Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Komische Probleme III (https://www.trojaner-board.de/140469-komische-probleme-iii.html)

Thomas030 26.08.2013 00:14
Komische Probleme III
 
Hallo Leute ... ich habe mal wieder ein Problem.

Seit kurzem möche mein Firefox ständig einen Neustart wenn ich ihn öffnen möchte um Updates zu installieren. Die ersten male habe ich mir nichts dabei gedacht aber langsam nervt es.

Außerdem befinden sich auf meiner Festplatte C einige Ordner doppelt, wie zum Beispiel "Programme" (der ist zweimal da und auf einen kann ich nicht zugreifen obwohl ich Admin bin) oder einmal in englischer Version "Documents and Setting" und einmal in deutscher "Dokumente und Einstellungen" (auch keine Zugriffsrechte, bei beiden, wie beim zweiten Programme Ordner). Dann gibt es noch einen vierten Ordner der den Zugriff verweigert, mit der Bezeichnung "$RECYCLE.BIN".

Wenn ich als Admin keine Zugriffsrechte habe, wer dann?

Ich habe avast!Free Antivirus immer laufen und auf dem neuesten Stand und mache hin und wieder mal einen Anti-Malware-Scann mit Malwarebytes ... war immer alles unauffällig und ohne Meldung.

Hier die Logs der Scanns von heute:

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.24.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Ismir Uebel :: ISMIRUEBEL-PC [Administrator]

26.08.2013 00:35:55
mbam-log-2013-08-26 (00-35-55).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 267943
Laufzeit: 2 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:47 on 26/08/2013 (Ismir Uebel)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2013 02
Ran by Ismir Uebel (administrator) on 26-08-2013 00:48:07
Running from C:\Users\Ismir Uebel\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\system: [LogonHoursAction] 2
MountPoints2: {de962ca5-77b2-11e2-92be-806e6f6e6963} - D:\Autorun.exe
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKU\täglicher Gebrauch\...\Policies\system: [LogonHoursAction] 2
HKU\täglicher Gebrauch\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\UpdatusUser\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
HKU\UpdatusUser\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\UpdatusUser\...\Policies\system: [LogonHoursAction] 2
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK-Konfigurationstool.lnk
ShortcutTarget: TP-LINK-Konfigurationstool.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK-Konfigurationstool\TWCU.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ismir Uebel\AppData\Roaming\Mozilla\Firefox\Profiles\n5e0hy97.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\Ismir Uebel\AppData\Roaming\Mozilla\Firefox\Profiles\n5e0hy97.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: DownloadHelper - C:\Users\Ismir Uebel\AppData\Roaming\Mozilla\Firefox\Profiles\n5e0hy97.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: No Name - C:\Users\Ismir Uebel\AppData\Roaming\Mozilla\Firefox\Profiles\n5e0hy97.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Ismir Uebel\AppData\Roaming\Mozilla\Firefox\Profiles\n5e0hy97.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [226624 2011-01-27] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-30] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-10-25] (Realtek Semiconductor Corporation                          )
R3 trustms; C:\Windows\System32\drivers\trustms.sys [12416 2010-11-15] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-26 00:47 - 2013-08-26 00:47 - 00000000 _____ C:\Users\Ismir Uebel\defogger_reenable
2013-08-26 00:34 - 2013-08-26 00:34 - 00377856 _____ C:\Users\Ismir Uebel\Desktop\gmer_2.1.19163.exe
2013-08-26 00:33 - 2013-08-26 00:34 - 01576630 _____ (Farbar) C:\Users\Ismir Uebel\Desktop\FRST64.exe
2013-08-26 00:33 - 2013-08-26 00:33 - 00050477 _____ C:\Users\Ismir Uebel\Desktop\Defogger.exe
2013-08-25 14:40 - 2013-08-25 15:28 - 00000000 ____D C:\Users\Ismir Uebel\Documents\Command and Conquer Generals Data
2013-08-24 08:37 - 2013-08-26 00:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-23 14:48 - 2013-08-23 15:48 - 00000000 ____D C:\Users\Ismir Uebel\Documents\Command and Conquer Generals Zero Hour Data
2013-08-23 14:14 - 2013-08-23 14:14 - 00014064 _____ C:\Users\Ismir Uebel\Desktop\Dienstplan September.odt
2013-08-23 13:30 - 2013-08-23 13:30 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\OpenOffice
2013-08-22 10:48 - 2013-08-22 11:42 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Neuer Ordner
2013-08-21 16:53 - 2013-08-21 16:53 - 03272136 _____ (Secunia) C:\Users\Ismir Uebel\Downloads\PSISetup711.exe
2013-08-21 12:09 - 2013-08-21 12:09 - 00009869 _____ C:\Users\ISMIRU~1\AppData\Local\recently-used.xbel
2013-08-18 16:24 - 2013-08-18 16:24 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-08-18 13:16 - 2013-08-18 13:16 - 00003262 _____ C:\Windows\System32\Tasks\{D0C60491-CDE1-4122-94E4-5116A5D060B4}
2013-08-18 12:59 - 2013-08-18 12:59 - 00001252 _____ C:\Users\Public\Desktop\Command & Conquer.lnk
2013-08-18 12:48 - 2013-08-18 12:48 - 00000000 ____D C:\Program Files (x86)\EA Games
2013-08-18 11:15 - 2013-08-24 08:22 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-08-18 11:14 - 2013-08-18 11:15 - 04817275 _____ (Tim Kosse) C:\Users\Ismir Uebel\Downloads\FileZilla_3.7.2_win32-setup.exe
2013-08-18 11:13 - 2013-08-18 11:13 - 01620836 _____ (FileZilla Project) C:\Users\Ismir Uebel\Downloads\FileZilla_Server-0_9_41.exe
2013-08-15 09:47 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 09:47 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 09:47 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 09:47 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 09:47 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 09:47 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 09:47 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 09:47 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 09:47 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 09:47 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 09:47 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 09:47 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 08:43 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 08:43 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 08:43 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 08:43 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 08:43 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 08:43 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 08:43 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 08:43 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 08:42 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 08:42 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 