhaften Anwendung: 0xrome2.exe0
Pfad der fehlerhaften Anwendung: rome2.exe1
Pfad des fehlerhaften Moduls: rome2.exe2
Berichtskennung: rome2.exe3

Error: (08/17/2013 10:34:08 PM) (Source: Application Hang) (User: )
Description: Programm Gothic3.exe, Version 1.74.25931.14 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 610

Startzeit: 01ce9b83f66e5389

Endzeit: 732

Anwendungspfad: C:\Program Files (x86)\Steam\steamapps\common\Gothic 3\Gothic3.exe

Berichts-ID:

Error: (08/14/2013 09:30:06 PM) (Source: Windows Installer 3.1) (User: )
Description: WindowsFür diesen Befehl ist nicht genügend Speicher verfügbar.

Error: (07/26/2013 10:12:26 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 22.0.0.4917, Zeitstempel: 0x51c06b1b
Name des fehlerhaften Moduls: xul.dll, Version: 22.0.0.4917, Zeitstempel: 0x51c06a5b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00173668
ID des fehlerhaften Prozesses: 0x950
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (07/15/2013 09:18:16 PM) (Source: Application Hang) (User: )
Description: Programm EndlessSpace.exe, Version 4.1.2.1635 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1294

Startzeit: 01ce818dbf1f6084

Endzeit: 123

Anwendungspfad: C:\Program Files (x86)\Steam\steamapps\common\Endless Space\EndlessSpace.exe

Berichts-ID:

Error: (07/15/2013 09:16:41 PM) (Source: Application Hang) (User: )
Description: Programm Steam.exe, Version 1.82.67.49 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: e50

Startzeit: 01ce818d017b9bb2

Endzeit: 45

Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe

Berichts-ID: 0cf56f77-ed83-11e2-a8ef-14dae9acfac1

Error: (07/10/2013 07:38:46 PM) (Source: Application Hang) (User: )
Description: Programm Gothic2.exe, Version 2.6.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 974

Startzeit: 01ce7d93bf6cf55e

Endzeit: 30

Anwendungspfad: C:\Program Files (x86)\Steam\steamapps\common\Gothic II\system\Gothic2.exe

Berichts-ID:

Error: (06/06/2013 09:16:46 PM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 868

Startzeit: 01ce62ea421924d4

Endzeit: 15

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 9d3a0d05-cedd-11e2-bab3-14dae9acfac1

Error: (06/03/2013 06:53:09 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879, Zeitstempel: 0x518ec3cc
Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879, Zeitstempel: 0x518ec306
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001c9789
ID des fehlerhaften Prozesses: 0x13d4
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3


System errors:
=============
Error: (09/11/2013 04:56:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147024891

Error: (09/11/2013 04:56:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

Error: (09/11/2013 04:56:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

Error: (09/11/2013 04:56:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: 
%%1060

Error: (09/10/2013 04:54:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2147024891

Error: (09/10/2013 04:54:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147024891

Error: (09/10/2013 04:53:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: 
%%1060

Error: (09/10/2013 04:53:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147024891

Error: (09/10/2013 04:53:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

Error: (09/10/2013 04:53:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.


Microsoft Office Sessions:
=========================
Error: (09/10/2013 09:24:06 PM) (Source: Application Hang)(User: )
Description: AIRecoveryRemind.exe1.0.13.3ad001ceae35cc57057743C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe79a043b5-1a4e-11e3-9a80-14dae9acfac1

Error: (09/10/2013 09:21:18 PM) (Source: Application Error)(User: )
Description: rome2.exe1.0.0.1522a2d8bRome2.dll1.0.0.1522a2c8cc0000005007a6bea135c01ceae4e98f1f94cD:\Spiele\SteamLibrary\steamapps\common\Total War Rome II\rome2.exeD:\Spiele\SteamLibrary\steamapps\common\Total War Rome II\Rome2.dll2aacfeb3-1a4e-11e3-9a80-14dae9acfac1

Error: (08/17/2013 10:34:08 PM) (Source: Application Hang)(User: )
Description: Gothic3.exe1.74.25931.1461001ce9b83f66e5389732C:\Program Files (x86)\Steam\steamapps\common\Gothic 3\Gothic3.exe

Error: (08/14/2013 09:30:06 PM) (Source: Windows Installer 3.1)(User: )
Description: WindowsFür diesen Befehl ist nicht genügend Speicher verfügbar.

Error: (07/26/2013 10:12:26 PM) (Source: Application Error)(User: )
Description: firefox.exe22.0.0.491751c06b1bxul.dll22.0.0.491751c06a5bc00000050017366895001ce8a385378a819C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dllb02fa115-f62f-11e2-943a-14dae9acfac1

Error: (07/15/2013 09:18:16 PM) (Source: Application Hang)(User: )
Description: EndlessSpace.exe4.1.2.1635129401ce818dbf1f6084123C:\Program Files (x86)\Steam\steamapps\common\Endless Space\EndlessSpace.exe

Error: (07/15/2013 09:16:41 PM) (Source: Application Hang)(User: )
Description: Steam.exe1.82.67.49e5001ce818d017b9bb245C:\Program Files (x86)\Steam\Steam.exe0cf56f77-ed83-11e2-a8ef-14dae9acfac1

Error: (07/10/2013 07:38:46 PM) (Source: Application Hang)(User: )
Description: Gothic2.exe2.6.0.097401ce7d93bf6cf55e30C:\Program Files (x86)\Steam\steamapps\common\Gothic II\system\Gothic2.exe

Error: (06/06/2013 09:16:46 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.1756786801ce62ea421924d415C:\Windows\Explorer.EXE9d3a0d05-cedd-11e2-bab3-14dae9acfac1

Error: (06/03/2013 06:53:09 PM) (Source: Application Error)(User: )
Description: firefox.exe21.0.0.4879518ec3ccxul.dll21.0.0.4879518ec306c0000005001c978913d401ce607a2bed01deC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll117401d9-cc6e-11e2-8839-14dae9acfac1


CodeIntegrity Errors:
===================================
  Date: 2013-09-11 17:19:30.510
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-11 17:19:30.506
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-11 17:19:30.502
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-11 17:19:30.488
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-11 17:19:30.484
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-11 17:19:30.480
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-10 17:13:48.904
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-10 17:13:48.900
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-10 17:13:48.895
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-10 17:13:48.871
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 26%
Total physical RAM: 8102.78 MB
Available physical RAM: 5938.37 MB
Total Pagefile: 16203.75 MB
Available Pagefile: 13704.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:197.55 GB) (Free:43.97 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:243.21 GB) (Free:212.87 GB) NTFS
Drive e: (564473536-1) (CDROM) (Total:0.15 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 366EC4CF)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=198 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=243 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 466 GB) (Disk ID: F6E6215C)

==================== End Of Log ============================
         
-----------------------[Vaio Black]-----------------------
FRST Log:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-09-2013
Ran by Admin (administrator) on ADMIN-PC on 11-09-2013 20:28:16
Running from C:\Users\Admin\Desktop
Microsoft® Windows Vista™ Business  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Auslogics) C:\Program Files\Auslogics\BoostSpeed\BoostSpeed.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\LifeExp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(IDT, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IELowutil.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1568976 2012-06-20] (Ask)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356376 2013-02-15] (Kaspersky Lab ZAO)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [LifeCam] - C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-04-21] (Google Inc.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)

==================== Internet (Whitelisted) ====================

URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=382e3980-2315-4415-85d8-ba7ffc775192&apn_sauid=37FF5EB3-E6E5-4DCE-9C2B-249D30888FF7
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.124.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2g2zse2k.default
FF DefaultSearchEngine: Ask.com Search
FF SearchEngineOrder.1: Ask.com Search
FF SelectedSearchEngine: Ask.com Search
FF Homepage: https://www.google.de/
FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=382e3980-2315-4415-85d8-ba7ffc775192&apn_ptnrs=%5EABT&apn_sauid=37FF5EB3-E6E5-4DCE-9C2B-249D30888FF7&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2g2zse2k.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2g2zse2k.default\searchplugins\askcomsearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2g2zse2k.default\Extensions\toolbar@ask.com
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions:  C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\22.0.1229.95\pdf.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plugin/content_blocker_npapi.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\plugin/npVKPlugin.dll (Kaspersky Lab ZAO)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0
CHR Extension: (Content Blocker) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0
CHR Extension: (Virtual Keyboard) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx

========================== Services (Whitelisted) =================

R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356376 2013-02-15] (Kaspersky Lab ZAO)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe [90112 2008-05-09] (IDT, Inc.)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1013808 2013-03-26] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-10] (Microsoft Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [594528 2013-04-27] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [24408 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25944 2012-10-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25944 2012-10-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-06-21] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-04-27] (Kaspersky Lab ZAO)
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
R3 SPI; C:\Windows\System32\DRIVERS\SonyPI.sys [33792 2006-10-05] (Sony Corporation)
R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [227328 2006-11-06] (Texas Instruments)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2013-04-27] (Kaspersky Lab ZAO)
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 toshidpt; system32\drivers\Toshidpt.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-11 20:28 - 2013-09-11 20:28 - 00000000 ____D C:\FRST
2013-09-11 20:27 - 2013-09-11 20:08 - 01082455 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2013-09-11 20:25 - 2013-09-11 20:26 - 00002388 _____ C:\Windows\setupact.log
2013-09-11 20:25 - 2013-09-11 20:25 - 00000000 _____ C:\Windows\setuperr.log
2013-09-06 15:19 - 2013-09-11 20:24 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-09-05 15:47 - 2013-09-05 15:47 - 00000000 ____D C:\Users\Admin\Desktop\Midifiles
2013-09-03 11:58 - 2013-09-03 12:12 - 00000000 ____D C:\Users\Admin\AppData\Roaming\TeamViewer
2013-09-03 11:45 - 2013-09-03 11:45 - 00000955 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-09-03 11:44 - 2013-09-03 11:44 - 05536272 _____ (TeamViewer GmbH) C:\Users\Admin\Downloads\TeamViewer_Setup_de-ckc.exe
2013-08-31 08:04 - 2013-08-31 08:04 - 00001014 _____ C:\Windows\PFRO.log
2013-08-30 23:15 - 2013-08-30 23:15 - 00000962 _____ C:\Users\Admin\Desktop\Auslogics BoostSpeed.lnk
2013-08-30 22:58 - 2013-08-30 23:16 - 00000000 ____D C:\ProgramData\Auslogics
2013-08-30 22:57 - 2013-08-30 23:15 - 00000000 ____D C:\Program Files\Auslogics
2013-08-30 22:57 - 2013-08-30 22:57 - 00000962 _____ C:\Users\Admin\Desktop\Auslogics DiskDefrag.lnk
2013-08-30 22:42 - 2013-08-30 22:42 - 00001892 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-08-30 22:40 - 2013-08-30 22:41 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-08-30 22:40 - 2013-08-30 22:40 - 00000000 ____D C:\Program Files\Adobe
2013-08-30 21:17 - 2013-09-06 08:09 - 00001971 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-30 21:12 - 2013-08-30 22:43 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2013-08-30 18:54 - 2013-09-04 09:54 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2013-08-30 18:52 - 2013-08-30 18:52 - 00000000 ____D C:\Program Files\VideoLAN
2013-08-30 18:44 - 2013-08-30 18:44 - 00000000 ____D C:\Program Files\Western Digital
2013-08-30 18:14 - 2013-08-30 18:14 - 00001664 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-30 18:13 - 2013-08-30 18:14 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-30 18:13 - 2013-08-30 18:14 - 00000000 ____D C:\Program Files\iTunes
2013-08-30 18:13 - 2013-08-30 18:13 - 00000000 ____D C:\Program Files\iPod
2013-08-30 17:19 - 2013-08-30 17:28 - 00000000 ____D C:\Users\Admin\Desktop\Microsoft Office
2013-08-30 17:19 - 2013-08-30 17:19 - 00002707 _____ C:\Users\Admin\Desktop\Microsoft Office PowerPoint 2007.lnk
2013-08-30 17:19 - 2013-08-30 17:19 - 00002687 _____ C:\Users\Admin\Desktop\Microsoft Office Excel 2007.lnk
2013-08-30 17:19 - 2013-08-30 17:19 - 00002681 _____ C:\Users\Admin\Desktop\Microsoft Office Word 2007.lnk
2013-08-30 17:18 - 2006-10-26 19:56 - 00032592 _____ (Microsoft Corporation) C:\Windows\system32\msonpmon.dll
2013-08-30 17:17 - 2013-08-30 17:17 - 00000000 ____D C:\Program Files\Microsoft Works
2013-08-30 17:17 - 2013-08-30 17:17 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-08-30 17:16 - 2013-08-30 17:16 - 00000000 ____D C:\Windows\PCHEALTH
2013-08-30 17:13 - 2013-08-30 17:20 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-30 17:13 - 2013-08-30 17:17 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-30 17:13 - 2013-08-30 17:13 - 00000000 ____D C:\Users\Admin\AppData\Local\Microsoft Help
2013-08-30 17:07 - 2013-08-30 17:07 - 00000000 __RHD C:\MSOCache
2013-08-28 15:12 - 2013-08-28 15:11 - 00000988 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
2013-08-16 15:14 - 2013-08-16 15:14 - 00000000 ____D C:\Windows\system32\MRT
2013-08-16 15:04 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-16 15:04 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-16 15:04 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-16 15:04 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-16 15:04 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-16 15:04 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-16 15:04 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-16 15:04 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-16 15:04 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-16 15:04 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-16 15:04 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-16 15:04 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-16 15:04 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-16 15:04 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-16 15:04 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-16 15:04 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-15 20:39 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 20:39 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 20:39 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-15 20:39 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 20:39 - 2013-07-05 06:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 20:39 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-15 20:39 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-15 20:38 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 20:37 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 20:37 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 20:37 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 20:37 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-12 19:55 - 2013-08-12 19:55 - 00000000 ____D C:\Program Files\Common Files\Java
2013-08-12 19:55 - 2013-08-12 19:54 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-12 19:55 - 2013-08-12 19:54 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-12 19:55 - 2013-08-12 19:54 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-12 19:55 - 2013-08-12 19:54 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

