Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Hola Search komplett entfernen (https://www.trojaner-board.de/138076-hola-search-komplett-entfernen.html)

Ozon 11.07.2013 21:57
Hola Search komplett entfernen
 
Hallo, ich bin neu hier. Danke, dass ihr hier Hilfe anbietet!
Beim Download eines Spiels (Trial-Version) hat sich auf meinem Laptop (Win 7 64bit) Hola Search installiert. Ich habe schon ein wenig nachgelesen und habe bisher folgendes unternommen:

- Auf Firefox die Add-ons deinstalliert
- Unter Suchmaschine Hola Search gelöscht
- alles sichtbare über Systemsteuerung deinstalliert
- AdwCleaner Scan durchgeführt
- DDS+ Scan durchgeführt

Hier die 3 Logs:

AdwCleaner

Code:
# AdwCleaner v2.305 - Datei am 11/07/2013 um 22:27:04 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Cyrill Oberholzer - EXTENSA
# Bootmodus : Normal
# Ausgeführt unter : A:\Users\Cyrill Oberholzer\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Cyrill Oberholzer\AppData\Roaming\Mozilla\Firefox\Profiles\6hnt4jt3.default\searchplugins\holasearch.xml
Ordner Gelöscht : C:\Program Files (x86)\FreeRIP3
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\FreeRIP
Ordner Gelöscht : C:\ProgramData\IBUpdaterService
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeRIP3
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Users\Cyrill Oberholzer\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Cyrill Oberholzer\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\CYRILL~1\AppData\Local\Temp\boost_interprocess

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.holasearch.com/?babsrc=HP_ss&mntrId=9AC0C80AA94A8D71&affID=121963&tsp=4940 --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Cyrill Oberholzer\AppData\Roaming\Mozilla\Firefox\Profiles\6hnt4jt3.default\prefs.js

C:\Users\Cyrill Oberholzer\AppData\Roaming\Mozilla\Firefox\Profiles\6hnt4jt3.default\user.js ... Gelöscht !

Gelöscht : user_pref("extensions.holasearch.admin", false);
Gelöscht : user_pref("extensions.holasearch.aflt", "babsst");
Gelöscht : user_pref("extensions.holasearch.appId", "{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}");
Gelöscht : user_pref("extensions.holasearch.autoRvrt", "false");
Gelöscht : user_pref("extensions.holasearch.dfltLng", "de");
Gelöscht : user_pref("extensions.holasearch.excTlbr", false);
Gelöscht : user_pref("extensions.holasearch.ffxUnstlRst", false);
Gelöscht : user_pref("extensions.holasearch.id", "9ac004fa000000000000c80aa94a8d71");
Gelöscht : user_pref("extensions.holasearch.instlDay", "15897");
Gelöscht : user_pref("extensions.holasearch.instlRef", "sst");
Gelöscht : user_pref("extensions.holasearch.newTab", false);
Gelöscht : user_pref("extensions.holasearch.prdct", "holasearch");
Gelöscht : user_pref("extensions.holasearch.prtnrId", "holasearch");
Gelöscht : user_pref("extensions.holasearch.rvrt", "false");
Gelöscht : user_pref("extensions.holasearch.smplGrp", "none");
Gelöscht : user_pref("extensions.holasearch.tlbrId", "base");
Gelöscht : user_pref("extensions.holasearch.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.holasearch.vrsn", "1.8.16.16");
Gelöscht : user_pref("extensions.holasearch.vrsnTs", "1.8.16.1617:28:09");
Gelöscht : user_pref("extensions.holasearch.vrsni", "1.8.16.16");

Datei : C:\Users\Mami & Papi\AppData\Roaming\Mozilla\Firefox\Profiles\q76snd8p.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Papi\AppData\Roaming\Mozilla\Firefox\Profiles\c77yqdn9.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [4152 octets] - [11/07/2013 22:27:04]

########## EOF - C:\AdwCleaner[S1].txt - [4212 octets] ##########

DDS

Code:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.25.2
Run by Cyrill Oberholzer at 22:35:13 on 2013-07-11
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.41.1031.18.4061.2402 [GMT 2:00]
.
AV: G Data InternetSecurity 2014 *Enabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
SP: G Data InternetSecurity 2014 *Enabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Users\CYRILL~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Launch Manager\LManager.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0807&m=extensa_7630g&r=27361210i316l0413z195i5691u925
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.EXE
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [G Data AntiVirus Tray] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
mRun: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: An OneNote s&enden - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 212.98.37.128 194.230.55.99
TCP: Interfaces\{7BED5AE8-A88C-4166-9466-41EA1523D22E} : DHCPNameServer = 212.98.37.128 194.230.55.99
TCP: Interfaces\{99944344-D00D-4FD7-ACAE-2B278924A03B}\430303030243030303 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Cyrill Oberholzer\AppData\Roaming\Mozilla\Firefox\Profiles\6hnt4jt3.default\
FF - prefs.js: browser.startup.homepage - google.ch
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}\components\BanksafeXPCOM.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Cyrill Oberholzer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 GDBehave;GDBehave;C:\Windows\System32\drivers\GDBehave.sys [2013-6-28 60248]
R1 GDMnIcpt;GDMnIcpt;C:\Windows\System32\drivers\MiniIcpt.sys [2013-6-28 130392]
R1 gdwfpcd;G Data WFP CD;C:\Windows\System32\drivers\gdwfpcd64.sys [2013-6-28 64856]
R1 HookCentre;HookCentre;C:\Windows\System32\drivers\HookCentre.sys [2013-6-28 65368]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-1-9 203264]
R2 AVKProxy;G Data AntiVirus Proxy;C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2013-3-22 1957840]
R2 AVKService;G Data Scheduler;C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2013-2-25 635344]
R2 AVKWCtl;G Data Dateisystem Wächter;C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2013-6-21 2555360]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2010-1-9 24576]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-14 27136]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-18 144640]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-1-9 240160]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2010-1-9 292864]
R3 GDFwSvc;G Data Personal Firewall;C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2013-3-22 2926672]
R3 GDPkIcpt;GDPkIcpt;C:\Windows\System32\drivers\PktIcpt.sys [2013-6-28 62808]
R3 GDScan;G Data Scanner;C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [2013-2-25 696808]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2010-1-9 143320]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-9 6952960]
S3 GdNetMon;G Data Network Monitor;C:\Windows\System32\drivers\GdNetMon64.sys [2011-8-16 31448]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-18 50432]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-8 59392]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-24 1255736]
.
=============== Created Last 30 ================
.
2013-07-11 15:28:06        --------        d-----w-        C:\Users\Cyrill Oberholzer\AppData\Roaming\Microsoft Games
2013-07-11 15:27:36        --------        d-----w-        C:\Users\Cyrill Oberholzer\AppData\Roaming\SeeSimilar
2013-07-11 15:27:08        19632        ----a-w-        C:\Windows\System32\roboot64.exe
2013-07-10 12:13:34        571904        ----a-w-        C:\Program Files\Windows Defender\MpClient.dll
2013-07-09 11:30:15        9552976        ----a-w-        C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D4E0B92B-7CCA-451D-9127-FD2366C0BB7A}\mpengine.dll
2013-06-28 14:04:38        62808        ----a-w-        C:\Windows\System32\drivers\PktIcpt.sys
2013-06-28 14:04:13        64856        ----a-w-        C:\Windows\System32\drivers\gdwfpcd64.sys
2013-06-28 14:04:06        65368        ----a-w-        C:\Windows\System32\drivers\HookCentre.sys
2013-06-28 14:04:06        60248        ----a-w-        C:\Windows\System32\drivers\GDBehave.sys
2013-06-28 14:04:06        130392        ----a-w-        C:\Windows\System32\drivers\MiniIcpt.sys
2013-06-28 14:02:37        --------        d-----w-        C:\Program Files (x86)\Common Files\G Data
2013-06-28 13:58:20        --------        d-----w-        C:\Windows\SysWow64\wbem\Logs
2013-06-24 13:59:23        96168        ----a-w-        C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-19 11:00:38        --------        d--h--w-        C:\Program Files (x86)\Common Files\EAInstaller
2013-06-19 11:00:10        1974616        ----a-w-        C:\Windows\SysWow64\D3DCompiler_42.dll
2013-06-19 11:00:09        1892184        ----a-w-        C:\Windows\SysWow64\D3DX9_42.dll
2013-06-19 11:00:08        4178264        ----a-w-        C:\Windows\SysWow64\D3DX9_41.dll
2013-06-19 11:00:07        4379984        ----a-w-        C:\Windows\SysWow64\D3DX9_40.dll
2013-06-19 11:00:07        3851784        ----a-w-        C:\Windows\SysWow64\D3DX9_39.dll
2013-06-19 11:00:05        3850760        ----a-w-        C:\Windows\SysWow64\D3DX9_38.dll
2013-06-19 11:00:05        3786760        ----a-w-        C:\Windows\SysWow64\D3DX9_37.dll
2013-06-19 11:00:04        3734536        ----a-w-        C:\Windows\SysWow64\d3dx9_36.dll
2013-06-19 11:00:03        3727720        ----a-w-        C:\Windows\SysWow64\d3dx9_35.dll
2013-06-19 11:00:03        3497832        ----a-w-        C:\Windows\SysWow64\d3dx9_34.dll
2013-06-19 11:00:00        3495784        ----a-w-        C:\Windows\SysWow64\d3dx9_33.dll
2013-06-19 10:50:15        --------        d-----w-        C:\Users\Cyrill Oberholzer\AppData\Roaming\Origin
2013-06-19 10:50:15        --------        d-----w-        C:\Program Files (x86)\Origin Games
2013-06-19 10:49:12        --------        d-----w-        C:\Users\Cyrill Oberholzer\AppData\Local\Origin
2013-06-19 10:46:54        --------        d-----w-        C:\ProgramData\Origin
2013-06-19 10:46:52        --------        d-----w-        C:\ProgramData\Electronic Arts
2013-06-19 10:46:40        --------        d-----w-        C:\Program Files (x86)\Origin
2013-06-12 12:55:01        30720        ----a-w-        C:\Windows\System32\cryptdlg.dll
2013-06-12 12:55:01        24576        ----a-w-        C:\Windows\SysWow64\cryptdlg.dll
.
==================== Find3M  ====================
.
2013-06-24 13:59:09        867240        ----a-w-        C:\Windows\SysWow64\npDeployJava1.dll
2013-06-24 13:59:09        789416        ----a-w-        C:\Windows\SysWow64\deployJava1.dll
2013-06-11 23:43:37        1767936        ----a-w-        C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00        2877440        ----a-w-        C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58        61440        ----a-w-        C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58        109056        ----a-w-        C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20        2241024        ----a-w-        C:\Windows\System32\wininet.dll
2013-06-11 23:25:16        3958784        ----a-w-        C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13        67072        ----a-w-        C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13        136704        ----a-w-        C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45        71680        ----a-w-        C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58        89600        ----a-w-        C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-11 20:52:19        71048        ----a-w-        C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 20:52:19        692104        ----a-w-        C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-07 03:22:18        2706432        ----a-w-        C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52        2706432        ----a-w-        C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27        3153920        ----a-w-        C:\Windows\System32\win32k.sys
2013-06-04 06:00:13        624128        ----a-w-        C:\Windows\System32\qedit.dll
2013-06-04 04:53:07        509440        ----a-w-        C:\Windows\SysWow64\qedit.dll
2013-05-13 05:51:01        184320        ----a-w-        C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00        1464320        ----a-w-        C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00        139776        ----a-w-        C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40        52224        ----a-w-        C:\Windows\System32\certenc.dll
2013-05-13 04:45:55        140288        ----a-w-        C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55        1160192        ----a-w-        C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55        103936        ----a-w-        C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55        1192448        ----a-w-        C:\Windows\System32\certutil.exe
2013-05-13 03:08:10        903168        ----a-w-        C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06        43008        ----a-w-        C:\Windows\SysWow64\certenc.dll
2013-05-09 12:05:48        16944        ----a-w-        C:\Windows\System32\drivers\GdPhyMem.sys
2013-05-08 06:39:01        1910632        ----a-w-        C:\Windows\System32\drivers\tcpip.sys
2013-05-06 06:03:49        1887744        ----a-w-        C:\Windows\System32\WMVDECOD.DLL
2013-05-06 04:56:35        1620480        ----a-w-        C:\Windows\SysWow64\WMVDECOD.DLL
2013-05-02 11:59:45        1059173        ----a-w-        C:\Windows\SysWow64\sig.bin
2013-05-02 00:06:08        278800        ------w-        C:\Windows\System32\MpSigStub.exe
2013-04-26 05:51:36        751104        ----a-w-        C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21        492544        ----a-w-        C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32        1505280        ----a-w-        C:\Windows\SysWow64\d3d11.dll
2013-04-17 07:02:06        1230336        ----a-w-        C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46        1424384        ----a-w-        C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23        135168        ----a-w-        C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19        350208        ----a-w-        C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19        308736        ----a-w-        C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19        111104        ----a-w-        C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16        474624        ----a-w-        C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15        2176512        ----a-w-        C:\Windows\apppatch\AcGenral.dll
.
============= FINISH: 22:36:46.27 ===============

