Ich glaube ich habe mir etwas unerwünschtes eingefangen

germanGamer · 26.10.2013, 20:41

Hallo liebes Forum,
ich bin neu hier, also bitte sagt mir wenn ich Fehler mache. Mein Anliegen ist dringend also rede ich nicht lang um den heißen Brei. Beim Googlen stieß ich auf eine Seite namens "bestsecuritytips.com". WOT sagte mir das eigentlich alles in Ordnung ist, aber nachdem ich nachgeschaut habe sah ich einige Meldungen wegen Malware usw. Außerdem wird die Webseite von einer IP gehostet, welcher geblacklistet ist (hxxp://hxxp://ipvoid.com/scan/72.21.91.19) Nun weis ich nicht ob ich mir was eingefangen habe. Malwarebytes AntiMalware und Avast! Free AntiVirus sagen nichts. Ich habe Logfiles mit GMER, OTL und FRST erstellt. Sie befinden sich im Anhang.

Ich hoffe das reicht erst einmal

Ich bedanke mich schonmal im Voraus

cosinus · 27.10.2013, 03:07

Hallo und

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

germanGamer · 27.10.2013, 08:56

Ok gut. Allerdings sind FRST und GMER viel zu groß für die Antwort. Also kann ich sie nur anhängen.

Code:

ATTFilter

OTL logfile created on: 27.10.2013 08:37:03 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Paul\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,30 Gb Available Physical Memory | 78,92% Memory free
15,96 Gb Paging File | 14,05 Gb Available in Paging File | 88,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 481,62 Gb Total Space | 428,01 Gb Free Space | 88,87% Space Free | Partition Type: NTFS
Drive D: | 4,57 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 449,54 Gb Total Space | 393,17 Gb Free Space | 87,46% Space Free | Partition Type: NTFS
 