==================== One Month Modified Files and Folders =======

2013-09-11 20:28 - 2013-09-11 20:28 - 00000000 ____D C:\FRST
2013-09-11 20:28 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-09-11 20:27 - 2006-11-02 14:52 - 01745009 _____ C:\Windows\WindowsUpdate.log
2013-09-11 20:26 - 2013-09-11 20:25 - 00002388 _____ C:\Windows\setupact.log
2013-09-11 20:26 - 2012-11-29 17:13 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-11 20:25 - 2013-09-11 20:25 - 00000000 _____ C:\Windows\setuperr.log
2013-09-11 20:24 - 2013-09-06 15:19 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-09-11 20:24 - 2013-04-21 23:55 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-11 20:24 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-11 20:24 - 2006-11-02 14:47 - 00005296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-11 20:24 - 2006-11-02 14:47 - 00005296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-11 20:08 - 2013-09-11 20:27 - 01082455 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2013-09-11 18:10 - 2006-11-02 15:01 - 00032514 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-11 18:02 - 2012-08-24 20:33 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2013-09-11 17:54 - 2013-04-21 23:55 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-11 17:35 - 2012-08-21 18:19 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-11 17:09 - 2006-11-02 12:33 - 01445116 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-11 17:02 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\tracing
2013-09-06 08:09 - 2013-08-30 21:17 - 00001971 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-05 15:47 - 2013-09-05 15:47 - 00000000 ____D C:\Users\Admin\Desktop\Midifiles
2013-09-04 09:54 - 2013-08-30 18:54 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2013-09-03 19:52 - 2012-08-21 17:28 - 00059464 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-03 19:51 - 2006-11-02 14:47 - 00265024 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-03 12:49 - 2013-02-15 15:57 - 00000000 ____D C:\ProgramData\Adobe
2013-09-03 12:12 - 2013-09-03 11:58 - 00000000 ____D C:\Users\Admin\AppData\Roaming\TeamViewer
2013-09-03 11:45 - 2013-09-03 11:45 - 00000955 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-09-03 11:45 - 2012-08-21 19:06 - 00000000 ____D C:\Program Files\TeamViewer
2013-09-03 11:44 - 2013-09-03 11:44 - 05536272 _____ (TeamViewer GmbH) C:\Users\Admin\Downloads\TeamViewer_Setup_de-ckc.exe
2013-09-03 09:40 - 2012-08-24 20:40 - 00034304 _____ C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-02 18:53 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\LogFiles
2013-08-31 08:04 - 2013-08-31 08:04 - 00001014 _____ C:\Windows\PFRO.log
2013-08-30 23:16 - 2013-08-30 22:58 - 00000000 ____D C:\ProgramData\Auslogics
2013-08-30 23:15 - 2013-08-30 23:15 - 00000962 _____ C:\Users\Admin\Desktop\Auslogics BoostSpeed.lnk
2013-08-30 23:15 - 2013-08-30 22:57 - 00000000 ____D C:\Program Files\Auslogics
2013-08-30 22:57 - 2013-08-30 22:57 - 00000962 _____ C:\Users\Admin\Desktop\Auslogics DiskDefrag.lnk
2013-08-30 22:43 - 2013-08-30 21:12 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2013-08-30 22:43 - 2012-08-21 18:19 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2013-08-30 22:42 - 2013-08-30 22:42 - 00001892 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-08-30 22:41 - 2013-08-30 22:40 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-08-30 22:40 - 2013-08-30 22:40 - 00000000 ____D C:\Program Files\Adobe
2013-08-30 22:32 - 2013-04-21 23:54 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2013-08-30 21:17 - 2013-04-21 23:54 - 00000000 ____D C:\Program Files\Google
2013-08-30 18:52 - 2013-08-30 18:52 - 00000000 ____D C:\Program Files\VideoLAN
2013-08-30 18:44 - 2013-08-30 18:44 - 00000000 ____D C:\Program Files\Western Digital
2013-08-30 18:44 - 2012-08-21 17:28 - 00000000 ____D C:\Users\Admin
2013-08-30 18:14 - 2013-08-30 18:14 - 00001664 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-30 18:14 - 2013-08-30 18:13 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-30 18:14 - 2013-08-30 18:13 - 00000000 ____D C:\Program Files\iTunes
2013-08-30 18:13 - 2013-08-30 18:13 - 00000000 ____D C:\Program Files\iPod
2013-08-30 18:13 - 2013-04-14 13:38 - 00000000 ____D C:\ProgramData\Apple Computer
2013-08-30 18:13 - 2013-04-14 13:33 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-30 17:36 - 2012-08-21 18:19 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-30 17:36 - 2012-08-21 18:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-30 17:28 - 2013-08-30 17:19 - 00000000 ____D C:\Users\Admin\Desktop\Microsoft Office
2013-08-30 17:20 - 2013-08-30 17:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-30 17:19 - 2013-08-30 17:19 - 00002707 _____ C:\Users\Admin\Desktop\Microsoft Office PowerPoint 2007.lnk
2013-08-30 17:19 - 2013-08-30 17:19 - 00002687 _____ C:\Users\Admin\Desktop\Microsoft Office Excel 2007.lnk
2013-08-30 17:19 - 2013-08-30 17:19 - 00002681 _____ C:\Users\Admin\Desktop\Microsoft Office Word 2007.lnk
2013-08-30 17:17 - 2013-08-30 17:17 - 00000000 ____D C:\Program Files\Microsoft Works
2013-08-30 17:17 - 2013-08-30 17:17 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-08-30 17:17 - 2013-08-30 17:13 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-30 17:17 - 2006-11-02 13:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-08-30 17:16 - 2013-08-30 17:16 - 00000000 ____D C:\Windows\PCHEALTH
2013-08-30 17:16 - 2012-09-10 17:02 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-08-30 17:14 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\ShellNew
2013-08-30 17:13 - 2013-08-30 17:13 - 00000000 ____D C:\Users\Admin\AppData\Local\Microsoft Help
2013-08-30 17:07 - 2013-08-30 17:07 - 00000000 __RHD C:\MSOCache
2013-08-28 15:11 - 2013-08-28 15:12 - 00000988 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
2013-08-19 19:17 - 2012-10-11 10:12 - 00001778 ____H C:\Users\Admin\Documents\Default.rdp
2013-08-19 14:46 - 2013-05-24 17:57 - 00000000 ____D C:\Windows\Minidump
2013-08-18 09:57 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-17 11:52 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-08-17 11:31 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-16 15:14 - 2013-08-16 15:14 - 00000000 ____D C:\Windows\system32\MRT
2013-08-16 15:14 - 2006-11-02 12:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-12 19:55 - 2013-08-12 19:55 - 00000000 ____D C:\Program Files\Common Files\Java
2013-08-12 19:54 - 2013-08-12 19:55 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-12 19:54 - 2013-08-12 19:55 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-12 19:54 - 2013-08-12 19:55 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-12 19:54 - 2013-08-12 19:55 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-08-12 19:54 - 2012-11-29 15:13 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-12 19:54 - 2012-11-29 15:13 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll

Files to move or delete:
====================
C:\Users\Admin\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 17:08

==================== End Of Log ============================
         
--- --- ---

Addition Log:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-09-2013
Ran by Admin at 2013-09-11 20:29:17
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.15.26.0)
Auslogics BoostSpeed (Version: 6.1.0.0)
Auslogics DiskDefrag (Version: 4.1.0.0)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU Version: 1.3.0.23930)
Bluetooth Stack for Windows by Toshiba (Version: v5.10.03(SO))
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.21)
DriverTuner 3.1.0.0 (Version: 3.1.0.0)
EVEREST Ultimate Edition v5.50 (Version: 5.50)
Google Chrome (Version: 29.0.1547.66)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4413.1752)
Google Update Helper (Version: 1.3.21.153)
Intel(R) Graphics Media Accelerator Driver
iTunes (Version: 11.0.5.5)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
JavaFX 2.1.1 (Version: 2.1.1)
Kaspersky Anti-Virus 2013 (Version: 13.0.1.4190)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft LifeCam (Version: 3.22.270.0)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 20.0.1 (x86 de) (Version: 20.0.1)
Mozilla Maintenance Service (Version: 20.0.1)
NVIDIA Drivers (Version: 1.3)
SES Driver (Version: 1.0.0)
SigmaTel Audio (Version: 5.10.5102.0)
Skype Click to Call (Version: 6.3.11079)
Skype™ 6.3 (Version: 6.3.107)
System Requirements Lab for Intel (Version: 4.5.5.0)
TeamViewer 8 (Version: 8.0.20202)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VAIO Update (Version: 6.2.1.03260)
VLC media player 2.0.8 (Version: 2.0.8)
VU5x86 (Version: 1.1.0)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (12/06/2010 4.0.0000.00000) (Version: 12/06/2010 4.0.0000.00000)
Windows-Treiberpaket - Intel hdc  (10/05/2012 9.1.9.1002) (Version: 10/05/2012 9.1.9.1002)
Windows-Treiberpaket - Intel System  (10/05/2012 9.1.9.1002) (Version: 10/05/2012 9.1.9.1002)
Windows-Treiberpaket - Intel USB  (10/05/2012 9.1.9.1002) (Version: 10/05/2012 9.1.9.1002)
Windows-Treiberpaket - NVIDIA (nvlddmkm) Display  (02/20/2007 7.15.10.9813) (Version: 02/20/2007 7.15.10.9813)
WinRAR 4.20 (32-Bit) (Version: 4.20.0)
WinZip 16.5 (Version: 16.5.10095)

==================== Restore Points  =========================

30-08-2013 20:40:01 Installed Adobe Reader X (10.1.0) - Deutsch.

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {00F40A24-12AD-42D0-8C51-E8FBEBC7FC7D} - System32\Tasks\Auslogics\BoostSpeed\Start BoostSpeed оn Admin logon => C:\Program Files\Auslogics\BoostSpeed\BoostSpeed.exe [2013-08-01] (Auslogics)
Task: {05160593-1822-44D5-9DC1-6E172EE86DF6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-30] (Adobe Systems Incorporated)
Task: {0679BBA8-EFCB-4643-93B9-FB56102F5A8C} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\system32\schtasks.exe [2008-01-18] (Microsoft Corporation)
Task: {0CAB7B68-718C-40E0-B83B-89DDF7007DC8} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\system32\pla.dll [2008-01-18] (Microsoft Corporation)
Task: {155723BA-60E2-4354-93AF-84EAC8D3C2D8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2012-08-24] ()
Task: {1D1E2232-70B6-4B82-B9A3-59BA2C66EDE5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-21] (Google Inc.)
Task: {293E1642-DB70-4978-9E4E-7884801A7BBE} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-18] (Microsoft Corporation)
Task: {2DE18FE4-6467-484F-8431-206702EC5546} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-18] (Microsoft Corporation)
Task: {2E5B7D97-F14C-4CFF-864E-620AABA892D1} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {31D0C8A4-B75D-4D62-A659-434925C2BAAA} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-18] (Microsoft Corporation)
Task: {339C840C-660E-4AB3-8741-7C336AF19975} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2013-04-30] ()
Task: {4D72741E-769C-45DB-8604-CB8EBDADAA29} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {55A92A83-8346-46CE-8E82-0FAB25FDA03D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-21] (Google Inc.)
Task: {787C2798-616A-4139-9D6C-A283F23A2AB6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-07-24] (Piriform Ltd)
Task: {838CEA61-4CCA-47D5-B4BA-9D55635E1387} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2013-03-26] (Sony Corporation)
Task: {92BD41B6-C1A5-4678-AE51-5DC17D8F2BFD} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-18] (Microsoft Corporation)
Task: {A7CCFFC9-819A-4402-AB2B-C2BF68275536} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2013-03-26] (Sony Corporation)
Task: {B6DCF005-8ED0-41FF-9D79-3E5BD979AFBB} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-18] (Microsoft Corporation)
Task: {C373AC92-18B9-465D-AB83-DC964CFA01A9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {DD287856-D172-4547-88E4-2F5DC1F12399} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
         

Alt 11.09.2013, 20:05   #11
Goeol2
 
Telekombrief "Hacking": Heimnetzwerk (2xTower, 2xLaptop, 2xNotebook) - Standard

Telekombrief "Hacking": Heimnetzwerk (2xTower, 2xLaptop, 2xNotebook)