Attach

Code:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 15.12.2010 14:50:43
System Uptime: 11.07.2013 22:28:41 (0 hours ago)
.
Motherboard: Acer            |  | Monserrat     
Processor: Intel(R) Core(TM)2 Duo CPU    T6600  @ 2.20GHz | U2E1 | 2200/200mhz
.
==== Disk Partitions =========================
.
A: is FIXED (NTFS) - 96 GiB total, 47.708 GiB free.
C: is FIXED (NTFS) - 124 GiB total, 68.859 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP270: 02.07.2013 13:41:36 - Windows Update
RP271: 09.07.2013 13:29:06 - Windows Update
RP272: 11.07.2013 14:07:58 - Windows Update
RP273: 11.07.2013 20:31:23 - Windows Update
.
==== Installed Programs ======================
.
Acer Crystal Eye Webcam
Acer Empowering Technology
Acer ePower Management
Acer eRecovery Management
Acer GameZone Console
Acer GridVista
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.5 MUI
Adobe Shockwave Player 11.6
Alice Greenfingers
Amazonia
ATI AVIVO64 Codecs
ATI Catalyst Install Manager
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDBurnerXP
Chicken Invaders 2
Craften Terminal 3.3.4897.28268
Dairy Dash
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dream Day First Home
Farm Frenzy 2
First Class Flurry
FlightGear v2.6.0.1
Free Mp3 Wma Converter V 1.9
FreeRIP v3.5
G Data InternetSecurity 2014
Granny In Paradise
HDAUDIO Soft Data Fax Modem with SmartCP
Heroes of Hellas
Identity Card
ImgBurn
Intel® Matrix Storage Manager
InterVideo WinDVD 8
Java 7 Update 25
Java Auto Updater
JMicron Flash Media Controller Driver
Junk Mail filter update
Landwirtschafts Simulator 2013
Launch Manager
Merriam Websters Spell Jam
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared 32-bit MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (German) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Native Client
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Moorhuhn X
Mozilla Firefox 21.0 (x86 de)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NTI Shadow
OpenAL
Origin
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 64-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 64-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition
SimCity™
swMSM
Synaptics Pointing Device Driver
Unity Web Player
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
VLC media player 1.1.5
Windows Live-Uploadtool
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Sync
Windows Live Writer
WinRAR
.
==== End Of File ===========================

Ich hoffe, dass ich nicht schon zuviel unternommen habe und dass mir jemand helfen kann. Bin dankbar für jede Hilfestellung.

schrauber 12.07.2013 04:33
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Ozon 12.07.2013 15:07
Danke für die Antwort!

Hier die Logs:

FRST


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-07-2013 01
Ran by Cyrill Oberholzer (administrator) on 12-07-2013 16:02:04
Running from A:\Users\Cyrill Oberholzer\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
() C:\Windows\PLFSetI.exe
(Realtek Semiconductor Corp.) C:\Users\CYRILL~1\AppData\Local\Temp\RtkBtMnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981600 2009-07-23] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [492032 2009-07-21] (Acer Inc.)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206072 2009-12-14] ()
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.EXE [887304 2009-09-24] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [G Data AntiVirus Tray] - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe [1444304 2013-03-22] (G Data Software AG)
HKLM-x32\...\Run: [GDFirewallTray] - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1854928 2013-03-22] (G Data Software AG)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2009-11-25] ()
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2009-11-25] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0807&m=extensa_7630g&r=27361210i316l0413z195i5691u925
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 212.98.37.128 194.230.55.99

FireFox:
========
FF ProfilePath: C:\Users\Cyrill Oberholzer\AppData\Roaming\Mozilla\Firefox\Profiles\6hnt4jt3.default
FF Homepage: google.ch
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=1.1.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Cyrill Oberholzer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: No Name - C:\Users\Cyrill Oberholzer\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Users\Cyrill Oberholzer\AppData\Roaming\Mozilla\Firefox\Profiles\6hnt4jt3.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - C:\Users\Cyrill Oberholzer\AppData\Roaming\Mozilla\Firefox\Profiles\6hnt4jt3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==================== Services (Whitelisted) =================

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1957840 2013-03-22] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [635344 2013-02-25] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2555360 2013-06-21] (G Data Software AG)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2009-08-12] ()
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2926672 2013-03-22] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [696808 2013-02-25] (G Data Software AG)