Computer Name: BIGGAMER-PC | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.10.26 20:28:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\otl.exe
PRC - [2013.10.26 16:55:47 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.10.21 21:59:53 | 003,567,800 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\avastui.exe
PRC - [2013.10.21 21:59:25 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.02.26 07:56:38 | 002,391,736 | ---- | M] (Beepa P/L) -- C:\Program Files (x86)\Fraps\fraps.exe
PRC - [2009.08.24 13:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.10.21 21:59:25 | 019,336,120 | ---- | M] () -- C:\Programme\AVAST Software\Avast\libcef.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.08.30 23:57:54 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013.08.30 18:46:48 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012.05.04 12:33:20 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2010.04.06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2013.10.26 16:55:47 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.10.21 22:18:50 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.10.21 21:59:25 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.10.09 03:19:14 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.09.11 03:26:44 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.08 23:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011.08.30 14:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 13:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.08.24 13:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.10.21 21:59:26 | 001,032,416 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.10.21 21:59:26 | 000,409,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013.10.21 21:59:26 | 000,205,320 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.10.21 21:59:26 | 000,084,328 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.10.21 21:59:26 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.10.21 21:59:26 | 000,065,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.10.21 21:59:26 | 000,038,984 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013.10.21 21:59:25 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.08.31 01:11:28 | 012,528,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013.08.30 23:32:32 | 000,618,496 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013.07.05 09:40:38 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013.03.25 13:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.05.04 12:33:12 | 002,196,592 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.02 09:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2011.08.23 14:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.07.29 04:40:00 | 000,079,104 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011.07.29 04:40:00 | 000,056,960 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.09.22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009.12.22 01:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.10.07 11:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.10.07 11:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013.10.27 08:30:28 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2013.10.21 20:02:46 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2013.10.21 20:02:21 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2012.11.20 12:55:42 | 000,057,512 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8B 7E BB 54 91 CE CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131008
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.9.618
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.10.21 21:59:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.10.21 22:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\Extensions
[2013.10.26 18:49:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\69ha0uvf.default\extensions
[2013.10.21 22:09:49 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\69ha0uvf.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.10.21 22:09:49 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\69ha0uvf.default\extensions\donottrackplus@abine.com
[2013.10.26 18:49:26 | 000,158,498 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\69ha0uvf.default\extensions\{15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}.xpi
[2013.10.25 13:06:16 | 000,534,765 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\69ha0uvf.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.10.21 22:09:08 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\69ha0uvf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.10.26 16:46:13 | 000,002,313 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\69ha0uvf.default\searchplugins\geizhals-.xml
[2013.10.26 16:45:37 | 000,002,423 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\69ha0uvf.default\searchplugins\testberichtede.xml
[2013.10.21 22:07:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.10.21 22:07:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D0B728F-68BE-4364-BD79-2BB625460359}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.04.12 10:19:49 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{a44cc700-3a7e-11e3-a157-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a44cc700-3a7e-11e3-a157-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Run.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.10.27 08:34:02 | 001,956,160 | ---- | C] (Farbar) -- C:\Users\Paul\Desktop\FRST64(1).exe
[2013.10.26 23:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2013.10.26 23:03:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2013.10.26 22:31:46 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Windows SideBar
[2013.10.26 21:47:38 | 000,000,000 | ---D | C] -- C:\USB
[2013.10.26 20:45:53 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\26.10.2013
[2013.10.26 20:29:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\otl.exe
[2013.10.26 20:26:38 | 000,000,000 | ---D | C] -- C:\FRST
[2013.10.26 19:02:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.10.26 18:00:46 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Games
[2013.10.26 17:00:23 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\PunkBuster
[2013.10.26 17:00:20 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\Battlefield 3
[2013.10.26 16:58:36 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\ESN
[2013.10.26 16:58:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2013.10.26 16:57:28 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2013.10.26 16:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2013.10.26 16:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2013.10.26 16:56:10 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2013.10.26 10:53:30 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\ROCCAT Savu