Code:
ATTFilter
==================== Loaded Modules (whitelisted) =============

2006-11-02 12:25 - 2010-03-18 10:26 - 03063808 _____ (NVidia Corporation) C:\Windows\system32\nvd3dum.dll
2012-05-08 16:50 - 2012-05-08 16:50 - 00011664 ____R (WinZip Computing, S.L.) C:\Program Files\WinZip\wzshlstb.dll
2012-11-29 15:25 - 2012-06-09 20:20 - 00167936 _____ (Alexander Roshal) C:\Program Files\WinRAR\rarext.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00159672 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\prremote.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00369080 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\prloader.dll
2010-03-18 10:26 - 2010-03-18 10:26 - 07770112 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2006-11-02 12:25 - 2010-03-18 10:26 - 00307200 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2010-03-18 10:26 - 2010-03-18 10:26 - 01036288 _____ (NVIDIA Corporation) C:\Windows\system32\nvCplUIR.dll
2012-08-26 19:22 - 2007-11-30 13:19 - 00192512 _____ (Intel Corporation) C:\Intel\ExtremeGraphics\CUI\Resource\igfxres.dll
2013-08-30 23:15 - 2013-08-01 23:35 - 02859336 _____ (Auslogics) C:\Program Files\Auslogics\BoostSpeed\AxComponentsVCL.bpl
2013-08-30 23:15 - 2013-08-01 23:35 - 01130824 _____ (Auslogics) C:\Program Files\Auslogics\BoostSpeed\AxComponentsRTL.bpl
2013-08-30 23:15 - 2013-08-01 23:35 - 01045320 _____ (Auslogics) C:\Program Files\Auslogics\BoostSpeed\AxAnimation.bpl
2013-08-30 23:15 - 2013-08-01 23:35 - 00084808 _____ (Auslogics) C:\Program Files\Auslogics\BoostSpeed\ProductHelper.dll
2013-08-30 23:15 - 2013-08-01 23:35 - 00105288 _____ (Auslogics) C:\Program Files\Auslogics\BoostSpeed\Localizer.dll
2013-08-30 23:15 - 2013-08-01 23:35 - 00246088 _____ (Auslogics) C:\Program Files\Auslogics\BoostSpeed\SettingsHelper.dll
2013-08-30 23:15 - 2013-08-01 23:35 - 00185672 _____ (Auslogics) C:\Program Files\Auslogics\BoostSpeed\CommonForms.Site.dll
2013-08-30 23:15 - 2013-08-01 23:35 - 00090440 _____ (Auslogics) C:\Program Files\Auslogics\BoostSpeed\ReportHelper.dll
2013-08-30 23:15 - 2013-08-01 23:35 - 00185672 _____ (Auslogics) C:\Program Files\Auslogics\BoostSpeed\TaskSchedulerHelper.dll
2013-08-30 23:15 - 2013-08-01 23:35 - 00138568 _____ (Auslogics) C:\Program Files\Auslogics\BoostSpeed\VolumesHelper.dll
2013-08-30 23:15 - 2013-08-01 23:35 - 00341320 _____ (Auslogics) C:\Program Files\Auslogics\BoostSpeed\SpywareCheckerHelper.dll
2013-08-30 23:15 - 2013-08-01 23:35 - 00542536 _____ (Auslogics) C:\Program Files\Auslogics\BoostSpeed\RescueCenterHelper.dll
2013-08-30 23:15 - 2013-08-01 23:35 - 00963912 _____ (Auslogics) C:\Program Files\Auslogics\BoostSpeed\AxBrowsers.dll
2013-08-30 23:15 - 2013-08-01 23:35 - 00417608 _____ (Auslogics) C:\Program Files\Auslogics\BoostSpeed\CommonForms.Routine.dll
2013-08-30 23:15 - 2013-08-01 23:35 - 00291656 _____ (TweakBit) C:\Program Files\Auslogics\BoostSpeed\ATToolsStdHelper.dll
2013-08-30 23:15 - 2013-08-01 23:35 - 00883016 _____ (TweakBit) C:\Program Files\Auslogics\BoostSpeed\ATUpdatersHelper.dll
2013-08-30 23:15 - 2013-08-01 23:35 - 00179528 _____ (TweakBit) C:\Program Files\Auslogics\BoostSpeed\ATPopupsHelper.dll
2013-08-30 23:15 - 2013-08-01 23:35 - 00749384 _____ (Auslogics) C:\Program Files\Auslogics\BoostSpeed\SystemInformationHelper.dll
2013-08-30 23:15 - 2013-08-01 23:35 - 00548680 _____ (Auslogics) C:\Program Files\Auslogics\BoostSpeed\DiskCleanerHelper.dll
2013-08-30 23:15 - 2013-08-01 23:35 - 00575816 _____ (Auslogics) C:\Program Files\Auslogics\BoostSpeed\RegistryCleanerHelper.dll
2013-08-30 23:15 - 2013-08-01 23:35 - 00436552 _____ (Auslogics) C:\Program Files\Auslogics\BoostSpeed\TrackEraserHelper.dll
2013-08-30 23:15 - 2013-08-01 23:35 - 00564608 _____ () C:\Program Files\Auslogics\BoostSpeed\sqlite3.dll
2013-08-30 23:15 - 2013-08-01 23:35 - 00268616 _____ (Auslogics) C:\Program Files\Auslogics\BoostSpeed\DiskDefragHelper.dll
2013-08-30 23:15 - 2013-08-01 23:35 - 00367944 _____ (Auslogics) C:\Program Files\Auslogics\BoostSpeed\DiskWipeHelper.dll
2013-08-30 23:15 - 2013-08-01 23:35 - 00420680 _____ (Auslogics) C:\Program Files\Auslogics\BoostSpeed\InternetOptimizerHelper.dll
2013-08-30 23:15 - 2013-08-01 23:35 - 00714568 _____ (Auslogics) C:\Program Files\Auslogics\BoostSpeed\TweakManagerHelper.dll
2013-08-30 23:15 - 2013-08-01 23:35 - 00188232 _____ (Auslogics) C:\Program Files\Auslogics\BoostSpeed\ServiceManagerHelper.dll
2012-08-17 22:40 - 2013-06-19 14:40 - 00083648 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ushata.dll
2012-08-17 22:38 - 2012-08-17 22:38 - 00013240 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avpinit.dll
2012-10-25 13:42 - 2013-04-27 19:35 - 00828096 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avpmain.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00097720 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\fssync.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00147896 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\DumpWriter.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00611768 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\service.dll
2012-08-17 22:41 - 2012-08-17 22:41 - 00110008 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\nfio.ppl
2012-08-17 22:41 - 2012-08-17 22:41 - 00021432 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\fsdrvplg.ppl
2012-08-17 22:41 - 2012-08-17 22:41 - 00038840 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\winreg.ppl
2012-08-17 22:41 - 2013-02-15 14:48 - 00045576 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\pxstub.ppl
2012-08-17 22:41 - 2013-02-26 18:35 - 01329008 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\params.ppl
2012-08-17 22:38 - 2012-08-17 22:38 - 01108408 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\app_core_legacy.dll
2012-08-17 22:39 - 2013-02-15 14:48 - 00609288 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\key_value_storage.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00254392 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\eka_meta.dll
2012-08-17 22:40 - 2012-08-17 22:40 - 00253368 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\updater_meta.dll
2012-08-17 22:38 - 2012-08-17 22:38 - 00126904 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\content_filtering_meta.dll
2012-08-17 22:38 - 2012-08-17 22:38 - 00256440 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\am_meta.dll
2012-08-17 22:38 - 2012-08-17 22:38 - 00434616 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ac_meta.dll
2012-08-17 22:38 - 2012-08-17 22:38 - 00362936 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\app_core_meta.dll
2012-08-17 22:39 - 2013-02-15 14:48 - 00825784 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\product_metainfo.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00208824 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\plugins_meta.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00297400 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ksn_meta.dll
2012-08-17 22:40 - 2013-04-27 19:35 - 00238272 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ucp_meta.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00183224 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\klifpp_meta.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00097720 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\instrumental_meta.dll
2012-08-17 22:40 - 2012-08-17 22:40 - 00395192 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\storage.dll
2012-08-17 22:38 - 2012-08-17 22:38 - 00036280 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avpservice.dll
2012-10-25 13:42 - 2013-02-26 18:34 - 04885872 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avpgui.ppl
2012-08-17 22:39 - 2012-08-17 22:39 - 02321336 _____ (Digia Plc) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\QtCore4.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 02289080 _____ (Digia Plc) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\QtDeclarative4.dll
2012-08-17 22:40 - 2012-08-17 22:40 - 01296824 _____ (Digia Plc) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\QtScript4.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00182200 _____ (Digia Plc) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\QtSql4.dll
2012-08-17 22:40 - 2012-08-17 22:40 - 07269816 _____ (Digia Plc) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\QtGui4.dll
2012-08-17 22:40 - 2012-08-17 22:40 - 02051512 _____ (Digia Plc) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\QtNetwork4.dll
2012-08-17 22:38 - 2012-08-17 22:38 - 00479160 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll
2012-10-25 13:42 - 2013-02-15 14:48 - 02162616 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\basegui.ppl
2012-08-17 22:41 - 2013-02-26 18:35 - 00041328 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\thpimpl.ppl
2012-08-17 22:39 - 2012-08-17 22:39 - 00085944 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\memmon.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00657336 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\localization_manager.dll
2012-08-17 22:39 - 2013-02-15 14:48 - 00288696 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\parental_control_gui.dll
2012-08-17 22:41 - 2012-08-17 22:41 - 00018360 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\hashmd5.ppl
2012-08-17 22:40 - 2012-08-17 22:40 - 00034232 _____ (Digia Plc) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\imageformats\qgif4.dll
2012-08-17 22:40 - 2012-08-17 22:40 - 00036792 _____ (Digia Plc) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\imageformats\qico4.dll
2012-08-17 22:40 - 2012-08-17 22:40 - 00189368 _____ (Digia Plc) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\imageformats\qjpeg4.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 00053648 _____ (Open Source Software community project) C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-30 23:05 - 2011-08-30 23:05 - 00073064 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll
2012-08-24 13:33 - 2008-01-18 23:33 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2006-11-02 10:55 - 2006-11-02 11:44 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\vidcap.ax
2012-08-24 14:44 - 2009-04-10 23:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\kswdmcap.ax
2005-07-13 14:38 - 2005-07-13 14:38 - 00057344 _____ (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosCpsAPI.dll
2006-12-01 22:43 - 2006-12-01 22:43 - 00225280 _____ (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMngHelp.dll
2006-08-04 21:33 - 2006-08-04 21:33 - 00053248 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\TosAvAPI.dll
2006-11-21 20:37 - 2006-11-21 20:37 - 00110592 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\TosBtSDDB.dll
2006-09-20 17:22 - 2006-09-20 17:22 - 00024576 _____ (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMngLang.dll
2006-04-19 14:49 - 2006-04-19 14:49 - 00102400 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\TosBdAPI.dll
2005-07-22 22:30 - 2005-07-22 22:30 - 00065536 _____ () C:\Windows\system32\TosCommAPI.dll
2001-09-26 16:15 - 2001-09-26 16:15 - 00065536 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\TosLaneAPI.dll
2006-11-25 09:33 - 2006-11-25 09:33 - 00167936 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\TosBtAPI.dll
2006-12-05 11:49 - 2006-12-05 11:49 - 00270336 _____ (TOSHIBA CORPORATION) C:\Windows\system32\LCWizard.dll
2001-08-17 17:23 - 2001-08-17 17:23 - 00217088 _____ (TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\BtUsrMod.dll
2005-11-08 21:07 - 2005-11-08 21:07 - 00065536 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\TosHidAPI.dll
2006-08-10 14:09 - 2006-08-10 14:09 - 00069632 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\TosGnsAPI.dll
2003-11-13 15:43 - 2003-11-13 15:43 - 00061440 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\TosAcpiAPI.dll
2006-08-18 00:04 - 2006-08-18 00:04 - 00049152 _____ (TOSHIBA) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtLoad.dll
2006-05-10 12:05 - 2006-05-10 12:05 - 00077824 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\TosBtECCAPI.dll
2007-01-18 12:37 - 2007-01-18 12:37 - 00131072 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\TosAvdtAPI.dll
2007-01-17 10:53 - 2007-01-17 10:53 - 00061440 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\TosSndAPI.dll
2007-01-18 18:08 - 2007-01-18 18:08 - 00487424 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\TosSndPlug.dll
2013-02-18 11:58 - 2013-03-26 15:16 - 00027200 _____ (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgentPS.dll

==================== Alternate Data Streams (whitelisted) ==========


==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/11/2013 05:03:24 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung Updater.exe, Version 1.3.0.23930, Zeitstempel 0x4fe22fdd, fehlerhaftes Modul Updater.exe, Version 1.3.0.23930, Zeitstempel 0x4fe22fdd, Ausnahmecode 0xc00000fd, Fehleroffset 0x0009cdf7,
Prozess-ID 0x834, Anwendungsstartzeit Updater.exe0.