08:42 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 08:42 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 08:42 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 08:42 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 08:42 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 08:42 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 08:42 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 08:42 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 08:42 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 08:42 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 08:42 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 08:42 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 08:42 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 08:42 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 08:42 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 08:42 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 08:42 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-09 20:06 - 2013-08-09 20:07 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\messer
2013-08-06 17:06 - 2013-08-06 17:22 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Resist Fotos
2013-08-06 17:04 - 2013-08-06 17:06 - 200804141 _____ C:\Users\Ismir Uebel\Downloads\Resist.zip
2013-08-06 14:48 - 2013-08-06 14:56 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Resist To Exist Shirts
2013-08-01 10:55 - 2013-08-01 10:55 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-08-01 10:54 - 2013-08-01 10:54 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-08-01 09:38 - 2013-08-01 09:39 - 162401424 _____ C:\Users\Ismir Uebel\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_de.exe
2013-07-30 16:33 - 2013-07-30 16:33 - 00000000 ____D C:\ProgramData\EA Core
2013-07-30 16:32 - 2013-07-30 16:32 - 00000000 ____D C:\Users\Ismir Uebel\Documents\MeinSpore-Kreationen
2013-07-30 16:31 - 2013-07-30 16:39 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\SPORE
2013-07-30 16:31 - 2013-07-30 16:31 - 00000000 __RHD C:\Users\Ismir Uebel\AppData\Roaming\SecuROM
2013-07-30 16:31 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2013-07-30 16:31 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-07-30 16:30 - 2013-08-18 12:59 - 00018681 _____ C:\Windows\DirectX.log
2013-07-30 16:15 - 2013-07-30 16:15 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-07-30 16:14 - 2013-07-31 19:04 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\Origin
2013-07-30 16:14 - 2013-07-30 16:15 - 00000000 ____D C:\Users\ISMIRU~1\AppData\Local\Origin
2013-07-30 16:12 - 2013-08-18 12:00 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-30 16:12 - 2013-07-30 16:15 - 00000000 ____D C:\ProgramData\Origin
2013-07-30 16:12 - 2013-07-30 16:12 - 00000979 _____ C:\Users\Public\Desktop\Origin.lnk
2013-07-30 16:12 - 2013-07-30 16:12 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-07-30 16:11 - 2013-07-30 16:11 - 16949128 _____ (Electronic Arts, Inc.) C:\Users\Ismir Uebel\Downloads\OriginThinSetup.exe
2013-07-29 11:44 - 2013-07-29 11:48 - 50742119 _____ C:\Users\Ismir Uebel\Downloads\Knochenfabrik - Ameisenstaat (1999).rar

==================== One Month Modified Files and Folders =======

2013-08-26 00:47 - 2013-08-26 00:47 - 00000484 _____ C:\Users\Ismir Uebel\Desktop\defogger_disable.log
2013-08-26 00:47 - 2013-08-26 00:47 - 00000000 _____ C:\Users\Ismir Uebel\defogger_reenable
2013-08-26 00:47 - 2013-06-05 23:18 - 00000000 ____D C:\Users\Ismir Uebel
2013-08-26 00:44 - 2013-08-24 08:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-26 00:41 - 2013-02-27 22:25 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-26 00:37 - 2009-07-14 06:45 - 00014928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-26 00:37 - 2009-07-14 06:45 - 00014928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-26 00:34 - 2013-08-26 00:34 - 00377856 _____ C:\Users\Ismir Uebel\Desktop\gmer_2.1.19163.exe
2013-08-26 00:34 - 2013-08-26 00:33 - 01576630 _____ (Farbar) C:\Users\Ismir Uebel\Desktop\FRST64.exe
2013-08-26 00:33 - 2013-08-26 00:33 - 00050477 _____ C:\Users\Ismir Uebel\Desktop\Defogger.exe
2013-08-26 00:33 - 2013-06-05 23:16 - 01184744 _____ C:\Windows\WindowsUpdate.log
2013-08-26 00:31 - 2013-05-29 12:16 - 00001075 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-26 00:31 - 2013-05-29 12:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-26 00:29 - 2013-06-05 23:16 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-26 00:29 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-26 00:29 - 2009-07-14 06:51 - 01063534 _____ C:\Windows\setupact.log
2013-08-26 00:20 - 2013-04-18 06:32 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-08-26 00:19 - 2013-02-16 02:26 - 00058764 _____ C:\Windows\PFRO.log
2013-08-25 15:28 - 2013-08-25 14:40 - 00000000 ____D C:\Users\Ismir Uebel\Documents\Command and Conquer Generals Data
2013-08-24 08:22 - 2013-08-18 11:15 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-08-23 15:48 - 2013-08-23 14:48 - 00000000 ____D C:\Users\Ismir Uebel\Documents\Command and Conquer Generals Zero Hour Data
2013-08-23 14:14 - 2013-08-23 14:14 - 00014064 _____ C:\Users\Ismir Uebel\Desktop\Dienstplan September.odt
2013-08-23 13:30 - 2013-08-23 13:30 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\OpenOffice
2013-08-22 12:31 - 2013-02-16 18:17 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Filme - intern
2013-08-22 11:42 - 2013-08-22 10:48 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Neuer Ordner
2013-08-22 10:29 - 2013-06-06 09:36 - 00071944 _____ C:\Users\ISMIRU~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-21 16:53 - 2013-08-21 16:53 - 03272136 _____ (Secunia) C:\Users\Ismir Uebel\Downloads\PSISetup711.exe
2013-08-21 13:06 - 2009-07-14 19:58 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-08-21 13:06 - 2009-07-14 19:58 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-08-21 13:06 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-21 12:17 - 2013-07-24 16:00 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\patches
2013-08-21 12:15 - 2013-04-01 12:55 - 00000000 ____D C:\Users\Ismir Uebel\.gimp-2.8
2013-08-21 12:09 - 2013-08-21 12:09 - 00009869 _____ C:\Users\ISMIRU~1\AppData\Local\recently-used.xbel
2013-08-19 22:42 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-18 19:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-18 16:28 - 2009-07-14 06:45 - 00315552 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-18 16:24 - 2013-08-18 16:24 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-08-18 13:16 - 2013-08-18 13:16 - 00003262 _____ C:\Windows\System32\Tasks\{D0C60491-CDE1-4122-94E4-5116A5D060B4}