[2013.10.26 10:27:21 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Google
[2013.10.25 14:19:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2013.10.25 14:18:58 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Oblivion
[2013.10.25 14:18:58 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\My Games
[2013.10.25 12:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
[2013.10.25 12:28:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fraps
[2013.10.22 21:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.10.22 21:35:14 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.10.22 21:35:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.10.22 19:31:45 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.10.22 19:05:16 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.10.22 19:05:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2013.10.22 17:27:20 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Malwarebytes
[2013.10.22 17:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.10.22 17:21:37 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\DayZCommander
[2013.10.22 17:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dotjosh Studios
[2013.10.22 17:21:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dotjosh Studios
[2013.10.22 17:14:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2013.10.22 17:05:52 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Diagnostics
[2013.10.22 13:22:58 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Audacity
[2013.10.22 13:22:40 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Programs
[2013.10.22 12:06:27 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\ArmA 2 Other Profiles
[2013.10.22 11:52:58 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\ArmA 2
[2013.10.22 11:52:06 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\ArmA 2 OA
[2013.10.22 11:52:06 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\ArmA 2
[2013.10.22 11:50:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2013.10.22 11:25:11 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2013.10.22 11:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2013.10.22 10:43:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.10.22 10:43:49 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.10.22 10:20:24 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\.minecraft
[2013.10.22 10:16:25 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Origin
[2013.10.22 10:13:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013.10.22 10:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.10.22 10:12:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.10.22 10:03:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.10.22 09:52:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.10.22 09:01:05 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\Open Office Dokumente
[2013.10.22 09:00:43 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\Scan_Logs
[2013.10.22 08:56:09 | 000,000,000 | --SD | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
[2013.10.22 08:55:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice 4
[2013.10.21 23:22:48 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Origin
[2013.10.21 23:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013.10.21 23:15:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roccat
[2013.10.21 23:15:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ROCCAT
[2013.10.21 23:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
[2013.10.21 23:13:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2013.10.21 22:57:47 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\AMD
[2013.10.21 22:57:22 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\ATI
[2013.10.21 22:57:22 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\ATI
[2013.10.21 22:57:22 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.10.21 22:54:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013.10.21 22:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2013.10.21 22:54:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2013.10.21 22:54:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[2013.10.21 22:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2013.10.21 22:52:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2013.10.21 22:52:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013.10.21 22:45:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.10.21 22:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013.10.21 22:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013.10.21 22:41:31 | 000,000,000 | ---D | C] -- C:\AMD
[2013.10.21 22:35:09 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\TS3Client
[2013.10.21 22:34:31 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2013.10.21 22:34:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamSpeak 3 Client
[2013.10.21 22:32:03 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Skype
[2013.10.21 22:31:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.10.21 22:24:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013.10.21 22:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.10.21 22:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.10.21 22:22:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.10.21 22:22:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013.10.21 22:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013.10.21 22:21:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.10.21 22:20:30 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Macromedia
[2013.10.21 22:20:30 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Macromedia
[2013.10.21 22:18:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013.10.21 22:18:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.10.21 22:15:47 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Adobe
[2013.10.21 22:08:13 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Mozilla
[2013.10.21 22:08:13 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Mozilla
[2013.10.21 22:07:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.10.21 22:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.10.21 22:07:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.10.21 22:00:10 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\AVAST Software