Error: (09/07/2013 08:57:48 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\ADMIN\APPDATA\LOCAL\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\MSHIST012013090720130908> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (09/07/2013 08:57:48 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\ADMIN\APPDATA\LOCAL\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\MSHIST012013090720130908> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (09/07/2013 08:57:44 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\DESKTOP.INI> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (09/07/2013 08:57:44 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DESKTOP.INI> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (09/07/2013 08:57:44 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\ADMIN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\DESKTOP.INI> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (09/07/2013 08:57:43 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\ADMIN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\LOW\CONTENT.IE5\DESKTOP.INI> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (09/07/2013 08:18:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 40404

Error: (09/07/2013 08:18:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 40404

Error: (09/07/2013 08:18:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (09/11/2013 08:25:36 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/11/2013 05:03:10 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/09/2013 09:02:17 AM) (Source: DCOM) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}

Error: (09/09/2013 07:39:18 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/09/2013 07:34:39 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/08/2013 09:59:51 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/08/2013 00:29:26 PM) (Source: DCOM) (User: Admin-PC)
Description: AnwendungsspezifischLokalAktivierung{A47979D2-C419-11D9-A5B4-001185AD2B89}Admin-PCAdminS-1-5-21-1764029413-2558414401-2429182702-1000LocalHost (unter Verwendung von LRPC)

Error: (09/08/2013 00:27:06 PM) (Source: DCOM) (User: Admin-PC)
Description: AnwendungsspezifischLokalAktivierung{A47979D2-C419-11D9-A5B4-001185AD2B89}Admin-PCAdminS-1-5-21-1764029413-2558414401-2429182702-1000LocalHost (unter Verwendung von LRPC)

Error: (09/08/2013 00:19:43 PM) (Source: DCOM) (User: Admin-PC)
Description: AnwendungsspezifischLokalAktivierung{A47979D2-C419-11D9-A5B4-001185AD2B89}Admin-PCAdminS-1-5-21-1764029413-2558414401-2429182702-1000LocalHost (unter Verwendung von LRPC)

Error: (09/08/2013 00:18:30 PM) (Source: DCOM) (User: Admin-PC)
Description: AnwendungsspezifischLokalAktivierung{A47979D2-C419-11D9-A5B4-001185AD2B89}Admin-PCAdminS-1-5-21-1764029413-2558414401-2429182702-1000LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-09-11 20:28:53.445
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-11 20:28:53.289
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-11 20:28:53.102
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-11 20:28:52.915
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-28 15:12:08.990
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SETCEC2.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-28 15:12:08.803
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SETCEC2.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-28 15:12:08.288
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SETCEC2.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-28 15:12:08.070
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SETCEC2.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-28 15:12:07.680
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-28 15:12:07.493
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 56%
Total physical RAM: 2045.38 MB
Available physical RAM: 884.09 MB
Total Pagefile: 4326.02 MB
Available Pagefile: 3067.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:39.06 GB) (Free:5.61 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:63.41 GB) (Free:63.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 112 GB) (Disk ID: AFFE2998)
Partition 1: (Not Active) - (Size=9 GB) - (Type=27)
Partition 2: (Active) - (Size=39 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=63 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
-------------------------[Acer]-------------------------
Frst Log:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013
Ran by Sascha (administrator) on SASCHA-LAP on 11-09-2013 20:42:27
Running from C:\Users\Sascha\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Spigot, Inc.) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
() C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Smartbar) C:\Users\Sascha\AppData\Local\Smartbar\Application\Linkury.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
(Dropbox, Inc.) C:\Users\Sascha\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\TSCHelp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\snagiteditor.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
(Spigot Inc) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-04-17] (Egis Technology Inc.)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2010-01-13] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860704 2010-03-17] (Acer Incorporated)
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1354736 2013-02-03] (Valve Corporation)
HKCU\...\Run: [KiesHelper] - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [958392 2012-05-24] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-05-24] ()
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Browser Infrastructure Helper] - C:\Users\Sascha\AppData\Local\Smartbar\Application\Linkury.exe [20248 2013-06-05] (Smartbar)
MountPoints2: {49e71be5-0eb9-11e0-933f-705ab6f420ae} - G:\LaunchU3.exe -a
MountPoints2: {f3d0d218-094c-11e0-829c-705ab6f420ae} - E:\sldim\sldim.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-04-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [352976 2010-11-08] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [TrayServer] - C:\Program Files (x86)\MAGIX\Video_deluxe_17_Plus_Sonderedition\TrayServer.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [SolidWorks_CheckForUpdates] - C:\Program Files (x86)\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe [7218472 2008-09-15] (Dassault Systèmes SolidWorks Corp.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-07-19] (Apple Inc.)
HKLM-x32\...\Run: [RoccatKone+] - C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE [552960 2011-07-12] (ROCCAT GmbH)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3521464 2012-05-24] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [SearchSettings] - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [1303360 2013-08-08] (Spigot, Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
AppInit_DLLs-x32: c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll  [2691536 2013-07-26] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk
ShortcutTarget: Snagit 11.lnk -> C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=c65e995f-4461-4be9-ae06-790842455e61&affid=111583&searchtype=hp&babsrc=lnkry_nt&installDate=01/01/1970
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27361110j805l04e4z1l5t6682k02p
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=c65e995f-4461-4be9-ae06-790842455e61&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=c65e995f-4461-4be9-ae06-790842455e61&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://isearch.babylon.com/?affID=119370&babsrc=HP_ss_Btisdt3&mntrId=8ca65170000000000000000000000000
URLSearchHook: (No Name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} -  No File
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=c65e995f-4461-4be9-ae06-790842455e61&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=c65e995f-4461-4be9-ae06-790842455e61&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
SearchScopes: HKCU - DefaultScope {455241F4-ACE7-44E0-9F06-9C996AF0DC44} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=c65e995f-4461-4be9-ae06-790842455e61&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://isearch.babylon.com/?q={searchTerms}&affID=119370&babsrc=SP_ss_Btisdt3&mntrId=8ca65170000000000000000000000000
SearchScopes: HKCU - {455241F4-ACE7-44E0-9F06-9C996AF0DC44} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: Linkury SmartbarEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Linkury SmartbarEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.4\ytdToolbarIE.dll (Spigot, Inc.)
BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM - Linkury Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Linkury Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
Toolbar: HKLM-x32 - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.4\ytdToolbarIE.dll (Spigot, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\1reacud0.default
FF user.js: detected! => C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\1reacud0.default\user.js
FF NewTab: hxxp://www.delta-search.com/?affID=119370&babsrc=NT_ss&mntrId=8ca65170000000000000000000000000
FF SearchEngineOrder.1: Delta Search
FF Homepage: hxxp://isearch.babylon.com/?affID=119370&babsrc=HP_ss_Btisdt3&mntrId=8ca65170000000000000000000000000
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Sascha\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\1reacud0.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\1reacud0.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\1reacud0.default\Extensions\staged
FF Extension: Greasemonkey - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\1reacud0.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF Extension: ytd - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\1reacud0.default\Extensions\ytd@mybrowserbar.com
FF Extension: No Name - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\1reacud0.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF HKLM-x32\...\Thunderbird\Extensions: [{eea12ec4-729d-4703-bc37-106ce9879ce2}] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt
FF Extension: Kaspersky Anti-Spam Extension - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [352976 2010-11-08] (Kaspersky Lab ZAO)
R2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2847696 2013-07-26] ()
S3 CoordinatorServiceHost; C:\Program Files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe [87336 2011-01-08] (Dassault Systèmes SolidWorks Corp.)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-04-17] (Egis Technology Inc.)

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [31744 2012-06-05] (Google Inc)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2010-06-09] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2010-06-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [556120 2010-11-08] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [27736 2010-04-22] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-12-16] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
U3 amuzw5u8; C:\Windows\System32\Drivers\amuzw5u8.sys [0 ] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-11 20:41 - 2013-09-11 20:06 - 01949408 _____ (Farbar) C:\Users\Sascha\Desktop\FRST64.exe
2013-09-10 11:31 - 2013-09-10 11:31 - 00001097 _____ C:\Users\Sascha\Desktop\The Safe Manipulator.lnk
2013-09-10 11:31 - 2013-09-10 11:31 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Safe Manipulator
2013-08-28 09:24 - 2013-09-10 11:42 - 00003432 _____ C:\Windows\System32\Tasks\BrowserProtect
2013-08-15 10:12 - 2013-08-15 10:12 - 00000000 ____D C:\Program Files (x86)\YTD Toolbar
2013-08-15 10:12 - 2013-08-15 10:12 - 00000000 ____D C:\Program Files (x86)\Application Updater
2013-08-15 09:34 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 09:34 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 09:34 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 09:34 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 09:34 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 09:34 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 09:34 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 09:34 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 09:34 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 09:34 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 09:34 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 09:34 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 09:34 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 09:34 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 09:34 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 09:34 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 09:34 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 09:34 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 09:34 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 09:34 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 09:34 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 09:34 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 09:34 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 09:34 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 09:34 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 09:34 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 09:34 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 09:34 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 09:34 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 09:34 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 09:34 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 08:26 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 08:26 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 08:26 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 08:26 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 08:26 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 08:26 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 08:26 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 08:26 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 08:21 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 08:21 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 08:21 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 08:21 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 08:21 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 08:21 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 08:21 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 08:21 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 08:21 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 08:21 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 08:21 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 08:21 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 08:21 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 08:21 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 08:21 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 08:21 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 08:21 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 08:21 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 08:21 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-11 20:42 - 2013-09-11 20:42 - 00000000 ____D C:\FRST
2013-09-11 20:42 - 2010-05-18 12:57 - 00697598 _____ C:\Windows\system32\perfh007.dat
2013-09-11 20:42 - 2010-05-18 12:57 - 00148862 _____ C:\Windows\system32\perfc007.dat
2013-09-11 20:42 - 2009-07-14 07:13 - 01614736 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-11 20:38 - 2010-11-07 18:53 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-11 20:38 - 2010-05-18 03:05 - 01308715 _____ C:\Windows\WindowsUpdate.log
2013-09-11 20:37 - 2013-03-26 12:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-11 20:06 - 2013-09-11 20:41 - 01949408 _____ (Farbar) C:\Users\Sascha\Desktop\FRST64.exe
2013-09-10 17:06 - 2010-11-07 18:49 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-10 16:37 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-10 16:37 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-10 11:45 - 2011-07-22 19:30 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Dropbox
2013-09-10 11:43 - 2011-07-22 19:31 - 00000000 ___RD C:\Users\Sascha\Dropbox
2013-09-10 11:42 - 2013-08-28 09:24 - 00003432 _____ C:\Windows\System32\Tasks\BrowserProtect
2013-09-10 11:42 - 2010-11-07 18:53 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-10 11:42 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-10 11:42 - 2009-07-14 06:51 - 00098802 _____ C:\Windows\setupact.log
2013-09-10 11:31 - 2013-09-10 11:31 - 00001097 _____ C:\Users\Sascha\Desktop\The Safe Manipulator.lnk
2013-09-10 11:31 - 2013-09-10 11:31 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Safe Manipulator
2013-09-10 11:31 - 2012-10-19 18:15 - 00000000 ____D C:\Program Files (x86)\The Safe Manipulator
2013-09-10 11:29 - 2012-10-19 18:15 - 00000000 ___HD C:\Program Files (x86)\InstallJammer Registry
2013-08-27 16:00 - 2010-05-18 03:02 - 00055914 _____ C:\Windows\PFRO.log
2013-08-19 10:14 - 2010-12-28 00:06 - 00000600 _____ C:\Users\Sascha\AppData\Roaming\winscp.rnd
2013-08-19 09:08 - 2013-06-20 17:58 - 00000000 ____D C:\Users\Sascha\AppData\Local\CrashDumps
2013-08-15 10:12 - 2013-08-15 10:12 - 00000000 ____D C:\Program Files (x86)\YTD Toolbar
2013-08-15 10:12 - 2013-08-15 10:12 - 00000000 ____D C:\Program Files (x86)\Application Updater
2013-08-15 09:22 - 2010-04-21 12:48 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-14 08:36 - 2011-07-31 21:59 - 00000600 _____ C:\Users\Sascha\AppData\Local\PUTTY.RND

Files to move or delete:
====================
C:\Users\Sascha\AppData\Local\Temp\9gmap9im.dll
C:\Users\Sascha\AppData\Local\Temp\ApnToolbarInstaller.exe
C:\Users\Sascha\AppData\Local\Temp\AskSLib.dll
C:\Users\Sascha\AppData\Local\Temp\beznuax-.dll
C:\Users\Sascha\AppData\Local\Temp\COMAP.EXE
C:\Users\Sascha\AppData\Local\Temp\ds5cevqr.dll
C:\Users\Sascha\AppData\Local\Temp\ex49dtlg.dll
C:\Users\Sascha\AppData\Local\Temp\gvyxnako.dll
C:\Users\Sascha\AppData\Local\Temp\hof1yl89.dll
C:\Users\Sascha\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Sascha\AppData\Local\Temp\mgxfonts.exe
C:\Users\Sascha\AppData\Local\Temp\MgxVistaTools.dll
C:\Users\Sascha\AppData\Local\Temp\q3jjr0iw.dll
C:\Users\Sascha\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Sascha\AppData\Local\Temp\ttu4batv.dll
C:\Users\Sascha\AppData\Local\Temp\xmlUpdater.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 20:38