==================== Drivers (Whitelisted) ====================

R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [60248 2013-06-29] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [130392 2013-06-29] (G Data Software AG)
S3 GdNetMon; C:\Windows\system32\drivers\GdNetMon64.sys [31448 2011-08-16] (G Data Software AG)
S3 GdNetMon; C:\Windows\system32\drivers\GdNetMon64.sys [31448 2011-08-16] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [62808 2013-06-28] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64856 2013-06-29] (G Data Software AG)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65368 2013-06-29] (G Data Software AG)
R2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [17952 2008-09-30] (Acer, Inc.)
R2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [17952 2008-09-30] (Acer, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-12 16:01 - 2013-07-12 16:01 - 00000000 ____D C:\FRST
2013-07-12 12:16 - 2013-07-12 12:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-11 22:27 - 2013-07-11 22:27 - 00004275 _____ C:\AdwCleaner[S1].txt
2013-07-11 17:28 - 2013-07-11 17:28 - 00000000 ____D C:\Users\Cyrill Oberholzer\AppData\Roaming\Microsoft Games
2013-07-11 17:27 - 2013-07-11 17:27 - 00000000 ____D C:\Users\Cyrill Oberholzer\AppData\Roaming\SeeSimilar
2013-07-11 17:27 - 2012-12-19 15:53 - 00019632 _____ (PerformerSoft LLC) C:\Windows\system32\roboot64.exe
2013-07-11 14:19 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 14:19 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 14:19 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 14:19 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 14:19 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 14:19 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 14:19 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 14:19 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 14:19 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 14:19 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 14:19 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 14:19 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 14:19 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 14:19 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 14:19 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 14:19 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 14:19 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 14:19 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 14:19 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 14:19 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 14:19 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 14:19 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 14:19 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 14:19 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 14:19 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 14:19 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 14:19 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 14:19 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 14:19 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 14:19 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 14:19 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 14:13 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 14:13 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 14:13 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 14:13 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 14:13 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 14:13 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 14:13 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-06-28 16:04 - 2013-06-29 17:09 - 00065368 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2013-06-28 16:04 - 2013-06-29 17:09 - 00064856 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2013-06-28 16:04 - 2013-06-29 17:09 - 00001982 _____ C:\Users\Public\Desktop\G Data InternetSecurity 2014.lnk
2013-06-28 16:04 - 2013-06-29 17:08 - 00130392 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2013-06-28 16:04 - 2013-06-29 17:08 - 00060248 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2013-06-28 16:04 - 2013-06-28 16:04 - 00062808 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2013-06-24 15:59 - 2013-06-24 15:59 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-24 15:59 - 2013-06-24 15:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-24 15:59 - 2013-06-24 15:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-24 15:59 - 2013-06-24 15:59 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-24 15:59 - 2013-06-24 15:59 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-20 16:06 - 2013-06-20 16:07 - 00000000 ____D C:\Users\Horizon Papi Special\region
2013-06-20 16:06 - 2013-06-20 16:06 - 00000000 ____D C:\Users\Horizon Papi Special\players
2013-06-20 16:06 - 2013-06-20 16:06 - 00000000 ____D C:\Users\Horizon Papi Special\DIM-1
2013-06-20 16:06 - 2013-06-20 16:06 - 00000000 ____D C:\Users\Horizon Papi Special\DIM1
2013-06-20 16:06 - 2013-06-20 16:06 - 00000000 ____D C:\Users\Horizon Papi Special\data
2013-06-20 16:06 - 2013-06-20 16:06 - 00000000 ____D C:\Users\Horizon Papi Special
2013-06-20 16:06 - 2013-06-17 18:36 - 00001018 _____ C:\Users\Horizon Papi Special\level.dat_old
2013-06-20 16:06 - 2013-06-17 18:36 - 00001017 _____ C:\Users\Horizon Papi Special\level.dat
2013-06-20 16:06 - 2013-06-17 18:33 - 00000008 _____ C:\Users\Horizon Papi Special\session.lock
2013-06-20 16:06 - 2013-02-18 14:42 - 00000369 _____ C:\Users\Horizon Papi Special\level.dat_mcr
2013-06-19 13:00 - 2013-06-19 13:00 - 00001280 _____ C:\Users\Public\Desktop\SimCity™.lnk
2013-06-19 13:00 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-06-19 13:00 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-06-19 13:00 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-06-19 13:00 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2013-06-19 13:00 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-06-19 13:00 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2013-06-19 13:00 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2013-06-19 13:00 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2013-06-19 13:00 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2013-06-19 13:00 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2013-06-19 13:00 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-06-19 12:50 - 2013-06-19 14:38 - 00000000 ____D C:\Users\Cyrill Oberholzer\AppData\Roaming\Origin
2013-06-19 12:50 - 2013-06-19 12:51 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-06-19 12:49 - 2013-06-19 12:50 - 00000000 ____D C:\Users\Cyrill Oberholzer\AppData\Local\Origin
2013-06-19 12:46 - 2013-07-11 14:20 - 00000000 ____D C:\Program Files (x86)\Origin
2013-06-19 12:46 - 2013-06-19 13:01 - 00000000 ____D C:\ProgramData\Origin
2013-06-19 12:46 - 2013-06-19 13:01 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-06-19 12:46 - 2013-06-19 12:46 - 00000987 _____ C:\Users\Public\Desktop\Origin.lnk
2013-06-19 12:46 - 2013-06-19 12:46 - 00000074 _____ C:\Windows\wininit.ini
2013-06-12 14:55 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-06-12 14:55 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 14:54 - 2013-05-13 07:51 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-06-12 14:54 - 2013-05-13 07:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-06-12 14:54 - 2013-05-13 07:51 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-06-12 14:54 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-06-12 14:54 - 2013-05-13 06:45 - 01160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 14:54 - 2013-05-13 06:45 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 14:54 - 2013-05-13 06:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 14:54 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-06-12 14:54 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 14:54 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 14:54 - 2013-05-08 08:39 - 01910632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-06-12 14:54 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-06-12 14:54 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 14:54 - 2013-04-26 01:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 14:54 - 2013-04-17 09:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 14:54 - 2013-04-17 08:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-06-12 14:54 - 2013-04-01 00:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-12 16:01 - 2013-07-12 16:01 - 00000000 ____D C:\FRST
2013-07-12 16:00 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-12 16:00 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-12 15:58 - 2012-04-04 16:53 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-12 15:53 - 2012-05-07 15:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-12 15:53 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-12 15:53 - 2009-07-14 06:51 - 00103437 _____ C:\Windows\setupact.log
2013-07-12 15:50 - 2008-02-14 13:30 - 01595324 _____ C:\Windows\WindowsUpdate.log
2013-07-12 15:48 - 2009-07-14 07:13 - 01520734 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-12 15:48 - 2008-02-14 13:11 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-07-12 15:48 - 2008-02-14 13:11 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-07-12 12:16 - 2013-07-12 12:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-11 22:28 - 2010-01-09 05:09 - 01153634 _____ C:\Windows\PFRO.log
2013-07-11 22:27 - 2013-07-11 22:27 - 00004275 _____ C:\AdwCleaner[S1].txt
2013-07-11 21:41 - 2009-07-14 06:45 - 00414984 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 21:40 - 2013-03-13 23:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 21:40 - 2013-03-13 23:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 20:32 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 20:32 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 20:32 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 20:10 - 2013-02-16 20:00 - 00000000 ____D C:\Users\Cyrill Oberholzer\AppData\Roaming\.minecraft
2013-07-11 17:28 - 2013-07-11 17:28 - 00000000 ____D C:\Users\Cyrill Oberholzer\AppData\Roaming\Microsoft Games
2013-07-11 17:27 - 2013-07-11 17:27 - 00000000 ____D C:\Users\Cyrill Oberholzer\AppData\Roaming\SeeSimilar
2013-07-11 17:26 - 2010-12-15 15:50 - 00000000 ____D C:\Users\Cyrill Oberholzer
2013-07-11 14:21 - 2010-12-15 19:04 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-11 14:20 - 2013-06-19 12:46 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-11 14:19 - 2010-01-09 04:55 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-29 17:09 - 2013-06-28 16:04 - 00065368 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2013-06-29 17:09 - 2013-06-28 16:04 - 00064856 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2013-06-29 17:09 - 2013-06-28 16:04 - 00001982 _____ C:\Users\Public\Desktop\G Data InternetSecurity 2014.lnk
2013-06-29 17:08 - 2013-06-28 16:04 - 00130392 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2013-06-29 17:08 - 2013-06-28 16:04 - 00060248 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2013-06-29 16:57 - 2010-12-24 06:15 - 00000000 ____D C:\ProgramData\G Data
2013-06-28 16:04 - 2013-06-28 16:04 - 00062808 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2013-06-28 16:02 - 2010-12-24 06:15 - 00000000 ____D C:\Program Files (x86)\G Data
2013-06-28 14:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2013-06-28 14:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-06-28 14:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\com
2013-06-24 15:59 - 2013-06-24 15:59 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-24 15:59 - 2013-06-24 15:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-24 15:59 - 2013-06-24 15:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-24 15:59 - 2013-06-24 15:59 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-24 15:59 - 2013-06-24 15:59 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-24 15:59 - 2013-02-16 19:59 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-24 15:59 - 2013-02-16 19:59 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-20 16:07 - 2013-06-20 16:06 - 00000000 ____D C:\Users\Horizon Papi Special\region
2013-06-20 16:06 - 2013-06-20 16:06 - 00000000 ____D C:\Users\Horizon Papi Special\players
2013-06-20 16:06 - 2013-06-20 16:06 - 00000000 ____D C:\Users\Horizon Papi Special\DIM-1
2013-06-20 16:06 - 2013-06-20 16:06 - 00000000 ____D C:\Users\Horizon Papi Special\DIM1
2013-06-20 16:06 - 2013-06-20 16:06 - 00000000 ____D C:\Users\Horizon Papi Special\data
2013-06-20 16:06 - 2013-06-20 16:06 - 00000000 ____D C:\Users\Horizon Papi Special
2013-06-19 14:38 - 2013-06-19 12:50 - 00000000 ____D C:\Users\Cyrill Oberholzer\AppData\Roaming\Origin
2013-06-19 13:01 - 2013-06-19 12:46 - 00000000 ____D C:\ProgramData\Origin
2013-06-19 13:01 - 2013-06-19 12:46 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-06-19 13:00 - 2013-06-19 13:00 - 00001280 _____ C:\Users\Public\Desktop\SimCity™.lnk
2013-06-19 12:51 - 2013-06-19 12:50 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-06-19 12:50 - 2013-06-19 12:49 - 00000000 ____D C:\Users\Cyrill Oberholzer\AppData\Local\Origin
2013-06-19 12:46 - 2013-06-19 12:46 - 00000987 _____ C:\Users\Public\Desktop\Origin.lnk
2013-06-19 12:46 - 2013-06-19 12:46 - 00000074 _____ C:\Windows\wininit.ini
2013-06-19 12:46 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-06-17 18:36 - 2013-06-20 16:06 - 00001018 _____ C:\Users\Horizon Papi Special\level.dat_old
2013-06-17 18:36 - 2013-06-20 16:06 - 00001017 _____ C:\Users\Horizon Papi Special\level.dat
2013-06-17 18:33 - 2013-06-20 16:06 - 00000008 _____ C:\Users\Horizon Papi Special\session.lock
2013-06-17 13:24 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-15 15:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-14 12:57 - 2013-05-17 17:58 - 00000000 ____D C:\Users\Cyrill Oberholzer\AppData\Roaming\Minecraft Version Changer
2013-06-12 01:43 - 2013-07-11 14:19 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 01:43 - 2013-07-11 14:19 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 01:43 - 2013-07-11 14:19 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 01:43 - 2013-07-11 14:19 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 01:43 - 2013-07-11 14:19 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 01:43 - 2013-07-11 14:19 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 01:43 - 2013-07-11 14:19 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 01:42 - 2013-07-11 14:19 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 01:42 - 2013-07-11 14:19 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 01:42 - 2013-07-11 14:19 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-12 01:42 - 2013-07-11 14:19 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 01:42 - 2013-07-11 14:19 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 01:42 - 2013-07-11 14:19 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 01:26 - 2013-07-11 14:19 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-06-12 01:26 - 2013-07-11 14:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-06-12 01:26 - 2013-07-11 14:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-06-12 01:25 - 2013-07-11 14:19 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-06-12 01:25 - 2013-07-11 14:19 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-06-12 01:25 - 2013-07-11 14:19 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-06-12 01:25 - 2013-07-11 14:19 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-06-12 01:25 - 2013-07-11 14:19 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-06-12 01:25 - 2013-07-11 14:19 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-06-12 01:25 - 2013-07-11 14:19 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-06-12 01:25 - 2013-07-11 14:19 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-06-12 01:25 - 2013-07-11 14:19 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-06-12 01:25 - 2013-07-11 14:19 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-06-12 01:25 - 2013-07-11 14:19 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-06-12 00:51 - 2013-07-11 14:19 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 00:50 - 2013-07-11 14:19 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-04 14:39