[2013.10.21 21:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013.10.21 21:59:35 | 000,065,264 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.10.21 21:59:34 | 001,032,416 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.10.21 21:59:33 | 000,409,832 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.10.21 21:59:33 | 000,084,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.10.21 21:59:32 | 000,038,984 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.10.21 21:59:31 | 000,092,544 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.10.21 21:59:28 | 000,334,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.10.21 21:59:25 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.10.21 21:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.10.21 21:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.10.21 21:51:52 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Adobe
[2013.10.21 21:20:53 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Microsoft Games
[2013.10.21 20:39:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013.10.21 20:27:46 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013.10.21 20:27:42 | 000,000,000 | ---D | C] -- C:\Windows\Applications
[2013.10.21 19:55:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013.10.21 19:55:31 | 000,000,000 | ---D | C] -- C:\Intel
[2013.10.21 19:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\GIGABYTE
[2013.10.21 19:54:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Etron Technology
[2013.10.21 19:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013.10.21 19:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013.10.21 19:53:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2013.10.21 19:52:28 | 000,565,352 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013.10.21 19:52:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.10.21 19:51:02 | 000,085,504 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
[2013.10.21 19:51:02 | 000,083,968 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll
[2013.10.21 19:50:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
[2013.10.21 19:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
[2013.10.21 19:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gigabyte
[2013.10.21 19:50:09 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.10.21 19:50:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.10.21 19:45:57 | 000,000,000 | R--D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.10.21 19:45:57 | 000,000,000 | R--D | C] -- C:\Users\Paul\Searches
[2013.10.21 19:45:57 | 000,000,000 | R--D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.10.21 19:45:49 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Identities
[2013.10.21 19:45:47 | 000,000,000 | R--D | C] -- C:\Users\Paul\Contacts
[2013.10.21 19:45:45 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\VirtualStore
[2013.10.21 19:45:39 | 000,000,000 | --SD | C] -- C:\Users\Paul\AppData\Roaming\Microsoft
[2013.10.21 19:45:39 | 000,000,000 | R--D | C] -- C:\Users\Paul\Videos
[2013.10.21 19:45:39 | 000,000,000 | R--D | C] -- C:\Users\Paul\Saved Games
[2013.10.21 19:45:39 | 000,000,000 | R--D | C] -- C:\Users\Paul\Pictures
[2013.10.21 19:45:39 | 000,000,000 | R--D | C] -- C:\Users\Paul\Music
[2013.10.21 19:45:39 | 000,000,000 | R--D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.10.21 19:45:39 | 000,000,000 | R--D | C] -- C:\Users\Paul\Links
[2013.10.21 19:45:39 | 000,000,000 | R--D | C] -- C:\Users\Paul\Favorites
[2013.10.21 19:45:39 | 000,000,000 | R--D | C] -- C:\Users\Paul\Downloads
[2013.10.21 19:45:39 | 000,000,000 | R--D | C] -- C:\Users\Paul\Documents
[2013.10.21 19:45:39 | 000,000,000 | R--D | C] -- C:\Users\Paul\Desktop
[2013.10.21 19:45:39 | 000,000,000 | R--D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.10.21 19:45:39 | 000,000,000 | -HSD | C] -- C:\Users\Paul\Vorlagen
[2013.10.21 19:45:39 | 000,000,000 | -HSD | C] -- C:\Users\Paul\AppData\Local\Verlauf
[2013.10.21 19:45:39 | 000,000,000 | -HSD | C] -- C:\Users\Paul\AppData\Local\Temporary Internet Files
[2013.10.21 19:45:39 | 000,000,000 | -HSD | C] -- C:\Users\Paul\Startmenü
[2013.10.21 19:45:39 | 000,000,000 | -HSD | C] -- C:\Users\Paul\SendTo
[2013.10.21 19:45:39 | 000,000,000 | -HSD | C] -- C:\Users\Paul\Recent
[2013.10.21 19:45:39 | 000,000,000 | -HSD | C] -- C:\Users\Paul\Netzwerkumgebung
[2013.10.21 19:45:39 | 000,000,000 | -HSD | C] -- C:\Users\Paul\Lokale Einstellungen
[2013.10.21 19:45:39 | 000,000,000 | -HSD | C] -- C:\Users\Paul\Documents\Eigene Videos
[2013.10.21 19:45:39 | 000,000,000 | -HSD | C] -- C:\Users\Paul\Documents\Eigene Musik
[2013.10.21 19:45:39 | 000,000,000 | -HSD | C] -- C:\Users\Paul\Eigene Dateien
[2013.10.21 19:45:39 | 000,000,000 | -HSD | C] -- C:\Users\Paul\Documents\Eigene Bilder
[2013.10.21 19:45:39 | 000,000,000 | -HSD | C] -- C:\Users\Paul\Druckumgebung
[2013.10.21 19:45:39 | 000,000,000 | -HSD | C] -- C:\Users\Paul\Cookies
[2013.10.21 19:45:39 | 000,000,000 | -HSD | C] -- C:\Users\Paul\AppData\Local\Anwendungsdaten
[2013.10.21 19:45:39 | 000,000,000 | -HSD | C] -- C:\Users\Paul\Anwendungsdaten
[2013.10.21 19:45:39 | 000,000,000 | -H-D | C] -- C:\Users\Paul\AppData
[2013.10.21 19:45:39 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Temp
[2013.10.21 19:45:39 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Microsoft
[2013.10.21 19:45:39 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Media Center Programs
[2013.10.21 19:45:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013.10.21 19:44:37 | 000,000,000 | ---D | C] -- C:\Windows\de
[2013.10.21 19:43:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013.10.21 19:42:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2013.10.21 19:42:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013.10.21 19:42:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013.10.21 19:42:23 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.10.21 19:42:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Live Remote
[2013.10.21 19:42:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013.10.21 19:41:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.10.21 19:41:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.10.21 19:40:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013.10.21 19:39:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013.10.21 19:39:15 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.10.21 19:39:03 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.10.21 19:39:03 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.10.21 19:39:03 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.10.21 19:39:03 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.10.21 19:39:03 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.10.21 19:39:03 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.10.21 19:39:03 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.10.21 19:39:03 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.10.21 19:39:03 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.10.21 19:39:03 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.10.21 19:39:03 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.10.21 19:39:03 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.10.21 19:38:59 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.10.21 19:29:29 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.10.21 19:28:58 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.10.27 08:37:31 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.10.27 08:37:31 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.10.27 08:37:30 | 001,618,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.10.27 08:37:30 | 000,698,694 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.10.27 08:37:30 | 000,653,532 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.10.27 08:37:30 | 000,148,834 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.10.27 08:37:30 | 000,121,404 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.10.27 08:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.10.27 08:30:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.10.27 08:30:09 | 2132,713,471 | -HS- | M] () -- C:\hiberfil.sys