==================== End Of Log ============================
         
--- --- ---

Additions:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-09-2013
Ran by Sascha at 2013-09-11 20:44:01
Running from C:\Users\Sascha\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
Acer Backup Manager (x32 Version: 2.0.0.60)
Acer Crystal Eye Webcam (x32 Version: 5.2.11.2)
Acer ePower Management (x32 Version: 5.00.3003)
Acer eRecovery Management (x32 Version: 4.05.3011)
Acer GameZone Console (x32 Version: 6.1.0.2)
Acer Registration (x32 Version: 1.03.3002)
Acer ScreenSaver (x32 Version: 1.1.0412.2010)
Acer Updater (x32 Version: 1.02.3001)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 1.5.0.7220)
Adobe Flash Player 10 ActiveX 64-bit (Version: 10.3.162.28)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Amazonia (x32)
And Yet It Moves (x32)
Android SDK Tools (x32 Version: 1.16)
Antichamber (x32)
Apple Application Support (x32 Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (x32 Version: 2.1.3.127)
Audacity 1.2.6 (x32)
AVM FRITZ!Box Dokumentation (x32)
Backup Manager Basic (x32 Version: 2.0.0.60)
Bing Bar (x32 Version: 7.1.361.0)
Bonjour (Version: 3.0.0.2)
Braid (x32)
Broadcom Gigabit NetLink Controller (Version: 12.52.04)
BrowserProtect (x32)
Cake Mania (x32)
Chicken Invaders 2 (x32)
Cogs (x32)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
Counter-Strike: Source (x32)
Crayon Physics Deluxe (x32)
CyberLink PowerDVD 9 (x32 Version: 9.0.2719.50)
Dairy Dash (x32)
DecoderSoftware (x32 Version: 1.00.0000)
Delta Chrome Toolbar (x32)
Delta toolbar   (x32 Version: 1.8.10.0)
DHTML Editing Component (x32 Version: 6.02.0001)
Dream Day First Home (x32)
Dropbox (HKCU Version: 2.0.22)
eBay Worldwide (x32 Version: 2.1.0901)
Emergency 2012 (x32)
eSobi v2 (x32 Version: 2.0.4.000274)
EXSL-Win Version X (x32 Version: Xxx)
Farm Frenzy 2 (x32)
Feedback Tool (x32 Version: 1.1.0)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.27.0)
Free HD Converter V 2.0 (x32 Version: 2.0.0.0)
Galapago (x32)
GIMP 2.6.11 (x32 Version: 2.6.11)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4413.1752)
Google Update Helper (x32 Version: 1.3.21.153)
Granny In Paradise (x32)
Hammerfight (x32)
Hedgewars (x32 Version: 0.9.15)
Heroes of Hellas (x32)
HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (Version: 22.50.231.0)
HP Officejet Pro 8500 A910 Hilfe (x32 Version: 140.0.2.2)
HP Update (x32 Version: 5.002.006.003)
I.R.I.S. OCR (x32 Version: 12.3.4.0)
Identity Card (x32 Version: 1.00.3003)
Inkscape 0.48.2 (x32 Version: 0.48.2)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (x32 Version: 9.5.6.1001)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.01.01.1007)
iTunes (Version: 10.4.0.80)
Java 7 Update 11 (x32 Version: 7.0.110)
Java Auto Updater (x32 Version: 2.1.9.0)
Java(TM) 7 (64-bit) (Version: 7.0.0)
Java(TM) SE Development Kit 6 Update 27 (x32 Version: 1.6.0.270)
Java(TM) SE Development Kit 7 (64-bit) (Version: 1.7.0.0)
JDownloader 0.9 (x32 Version: 0.9)
Junk Mail filter update (x32 Version: 14.0.8089.726)
Kaspersky Anti-Virus 2011 (x32 Version: 11.0.1.400)
King's Bounty: Crossworlds (x32)
King's Bounty: The Legend (x32)
Launch Manager (x32 Version: 4.0.8)
Left 4 Dead (x32)
Left 4 Dead 2 (x32)
Linkury Smartbar (x32 Version: 1.24.22.10764)
Linkury Smartbar Engine (HKCU Version: 1.24.22.10764)
Machinarium (x32)
Magicka (x32)
MAGIX Fotobuch 3.2 (x32 Version: 3.2)
MAGIX Goya burnR 1.3.1.3 (D) (x32 Version: 1.3.1.3)
MAGIX Music Maker 17 Premium (x32 Version: 17.0.0.16)
MAGIX Online Druck Service 2.3.2.0 (D) (x32 Version: 2.3.2.0)
MAGIX Screenshare (x32 Version: 4.3.6.1987)
MAGIX Speed burnR (MSI) (x32 Version: 7.0.2.6)
MAGIX Video deluxe 17 Plus Sonderedition (x32 Version: 10.0.11.0)
MAGIX Video deluxe 2008 Premium 7.5.2.13 (D) (x32 Version: 7.5.2.13)
MAGIX Xtreme Foto Designer 6 6.0.24.0 (D) (x32 Version: 6.0.24.0)
Marketsplash Schnellzugriffe (x32 Version: 1.0.1.7)
Metal Drift (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2003 Web Components (x32 Version: 12.0.6213.1000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Language Pack 2007 - German/Deutsch (x32 Version: 12.0.6612.1000)
Microsoft Office O MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32)
Microsoft Office SharePoint Designer MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office X MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.52572)
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version: 8.0.50727.146)
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32)
Microsoft Works (x32 Version: 9.7.0621)
Microsoft XNA Framework Redistributable 4.0 Refresh (x32 Version: 4.0.30901.0)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyWinLocker (x32 Version: 3.1.210.0)
MyWinLocker Suite (x32 Version: 3.1.210.0)
NetBeans IDE 7.0.1 (Version: 7.0.1)
Notepad++ (x32 Version: 6.1.5)
NTI Backup Now 5 (x32 Version: 5.1.2.628)
NTI Backup Now Standard (x32 Version: 5.1.2.628)
NTI Media Maker 8 (x32 Version: 8.0.12.6630)
Nur Deinstallierung der CopyTrans Suite möglich. (HKCU Version: 2.27)
NVIDIA Drivers (Version: 1.10.59.37)
NVIDIA PhysX (x32 Version: 9.10.0513)
NVIDIA Updatus (x32 Version: 1.0.3)
OpenAL (x32)
Osmos (x32)
Paintball2 Alpha build 31 (x32 Version: Alpha build 31)
PDFCreator (x32 Version: 1.4.3)
Portal 2 (x32)
Post Apocalyptic Mayhem (x32)
ProtectDisc Driver, Version 11 (x32 Version: 11.0.0.14)
QuickTime (x32 Version: 7.69.80.9)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6015)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30113)
Retrovirus (x32)
Revenge of the Titans HIB (remove only) (x32)
ROCCAT Kone[+] Mouse Driver (x32)
Samsung Kies (x32 Version: 2.3.2.12054_18)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.5.0)
ShopFactory V8 Gold (x32)
Shredder (Version: 2.0.8.3)
Shredder (x32 Version: 2.0.8.3)
Skype™ 6.6 (x32 Version: 6.6.106)
Snagit 11 (x32 Version: 11.1.0)
SolidWorks 2009 x64 Edition SP0 (x32 Version: 17.0.0.6014)
SolidWorks 2011 x64 Edition SP02 (Version: 19.120.49)
SolidWorks 2011 x64 Edition SP02 (x32 Version: 19.2.0.49)
SolidWorks 2011 x64 German Resources (Version: 19.120.49)
SolidWorks eDrawings 2011 x64 Edition SP02 (Version: 11.2.113)
SolidWorks Explorer 2011 SP02 x64 Edition (Version: 19.20.49)
Spin & Win (x32)
Steam (x32 Version: 1.0.0.0)
Steel Storm: Burning Retribution (x32)
Stronghold (x32)
Stronghold 2 (x32 Version: 1.40.1000)
Stronghold Crusader Extreme (x32 Version: 1.20.0000)
Stronghold Legends (x32 Version: 1.20.0000)
Studie zur Verbesserung von HP Officejet Pro 8500 A910 Produkten (Version: 22.50.231.0)
Synaptics Pointing Device Driver (Version: 14.0.19.0)
TeamSpeak 3 Client
TeamViewer 6 (x32 Version: 6.0.10722)
TeamViewer 7 (x32 Version: 7.0.12979)
Text-To-Speech-Runtime (x32 Version: 1.0.0.0)
The Safe Manipulator (x32 Version: 1.0.0.34)
Tom Clancy's Ghost Recon Advanced Warfighter® 2 (x32 Version: 1.00.0000)
Überwachungstool für die Intel® Turbo-Boost-Technik (Version: 1.0.186.6)
Unity Web Player (HKCU Version: )
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
VVVVVV (x32)
Welcome Center (x32 Version: 1.01.3002)
WinAVI Video Capture 2.0 (x32)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Fotogalerie (x32 Version: 14.0.8081.709)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
WinRAR
WinSCP 4.2.9 (x32 Version: 4.2.9)
wxAstroCapture 1.8-1 (x32)
Yontoo 1.10.03 (Version: 1.10.03)
YouTube Downloader 3.3 (x32)
YTD Toolbar v7.4 (x32 Version: 7.4)