2013-08-18 13:15 - 2013-02-15 23:14 - 00000000 ____D C:\Users\ISMIRU~1\AppData\Local\VirtualStore
2013-08-18 12:59 - 2013-08-18 12:59 - 00001252 _____ C:\Users\Public\Desktop\Command & Conquer.lnk
2013-08-18 12:59 - 2013-07-30 16:30 - 00018681 _____ C:\Windows\DirectX.log
2013-08-18 12:48 - 2013-08-18 12:48 - 00000000 ____D C:\Program Files (x86)\EA Games
2013-08-18 12:48 - 2013-07-10 18:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-18 12:00 - 2013-07-30 16:12 - 00000000 ____D C:\Program Files (x86)\Origin
2013-08-18 11:15 - 2013-08-18 11:14 - 04817275 _____ (Tim Kosse) C:\Users\Ismir Uebel\Downloads\FileZilla_3.7.2_win32-setup.exe
2013-08-18 11:15 - 2013-02-17 13:10 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\FileZilla
2013-08-18 11:13 - 2013-08-18 11:13 - 01620836 _____ (FileZilla Project) C:\Users\Ismir Uebel\Downloads\FileZilla_Server-0_9_41.exe
2013-08-15 09:43 - 2013-07-22 11:52 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 09:42 - 2013-06-06 09:59 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 12:49 - 2013-02-16 03:54 - 00000000 ____D C:\World of Warcraft
2013-08-12 18:42 - 2013-04-29 06:19 - 00001949 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2013-08-12 18:42 - 2013-04-29 06:19 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2013-08-09 20:07 - 2013-08-09 20:06 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\messer
2013-08-06 17:22 - 2013-08-06 17:06 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Resist Fotos
2013-08-06 17:06 - 2013-08-06 17:04 - 200804141 _____ C:\Users\Ismir Uebel\Downloads\Resist.zip
2013-08-06 14:57 - 2013-02-16 03:58 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Ismir
2013-08-06 14:56 - 2013-08-06 14:48 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Resist To Exist Shirts
2013-08-01 10:55 - 2013-08-01 10:55 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-08-01 10:54 - 2013-08-01 10:54 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-08-01 10:54 - 2013-02-16 03:34 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2013-08-01 10:51 - 2013-03-10 12:12 - 00011776 ___SH C:\Users\Ismir Uebel\Thumbs.db
2013-08-01 09:39 - 2013-08-01 09:38 - 162401424 _____ C:\Users\Ismir Uebel\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_de.exe
2013-07-31 19:04 - 2013-07-30 16:14 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\Origin
2013-07-30 16:39 - 2013-07-30 16:31 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\SPORE
2013-07-30 16:33 - 2013-07-30 16:33 - 00000000 ____D C:\ProgramData\EA Core
2013-07-30 16:32 - 2013-07-30 16:32 - 00000000 ____D C:\Users\Ismir Uebel\Documents\MeinSpore-Kreationen
2013-07-30 16:31 - 2013-07-30 16:31 - 00000000 __RHD C:\Users\Ismir Uebel\AppData\Roaming\SecuROM
2013-07-30 16:15 - 2013-07-30 16:15 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-07-30 16:15 - 2013-07-30 16:14 - 00000000 ____D C:\Users\ISMIRU~1\AppData\Local\Origin
2013-07-30 16:15 - 2013-07-30 16:12 - 00000000 ____D C:\ProgramData\Origin
2013-07-30 16:12 - 2013-07-30 16:12 - 00000979 _____ C:\Users\Public\Desktop\Origin.lnk
2013-07-30 16:12 - 2013-07-30 16:12 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-07-30 16:11 - 2013-07-30 16:11 - 16949128 _____ (Electronic Arts, Inc.) C:\Users\Ismir Uebel\Downloads\OriginThinSetup.exe
2013-07-29 11:48 - 2013-07-29 11:44 - 50742119 _____ C:\Users\Ismir Uebel\Downloads\Knochenfabrik - Ameisenstaat (1999).rar

Files to move or delete:
====================
C:\Users\ISMIRU~1\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\nvStInst.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\oKTSypeZ.exe.part
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\InstallHelper.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\EnumDevLib.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\IpLib.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\libeay32.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\RTLDHCP.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\RtlICS.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\RtlIhvOid.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\RtlLib.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\EnumDevLib.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\IpLib.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\libeay32.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\RTLDHCP.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\RtlICS.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\RtlIhvOid.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\RtlLib.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\WDEE85E.tmp\CddbLangDE.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\WDEBC0D.tmp\CddbLangDE.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\WDE5253.tmp\CddbLangDE.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\nsp2B29.tmp\LangDLL.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\nsp2B29.tmp\nsis_chklist.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\mProjector3175261488\mPlayer.3.1.1k.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\dotNetFx40LP_Full_x86_x64de.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\Setup.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupEngine.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUi.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUtility.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\sqmapi.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3082\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3076\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2070\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2052\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1055\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1053\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1049\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1046\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1045\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1044\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1043\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1042\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1041\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1040\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1038\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1037\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1036\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1035\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1033\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1032\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1031\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1030\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1029\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1028\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1025\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\isp3F16.tmp\_Setup.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 18:33