==================== End Of Log ============================
--- --- ---



Addition

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-07-2013 01
Ran by Cyrill Oberholzer at 2013-07-12 16:03:09
Running from A:\Users\Cyrill Oberholzer\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
Acer Crystal Eye Webcam (x32 Version: 5.2.11.1)
Acer Empowering Technology (x32 Version: 3.0.3016)
Acer ePower Management (x32 Version: 3.0.3019)
Acer eRecovery Management (x32 Version: 4.05.3006)
Acer GameZone Console (x32 Version: 5.1.0.2)
Acer GridVista (x32 Version: 3.01.0730)
Acer Registration (x32 Version: 1.02.3006)
Acer ScreenSaver (x32 Version: 1.52.1209)
Acer Updater (x32 Version: 1.01.3017)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 1.5.0.7220)
Adobe Flash Player 10 ActiveX (x32 Version: 10.0.32.18)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader 9.5.5 MUI (x32 Version: 9.5.5)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638)
Alice Greenfingers (x32)
Amazonia (x32)
ATI AVIVO64 Codecs (Version: 10.7.0.40710)
ATI Catalyst Install Manager (Version: 3.0.732.0)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2009.0710.1127.18698)
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0710.1127.18698)
Catalyst Control Center Graphics Full New (x32 Version: 2009.0710.1127.18698)
Catalyst Control Center Graphics Light (x32 Version: 2009.0710.1127.18698)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0710.1127.18698)
Catalyst Control Center InstallProxy (x32 Version: 2009.0710.1127.18698)
Catalyst Control Center Localization All (x32 Version: 2009.0710.1127.18698)
CCC Help Chinese Standard (x32 Version: 2009.0710.1126.18698)
CCC Help Chinese Traditional (x32 Version: 2009.0710.1126.18698)
CCC Help Czech (x32 Version: 2009.0710.1126.18698)
CCC Help Danish (x32 Version: 2009.0710.1126.18698)
CCC Help Dutch (x32 Version: 2009.0710.1126.18698)
CCC Help English (x32 Version: 2009.0710.1126.18698)
CCC Help Finnish (x32 Version: 2009.0710.1126.18698)
CCC Help French (x32 Version: 2009.0710.1126.18698)
CCC Help German (x32 Version: 2009.0710.1126.18698)
CCC Help Greek (x32 Version: 2009.0710.1126.18698)
CCC Help Hungarian (x32 Version: 2009.0710.1126.18698)
CCC Help Italian (x32 Version: 2009.0710.1126.18698)
CCC Help Japanese (x32 Version: 2009.0710.1126.18698)
CCC Help Korean (x32 Version: 2009.0710.1126.18698)
CCC Help Norwegian (x32 Version: 2009.0710.1126.18698)
CCC Help Polish (x32 Version: 2009.0710.1126.18698)
CCC Help Portuguese (x32 Version: 2009.0710.1126.18698)
CCC Help Russian (x32 Version: 2009.0710.1126.18698)
CCC Help Spanish (x32 Version: 2009.0710.1126.18698)
CCC Help Swedish (x32 Version: 2009.0710.1126.18698)
CCC Help Thai (x32 Version: 2009.0710.1126.18698)
CCC Help Turkish (x32 Version: 2009.0710.1126.18698)
ccc-core-static (x32 Version: 2009.0710.1127.18698)
ccc-utility64 (Version: 2009.0710.1127.18698)
CDBurnerXP (Version: 4.3.8.2474)
Chicken Invaders 2 (x32)
Craften Terminal 3.3.4897.28268 (x32 Version: 3.3.4897.28268)
Dairy Dash (x32)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dream Day First Home (x32)
Farm Frenzy 2 (x32)
First Class Flurry (x32)
FlightGear v2.6.0.1
Free Mp3 Wma Converter V 1.9 (x32 Version: 1.9.0.0)
FreeRIP v3.5 (x32 Version: 3.5)
G Data InternetSecurity 2014 (x32 Version: 24.0.2.4)
Granny In Paradise (x32)
Heroes of Hellas (x32)
Identity Card (x32 Version: 1.00.3003)
ImgBurn (x32 Version: 2.5.4.0)
Intel® Matrix Storage Manager
InterVideo WinDVD 8 (x32 Version: 8.5.10.39)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
JMicron Flash Media Controller Driver (x32 Version: 1.00.29.02)
Junk Mail filter update (x32 Version: 14.0.8089.726)
Landwirtschafts Simulator 2013 (x32 Version: 1.0)
Launch Manager (x32 Version: 3.0.07)
Merriam Websters Spell Jam (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server Native Client (Version: 9.00.4035.00)
Microsoft SQL Server VSS Writer (Version: 9.00.4035.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Moorhuhn X (x32 Version: 1.0)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
NTI Backup Now 5 (x32 Version: 5.1.2.627)
NTI Backup Now Standard (x32 Version: 5.1.2.627)
NTI Media Maker 8 (x32 Version: 8.0.12.6623)
NTI Shadow (x32 Version: 3.7.6.56)
OpenAL (x32)
Origin (x32 Version: 9.2.1.4399)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5901)
SimCity™ (x32 Version: 1.0.0.0)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 14.0.6.0)
UDIO Soft Data Fax Modem with SmartCP (Version: 7.80.4.55)
Unity Web Player (HKCU Version: )
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (x32 Version: 9.00.4035.00)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
VLC media player 1.1.5 (x32 Version: 1.1.5)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Fotogalerie (x32 Version: 14.0.8081.709)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
WinRAR

==================== Restore Points  =========================

02-07-2013 11:41:36 Windows Update
09-07-2013 11:29:06 Windows Update
11-07-2013 12:07:58 Windows Update
11-07-2013 18:31:23 Windows Update
12-07-2013 13:46:10 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {79D43607-4347-4C75-95DD-C720E5477660} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {79DC96DE-859F-4766-92AF-7406BB4B0954} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {E320103B-CB96-4CE4-93AF-D940F1852454} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {E7320255-3940-47F6-B033-63DEC58D4B3F} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/12/2013 03:45:06 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/12/2013 03:44:20 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/12/2013 11:41:17 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (07/11/2013 05:45:42 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (07/11/2013 05:19:09 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (07/11/2013 05:18:43 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (07/11/2013 05:18:36 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (07/11/2013 03:00:16 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (07/10/2013 07:22:22 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (07/09/2013 01:43:03 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005


System errors:
=============
Error: (07/12/2013 03:53:26 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (07/12/2013 03:53:26 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (07/12/2013 02:40:16 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (07/12/2013 01:22:10 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (07/12/2013 01:13:14 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (07/12/2013 01:13:08 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (07/12/2013 01:12:45 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (07/12/2013 11:06:43 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (07/12/2013 11:06:43 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (07/11/2013 10:28:56 PM) (Source: atikmdag) (User: )
Description: Display is not active


Microsoft Office Sessions:
=========================
Error: (07/12/2013 03:45:06 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\ATI\CIM\Bin64\InstallManagerApp.exe

Error: (07/12/2013 03:44:20 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\ATI\CIM\Bin64\Setup.exe

Error: (07/12/2013 11:41:17 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (07/11/2013 05:45:42 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestA:\Users\Cyrill Oberholzer\Downloads\SoftonicDownloader_fuer_zoo-tycoon-2.exe

Error: (07/11/2013 05:19:09 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestA:\Users\Cyrill Oberholzer\Downloads\SoftonicDownloader_fuer_zoo-tycoon-2.exe

Error: (07/11/2013 05:18:43 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestA:\Users\Cyrill Oberholzer\Downloads\SoftonicDownloader_fuer_zoo-tycoon-2.exe

Error: (07/11/2013 05:18:36 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestA:\Users\Cyrill Oberholzer\Downloads\SoftonicDownloader_fuer_zoo-tycoon-2.exe

Error: (07/11/2013 03:00:16 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (07/10/2013 07:22:22 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (07/09/2013 01:43:03 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005