==================== Restore Points  =========================

30-07-2013 16:12:15 Windows Update
06-08-2013 07:56:00 Windows Update
14-08-2013 06:09:50 Windows Update
15-08-2013 07:18:32 Windows Update
21-08-2013 07:00:30 Windows Update
27-08-2013 14:11:31 Windows Update
06-09-2013 07:32:02 Windows Update
10-09-2013 09:49:58 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {04DA02B2-85C3-4ECE-B672-581AE46F40AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-07] (Google Inc.)
Task: {16A8F493-9F0B-495B-9A4C-9750FF0B5818} - System32\Tasks\{C4900E52-3379-461D-833F-A09B2CA757F6} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=4.1.0.179.367&amp;LastError=404
Task: {2C6B971E-2536-4F59-849A-BE02ADA3E2BB} - \AdobeFlashPlayerUpdate 2 No Task File
Task: {675DCEA9-68EC-426C-978B-0B11A3DFC273} - \Adobe Flash Player Updater No Task File
Task: {76E0758B-ECA8-4CBD-ABAA-800F7F29B86D} - System32\Tasks\BrowserProtect => Sc.exe start BrowserProtect
Task: {92BD34BB-70B5-414E-853F-330D776ACB77} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {AAF176D3-9087-4A5B-A3A5-B20E5E5E906D} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3308172749-2771479272-4132938575-1002 => C:\Windows\System32\portabledeviceapi.dll [2010-11-20] (Microsoft Corporation)
Task: {AD886DA3-3F79-4217-B892-5379D5729F1C} - System32\Tasks\EPUpdater => C:\Users\Sascha\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-06-06] ()
Task: {C4EAD4FE-D1EE-4F77-BCA6-1F530334395C} - System32\Tasks\HPCustParticipation HP Officejet Pro 8500 A910 => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {DF375749-351F-4CB0-8B5E-FA811D7F6389} - \AdobeFlashPlayerUpdate No Task File
Task: {F1200218-7DA6-40D2-B712-42C62335802B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-07] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-05-18 03:14 - 2010-03-17 10:56 - 00271904 _____ (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\SysHook.dll
2013-08-08 19:29 - 2013-08-08 19:29 - 00144192 _____ (Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\wthx164.dll
2010-04-21 13:17 - 2010-04-07 11:26 - 04460136 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-05-25 02:36 - 2013-05-25 02:36 - 00164016 _____ (Dropbox, Inc.) C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
2010-12-28 00:06 - 2010-09-24 00:02 - 00185856 _____ (Martin Prikryl) C:\Program Files (x86)\WinSCP\DragExt64.dll
2010-12-16 21:37 - 2010-03-15 12:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2010-04-21 13:18 - 2009-12-10 13:20 - 00396584 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2010-04-21 13:18 - 2009-12-10 13:20 - 00207144 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2010-05-18 03:14 - 2010-03-17 10:56 - 00219168 _____ (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\BrightnessControl.dll
2010-05-18 03:14 - 2010-03-17 10:56 - 00218144 _____ (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\PowerSettingControl.dll
2010-05-18 03:14 - 2010-03-17 10:56 - 00218144 _____ (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\NetAdapterControl.dll
2010-05-18 03:14 - 2010-03-17 10:56 - 00217120 _____ (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\CommonControl.dll
2010-04-21 13:17 - 2010-04-07 11:26 - 01329768 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2010-04-21 13:17 - 2010-04-08 04:02 - 00458320 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDUtl.dll
2012-03-06 16:34 - 2008-03-31 21:00 - 02793984 _____ (CANON INC.) C:\Windows\system32\spool\DRIVERS\x64\3\CNMUI9H.DLL
2012-03-06 16:34 - 2008-03-31 21:00 - 00636928 _____ (CANON INC.) C:\Windows\system32\spool\DRIVERS\x64\3\CNMDR9H.DLL
2013-08-02 09:05 - 2013-07-26 12:10 - 02691536 _____ () C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
2008-11-12 03:16 - 2008-11-12 03:16 - 00268848 _____ (EgisTec Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\keyManager.dll
2010-04-17 07:55 - 2010-04-17 07:55 - 00529776 _____ (EgisTec Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\CryptoAPI.dll
2013-08-08 19:29 - 2013-08-08 19:29 - 00117568 _____ (Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth164.dll
2011-07-01 22:12 - 2010-11-20 14:16 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2009-07-14 01:51 - 2009-07-14 03:14 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vidcap.ax
2011-07-01 22:12 - 2010-11-20 14:16 - 00107008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kswdmcap.ax
2010-04-01 11:15 - 2010-04-01 11:15 - 01234240 _____ (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTCommonRes.dll
2010-04-01 11:16 - 2010-04-01 11:16 - 00419136 _____ (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLiteUI.dll
2010-04-01 11:18 - 2010-04-01 11:18 - 02217280 _____ (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\Engine.dll
2009-11-02 01:28 - 2009-11-02 01:28 - 00295472 _____ (DT Soft Ltd.) C:\Program Files (x86)\DAEMON Tools Lite\imgengine.dll
2013-06-21 09:53 - 2013-06-21 09:53 - 00088680 ____R (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.dll
2013-05-25 02:36 - 2013-05-25 02:36 - 00130736 _____ (Dropbox, Inc.) C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
2013-06-05 15:03 - 2013-06-05 15:03 - 00032024 _____ () C:\Users\Sascha\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2013-06-05 15:03 - 2013-06-05 15:03 - 00051480 _____ () C:\Users\Sascha\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll
2013-06-05 15:03 - 2013-06-05 15:03 - 00149784 _____ () C:\Users\Sascha\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2007-05-11 21:09 - 2007-05-11 21:09 - 00218536 _____ (Microsoft Corporation) C:\Users\Sascha\AppData\Local\Smartbar\Application\Microsoft.Practices.EnterpriseLibrary.Logging.dll
2013-06-05 15:03 - 2013-06-05 15:03 - 00111896 _____ () C:\Users\Sascha\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2013-06-05 15:03 - 2013-06-05 15:03 - 00044824 _____ (Smartbar) C:\Users\Sascha\AppData\Local\Smartbar\Application\Smartbar.Resources.SetBrowsersSettingsAutoUpdater.dll
2013-06-05 15:03 - 2013-06-05 15:03 - 01725208 _____ () C:\Users\Sascha\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2013-06-05 15:03 - 2013-06-05 15:03 - 00078104 _____ () C:\Users\Sascha\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll
2013-06-05 15:03 - 2013-06-05 15:03 - 00016664 _____ (Microsoft) C:\Users\Sascha\AppData\Local\Smartbar\Application\Smartbar.Personalization.Settings.UserSettingsManager.dll
2013-06-05 15:03 - 2013-06-05 15:03 - 00035608 _____ (Microsoft) C:\Users\Sascha\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.Base.dll
2013-06-05 15:03 - 2013-06-05 15:03 - 00012568 _____ () C:\Users\Sascha\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll
2013-06-05 15:03 - 2013-06-05 15:03 - 00729368 _____ () C:\Users\Sascha\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2013-06-05 15:03 - 2013-06-05 15:03 - 00101144 _____ (Microsoft) C:\Users\Sascha\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessEntities.dll
2013-06-05 15:03 - 2013-06-05 15:03 - 00059160 _____ (Microsoft) C:\Users\Sascha\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll
2013-06-05 15:03 - 2013-06-05 15:03 - 00172824 _____ (Microsoft) C:\Users\Sascha\AppData\Local\Smartbar\Application\Smartbar.Resources.SetBrowsersSettings.dll
2013-06-05 15:03 - 2013-06-05 15:03 - 00081176 _____ () C:\Users\Sascha\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2013-06-05 15:03 - 2013-06-05 15:03 - 00013592 _____ () C:\Users\Sascha\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2013-06-05 15:03 - 2013-06-05 15:03 - 00016152 _____ () C:\Users\Sascha\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2013-06-05 15:03 - 2013-06-05 15:03 - 00019736 _____ () C:\Users\Sascha\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll
2013-06-05 15:03 - 2013-06-05 15:03 - 00021272 _____ () C:\Users\Sascha\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll
2013-06-05 15:03 - 2013-06-05 15:03 - 00028952 _____ (Microsoft) C:\Users\Sascha\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.DefaultBrowser.dll
2013-06-05 15:03 - 2013-06-05 15:03 - 00014104 _____ (Microsoft) C:\Users\Sascha\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ShareManagerLocalPlugin.dll
2013-06-05 15:03 - 2013-06-05 15:03 - 00053528 _____ (Microsoft) C:\Users\Sascha\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dll
2013-06-05 15:03 - 2013-06-05 15:03 - 00057112 _____ () C:\Users\Sascha\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2012-08-20 17:07 - 2012-08-20 17:07 - 00145240 _____ ( ) C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
2010-04-21 12:49 - 2010-04-21 12:49 - 08007680 _____ ( ) C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
2013-06-05 15:03 - 2013-06-05 15:03 - 00013592 _____ () C:\Users\Sascha\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll
2013-06-05 15:03 - 2013-06-05 15:03 - 00014104 _____ () C:\Users\Sascha\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll
2013-06-05 15:03 - 2013-06-05 15:03 - 00051480 _____ () C:\Users\Sascha\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2013-06-05 15:01 - 2013-06-05 15:01 - 00047384 _____ () C:\Users\Sascha\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2013-06-05 15:01 - 2013-06-05 15:01 - 00025368 _____ () C:\Users\Sascha\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
2013-06-05 15:03 - 2013-06-05 15:03 - 00245528 _____ () C:\Users\Sascha\AppData\Local\Smartbar\Application\Smartbar.Resources.NetSeer.dll
2013-06-05 15:03 - 2013-06-05 15:03 - 00025368 _____ () C:\Users\Sascha\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2007-05-11 21:08 - 2007-05-11 21:08 - 00079272 _____ (Microsoft Corporation) C:\Users\Sascha\AppData\Local\Smartbar\Application\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.dll
2012-11-14 01:32 - 2012-11-14 01:32 - 03558400 _____ (wxWidgets development team) C:\Users\Sascha\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\libcef.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 09956864 _____ (The ICU Project) C:\Users\Sascha\AppData\Roaming\Dropbox\bin\icudt.dll
2010-03-09 02:18 - 2010-03-09 02:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-03-09 02:14 - 2010-03-09 02:14 - 00018688 _____ (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\MUI\0407\lang.dll
2010-04-21 13:17 - 2009-07-20 09:12 - 00137736 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\ComFnUtl.dll
2010-04-21 13:17 - 2009-07-14 08:53 - 00128008 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\CDRomUtl.dll
2010-04-21 13:17 - 2009-07-27 06:42 - 00062472 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MixerUtl.dll
2010-04-21 13:17 - 2009-07-27 06:47 - 00068104 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\Wnd2File.dll
2010-04-21 13:17 - 2009-07-27 12:43 - 00068104 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\PowerUtl.dll
2010-04-21 13:17 - 2009-12-30 11:13 - 00326736 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\OSDUtl2.dll
2010-04-21 13:17 - 2009-07-27 06:38 - 00088584 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\SzUPFUtl.dll
2010-04-21 13:17 - 2010-03-24 07:16 - 00399440 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\RadioWndUtl.dll
2010-04-21 13:17 - 2010-02-10 03:49 - 00082000 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LmSmbKel.dll
2010-04-21 13:17 - 2010-04-08 06:18 - 00289872 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\aipflib.dll
2010-04-21 13:17 - 2009-07-03 10:29 - 00147464 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\VistaVol.DLL
2010-04-21 13:17 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2010-07-01 22:35 - 2010-07-01 22:35 - 00088760 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\fssync.dll
2010-07-01 22:35 - 2010-11-08 01:04 - 00117432 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\DumpWriter.dll
2010-07-01 22:35 - 2010-07-01 22:35 - 00016568 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\memmng.dll
2010-07-01 22:35 - 2010-07-01 22:35 - 00055992 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\Ushata.dll
2010-07-01 22:34 - 2010-07-01 22:34 - 00018104 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\CLLDR.DLL
2010-07-01 22:35 - 2010-07-01 22:35 - 00146104 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\prremote.dll
2010-07-01 22:35 - 2010-07-01 22:35 - 00252600 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\prloader.dll
2010-07-01 22:36 - 2010-07-01 22:36 - 00039608 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\pxstub.ppl
2010-07-01 22:35 - 2010-07-01 22:35 - 01051320 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\params.ppl
2010-07-01 22:36 - 2010-07-01 22:36 - 00036536 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\winreg.ppl
2010-07-01 22:35 - 2010-07-01 22:35 - 00015544 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\hashmd5.ppl
2010-07-01 22:35 - 2010-07-01 22:35 - 00113336 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\nfio.ppl
2010-07-01 22:35 - 2010-07-01 22:35 - 00019128 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\fsdrvplg.ppl
2010-07-01 22:35 - 2013-01-09 12:26 - 01352712 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avpgui.ppl
2010-07-01 22:35 - 2010-07-01 22:35 - 00191160 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\service.dll
2010-07-01 22:35 - 2010-07-01 22:35 - 00469688 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\eka_meta.dll
2010-07-01 22:35 - 2010-07-01 22:35 - 00268984 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\esmgr.dll
2010-07-01 22:35 - 2010-11-08 01:04 - 01694392 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\basegui.ppl
2010-07-01 22:36 - 2010-07-01 22:36 - 00039608 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\thpimpl.ppl
2010-04-21 13:17 - 2010-02-03 06:31 - 00071248 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\NTKCUtl.dll
2011-05-26 13:41 - 2011-05-26 13:41 - 00053024 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2011-05-26 13:42 - 2011-05-26 13:42 - 00067872 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-10-07 17:40 - 2010-06-22 13:50 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\hiddriver.dll
2012-05-24 19:12 - 2012-05-24 19:12 - 00249344 _____ (Windows (R) Codename Longhorn DDK provider) C:\Program Files (x86)\Samsung\Kies\External\DeviceModules\UPNPDevice_Kies.dll
2013-01-25 11:15 - 2013-01-25 11:15 - 00480256 _____ (hxxp://hunspell.sourceforge.net/) C:\Program Files (x86)\TechSmith\Snagit 11\libhunspell.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57


==================== Faulty Device Manager Devices =============

Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/10/2013 05:05:33 PM) (Source: Application Error) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm Kaspersky Anti-Virus wurde wegen dieses Fehlers geschlossen.

Programm: Kaspersky Anti-Virus
Datei: 

Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
	- diese sich im Netzwerk befindet, 
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
	- diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. 
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.

Zusätzliche Daten
Fehlerwert: 00000000
Datenträgertyp: 0

Error: (09/10/2013 05:05:33 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avp.exe, Version: 11.0.1.419, Zeitstempel: 0x4c866eb3
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000096
Fehleroffset: 0x00048665
ID des fehlerhaften Prozesses: 0x484
Startzeit der fehlerhaften Anwendung: 0xavp.exe0
Pfad der fehlerhaften Anwendung: avp.exe1
Pfad des fehlerhaften Moduls: avp.exe2
Berichtskennung: avp.exe3

Error: (09/10/2013 04:36:17 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (09/10/2013 04:36:17 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (09/10/2013 11:28:51 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (09/10/2013 11:28:51 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (09/10/2013 11:28:42 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 49200875

Error: (09/10/2013 11:28:42 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 49200875

Error: (09/10/2013 11:28:42 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/09/2013 09:48:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2200


System errors:
=============
Error: (09/10/2013 05:05:50 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Kaspersky Anti-Virus Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/10/2013 11:42:09 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎10.‎09.‎2013 um 11:40:16 unerwartet heruntergefahren.

Error: (09/10/2013 11:40:47 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (09/10/2013 11:40:46 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht.

Error: (09/10/2013 11:40:17 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WSearch erreicht.

Error: (09/10/2013 11:35:28 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎10.‎09.‎2013 um 11:33:55 unerwartet heruntergefahren.

Error: (09/09/2013 09:16:04 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Intel(R) Management & Security Application User Notification Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (09/09/2013 09:16:04 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Management & Security Application User Notification Service erreicht.

Error: (09/09/2013 09:08:32 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎09.‎09.‎2013 um 09:07:03 unerwartet heruntergefahren.

Error: (09/06/2013 02:07:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Kaspersky Anti-Virus Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 48%
Total physical RAM: 3958.71 MB
Available physical RAM: 2046.76 MB
Total Pagefile: 7915.61 MB
Available Pagefile: 5394.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:451.66 GB) (Free:178.83 GB) NTFS
Drive f: (INTENSO) (Removable) (Total:14.44 GB) (Free:14.24 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 625D7C19)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14 GB) (Disk ID: 990D2936)
Partition 1: (Not Active) - (Size=14 GB) - (Type=0B)

==================== End Of Log ============================
         
-------------------------[HP Tower]-------------------------
Ist gestern erst neu aufgesetzt worden, sollte eigendlich nichts drauf sein.
FRST log:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013
Ran by Enrico (administrator) on Enrico-PC on 11-09-2013 20:40:09
Running from C:\Users\Enrico\Desktop
Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Symantec Corporation) C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.0.0.125\InstStub.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-10-06] (Intel Corporation)
HKLM\...\Runonce: [OCA_MRK] - c:\hp\bin\OCA\hputilck64.exe c:\windows\system32\cmd.exe /c c:\hp\bin\OCA\install.cmd CRP
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [HPAdvisor] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972080 2008-10-17] (Hewlett-Packard)
HKLM-x32\...\Run: [hpsysdrv] - c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [KBD] - C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE [12288 2008-07-21] (Microsoft)
HKLM-x32\...\Run: [HP Health Check Scheduler] - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] - c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2008-09-11] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1152296 2008-10-17] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-10-17] (CyberLink)
HKLM-x32\...\Run: [DVDAgent] - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-09-26] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe [144784 2008-08-25] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972080 2008-10-17] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972080 2008-10-17] (Hewlett-Packard)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {2A3A51B9-B626-4901-A070-28832F5F86CA} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM - {2A3A51B9-B626-4901-A070-28832F5F86CA} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM - {599291D6-059E-4ADC-A23E-129BAD4F0403} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM - {99A440F7-07A3-4D12-BD9B-2F92237465AD} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 - DefaultScope {2A3A51B9-B626-4901-A070-28832F5F86CA} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM-x32 - {2A3A51B9-B626-4901-A070-28832F5F86CA} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM-x32 - {599291D6-059E-4ADC-A23E-129BAD4F0403} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM-x32 - {99A440F7-07A3-4D12-BD9B-2F92237465AD} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKCU - DefaultScope {2A3A51B9-B626-4901-A070-28832F5F86CA} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKCU - {2A3A51B9-B626-4901-A070-28832F5F86CA} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKCU - {599291D6-059E-4ADC-A23E-129BAD4F0403} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKCU - {99A440F7-07A3-4D12-BD9B-2F92237465AD} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL (Symantec Corporation)
BHO-x32: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

==================== Services (Whitelisted) =================

R2 Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [115560 2009-01-05] (Symantec Corporation)
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]