==================== End Of Log ============================
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-08-26 00:57:13
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD5000AAKS-00V1A0 rev.05.01D05 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ISMIRU~1\AppData\Local\Temp\kfdiauow.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\system32\wininit.exe[472] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                          0000000076fceecd 1 byte [62]
.text  C:\Windows\system32\services.exe[536] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                        0000000076fceecd 1 byte [62]
.text  C:\Windows\system32\winlogon.exe[624] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                        0000000076fceecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[708] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                          0000000076fceecd 1 byte [62]
.text  C:\Windows\system32\nvvsvc.exe[784] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                          0000000076fceecd 1 byte [62]
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[808] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112      00000000765ea30a 1 byte [62]
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                          0000000076fceecd 1 byte [62]
.text  C:\Windows\System32\svchost.exe[984] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                          0000000076fceecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[1008] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                        0000000076fceecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[264] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                          0000000076fceecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[1128] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                        0000000076fceecd 1 byte [62]
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                0000000076fceecd 1 byte [62]
.text  C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                          0000000076fceecd 1 byte [62]
.text  C:\Windows\Explorer.EXE[1548] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                0000000076fceecd 1 byte [62]
.text  C:\Windows\System32\spoolsv.exe[1664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                        0000000076fceecd 1 byte [62]
.text  C:\Windows\system32\taskhost.exe[1672] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                        0000000076fceecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[1744] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                        0000000076fceecd 1 byte [62]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1840] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112            00000000765ea30a 1 byte [62]
.text  C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[1888] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112    00000000765ea30a 1 byte [62]
.text  C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[1888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  0000000076b91465 2 bytes [B9, 76]
.text  C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[1888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000076b914bb 2 bytes [B9, 76]
.text  ...                                                                                                                                * 2
.text  C:\Windows\system32\svchost.exe[1932] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                        0000000076fceecd 1 byte [62]
.text  C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1964] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112        00000000765ea30a 1 byte [62]
.text  C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      0000000076b91465 2 bytes [B9, 76]
.text  C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155    0000000076b914bb 2 bytes [B9, 76]
.text  ...                                                                                                                                * 2
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1148] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                            00000000765ea30a 1 byte [62]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                          0000000076b91465 2 bytes [B9, 76]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                          0000000076b914bb 2 bytes [B9, 76]
.text  ...                                                                                                                                * 2
.text  C:\Windows\system32\svchost.exe[1480] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                        0000000076fceecd 1 byte [62]
.text  C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[1856] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112          00000000765ea30a 1 byte [62]
.text  C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69        0000000076b91465 2 bytes [B9, 76]
.text  C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      0000000076b914bb 2 bytes [B9, 76]
.text  ...                                                                                                                                * 2
.text  C:\Program Files\Windows Sidebar\sidebar.exe[2476] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                            0000000076fceecd 1 byte [62]
.text  C:\Windows\SysWOW64\schtasks.exe[2496] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                        00000000765ea30a 1 byte [62]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2516] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                        00000000765ea30a 1 byte [62]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000076b91465 2 bytes [B9, 76]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      0000000076b914bb 2 bytes [B9, 76]
.text  ...                                                                                                                                * 2
.text  C:\Program Files\AVAST Software\Avast\AvastUI.exe[2612] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                      00000000765ea30a 1 byte [62]
.text  C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2784] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                  00000000765ea30a 1 byte [62]