==================== Memory info ===========================

Percentage of memory in use: 38%
Total physical RAM: 4060.93 MB
Available physical RAM: 2511.78 MB
Total Pagefile: 8120.05 MB
Available Pagefile: 6047.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive a: (Volume) (Fixed) (Total:95.52 GB) (Free:47.7 GB) NTFS (Disk=0 Partition=4)
Drive c: (Acer) (Fixed) (Total:124.27 GB) (Free:66.73 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: F24A0F8E)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=124 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=96 GB) - (Type=OF Extended)

==================== End Of Log ============================

schrauber 12.07.2013 16:45
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Ozon 12.07.2013 19:17
Hier das Log von AdwCleaner

Code:
# AdwCleaner v2.305 - Datei am 12/07/2013 um 18:26:52 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Cyrill Oberholzer - EXTENSA
# Bootmodus : Normal
# Ausgeführt unter : A:\Users\Cyrill Oberholzer\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Cyrill Oberholzer\AppData\Roaming\Mozilla\Firefox\Profiles\6hnt4jt3.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Mami & Papi\AppData\Roaming\Mozilla\Firefox\Profiles\q76snd8p.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Papi\AppData\Roaming\Mozilla\Firefox\Profiles\c77yqdn9.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [4275 octets] - [11/07/2013 22:27:04]
AdwCleaner[S2].txt - [1070 octets] - [12/07/2013 18:26:52]

########## EOF - C:\AdwCleaner[S2].txt - [1130 octets] ##########

Habe das Junkware Removal Tool ausgeführt. Jetzt ist der Status seit 2 Stunden so:

"Creating a registry backup
Checking Startup
Checking Modules
Checking Processes
Checking Services"

Ist das normal?

schrauber 12.07.2013 20:55
Brich das ab und mach den Rest :)

Ozon 12.07.2013 21:18
Alles klar, hier ist das frische FRST Log:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-07-2013 02
Ran by Cyrill Oberholzer (administrator) on 12-07-2013 22:15:24
Running from A:\Users\Cyrill Oberholzer\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
() C:\Windows\PLFSetI.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Realtek Semiconductor Corp.) C:\Users\CYRILL~1\AppData\Local\Temp\RtkBtMnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981600 2009-07-23] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [492032 2009-07-21] (Acer Inc.)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206072 2009-12-14] ()
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.EXE [887304 2009-09-24] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [G Data AntiVirus Tray] - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe [1444304 2013-03-22] (G Data Software AG)
HKLM-x32\...\Run: [GDFirewallTray] - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1854928 2013-03-22] (G Data Software AG)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2009-11-25] ()
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2009-11-25] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0807&m=extensa_7630g&r=27361210i316l0413z195i5691u925
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 212.98.37.128 194.230.55.99

FireFox:
========
FF ProfilePath: C:\Users\Cyrill Oberholzer\AppData\Roaming\Mozilla\Firefox\Profiles\6hnt4jt3.default
FF Homepage: google.ch
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=1.1.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Cyrill Oberholzer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: No Name - C:\Users\Cyrill Oberholzer\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Users\Cyrill Oberholzer\AppData\Roaming\Mozilla\Firefox\Profiles\6hnt4jt3.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - C:\Users\Cyrill Oberholzer\AppData\Roaming\Mozilla\Firefox\Profiles\6hnt4jt3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==================== Services (Whitelisted) =================

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1957840 2013-03-22] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [635344 2013-02-25] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2555360 2013-06-21] (G Data Software AG)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2009-08-12] ()
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2926672 2013-03-22] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [696808 2013-02-25] (G Data Software AG)