==================== Drivers (Whitelisted) ====================

R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\ENG64.SYS [136752 2008-10-22] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\ENG64.SYS [136752 2008-10-22] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\EX64.SYS [1458224 2008-10-22] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\EX64.SYS [1458224 2008-10-22] (Symantec Corporation)
S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
R1 SRTSP; C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [474672 2009-01-05] (Symantec Corporation)
R1 SRTSP; C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [474672 2009-01-05] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [32304 2009-01-05] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [32304 2009-01-05] (Symantec Corporation)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-26] (Cyberlink Corp.)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-26] (Cyberlink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-11 20:39 - 2013-09-11 20:06 - 01949408 _____ (Farbar) C:\Users\Enrico\Desktop\FRST64.exe
2013-09-11 20:38 - 2013-09-11 20:38 - 00075024 _____ C:\Users\Enrico\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-11 20:38 - 2013-09-11 20:38 - 00000981 _____ C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-11 20:38 - 2013-09-11 20:38 - 00000951 _____ C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-09-11 20:38 - 2013-09-11 20:38 - 00000000 ____D C:\Users\Enrico\AppData\Roaming\Hewlett-Packard
2013-09-11 20:38 - 2013-09-11 20:38 - 00000000 ____D C:\Users\Enrico\AppData\Local\Hewlett-Packard
2013-09-11 20:37 - 2013-09-11 20:39 - 00003662 _____ C:\Windows\System32\Tasks\ServicePlan
2013-09-11 20:37 - 2013-09-11 20:38 - 00000976 _____ C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2013-09-11 20:37 - 2013-09-11 20:38 - 00000917 _____ C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2013-09-11 20:37 - 2013-09-11 20:37 - 00003956 _____ C:\Windows\System32\Tasks\RecoveryCD
2013-09-11 20:37 - 2013-09-11 20:37 - 00003772 _____ C:\Windows\System32\Tasks\Registration
2013-09-11 20:37 - 2013-09-11 20:37 - 00003674 _____ C:\Windows\System32\Tasks\ExtendedServicePlan
2013-09-11 20:37 - 2013-09-11 20:37 - 00000000 ___RD C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-11 20:37 - 2013-09-11 20:37 - 00000000 ___RD C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-11 18:05 - 2013-08-07 04:22 - 00278800 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-09-11 03:29 - 2013-09-11 03:29 - 00002887 _____ C:\Windows\system32\lvcoinst.log
2013-09-11 03:29 - 2013-09-11 03:29 - 00000000 ____D C:\Program Files\Common Files\logishrd
2013-09-10 22:44 - 2013-09-10 22:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-09-10 22:44 - 2013-09-10 22:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-09-10 22:42 - 2013-09-10 22:42 - 00000000 ____D C:\Users\Enrico\AppData\Roaming\HP TCS
2013-09-10 22:41 - 2013-09-10 22:41 - 00000000 ____D C:\Program Files (x86)\Intel
2013-09-10 22:41 - 2013-09-10 22:41 - 00000000 ____D C:\Intel
2013-09-10 22:41 - 2006-11-10 09:25 - 00319456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\difxapi.dll
2013-09-10 22:40 - 2013-09-10 22:40 - 00001847 __RSH C:\Windows\SysWOW64\Drivers\103C_HP_CPC_NM824AA-ABD a6759de_YC_0Pavi_QCZH904_E91CEv6PrA4_49_IBenicia_SPEGATRON CORPORATION_V1.01_B5.41_T090724_WUH1_L407_M8191_J1000_7Intel_8Core2 Quad Q8200_92.33_#090226_N10EC8168_Z_G10DE0626.MRK
2013-09-10 22:40 - 2013-09-10 22:40 - 00001847 __RSH C:\Windows\system32\Drivers\103C_HP_CPC_NM824AA-ABD a6759de_YC_0Pavi_QCZH904_E91CEv6PrA4_49_IBenicia_SPEGATRON CORPORATION_V1.01_B5.41_T090724_WUH1_L407_M8191_J1000_7Intel_8Core2 Quad Q8200_92.33_#090226_N10EC8168_Z_G10DE0626.MRK
2013-09-10 22:40 - 2013-09-10 22:40 - 00001384 _____ C:\Users\Public\Desktop\Online fotos bestellen.lnk
2013-09-10 22:40 - 2013-09-10 22:40 - 00000000 ____D C:\Users\Enrico\AppData\Roaming\InstallShield
2013-09-10 22:40 - 2009-01-05 22:29 - 00002033 _____ C:\Users\Public\Desktop\eBay.lnk
2013-09-10 22:40 - 2009-01-05 22:29 - 00001938 _____ C:\Users\Public\Desktop\Für Kinder.lnk
2013-09-10 22:40 - 2009-01-05 22:23 - 00001903 _____ C:\Users\Public\Desktop\HP Total Care Advisor.lnk
2013-09-10 22:40 - 2007-05-14 13:31 - 00001630 _____ C:\Users\Public\Desktop\Testen Sie Microsoft Office 2007 60 Tage lang.lnk
2013-09-10 22:39 - 2013-09-11 20:38 - 00001374 _____ C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite Deluxe.lnk
2013-09-10 22:39 - 2013-09-11 20:38 - 00000000 ____D C:\Users\Enrico\AppData\Local\VirtualStore
2013-09-10 22:39 - 2013-09-11 20:37 - 00000000 ____D C:\Users\Enrico
2013-09-10 22:39 - 2013-09-10 22:39 - 00000020 ___SH C:\Users\Enrico\ntuser.ini
2013-09-10 22:39 - 2013-09-10 22:39 - 00000000 _SHDL C:\Users\Enrico\Vorlagen
2013-09-10 22:39 - 2013-09-10 22:39 - 00000000 _SHDL C:\Users\Enrico\Startmenü
2013-09-10 22:39 - 2013-09-10 22:39 - 00000000 _SHDL C:\Users\Enrico\Netzwerkumgebung
2013-09-10 22:39 - 2013-09-10 22:39 - 00000000 _SHDL C:\Users\Enrico\Lokale Einstellungen
2013-09-10 22:39 - 2013-09-10 22:39 - 00000000 _SHDL C:\Users\Enrico\Eigene Dateien
2013-09-10 22:39 - 2013-09-10 22:39 - 00000000 _SHDL C:\Users\Enrico\Druckumgebung
2013-09-10 22:39 - 2013-09-10 22:39 - 00000000 _SHDL C:\Users\Enrico\Documents\Eigene Musik
2013-09-10 22:39 - 2013-09-10 22:39 - 00000000 _SHDL C:\Users\Enrico\Documents\Eigene Bilder
2013-09-10 22:39 - 2013-09-10 22:39 - 00000000 _SHDL C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-09-10 22:39 - 2013-09-10 22:39 - 00000000 _SHDL C:\Users\Enrico\AppData\Local\Verlauf
2013-09-10 22:39 - 2013-09-10 22:39 - 00000000 _SHDL C:\Users\Enrico\AppData\Local\Anwendungsdaten
2013-09-10 22:39 - 2013-09-10 22:39 - 00000000 _SHDL C:\Users\Enrico\Anwendungsdaten
2013-09-10 22:39 - 2008-01-21 05:20 - 00000000 ___RD C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-09-10 22:39 - 2008-01-21 05:20 - 00000000 ___RD C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Default\Vorlagen
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Programme
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\ProgramData\Vorlagen
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\ProgramData\Favoriten
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Dokumente und Einstellungen
2013-09-10 22:35 - 2013-09-11 19:41 - 01075906 _____ C:\Windows\WindowsUpdate.log
         

Alt 11.09.2013, 20:07   #12
Goeol2
 
Telekombrief "Hacking": Heimnetzwerk (2xTower, 2xLaptop, 2xNotebook) - Standard

Telekombrief "Hacking": Heimnetzwerk (2xTower, 2xLaptop, 2xNotebook)



Code:
ATTFilter
==================== One Month Modified Files and Folders =======

2013-09-11 20:39 - 2013-09-11 20:37 - 00003662 _____ C:\Windows\System32\Tasks\ServicePlan
2013-09-11 20:39 - 2009-01-06 05:52 - 00618204 _____ C:\Windows\system32\perfh007.dat
2013-09-11 20:39 - 2009-01-06 05:52 - 00122636 _____ C:\Windows\system32\perfc007.dat
2013-09-11 20:39 - 2006-11-02 14:46 - 01418806 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-11 20:38 - 2013-09-11 20:38 - 00075024 _____ C:\Users\Enrico\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-11 20:38 - 2013-09-11 20:38 - 00000981 _____ C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-11 20:38 - 2013-09-11 20:38 - 00000951 _____ C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-09-11 20:38 - 2013-09-11 20:38 - 00000000 ____D C:\Users\Enrico\AppData\Roaming\Hewlett-Packard
2013-09-11 20:38 - 2013-09-11 20:38 - 00000000 ____D C:\Users\Enrico\AppData\Local\Hewlett-Packard
2013-09-11 20:38 - 2013-09-11 20:37 - 00000976 _____ C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2013-09-11 20:38 - 2013-09-11 20:37 - 00000917 _____ C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2013-09-11 20:38 - 2013-09-10 22:39 - 00001374 _____ C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite Deluxe.lnk
2013-09-11 20:38 - 2013-09-10 22:39 - 00000000 ____D C:\Users\Enrico\AppData\Local\VirtualStore
2013-09-11 20:38 - 2006-11-02 17:27 - 00188174 _____ C:\Windows\setupact.log
2013-09-11 20:37 - 2013-09-11 20:37 - 00003956 _____ C:\Windows\System32\Tasks\RecoveryCD
2013-09-11 20:37 - 2013-09-11 20:37 - 00003772 _____ C:\Windows\System32\Tasks\Registration
2013-09-11 20:37 - 2013-09-11 20:37 - 00003674 _____ C:\Windows\System32\Tasks\ExtendedServicePlan
2013-09-11 20:37 - 2013-09-11 20:37 - 00000000 ___RD C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-11 20:37 - 2013-09-11 20:37 - 00000000 ___RD C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-11 20:37 - 2013-09-10 22:39 - 00000000 ____D C:\Users\Enrico
2013-09-11 20:35 - 2006-11-02 17:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-11 20:35 - 2006-11-02 17:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-11 20:06 - 2013-09-11 20:39 - 01949408 _____ (Farbar) C:\Users\Enrico\Desktop\FRST64.exe
2013-09-11 19:41 - 2013-09-10 22:35 - 01075906 _____ C:\Windows\WindowsUpdate.log
2013-09-11 03:29 - 2013-09-11 03:29 - 00002887 _____ C:\Windows\system32\lvcoinst.log
2013-09-11 03:29 - 2013-09-11 03:29 - 00000000 ____D C:\Program Files\Common Files\logishrd
2013-09-11 03:28 - 2006-11-02 17:07 - 00000000 ____D C:\Windows\system32\restore
2013-09-10 22:45 - 2009-01-06 06:38 - 00000000 ___HD C:\hp
2013-09-10 22:44 - 2013-09-10 22:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-09-10 22:44 - 2013-09-10 22:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-09-10 22:42 - 2013-09-10 22:42 - 00000000 ____D C:\Users\Enrico\AppData\Roaming\HP TCS
2013-09-10 22:41 - 2013-09-10 22:41 - 00000000 ____D C:\Program Files (x86)\Intel
2013-09-10 22:41 - 2013-09-10 22:41 - 00000000 ____D C:\Intel
2013-09-10 22:41 - 2009-01-05 22:31 - 00000000 ____D C:\Program Files (x86)\SMINST
2013-09-10 22:41 - 2009-01-05 22:02 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-10 22:40 - 2013-09-10 22:40 - 00001847 __RSH C:\Windows\SysWOW64\Drivers\103C_HP_CPC_NM824AA-ABD a6759de_YC_0Pavi_QCZH904_E91CEv6PrA4_49_IBenicia_SPEGATRON CORPORATION_V1.01_B5.41_T090724_WUH1_L407_M8191_J1000_7Intel_8Core2 Quad Q8200_92.33_#090226_N10EC8168_Z_G10DE0626.MRK
2013-09-10 22:40 - 2013-09-10 22:40 - 00001847 __RSH C:\Windows\system32\Drivers\103C_HP_CPC_NM824AA-ABD a6759de_YC_0Pavi_QCZH904_E91CEv6PrA4_49_IBenicia_SPEGATRON CORPORATION_V1.01_B5.41_T090724_WUH1_L407_M8191_J1000_7Intel_8Core2 Quad Q8200_92.33_#090226_N10EC8168_Z_G10DE0626.MRK
2013-09-10 22:40 - 2013-09-10 22:40 - 00001384 _____ C:\Users\Public\Desktop\Online fotos bestellen.lnk
2013-09-10 22:40 - 2013-09-10 22:40 - 00000000 ____D C:\Users\Enrico\AppData\Roaming\InstallShield
2013-09-10 22:40 - 2009-01-05 22:29 - 00000000 ___RD C:\Program Files\Online Services
2013-09-10 22:40 - 2009-01-05 22:23 - 00000000 ___RD C:\Program Files (x86)\Online Services
2013-09-10 22:40 - 2006-11-02 17:07 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-09-10 22:40 - 2006-11-02 17:07 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-09-10 22:39 - 2013-09-10 22:39 - 00000020 ___SH C:\Users\Enrico\ntuser.ini
2013-09-10 22:39 - 2013-09-10 22:39 - 00000000 _SHDL C:\Users\Enrico\Vorlagen
2013-09-10 22:39 - 2013-09-10 22:39 - 00000000 _SHDL C:\Users\Enrico\Startmenü
2013-09-10 22:39 - 2013-09-10 22:39 - 00000000 _SHDL C:\Users\Enrico\Netzwerkumgebung
2013-09-10 22:39 - 2013-09-10 22:39 - 00000000 _SHDL C:\Users\Enrico\Lokale Einstellungen
2013-09-10 22:39 - 2013-09-10 22:39 - 00000000 _SHDL C:\Users\Enrico\Eigene Dateien
2013-09-10 22:39 - 2013-09-10 22:39 - 00000000 _SHDL C:\Users\Enrico\Druckumgebung
2013-09-10 22:39 - 2013-09-10 22:39 - 00000000 _SHDL C:\Users\Enrico\Documents\Eigene Musik
2013-09-10 22:39 - 2013-09-10 22:39 - 00000000 _SHDL C:\Users\Enrico\Documents\Eigene Bilder
2013-09-10 22:39 - 2013-09-10 22:39 - 00000000 _SHDL C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-09-10 22:39 - 2013-09-10 22:39 - 00000000 _SHDL C:\Users\Enrico\AppData\Local\Verlauf
2013-09-10 22:39 - 2013-09-10 22:39 - 00000000 _SHDL C:\Users\Enrico\AppData\Local\Anwendungsdaten
2013-09-10 22:39 - 2013-09-10 22:39 - 00000000 _SHDL C:\Users\Enrico\Anwendungsdaten
2013-09-10 22:38 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\rescache
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Default\Vorlagen
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Programme
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\ProgramData\Vorlagen
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\ProgramData\Favoriten
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2013-09-10 22:36 - 2013-09-10 22:36 - 00000000 _SHDL C:\Dokumente und Einstellungen
2013-09-10 22:36 - 2006-11-02 15:33 - 00000000 __RHD C:\Users\Default
2013-09-10 22:36 - 2006-11-02 15:33 - 00000000 ____D C:\Program Files\Windows NT
2013-09-10 22:35 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-10 20:11 - 2009-01-05 22:15 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-09-10 20:11 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\system32\oobe
2013-09-10 20:10 - 2006-11-02 17:42 - 00005996 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-10 20:09 - 2009-01-06 05:53 - 00000000 ____D C:\Windows\Panther
2013-09-10 20:09 - 2009-01-05 22:29 - 00588472 _____ (EasyBits Software AS) C:\Windows\SysWOW64\ezsvc7x.dll
2013-09-10 20:09 - 2009-01-05 21:42 - 00003652 _____ C:\Windows\TSSysprep.log
2013-09-10 20:09 - 2006-11-02 17:22 - 00004257 _____ C:\Windows\DtcInstall.log