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                              000000007738fac0 5 bytes JMP 0000000100030600
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                  000000007738fb58 5 bytes JMP 0000000100030804
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                  000000007738fcb0 5 bytes JMP 0000000100030c0c
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                              0000000077390038 5 bytes JMP 0000000100030a08
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                  0000000077391920 5 bytes JMP 0000000100030e10
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                          00000000773ac4dd 5 bytes JMP 00000001000301f8
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                        00000000773b1287 5 bytes JMP 00000001000303fc
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                              00000000765ea30a 1 byte [62]
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                          00000000766c5181 5 bytes JMP 00000001001a1014
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                              00000000766c5254 5 bytes JMP 00000001001a0804
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                              00000000766c53d5 5 bytes JMP 00000001001a0a08
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                              00000000766c54c2 5 bytes JMP 00000001001a0c0c
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                              00000000766c55e2 5 bytes JMP 00000001001a0e10
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                    00000000766c567c 5 bytes JMP 00000001001a01f8
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                    00000000766c589f 5 bytes JMP 00000001001a03fc
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\sechost.dll!DeleteService                                      00000000766c5a22 5 bytes JMP 00000001001a0600
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            0000000076b91465 2 bytes [B9, 76]
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                          0000000076b914bb 2 bytes [B9, 76]
.text  ...                                                                                                                                * 2
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                            00000000771b3b10 5 bytes JMP 00000001001e075c
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                              00000000771b7ac0 5 bytes JMP 00000001001e03a4
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                  00000000771e1430 5 bytes JMP 00000001001e0b14
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                      00000000771e1490 5 bytes JMP 00000001001e0ecc
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                      00000000771e1570 5 bytes JMP 00000001001e163c
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                  00000000771e17b0 5 bytes JMP 00000001001e1284
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                      00000000771e27e0 5 bytes JMP 00000001001e19f4
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                  0000000076fceecd 1 byte [62]
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity              000007fefe866e00 5 bytes JMP 000007ff7e881dac
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                  000007fefe866f2c 5 bytes JMP 000007ff7e880ecc
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                  000007fefe867220 5 bytes JMP 000007ff7e881284
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                  000007fefe86739c 5 bytes JMP 000007ff7e88163c
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                  000007fefe867538 5 bytes JMP 000007ff7e8819f4
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                        000007fefe8675e8 5 bytes JMP 000007ff7e8803a4
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                        000007fefe86790c 5 bytes JMP 000007ff7e88075c
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\sechost.dll!DeleteService                          000007fefe867ab4 5 bytes JMP 000007ff7e880b14
.text  C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                              00000000771b3b10 5 bytes JMP 000000010044075c
.text  C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                00000000771b7ac0 5 bytes JMP 00000001004403a4
.text  C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                  00000000771e1430 5 bytes JMP 0000000100440b14
.text  C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                      00000000771e1490 5 bytes JMP 0000000100440ecc
.text  C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                        00000000771e1570 5 bytes JMP 000000010044163c
.text  C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                    00000000771e17b0 5 bytes JMP 0000000100441284
.text  C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                        00000000771e27e0 5 bytes JMP 00000001004419f4
.text  C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                  0000000076fceecd 1 byte [62]
.text  C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                000007fefe866e00 5 bytes JMP 000007ff7e881dac
.text  C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                    000007fefe866f2c 5 bytes JMP 000007ff7e880ecc
.text  C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                    000007fefe867220 5 bytes JMP 000007ff7e881284
.text  C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                  000007fefe86739c 5 bytes JMP 000007ff7e88163c
.text  C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                  000007fefe867538 5 bytes JMP 000007ff7e8819f4
.text  C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                          000007fefe8675e8 5 bytes JMP 000007ff7e8803a4
.text  C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                          000007fefe86790c 5 bytes JMP 000007ff7e88075c
.text  C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                          000007fefe867ab4 5 bytes JMP 000007ff7e880b14
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[3280] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                      0000000076fceecd 1 byte [62]
.text  C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                    00000000771b3b10 5 bytes JMP 000000010039075c