==================== Drivers (Whitelisted) ====================

R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [60248 2013-06-29] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [130392 2013-06-29] (G Data Software AG)
S3 GdNetMon; C:\Windows\system32\drivers\GdNetMon64.sys [31448 2011-08-16] (G Data Software AG)
S3 GdNetMon; C:\Windows\system32\drivers\GdNetMon64.sys [31448 2011-08-16] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [62808 2013-06-28] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64856 2013-06-29] (G Data Software AG)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65368 2013-06-29] (G Data Software AG)
R2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [17952 2008-09-30] (Acer, Inc.)
R2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [17952 2008-09-30] (Acer, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-12 18:32 - 2013-07-12 18:32 - 00000000 ____D C:\Windows\ERUNT
2013-07-12 18:26 - 2013-07-12 18:27 - 00001199 _____ C:\AdwCleaner[S2].txt
2013-07-12 16:01 - 2013-07-12 16:01 - 00000000 ____D C:\FRST
2013-07-12 12:16 - 2013-07-12 12:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-11 22:27 - 2013-07-11 22:27 - 00004275 _____ C:\AdwCleaner[S1].txt
2013-07-11 17:28 - 2013-07-11 17:28 - 00000000 ____D C:\Users\Cyrill Oberholzer\AppData\Roaming\Microsoft Games
2013-07-11 17:27 - 2013-07-11 17:27 - 00000000 ____D C:\Users\Cyrill Oberholzer\AppData\Roaming\SeeSimilar
2013-07-11 17:27 - 2012-12-19 15:53 - 00019632 _____ (PerformerSoft LLC) C:\Windows\system32\roboot64.exe
2013-07-11 14:19 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 14:19 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 14:19 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 14:19 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 14:19 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 14:19 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 14:19 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 14:19 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 14:19 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 14:19 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 14:19 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 14:19 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 14:19 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 14:19 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 14:19 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 14:19 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 14:19 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 14:19 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 14:19 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 14:19 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 14:19 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 14:19 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 14:19 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 14:19 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 14:19 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 14:19 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 14:19 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 14:19 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 14:19 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 14:19 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 14:19 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 14:13 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 14:13 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 14:13 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 14:13 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 14:13 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 14:13 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 14:13 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-06-28 16:04 - 2013-06-29 17:09 - 00065368 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2013-06-28 16:04 - 2013-06-29 17:09 - 00064856 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2013-06-28 16:04 - 2013-06-29 17:09 - 00001982 _____ C:\Users\Public\Desktop\G Data InternetSecurity 2014.lnk
2013-06-28 16:04 - 2013-06-29 17:08 - 00130392 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2013-06-28 16:04 - 2013-06-29 17:08 - 00060248 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2013-06-28 16:04 - 2013-06-28 16:04 - 00062808 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2013-06-24 15:59 - 2013-06-24 15:59 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-24 15:59 - 2013-06-24 15:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-24 15:59 - 2013-06-24 15:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-24 15:59 - 2013-06-24 15:59 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-24 15:59 - 2013-06-24 15:59 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-20 16:06 - 2013-06-20 16:07 - 00000000 ____D C:\Users\Horizon Papi Special\region
2013-06-20 16:06 - 2013-06-20 16:06 - 00000000 ____D C:\Users\Horizon Papi Special\players
2013-06-20 16:06 - 2013-06-20 16:06 - 00000000 ____D C:\Users\Horizon Papi Special\DIM-1
2013-06-20 16:06 - 2013-06-20 16:06 - 00000000 ____D C:\Users\Horizon Papi Special\DIM1
2013-06-20 16:06 - 2013-06-20 16:06 - 00000000 ____D C:\Users\Horizon Papi Special\data
2013-06-20 16:06 - 2013-06-20 16:06 - 00000000 ____D C:\Users\Horizon Papi Special
2013-06-20 16:06 - 2013-06-17 18:36 - 00001018 _____ C:\Users\Horizon Papi Special\level.dat_old
2013-06-20 16:06 - 2013-06-17 18:36 - 00001017 _____ C:\Users\Horizon Papi Special\level.dat
2013-06-20 16:06 - 2013-06-17 18:33 - 00000008 _____ C:\Users\Horizon Papi Special\session.lock
2013-06-20 16:06 - 2013-02-18 14:42 - 00000369 _____ C:\Users\Horizon Papi Special\level.dat_mcr
2013-06-19 13:00 - 2013-06-19 13:00 - 00001280 _____ C:\Users\Public\Desktop\SimCity™.lnk
2013-06-19 13:00 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-06-19 13:00 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-06-19 13:00 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-06-19 13:00 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2013-06-19 13:00 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-06-19 13:00 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2013-06-19 13:00 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2013-06-19 13:00 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2013-06-19 13:00 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2013-06-19 13:00 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2013-06-19 13:00 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-06-19 12:50 - 2013-06-19 14:38 - 00000000 ____D C:\Users\Cyrill Oberholzer\AppData\Roaming\Origin
2013-06-19 12:50 - 2013-06-19 12:51 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-06-19 12:49 - 2013-06-19 12:50 - 00000000 ____D C:\Users\Cyrill Oberholzer\AppData\Local\Origin
2013-06-19 12:46 - 2013-07-12 21:29 - 00000000 ____D C:\Program Files (x86)\Origin
2013-06-19 12:46 - 2013-06-19 13:01 - 00000000 ____D C:\Users\All Users\Origin
2013-06-19 12:46 - 2013-06-19 13:01 - 00000000 ____D C:\Users\All Users\Electronic Arts
2013-06-19 12:46 - 2013-06-19 12:46 - 00000987 _____ C:\Users\Public\Desktop\Origin.lnk
2013-06-19 12:46 - 2013-06-19 12:46 - 00000074 _____ C:\Windows\wininit.ini
2013-06-12 14:55 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-06-12 14:55 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 14:54 - 2013-05-13 07:51 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-06-12 14:54 - 2013-05-13 07:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-06-12 14:54 - 2013-05-13 07:51 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-06-12 14:54 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-06-12 14:54 - 2013-05-13 06:45 - 01160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 14:54 - 2013-05-13 06:45 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 14:54 - 2013-05-13 06:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 14:54 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-06-12 14:54 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 14:54 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 14:54 - 2013-05-08 08:39 - 01910632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-06-12 14:54 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-06-12 14:54 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 14:54 - 2013-04-26 01:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 14:54 - 2013-04-17 09:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 14:54 - 2013-04-17 08:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-06-12 14:54 - 2013-04-01 00:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-12 21:58 - 2012-04-04 16:53 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-12 21:32 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-12 21:32 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-12 21:29 - 2013-06-19 12:46 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-12 20:57 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-12 20:57 - 2009-07-14 06:51 - 00103549 _____ C:\Windows\setupact.log
2013-07-12 20:56 - 2008-02-14 13:30 - 01641559 _____ C:\Windows\WindowsUpdate.log
2013-07-12 18:32 - 2013-07-12 18:32 - 00000000 ____D C:\Windows\ERUNT
2013-07-12 18:27 - 2013-07-12 18:26 - 00001199 _____ C:\AdwCleaner[S2].txt
2013-07-12 16:01 - 2013-07-12 16:01 - 00000000 ____D C:\FRST
2013-07-12 15:53 - 2012-05-07 15:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-12 15:48 - 2009-07-14 07:13 - 01520734 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-12 15:48 - 2008-02-14 13:11 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-07-12 15:48 - 2008-02-14 13:11 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-07-12 12:16 - 2013-07-12 12:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-11 22:28 - 2010-01-09 05:09 - 01153634 _____ C:\Windows\PFRO.log
2013-07-11 22:27 - 2013-07-11 22:27 - 00004275 _____ C:\AdwCleaner[S1].txt
2013-07-11 21:41 - 2009-07-14 06:45 - 00414984 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 21:40 - 2013-03-13 23:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 21:40 - 2013-03-13 23:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 20:32 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 20:32 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 20:32 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 20:10 - 2013-02-16 20:00 - 00000000 ____D C:\Users\Cyrill Oberholzer\AppData\Roaming\.minecraft
2013-07-11 17:28 - 2013-07-11 17:28 - 00000000 ____D C:\Users\Cyrill Oberholzer\AppData\Roaming\Microsoft Games
2013-07-11 17:27 - 2013-07-11 17:27 - 00000000 ____D C:\Users\Cyrill Oberholzer\AppData\Roaming\SeeSimilar
2013-07-11 17:26 - 2010-12-15 15:50 - 00000000 ____D C:\Users\Cyrill Oberholzer
2013-07-11 14:21 - 2010-12-15 19:04 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-11 14:19 - 2010-01-09 04:55 - 00000000 ____D C:\Users\All Users\Microsoft Help
2013-06-29 17:09 - 2013-06-28 16:04 - 00065368 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2013-06-29 17:09 - 2013-06-28 16:04 - 00064856 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2013-06-29 17:09 - 2013-06-28 16:04 - 00001982 _____ C:\Users\Public\Desktop\G Data InternetSecurity 2014.lnk
2013-06-29 17:08 - 2013-06-28 16:04 - 00130392 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2013-06-29 17:08 - 2013-06-28 16:04 - 00060248 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2013-06-29 16:57 - 2010-12-24 06:15 - 00000000 ____D C:\Users\All Users\G Data
2013-06-28 16:04 - 2013-06-28 16:04 - 00062808 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2013-06-28 16:02 - 2010-12-24 06:15 - 00000000 ____D C:\Program Files (x86)\G Data
2013-06-28 14:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2013-06-28 14:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-06-28 14:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\com
2013-06-24 15:59 - 2013-06-24 15:59 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-24 15:59 - 2013-06-24 15:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-24 15:59 - 2013-06-24 15:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-24 15:59 - 2013-06-24 15:59 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-24 15:59 - 2013-06-24 15:59 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-24 15:59 - 2013-02-16 19:59 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-24 15:59 - 2013-02-16 19:59 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-20 16:07 - 2013-06-20 16:06 - 00000000 ____D C:\Users\Horizon Papi Special\region
2013-06-20 16:06 - 2013-06-20 16:06 - 00000000 ____D C:\Users\Horizon Papi Special\players
2013-06-20 16:06 - 2013-06-20 16:06 - 00000000 ____D C:\Users\Horizon Papi Special\DIM-1
2013-06-20 16:06 - 2013-06-20 16:06 - 00000000 ____D C:\Users\Horizon Papi Special\DIM1
2013-06-20 16:06 - 2013-06-20 16:06 - 00000000 ____D C:\Users\Horizon Papi Special\data
2013-06-20 16:06 - 2013-06-20 16:06 - 00000000 ____D C:\Users\Horizon Papi Special
2013-06-19 14:38 - 2013-06-19 12:50 - 00000000 ____D C:\Users\Cyrill Oberholzer\AppData\Roaming\Origin
2013-06-19 13:01 - 2013-06-19 12:46 - 00000000 ____D C:\Users\All Users\Origin
2013-06-19 13:01 - 2013-06-19 12:46 - 00000000 ____D C:\Users\All Users\Electronic Arts
2013-06-19 13:00 - 2013-06-19 13:00 - 00001280 _____ C:\Users\Public\Desktop\SimCity™.lnk
2013-06-19 12:51 - 2013-06-19 12:50 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-06-19 12:50 - 2013-06-19 12:49 - 00000000 ____D C:\Users\Cyrill Oberholzer\AppData\Local\Origin
2013-06-19 12:46 - 2013-06-19 12:46 - 00000987 _____ C:\Users\Public\Desktop\Origin.lnk
2013-06-19 12:46 - 2013-06-19 12:46 - 00000074 _____ C:\Windows\wininit.ini
2013-06-19 12:46 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-06-17 18:36 - 2013-06-20 16:06 - 00001018 _____ C:\Users\Horizon Papi Special\level.dat_old
2013-06-17 18:36 - 2013-06-20 16:06 - 00001017 _____ C:\Users\Horizon Papi Special\level.dat
2013-06-17 18:33 - 2013-06-20 16:06 - 00000008 _____ C:\Users\Horizon Papi Special\session.lock
2013-06-17 13:24 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-15 15:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-14 12:57 - 2013-05-17 17:58 - 00000000 ____D C:\Users\Cyrill Oberholzer\AppData\Roaming\Minecraft Version Changer
2013-06-12 01:43 - 2013-07-11 14:19 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 01:43 - 2013-07-11 14:19 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 01:43 - 2013-07-11 14:19 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 01:43 - 2013-07-11 14:19 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 01:43 - 2013-07-11 14:19 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 01:43 - 2013-07-11 14:19 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 01:43 - 2013-07-11 14:19 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 01:42 - 2013-07-11 14:19 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 01:42 - 2013-07-11 14:19 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 01:42 - 2013-07-11 14:19 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-12 01:42 - 2013-07-11 14:19 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 01:42 - 2013-07-11 14:19 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 01:42 - 2013-07-11 14:19 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 01:26 - 2013-07-11 14:19 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-06-12 01:26 - 2013-07-11 14:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-06-12 01:26 - 2013-07-11 14:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-06-12 01:25 - 2013-07-11 14:19 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-06-12 01:25 - 2013-07-11 14:19 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-06-12 01:25 - 2013-07-11 14:19 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-06-12 01:25 - 2013-07-11 14:19 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-06-12 01:25 - 2013-07-11 14:19 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-06-12 01:25 - 2013-07-11 14:19 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-06-12 01:25 - 2013-07-11 14:19 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-06-12 01:25 - 2013-07-11 14:19 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-06-12 01:25 - 2013-07-11 14:19 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-06-12 01:25 - 2013-07-11 14:19 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-06-12 01:25 - 2013-07-11 14:19 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-06-12 00:51 - 2013-07-11 14:19 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 00:50 - 2013-07-11 14:19 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

Files to move or delete:
====================
C:\Users\All Users\FullRemove.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-04 14:39

==================== End Of Log ============================
--- --- ---

schrauber 12.07.2013 21:31

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Ozon 13.07.2013 11:13
ESET Log

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a1d229c1f83cfc4f9d3f180f204f1855
# engine=14370
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-12 11:03:16
# local_time=2013-07-13 01:03:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 20987 125300046 0 0
# scanned=218536
# found=0
# cleaned=0
# scan_time=8152
Security Check Log