[2013.10.26 20:28:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\otl.exe
[2013.10.26 20:28:49 | 000,377,856 | ---- | M] () -- C:\Users\Paul\Desktop\gmer_2.1.19163.exe
[2013.10.26 20:26:29 | 001,956,160 | ---- | M] (Farbar) -- C:\Users\Paul\Desktop\FRST64(1).exe
[2013.10.26 20:06:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2013.10.26 17:00:26 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.10.26 17:00:26 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.10.26 16:55:56 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.10.26 16:55:47 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.10.22 18:37:10 | 001,591,896 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.10.22 17:11:39 | 000,296,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.10.21 22:56:14 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2013.10.21 22:37:08 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.10.21 21:59:26 | 001,032,416 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.10.21 21:59:26 | 000,409,832 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.10.21 21:59:26 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.10.21 21:59:26 | 000,205,320 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.10.21 21:59:26 | 000,084,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.10.21 21:59:26 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.10.21 21:59:26 | 000,065,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.10.21 21:59:26 | 000,038,984 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.10.21 21:59:25 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.10.21 21:59:25 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.10.21 21:58:01 | 000,000,929 | ---- | M] () -- C:\Users\Paul\AppData.lnk
[2013.10.21 21:08:15 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.10.21 21:08:15 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.10.21 20:05:33 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.10.21 20:02:21 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2013.10.21 19:48:24 | 000,000,010 | ---- | M] () -- C:\Windows\GSetup.ini
[2013.10.21 19:32:32 | 000,207,887 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.10.21 19:32:32 | 000,207,887 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.10.26 20:29:03 | 000,377,856 | ---- | C] () -- C:\Users\Paul\Desktop\gmer_2.1.19163.exe
[2013.10.26 20:06:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2013.10.26 17:00:26 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.10.26 16:55:48 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.10.26 16:55:48 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.10.26 16:55:47 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.10.22 17:14:44 | 000,001,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013.10.21 22:56:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.10.21 22:37:08 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.10.21 22:18:51 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.10.21 22:07:44 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.10.21 21:59:35 | 000,205,320 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.10.21 21:59:34 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.10.21 21:57:43 | 000,000,929 | ---- | C] () -- C:\Users\Paul\AppData.lnk
[2013.10.21 21:08:15 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.10.21 21:08:15 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.10.21 20:43:01 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.10.21 20:24:01 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.10.21 20:02:21 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2013.10.21 19:54:41 | 000,031,272 | ---- | C] () -- C:\Windows\SysNative\AppleChargerSrv.exe
[2013.10.21 19:54:41 | 000,021,616 | ---- | C] () -- C:\Windows\SysNative\drivers\AppleCharger.sys
[2013.10.21 19:52:28 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2013.10.21 19:51:26 | 000,001,218 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
[2013.10.21 19:48:24 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2013.10.21 19:45:59 | 000,001,413 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.10.21 19:43:55 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2013.10.21 19:43:47 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2013.10.21 19:43:31 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013.10.21 19:43:20 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013.10.21 19:40:05 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013.10.21 19:39:52 | 001,591,896 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.10.21 19:39:30 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2013.10.21 19:32:17 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.10.21 19:32:17 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.10.21 19:28:58 | 2132,713,471 | -HS- | C] () -- C:\hiberfil.sys
[2013.08.31 00:47:50 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013.08.31 00:47:50 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013.08.31 00:04:52 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013.08.31 00:04:52 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013.08.30 18:53:48 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.10.26 16:32:30 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\.minecraft
[2013.10.23 09:31:47 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Audacity
[2013.10.21 22:00:10 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\AVAST Software
[2013.10.22 10:16:26 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Origin
[2013.10.26 18:44:45 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\TS3Client
[2013.10.26 22:31:46 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Windows SideBar
 