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2008-01-21 04:48] - [2008-01-21 04:48] - 3080704 ____A (Microsoft Corporation) F6D765FB6B457542D954682F50C26E4F

C:\Windows\SysWOW64\explorer.exe
[2008-01-21 04:49] - [2008-01-21 04:49] - 2927104 ____A (Microsoft Corporation) FFA764631CB70A30065C12EF8E174F9F

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 20:20

==================== End Of Log ============================
         
Additions:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-09-2013
Ran by Enrico at 2013-09-11 20:40:36
Running from C:\Users\Enrico\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

ActiveCheck component for HP Active Support Library (x32 Version: 1.1.18.0)
Adobe Flash Player ActiveX (x32 Version: 9.0.124.0)
AOL Toolbar 5.0 (x32 Version: 5.2.78.2)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.4518.1014)
CyberLink DVD Suite Deluxe (x32 Version: 6.0.2111)
Hardware Diagnose Tools (Version: 5.1.4976.17)
HP Active Support Library (x32 Version: 3.1.9.1)
HP Customer Experience Enhancements (x32 Version: 5.7.0.2784)
HP Demo (x32 Version: 1.00.0000)
HP MediaSmart DVD (x32 Version: 2.0.2213)
HP MediaSmart Music/Photo/Video (x32 Version: 2.0.2217)
HP MediaSmart SmartMenu (Version: 2.0.8)
HP Picasso Media Center Add-In (x32 Version: 9.1.7.0)
HP Recovery Manager RSS (x32 Version: 91.0.0.10)
HP Total Care Advisor (x32 Version: 2.4.5106.2815)
HP Total Care Setup (x32 Version: 1.1.1983.2818)
HP Update (x32 Version: 4.000.012.001)
HPAsset component for HP Active Support Library (x32 Version: 2.0.64.3)
Intel® Matrix Storage Manager
Java(TM) 6 Update 7 (x32 Version: 1.6.0.70)
LabelPrint (x32 Version: 2.5.0904)
LightScribe System Software  1.14.25.1 (x32 Version: 1.14.25.1)
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 (Version: 3.5.21022)
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.4518.1014)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Works (x32 Version: 9.7.0621)
muvee Reveal (x32 Version: 7.0.35.7315)
My HP Games (x32 Version: 1.0.0.62)
Norton Internet Security (x32 Version: 16.0.0.125)
NVIDIA Drivers
Optimierte Multimedia-Tastatur-Lösung (x32 Version: 1.0.9.2)
Power2Go (x32 Version: 6.0.2112)
PowerDirector (x32 Version: 7.0.2202)
Python 2.5.2 (x32 Version: 2.5.2150)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5708)
SPORE Creature Creator Trial Edition (x32 Version: 1.00.0000)
Testversion von Microsoft Office Home and Student 2007


==================== Restore Points  =========================

11-09-2013 01:28:53 Windows Update
11-09-2013 16:05:21 Windows Update

==================== Hosts content: ==========================

2006-11-02 14:34 - 2006-09-18 23:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {11B9D0CA-FCF1-4637-B791-27E847B9F06F} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2008-10-20] ()
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {1F46BA64-76B0-4FE0-B63E-C04528D6F0FB} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2008-10-20] ()
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {3D0E46F7-D539-45B5-A9A6-34FB73026091} - System32\Tasks\ExtendedServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2008-10-20] ()
Task: {4815FD03-6F89-4F3C-8F44-33C51B88D282} - System32\Tasks\RecoveryCD => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2008-10-20] ()
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\system32\pla.dll [2008-01-21] (Microsoft Corporation)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8B749464-62D1-4E93-BEB4-B74F538C956E} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {A0D88255-0D6A-4ACE-AE8D-E725D28D1B3C} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {A9683382-0125-42BE-A29E-E39819CD3AF7} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()

==================== Loaded Modules (whitelisted) =============

2009-01-05 22:01 - 2008-10-15 21:03 - 08124928 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2009-01-05 22:01 - 2008-10-15 21:03 - 15853088 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2009-01-05 22:01 - 2008-10-15 21:03 - 00642560 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2009-01-05 22:01 - 2008-10-15 21:03 - 00082464 _____ (NVIDIA Corporation) C:\Windows\system32\NvMcTray.dll
2009-01-05 22:01 - 2008-10-15 21:03 - 00642560 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2008-09-23 12:16 - 2008-09-23 12:16 - 00023856 _____ (TODO: <Company name>) C:\Program Files\Hewlett-Packard\HP MediaSmart\ShareVol64.dll
2009-01-05 22:30 - 2009-01-05 22:30 - 02128928 _____ (Symantec Corporation) C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.0.0.125\InstUI.dll
2009-01-05 22:30 - 2009-01-05 22:30 - 01460256 _____ (Symantec Corporation) C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.0.0.125\engine.dll
2009-01-05 22:30 - 2009-01-05 22:30 - 00522600 _____ (Symantec Corporation) C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.0.0.125\ccL80U.dll
2009-01-05 22:30 - 2009-01-05 22:30 - 00791920 _____ (Symantec Corporation) C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.0.0.125\cltLMSx.DLL
2009-01-05 22:30 - 2009-01-05 22:30 - 00266096 _____ (Symantec Corporation) C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.0.0.125\prodcbk.dll
2009-01-05 22:30 - 2009-01-05 22:30 - 00140648 _____ (Symantec Corporation) C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.0.0.125\ccIPC.dll
2009-01-05 22:30 - 2009-01-05 22:30 - 00522600 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccL80U.dll
2008-10-17 17:57 - 2008-10-17 17:57 - 00881960 _____ () C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2009-01-05 22:13 - 2008-09-15 16:14 - 00028672 _____ () c:\Program Files (x86)\Cyberlink\Shared files\RichVideops.dll
2008-10-17 10:32 - 2008-10-17 10:32 - 00057344 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2008-10-17 10:32 - 2008-10-17 10:32 - 00032768 _____ (HP) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCHelp\HowToPillar.dll
2008-10-17 10:32 - 2008-10-17 10:32 - 01052672 _____ (HP) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECenter.dll
2008-10-17 10:39 - 2008-10-17 10:39 - 00032768 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
2008-10-17 10:32 - 2008-10-17 10:32 - 00118784 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\ECLibrary.dll
2008-10-17 10:32 - 2008-10-17 10:32 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2008-10-17 10:32 - 2008-10-17 10:32 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2008-10-17 10:32 - 2008-10-17 10:32 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2008-01-21 04:49 - 2008-01-21 04:49 - 00368640 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2008-10-17 10:32 - 2008-10-17 10:32 - 00010240 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2008-10-17 10:32 - 2008-10-17 10:32 - 00007168 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll


==================== Faulty Device Manager Devices =============

Name: Dual-Band Wireless-N USB Network Adapter
Description: Dual-Band Wireless-N USB Network Adapter
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (09/10/2013 10:35:59 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (09/10/2013 10:35:41 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (09/10/2013 09:08:10 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-09-11 20:40:20.508
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-11 20:40:20.467
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-11 20:40:20.424
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-11 20:40:20.383
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-11 20:40:20.325
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-11 20:40:20.277
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-11 20:40:20.236
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-11 20:40:20.169
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2009-01-05 21:36:53.144
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2009-01-05 21:36:53.130
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 25%
Total physical RAM: 8190.33 MB
Available physical RAM: 6062.21 MB
Total Pagefile: 16431.72 MB
Available Pagefile: 14229.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:917.08 GB) (Free:883.48 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:14.43 GB) (Free:1.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP2) (Fixed) (Total:931.51 GB) (Free:931.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=917 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=14 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 932 GB) (Disk ID: ADC92C71)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         


So war jetzt zwar sehr viel... Bin auch nicht stolz auf den 4fach Post, aber so ist es alles sauber, und du hast nichts was du runterladen musst (vorallem, da man nicht weiss ob noch nen rechner infiziert ist).

Ich hoffe ich durfte diesen 4Fach Post machen...

Alt 12.09.2013, 09:40   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Telekombrief "Hacking": Heimnetzwerk (2xTower, 2xLaptop, 2xNotebook) - Standard

Telekombrief "Hacking": Heimnetzwerk (2xTower, 2xLaptop, 2xNotebook)



Asus und Acer brauchn noch Arbeit, zuerst Asus:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Telekombrief "Hacking": Heimnetzwerk (2xTower, 2xLaptop, 2xNotebook)
32 bit, adware.installbrain, bingbar, black, branding, browser, computer, converter, desktop, farbar, farbar recovery scan tool, festplatte, firefox, flash player, freemium, homepage, kaspersky, launch, mozilla, msiinstaller, newtab, nicht möglich, officejet, plug-in, programm, pup.optional.iminent.a, pup.optional.sweetim, pup.optional.sweetim.a, pup.optional.sweetpacks, realtek, refresh, services.exe, software, svchost.exe, taskhost.exe, trojan.downloader, windows xp




Ähnliche Themen: Telekombrief "Hacking": Heimnetzwerk (2xTower, 2xLaptop, 2xNotebook)


  1. Hacking Team: "Wir sind das Opfer"
    Nachrichten - 26.07.2015 (0)
  2. "Super-Spion": Android-Überwachungssoftware von Hacking Team nutzt allerhand schmutzige Tricks
    Nachrichten - 22.07.2015 (0)
  3. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  4. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  5. "Antiviren Werbung" "Langsamer PC" "PC stürzt ab" Banner und Popups beim surfen
    Plagegeister aller Art und deren Bekämpfung - 05.11.2013 (28)
  6. Windows 7: Viren im System gefunden > Hinweis durch Brief der Dt. Telekom auf "Hacking"
    Log-Analyse und Auswertung - 14.09.2013 (9)
  7. TR/Crypt.XPACK.Gen3 und Telekom-abuse Nachricht auf "Hacking"
    Log-Analyse und Auswertung - 01.08.2013 (23)
  8. Telekom-Brief bzgl. "Hacking", "Sicherheitswarnung zu Ihrem Internetzugang"
    Log-Analyse und Auswertung - 01.07.2013 (13)
  9. "Deutsche Post(eMail-Anhang)" Alle "EXE(Programme)" werden blockiert "WIN 7 Defender"
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (3)
  10. "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  11. Öffentliches Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Netzwerk und Hardware - 02.05.2011 (14)
  12. Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Alles rund um Windows - 16.04.2011 (0)
  13. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  14. "error cleaner" "privacy protector" "spyware&malware protection"
    Plagegeister aller Art und deren Bekämpfung - 28.06.2008 (7)
  15. "error cleaner" "privacy protector" "spyware und malware protection"
    Plagegeister aller Art und deren Bekämpfung - 28.06.2008 (2)
  16. Beheben des Problems "kein Internet"/"rsvp32_2.dll"/"Can't load library from memory"
    Plagegeister aller Art und deren Bekämpfung - 25.03.2007 (22)
  17. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)

Zum Thema Telekombrief "Hacking": Heimnetzwerk (2xTower, 2xLaptop, 2xNotebook) - Hallo, wir haben Post von der Telekom bekommen, dass von unseren Anschluss aus gehackt worden sei. Ich soll nun alle rechner des Anschlusses Kontrollieren. Im Heimnetzwerk sind: 2xTower (1x Win7 - Telekombrief "Hacking": Heimnetzwerk (2xTower, 2xLaptop, 2xNotebook)...
Archiv
Du betrachtest: Telekombrief "Hacking": Heimnetzwerk (2xTower, 2xLaptop, 2xNotebook) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.