Code:
Results of screen317's Security Check version 0.99.68 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
G Data InternetSecurity 2014 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 25 
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player 11.7.700.224 
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (22.0)
````````Process Check: objlist.exe by Laurent```````` 
 G Data InternetSecurity Firewall GDFwSvcx64.exe
 G Data InternetSecurity Firewall GDFirewallTray.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````




FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-07-2013
Ran by Cyrill Oberholzer (administrator) on 13-07-2013 12:07:45
Running from A:\Users\Cyrill Oberholzer\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
() C:\Windows\PLFSetI.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Realtek Semiconductor Corp.) C:\Users\CYRILL~1\AppData\Local\Temp\RtkBtMnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981600 2009-07-23] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [492032 2009-07-21] (Acer Inc.)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206072 2009-12-14] ()
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.EXE [887304 2009-09-24] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [G Data AntiVirus Tray] - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe [1444304 2013-03-22] (G Data Software AG)
HKLM-x32\...\Run: [GDFirewallTray] - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1854928 2013-03-22] (G Data Software AG)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2009-11-25] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2009-11-25] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0807&m=extensa_7630g&r=27361210i316l0413z195i5691u925
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 212.98.37.128 194.230.55.99

FireFox:
========
FF ProfilePath: C:\Users\Cyrill Oberholzer\AppData\Roaming\Mozilla\Firefox\Profiles\6hnt4jt3.default
FF Homepage: google.ch
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=1.1.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Cyrill Oberholzer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: No Name - C:\Users\Cyrill Oberholzer\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Users\Cyrill Oberholzer\AppData\Roaming\Mozilla\Firefox\Profiles\6hnt4jt3.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - C:\Users\Cyrill Oberholzer\AppData\Roaming\Mozilla\Firefox\Profiles\6hnt4jt3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==================== Services (Whitelisted) =================

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1957840 2013-03-22] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [635344 2013-02-25] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2555360 2013-06-21] (G Data Software AG)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2009-08-12] ()
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2926672 2013-03-22] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [696808 2013-02-25] (G Data Software AG)

==================== Drivers (Whitelisted) ====================

R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [60248 2013-06-29] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [130392 2013-06-29] (G Data Software AG)
S3 GdNetMon; C:\Windows\system32\drivers\GdNetMon64.sys [31448 2011-08-16] (G Data Software AG)
S3 GdNetMon; C:\Windows\system32\drivers\GdNetMon64.sys [31448 2011-08-16] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [62808 2013-06-28] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64856 2013-06-29] (G Data Software AG)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65368 2013-06-29] (G Data Software AG)
R2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [17952 2008-09-30] (Acer, Inc.)
R2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [17952 2008-09-30] (Acer, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-13 12:06 - 2013-07-13 12:06 - 01777859 _____ (Farbar) a:\Users\Cyrill Oberholzer\Desktop\FRST64.exe
2013-07-13 12:03 - 2013-07-13 12:03 - 00000915 _____ a:\Users\Cyrill Oberholzer\Desktop\checkup.txt
2013-07-13 11:55 - 2013-07-13 11:55 - 00890988 _____ a:\Users\Cyrill Oberholzer\Desktop\SecurityCheck.exe
2013-07-12 22:42 - 2013-07-12 22:42 - 02347384 _____ (ESET) a:\Users\Cyrill Oberholzer\Desktop\esetsmartinstaller_enu.exe
2013-07-12 18:32 - 2013-07-12 18:32 - 00000000 ____D C:\Windows\ERUNT
2013-07-12 18:29 - 2013-07-12 18:29 - 00001199 _____ a:\Users\Cyrill Oberholzer\Desktop\AdwCleaner[S2].txt
2013-07-12 18:26 - 2013-07-12 18:27 - 00001199 _____ C:\AdwCleaner[S2].txt
2013-07-12 18:25 - 2013-07-12 18:26 - 00559306 _____ (Oleg N. Scherbakov) a:\Users\Cyrill Oberholzer\Desktop\JRT.exe
2013-07-12 16:03 - 2013-07-12 16:03 - 00021197 _____ a:\Users\Cyrill Oberholzer\Desktop\Addition.txt
2013-07-12 16:01 - 2013-07-12 16:01 - 00000000 ____D C:\FRST
2013-07-12 12:16 - 2013-07-12 12:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-11 22:36 - 2013-07-11 22:36 - 00018318 _____ a:\Users\Cyrill Oberholzer\Desktop\dds.txt
2013-07-11 22:36 - 2013-07-11 22:36 - 00009135 _____ a:\Users\Cyrill Oberholzer\Desktop\attach.txt
2013-07-11 22:33 - 2013-07-11 22:33 - 00700783 ____R (Swearware) a:\Users\Cyrill Oberholzer\Desktop\dds+.exe
2013-07-11 22:27 - 2013-07-11 22:27 - 00004275 _____ C:\AdwCleaner[S1].txt
2013-07-11 22:25 - 2013-07-11 22:25 - 00662345 _____ a:\Users\Cyrill Oberholzer\Desktop\adwcleaner.exe
2013-07-11 17:28 - 2013-07-11 17:28 - 00000000 ____D C:\Users\Cyrill Oberholzer\AppData\Roaming\Microsoft Games
2013-07-11 17:27 - 2013-07-11 17:27 - 00000000 ____D C:\Users\Cyrill Oberholzer\AppData\Roaming\SeeSimilar
2013-07-11 17:27 - 2012-12-19 15:53 - 00019632 _____ (PerformerSoft LLC) C:\Windows\system32\roboot64.exe
2013-07-11 14:19 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 14:19 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 14:19 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 14:19 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 14:19 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 14:19 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 14:19 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 14:19 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 14:19 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 14:19 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 14:19 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 14:19 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 14:19 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 14:19 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 14:19 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 14:19 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 14:19 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 14:19 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 14:19 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 14:19 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 14:19 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 14:19 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 14:19 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 14:19 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 14:19 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 14:19 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 14:19 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 14:19 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 14:19 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 14:19 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 14:19 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 14:13 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 14:13 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 14:13 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 14:13 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 14:13 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 14:13 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 14:13 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-06-28 16:04 - 2013-06-29 17:09 - 00065368 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2013-06-28 16:04 - 2013-06-29 17:09 - 00064856 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2013-06-28 16:04 - 2013-06-29 17:09 - 00001982 _____ C:\Users\Public\Desktop\G Data InternetSecurity 2014.lnk
2013-06-28 16:04 - 2013-06-29 17:08 - 00130392 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2013-06-28 16:04 - 2013-06-29 17:08 - 00060248 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2013-06-28 16:04 - 2013-06-28 16:04 - 00062808 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2013-06-24 15:59 - 2013-06-24 15:59 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-24 15:59 - 2013-06-24 15:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-24 15:59 - 2013-06-24 15:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-24 15:59 - 2013-06-24 15:59 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-24 15:59 - 2013-06-24 15:59 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-20 16:06 - 2013-06-20 16:07 - 00000000 ____D C:\Users\Horizon Papi Special\region
2013-06-20 16:06 - 2013-06-20 16:06 - 00000000 ____D C:\Users\Horizon Papi Special\players
2013-06-20 16:06 - 2013-06-20 16:06 - 00000000 ____D C:\Users\Horizon Papi Special\DIM-1
2013-06-20 16:06 - 2013-06-20 16:06 - 00000000 ____D C:\Users\Horizon Papi Special\DIM1
2013-06-20 16:06 - 2013-06-20 16:06 - 00000000 ____D C:\Users\Horizon Papi Special\data
2013-06-20 16:06 - 2013-06-20 16:06 - 00000000 ____D C:\Users\Horizon Papi Special
2013-06-20 16:06 - 2013-06-17 18:36 - 00001018 _____ C:\Users\Horizon Papi Special\level.dat_old
2013-06-20 16:06 - 2013-06-17 18:36 - 00001017 _____ C:\Users\Horizon Papi Special\level.dat
2013-06-20 16:06 - 2013-06-17 18:33 - 00000008 _____ C:\Users\Horizon Papi Special\session.lock
2013-06-20 16:06 - 2013-02-18 14:42 - 00000369 _____ C:\Users\Horizon Papi Special\level.dat_mcr
2013-06-19 13:01 - 2013-06-19 13:01 - 00000000 ____D a:\Users\Cyrill Oberholzer\Documents\SimCity
2013-06-19 13:00 - 2013-06-19 13:00 - 00001280 _____ C:\Users\Public\Desktop\SimCity™.lnk
2013-06-19 13:00 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-06-19 13:00 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-06-19 13:00 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-06-19 13:00 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2013-06-19 13:00 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-06-19 13:00 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2013-06-19 13:00 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2013-06-19 13:00 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2013-06-19 13:00 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2013-06-19 13:00 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2013-06-19 13:00 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-06-19 12:50 - 2013-06-19 14:38 - 00000000 ____D C:\Users\Cyrill Oberholzer\AppData\Roaming\Origin