.text  C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                      00000000771b7ac0 5 bytes JMP 00000001003903a4
.text  C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                        00000000771e1430 5 bytes JMP 0000000100390b14
.text  C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                            00000000771e1490 5 bytes JMP 0000000100390ecc
.text  C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                              00000000771e1570 5 bytes JMP 000000010039163c
.text  C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                          00000000771e17b0 5 bytes JMP 0000000100391284
.text  C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                              00000000771e27e0 5 bytes JMP 00000001003919f4
.text  C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                      000007fefe866e00 5 bytes JMP 000007ff7e881dac
.text  C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                          000007fefe866f2c 5 bytes JMP 000007ff7e880ecc
.text  C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                          000007fefe867220 5 bytes JMP 000007ff7e881284
.text  C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                        000007fefe86739c 5 bytes JMP 000007ff7e88163c
.text  C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                        000007fefe867538 5 bytes JMP 000007ff7e8819f4
.text  C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                000007fefe8675e8 5 bytes JMP 000007ff7e8803a4
.text  C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                000007fefe86790c 5 bytes JMP 000007ff7e88075c
.text  C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                000007fefe867ab4 5 bytes JMP 000007ff7e880b14
.text  C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                    00000000771b3b10 5 bytes JMP 000000010036075c
.text  C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                      00000000771b7ac0 5 bytes JMP 00000001003603a4
.text  C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                        00000000771e1430 5 bytes JMP 0000000100360b14
.text  C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                            00000000771e1490 5 bytes JMP 0000000100360ecc
.text  C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                              00000000771e1570 5 bytes JMP 000000010036163c
.text  C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                          00000000771e17b0 5 bytes JMP 0000000100361284
.text  C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                              00000000771e27e0 5 bytes JMP 00000001003619f4
.text  C:\Windows\System32\svchost.exe[2548] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                        0000000076fceecd 1 byte [62]
.text  C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                      000007fefe866e00 5 bytes JMP 000007ff7e881dac
.text  C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                          000007fefe866f2c 5 bytes JMP 000007ff7e880ecc
.text  C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                          000007fefe867220 5 bytes JMP 000007ff7e881284
.text  C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                        000007fefe86739c 5 bytes JMP 000007ff7e88163c
.text  C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                        000007fefe867538 5 bytes JMP 000007ff7e8819f4
.text  C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                000007fefe8675e8 5 bytes JMP 000007ff7e8803a4
.text  C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                000007fefe86790c 5 bytes JMP 000007ff7e88075c
.text  C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                000007fefe867ab4 5 bytes JMP 000007ff7e880b14
.text  C:\Windows\system32\svchost.exe[4244] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                      000007fefe866e00 5 bytes JMP 000007ff7e881dac
.text  C:\Windows\system32\svchost.exe[4244] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                          000007fefe866f2c 5 bytes JMP 000007ff7e880ecc
.text  C:\Windows\system32\svchost.exe[4244] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                          000007fefe867220 5 bytes JMP 000007ff7e881284
.text  C:\Windows\system32\svchost.exe[4244] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                        000007fefe86739c 5 bytes JMP 000007ff7e88163c
.text  C:\Windows\system32\svchost.exe[4244] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                        000007fefe867538 5 bytes JMP 000007ff7e8819f4
.text  C:\Windows\system32\svchost.exe[4244] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                000007fefe8675e8 5 bytes JMP 000007ff7e8803a4
.text  C:\Windows\system32\svchost.exe[4244] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                000007fefe86790c 5 bytes JMP 000007ff7e88075c
.text  C:\Windows\system32\svchost.exe[4244] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                000007fefe867ab4 5 bytes JMP 000007ff7e880b14
.text  C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189                                        0000000076fceecd 1 byte [62]
.text  C:\Users\Ismir Uebel\Desktop\gmer_2.1.19163.exe[2684] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                        00000000765ea30a 1 byte [62]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [2548:4660]                                                                                        000007feee3f9688

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description                                                                        avast! mini-filter driver (aswFsBlk)
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName                                                                        aswFsBlk
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type                                                                                2
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start                                                                              2
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl                                                                        1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group                                                                              FSFilter Activity Monitor
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService                                                                    FltMgr?