========== Purity Check ==========
 
 

< End of report >

cosinus · 27.10.2013, 15:58

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

germanGamer · 27.10.2013, 18:15

Ok, ich habe eine Frage bleiben Rootkits auch nach einer formatierung bestehen, weil wegen einer partitionierung habe ich mein System neu aufgesetzt. Sollte ich es dennoch machen?
Ich habe trotzdem mal gescannt:

Code:

ATTFilter

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16721

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.523000 GHz
Memory total: 8570245120, free: 6730158080

Downloaded database version: v2013.10.27.04
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
     10/27/2013 18:20:36
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\??\C:\Windows\system32\drivers\aswSnx.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\??\C:\Windows\system32\drivers\aswTdi.sys
\SystemRoot\system32\drivers\afd.sys
\??\C:\Windows\system32\drivers\aswRdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\Windows\system32\drivers\aswSP.sys
\SystemRoot\system32\DRIVERS\AppleCharger.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\System32\Drivers\EtronXHCI.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\System32\Drivers\EtronHub3.sys
\SystemRoot\System32\Drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\??\C:\Windows\system32\drivers\aswFsBlk.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\gdrv.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\Users\BigGamer\AppData\Local\Temp\ugddikod.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\ole32.dll
\Windows\System32\normaliz.dll
\Windows\System32\shlwapi.dll
\Windows\System32\lpk.dll
\Windows\System32\nsi.dll
\Windows\System32\iertutil.dll
\Windows\System32\gdi32.dll
\Windows\System32\shell32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\usp10.dll
\Windows\System32\setupapi.dll
\Windows\System32\user32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\oleaut32.dll
\Windows\System32\urlmon.dll
\Windows\System32\imagehlp.dll
\Windows\System32\kernel32.dll
\Windows\System32\imm32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\Wldap32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\psapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\msctf.dll
\Windows\System32\difxapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\sechost.dll
\Windows\System32\wininet.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\crypt32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007b1f060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-6\
Lower Device Object: 0xfffffa80074b2060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007b1f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007b1fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007b1f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80074b2060, DeviceName: \Device\Ide\IdeDeviceP4T0L0-6\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B56C4F9

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 716800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 718848  Numsec = 1748000768

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1748721664  Numsec = 204800000

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished

cosinus · 28.10.2013, 16:31

Du hast das flasche Log gepostet. Bitte halte dich an die Anleitung.

Zitat:

weil wegen einer partitionierung habe ich mein System neu aufgesetzt.

Dieser Satz ergibt keinen Sinn. Du weiß was eine Partition ist?

germanGamer · 28.10.2013, 17:22

Zitat:

Dieser Satz ergibt keinen Sinn. Du weiß was eine Partition ist?

Ja ich weis was eine Partition ist. Ich hatte Windows schonmal neu drauf gemacht und nach dem fertigstellen wollte ich die Festplatte in Partitionen aufteilen. Allerdings war das so nicht möglich. Ich wollte das die Windows Partition 100gb ist und der Rest 833,51 gb, aber das war bei Windows nicht möglich. Nach googlen und herumfragen habe ich erfahren das das so nichtmehr möglich ist wenn Windows drauf ist. Ich habe mir erst nichts draus gemacht, aber habe mich dann doch dafür entschieden Windows nochmal neu drauf zu machen.

Zitat:

Du hast das flasche Log gepostet. Bitte halte dich an die Anleitung.

Ich habe mich dran gehalten. Er hat mir nur ein Log angezeigt.

cosinus · 28.10.2013, 17:27

Zitat:

Allerdings war das so nicht möglich. Ich wollte das die Windows Partition 100gb ist und der Rest 833,51 gb, aber das war bei Windows nicht möglich

Aber sicher ist das bei WIndows möglich. In der Datenträgerverwaltung kann man bestehende Partitionen verkleinern. Aus der Differenz zwischen alter und neuer Partitionsgröße wird unzugeordneter Speicherplatz, den man einer neuen Partition zuweisen kann.

Wie kommst du darauf, dass das unter Windows nicht möglich ist?

Zitat:

Ich habe mich dran gehalten. Er hat mir nur ein Log angezeigt.

Anleitung mal richtig lesen, du hast nicht das Log gepostet was da steht

Zitat:

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.