2013-06-19 12:50 - 2013-06-19 12:51 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-06-19 12:49 - 2013-06-19 12:50 - 00000000 ____D C:\Users\CYRILL~1\AppData\Local\Origin
2013-06-19 12:46 - 2013-07-12 21:29 - 00000000 ____D C:\Program Files (x86)\Origin
2013-06-19 12:46 - 2013-06-19 13:01 - 00000000 ____D C:\ProgramData\Origin
2013-06-19 12:46 - 2013-06-19 13:01 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-06-19 12:46 - 2013-06-19 12:46 - 00000987 _____ C:\Users\Public\Desktop\Origin.lnk
2013-06-19 12:46 - 2013-06-19 12:46 - 00000074 _____ C:\Windows\wininit.ini

==================== One Month Modified Files and Folders =======

2013-07-13 12:06 - 2013-07-13 12:06 - 01777859 _____ (Farbar) a:\Users\Cyrill Oberholzer\Desktop\FRST64.exe
2013-07-13 12:03 - 2013-07-13 12:03 - 00000915 _____ a:\Users\Cyrill Oberholzer\Desktop\checkup.txt
2013-07-13 11:58 - 2012-04-04 16:53 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-13 11:56 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-13 11:56 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-13 11:55 - 2013-07-13 11:55 - 00890988 _____ a:\Users\Cyrill Oberholzer\Desktop\SecurityCheck.exe
2013-07-13 11:53 - 2008-02-14 13:30 - 01654854 _____ C:\Windows\WindowsUpdate.log
2013-07-13 11:49 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-13 11:49 - 2009-07-14 06:51 - 00103605 _____ C:\Windows\setupact.log
2013-07-13 11:48 - 2010-01-09 05:09 - 01154468 _____ C:\Windows\PFRO.log
2013-07-12 22:42 - 2013-07-12 22:42 - 02347384 _____ (ESET) a:\Users\Cyrill Oberholzer\Desktop\esetsmartinstaller_enu.exe
2013-07-12 21:29 - 2013-06-19 12:46 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-12 18:32 - 2013-07-12 18:32 - 00000000 ____D C:\Windows\ERUNT
2013-07-12 18:29 - 2013-07-12 18:29 - 00001199 _____ a:\Users\Cyrill Oberholzer\Desktop\AdwCleaner[S2].txt
2013-07-12 18:27 - 2013-07-12 18:26 - 00001199 _____ C:\AdwCleaner[S2].txt
2013-07-12 18:26 - 2013-07-12 18:25 - 00559306 _____ (Oleg N. Scherbakov) a:\Users\Cyrill Oberholzer\Desktop\JRT.exe
2013-07-12 16:03 - 2013-07-12 16:03 - 00021197 _____ a:\Users\Cyrill Oberholzer\Desktop\Addition.txt
2013-07-12 16:01 - 2013-07-12 16:01 - 00000000 ____D C:\FRST
2013-07-12 15:53 - 2012-05-07 15:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-12 15:48 - 2009-07-14 07:13 - 01520734 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-12 15:48 - 2008-02-14 13:11 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-07-12 15:48 - 2008-02-14 13:11 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-07-12 12:16 - 2013-07-12 12:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-11 22:36 - 2013-07-11 22:36 - 00018318 _____ a:\Users\Cyrill Oberholzer\Desktop\dds.txt
2013-07-11 22:36 - 2013-07-11 22:36 - 00009135 _____ a:\Users\Cyrill Oberholzer\Desktop\attach.txt
2013-07-11 22:33 - 2013-07-11 22:33 - 00700783 ____R (Swearware) a:\Users\Cyrill Oberholzer\Desktop\dds+.exe
2013-07-11 22:27 - 2013-07-11 22:27 - 00004275 _____ C:\AdwCleaner[S1].txt
2013-07-11 22:25 - 2013-07-11 22:25 - 00662345 _____ a:\Users\Cyrill Oberholzer\Desktop\adwcleaner.exe
2013-07-11 21:41 - 2009-07-14 06:45 - 00414984 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 21:40 - 2013-03-13 23:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 21:40 - 2013-03-13 23:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 20:32 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 20:32 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 20:32 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 20:10 - 2013-02-16 20:00 - 00000000 ____D C:\Users\Cyrill Oberholzer\AppData\Roaming\.minecraft
2013-07-11 17:28 - 2013-07-11 17:28 - 00000000 ____D C:\Users\Cyrill Oberholzer\AppData\Roaming\Microsoft Games
2013-07-11 17:27 - 2013-07-11 17:27 - 00000000 ____D C:\Users\Cyrill Oberholzer\AppData\Roaming\SeeSimilar
2013-07-11 17:26 - 2010-12-15 15:50 - 00000000 ____D C:\Users\Cyrill Oberholzer
2013-07-11 14:21 - 2010-12-15 19:04 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-11 14:19 - 2010-01-09 04:55 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-03 19:01 - 2011-11-22 01:26 - 00000000 ____D a:\Users\Cyrill Oberholzer\Documents\Tütü
2013-07-02 21:10 - 2011-12-05 16:15 - 00011264 ___SH a:\Users\Cyrill Oberholzer\Documents\Thumbs.db
2013-06-29 17:09 - 2013-06-28 16:04 - 00065368 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2013-06-29 17:09 - 2013-06-28 16:04 - 00064856 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2013-06-29 17:09 - 2013-06-28 16:04 - 00001982 _____ C:\Users\Public\Desktop\G Data InternetSecurity 2014.lnk
2013-06-29 17:08 - 2013-06-28 16:04 - 00130392 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2013-06-29 17:08 - 2013-06-28 16:04 - 00060248 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2013-06-29 16:57 - 2010-12-24 06:15 - 00000000 ____D C:\ProgramData\G Data
2013-06-28 16:04 - 2013-06-28 16:04 - 00062808 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2013-06-28 16:02 - 2010-12-24 06:15 - 00000000 ____D C:\Program Files (x86)\G Data
2013-06-28 14:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2013-06-28 14:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-06-28 14:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\com
2013-06-24 15:59 - 2013-06-24 15:59 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-24 15:59 - 2013-06-24 15:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-24 15:59 - 2013-06-24 15:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-24 15:59 - 2013-06-24 15:59 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-24 15:59 - 2013-06-24 15:59 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-24 15:59 - 2013-02-16 19:59 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-24 15:59 - 2013-02-16 19:59 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-20 16:07 - 2013-06-20 16:06 - 00000000 ____D C:\Users\Horizon Papi Special\region
2013-06-20 16:06 - 2013-06-20 16:06 - 00000000 ____D C:\Users\Horizon Papi Special\players
2013-06-20 16:06 - 2013-06-20 16:06 - 00000000 ____D C:\Users\Horizon Papi Special\DIM-1
2013-06-20 16:06 - 2013-06-20 16:06 - 00000000 ____D C:\Users\Horizon Papi Special\DIM1
2013-06-20 16:06 - 2013-06-20 16:06 - 00000000 ____D C:\Users\Horizon Papi Special\data
2013-06-20 16:06 - 2013-06-20 16:06 - 00000000 ____D C:\Users\Horizon Papi Special
2013-06-19 14:38 - 2013-06-19 12:50 - 00000000 ____D C:\Users\Cyrill Oberholzer\AppData\Roaming\Origin
2013-06-19 13:01 - 2013-06-19 13:01 - 00000000 ____D a:\Users\Cyrill Oberholzer\Documents\SimCity
2013-06-19 13:01 - 2013-06-19 12:46 - 00000000 ____D C:\ProgramData\Origin
2013-06-19 13:01 - 2013-06-19 12:46 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-06-19 13:00 - 2013-06-19 13:00 - 00001280 _____ C:\Users\Public\Desktop\SimCity™.lnk
2013-06-19 12:51 - 2013-06-19 12:50 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-06-19 12:50 - 2013-06-19 12:49 - 00000000 ____D C:\Users\CYRILL~1\AppData\Local\Origin
2013-06-19 12:46 - 2013-06-19 12:46 - 00000987 _____ C:\Users\Public\Desktop\Origin.lnk
2013-06-19 12:46 - 2013-06-19 12:46 - 00000074 _____ C:\Windows\wininit.ini
2013-06-19 12:46 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-06-17 18:36 - 2013-06-20 16:06 - 00001018 _____ C:\Users\Horizon Papi Special\level.dat_old
2013-06-17 18:36 - 2013-06-20 16:06 - 00001017 _____ C:\Users\Horizon Papi Special\level.dat
2013-06-17 18:33 - 2013-06-20 16:06 - 00000008 _____ C:\Users\Horizon Papi Special\session.lock
2013-06-17 13:24 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-15 15:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-14 12:57 - 2013-05-17 17:58 - 00000000 ____D C:\Users\Cyrill Oberholzer\AppData\Roaming\Minecraft Version Changer

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-04 14:39

==================== End Of Log ============================
--- --- ---





Hoffentlich sieht alles gut aus! :crazy:

EDIT: Hab gerade gesehen, dass Adobe Flash und Adobe Reader ein Update benötigen.

schrauber 13.07.2013 12:29
Beides bitte updaten, genau :)

Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Ozon 13.07.2013 12:42
Hab ich alles gemacht :)

Hier noch das Log von Delfix:

Code:
# DelFix v10.3 - Datei am 13/07/2013 um 13:37:10 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Benutzer : Cyrill Oberholzer - EXTENSA
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Aktiviere die Benutzerkontensteuerung ... OK

~ Entferne die Bereinigungsprogramme ...

Gelöscht : C:\FRST
Gelöscht : C:\AdwCleaner[S1].txt
Gelöscht : C:\AdwCleaner[S2].txt
Gelöscht : a:\Users\Cyrill Oberholzer\Desktop\adwcleaner.exe
Gelöscht : a:\Users\Cyrill Oberholzer\Desktop\AdwCleaner[S2].txt
Gelöscht : a:\Users\Cyrill Oberholzer\Desktop\dds+.exe
Gelöscht : a:\Users\Cyrill Oberholzer\Desktop\dds.txt
Gelöscht : a:\Users\Cyrill Oberholzer\Desktop\esetsmartinstaller_enu.exe
Gelöscht : a:\Users\Cyrill Oberholzer\Desktop\FRST.txt
Gelöscht : a:\Users\Cyrill Oberholzer\Desktop\FRST64.exe
Gelöscht : a:\Users\Cyrill Oberholzer\Desktop\JRT.exe
Gelöscht : a:\Users\Cyrill Oberholzer\Desktop\SecurityCheck.exe
Gelöscht : HKLM\SOFTWARE\AdwCleaner

~ Erstelle ein Backup der Registrierungsdatenbank ... OK

~ Lösche die Wiederherstellungspunkte ...

Gelöscht : RP #270 [Windows Update | 07/02/2013 11:41:36]
Gelöscht : RP #271 [Windows Update | 07/09/2013 11:29:06]
Gelöscht : RP #272 [Windows Update | 07/11/2013 12:07:58]
Gelöscht : RP #273 [Windows Update | 07/11/2013 18:31:23]
Gelöscht : RP #274 [Windows Update | 07/12/2013 13:46:10]

Ein neuer Wiederherstellungspunkt wurde erstellt !

~ Stelle die Systemeinstellungen wieder her ... OK

########## - EOF - ##########
Sieht für mich aus, als ob jetzt alles i.O. wäre.
Möchte mich ganz herzlich für deine Unterstützung bedanken! :dankeschoen:

schrauber 13.07.2013 15:12
Gern geschehen :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Ozon 13.07.2013 15:33
Vielen Dank für die Hinweise und deine Bemühungen.
Von meiner Seite aus ist alles klar jetzt.
Werde euch gerne etwas spenden. :)

schrauber 13.07.2013 18:56
Gern geschehen und Danke :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:06 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131