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag                                                                                4
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances                                                                         
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance                                                          aswFsBlk Instance
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance                                                       
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                                                388400
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                                                  0
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk                                                                                   
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description                                                                        avast! mini-filter driver (aswMonFlt)
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName                                                                        aswMonFlt
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type                                                                              2
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start                                                                              2
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl                                                                      1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath                                                                          \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group                                                                              FSFilter Anti-Virus
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService                                                                    FltMgr?
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances                                                                         
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance                                                          aswMonFlt Instance
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance                                                     
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                                              320700
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                                                0
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt                                                                                   
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description                                                                          avast! WFP Redirect driver
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName                                                                          aswRdr
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type                                                                                  1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start                                                                                1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl                                                                          1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath                                                                            \SystemRoot\System32\Drivers\aswrdr2.sys
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group                                                                                PNP_TDI
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService                                                                      tcpip?
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters                                                                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault                                                       
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault                                                        nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr                                                                                     
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description                                                                          avast! Revert
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName                                                                          aswRvrt
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type                                                                                1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start                                                                                0
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl                                                                        1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters                                                                         
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter                                                              177
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot                                                                \Device\Harddisk0\Partition1\Windows
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter                                                              1386102
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown                                                          1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt                                                                                     
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description                                                                          avast! virtualization driver (aswSnx)
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName                                                                          aswSnx
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type                                                                                  2
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start                                                                                1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl                                                                          1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group                                                                                FSFilter Virtualization
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService                                                                      FltMgr?
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag                                                                                  3
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances                                                                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance                                                            aswSnx Instance
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance                                                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude                                                    137600
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags                                                      0
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters                                                                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder                                                                \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder                                                              \DosDevices\C:\Program Files\AVAST Software\Avast
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx                                                                                     
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description                                                                            avast! Self Protection
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName                                                                            aswSP
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type                                                                                  1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start                                                                                  1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl                                                                          1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters                                                                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield                                                                1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder                                                                  \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder                                                                \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder                                                          \DosDevices\C:\Program Files
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder                                                              \DosDevices\C:\Program Files\AVAST Software\Avast
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP                                                                                       
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description                                                                          avast! Network Shield TDI driver
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName                                                                          avast! Network Shield Support
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type                                                                                  1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start                                                                                1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl                                                                          1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group                                                                                PNP_TDI
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService                                                                      tcpip?
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag                                                                                  10
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi                                                                                     
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description                                                                          avast! VM Monitor
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName                                                                          aswVmm
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type                                                                                  1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start                                                                                0
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl                                                                          1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters                                                                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm                                                                                     
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description                                                                Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName                                                                avast! Antivirus
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType                                                              1
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64                                                                      1
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type                                                                        32
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start                                                                      2
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl                                                                1
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath                                                                  "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group                                                                      ShellSvcGroup
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService                                                            aswMonFlt?RpcSS?
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName                                                                  LocalSystem
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus                                                                           
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description                                                                            avast! mini-filter driver (aswFsBlk)
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName                                                                            aswFsBlk
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type                                                                                    2
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start                                                                                  2
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl                                                                            1
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group                                                                                  FSFilter Activity Monitor
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService                                                                        FltMgr?
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag                                                                                    4
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)                                                     
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance                                                              aswFsBlk Instance
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)                                   
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                                                    388400
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                                                      0
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description                                                                            avast! mini-filter driver (aswMonFlt)
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName                                                                            aswMonFlt
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type                                                                                  2
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start                                                                                  2
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl                                                                          1
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath                                                                              \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group                                                                                  FSFilter Anti-Virus
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService                                                                        FltMgr?
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)                                                     
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance                                                              aswMonFlt Instance
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)                                 
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                                                  320700
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                                                    0
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@Description                                                                              avast! WFP Redirect driver
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName                                                                              aswRdr
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@Type                                                                                      1
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@Start                                                                                    1
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl                                                                              1
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath                                                                                \SystemRoot\System32\Drivers\aswrdr2.sys
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@Group                                                                                    PNP_TDI
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService                                                                          tcpip?
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)                                                       
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault                                                           
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault                                                            nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description                                                                              avast! Revert
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName                                                                              aswRvrt
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type                                                                                    1
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start                                                                                    0
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl                                                                            1
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)                                                     
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter                                                                  177
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot                                                                    \Device\Harddisk0\Partition1\Windows
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter                                                                  1386102
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown                                                              1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@Description                                                                              avast! virtualization driver (aswSnx)
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName                                                                              aswSnx
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@Type                                                                                      2
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@Start                                                                                    1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl                                                                              1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@Group                                                                                    FSFilter Virtualization
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService                                                                          FltMgr?
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag                                                                                      3
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)                                                       
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance                                                                aswSnx Instance
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)                                       
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude                                                        137600
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags                                                          0
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)                                                       
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder                                                                    \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder                                                                  \DosDevices\C:\Program Files\AVAST Software\Avast
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP@Description                                                                                avast! Self Protection
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName                                                                                aswSP
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP@Type                                                                                      1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP@Start                                                                                      1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl                                                                              1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)                                                       
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield                                                                    1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder                                                                      \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder                                                                    \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder                                                              \DosDevices\C:\Program Files
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder                                                                  \DosDevices\C:\Program Files\AVAST Software\Avast
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@Description                                                                              avast! Network Shield TDI driver
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName                                                                              avast! Network Shield Support
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@Type                                                                                      1
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@Start                                                                                    1
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl                                                                              1
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@Group                                                                                    PNP_TDI
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService                                                                          tcpip?
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag                                                                                      10
Reg    HKLM\SYSTEM\ControlSet002\services\aswVmm@Description                                                                              avast! VM Monitor
Reg    HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName                                                                              aswVmm
Reg    HKLM\SYSTEM\ControlSet002\services\aswVmm@Type                                                                                      1
Reg    HKLM\SYSTEM\ControlSet002\services\aswVmm@Start                                                                                    0
Reg    HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl                                                                              1
Reg    HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)                                                       
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description                                                                    Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName                                                                    avast! Antivirus
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType                                                                  1
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64                                                                          1
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type                                                                            32
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start                                                                          2
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl                                                                    1
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath                                                                      "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group                                                                          ShellSvcGroup
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService                                                                aswMonFlt?RpcSS?
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName                                                                      LocalSystem
Reg    HKLM\SYSTEM\ControlSet003\services\aswFsBlk@Description                                                                            avast! mini-filter driver (aswFsBlk)
Reg    HKLM\SYSTEM\ControlSet003\services\aswFsBlk@DisplayName                                                                            aswFsBlk
Reg    HKLM\SYSTEM\ControlSet003\services\aswFsBlk@Type                                                                                    2
Reg    HKLM\SYSTEM\ControlSet003\services\aswFsBlk@Start                                                                                  2
Reg    HKLM\SYSTEM\ControlSet003\services\aswFsBlk@ErrorControl                                                                            1
Reg    HKLM\SYSTEM\ControlSet003\services\aswFsBlk@Group                                                                                  FSFilter Activity Monitor
Reg    HKLM\SYSTEM\ControlSet003\services\aswFsBlk@DependOnService                                                                        FltMgr?
Reg    HKLM\SYSTEM\ControlSet003\services\aswFsBlk\Instances (not active ControlSet)                                                     
Reg    HKLM\SYSTEM\ControlSet003\services\aswFsBlk\Instances@DefaultInstance                                                              aswFsBlk Instance
Reg    HKLM\SYSTEM\ControlSet003\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)                                   
Reg    HKLM\SYSTEM\ControlSet003\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                                                    388400
Reg    HKLM\SYSTEM\ControlSet003\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                                                      0
Reg    HKLM\SYSTEM\ControlSet003\services\aswMonFlt@Description                                                                            avast! mini-filter driver (aswMonFlt)
Reg    HKLM\SYSTEM\ControlSet003\services\aswMonFlt@DisplayName                                                                            aswMonFlt
Reg    HKLM\SYSTEM\ControlSet003\services\aswMonFlt@Type                                                                                  2
Reg    HKLM\SYSTEM\ControlSet003\services\aswMonFlt@Start                                                                                  2
Reg    HKLM\SYSTEM\ControlSet003\services\aswMonFlt@ErrorControl                                                                          1
Reg    HKLM\SYSTEM\ControlSet003\services\aswMonFlt@ImagePath                                                                              \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg    HKLM\SYSTEM\ControlSet003\services\aswMonFlt@Group                                                                                  FSFilter Anti-Virus
Reg    HKLM\SYSTEM\ControlSet003\services\aswMonFlt@DependOnService                                                                        FltMgr?
Reg    HKLM\SYSTEM\ControlSet003\services\aswMonFlt\Instances (not active ControlSet)                                                     
Reg    HKLM\SYSTEM\ControlSet003\services\aswMonFlt\Instances@DefaultInstance                                                              aswMonFlt Instance
Reg    HKLM\SYSTEM\ControlSet003\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)                                 
Reg    HKLM\SYSTEM\ControlSet003\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                                                  320700
Reg    HKLM\SYSTEM\ControlSet003\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                                                    0
Reg    HKLM\SYSTEM\ControlSet003\services\aswRdr@Description                                                                              avast! WFP Redirect driver
Reg    HKLM\SYSTEM\ControlSet003\services\aswRdr@DisplayName                                                                              aswRdr
Reg    HKLM\SYSTEM\ControlSet003\services\aswRdr@Type                                                                                      1
Reg    HKLM\SYSTEM\ControlSet003\services\aswRdr@Start                                                                                    1
Reg    HKLM\SYSTEM\ControlSet003\services\aswRdr@ErrorControl                                                                              1
Reg    HKLM\SYSTEM\ControlSet003\services\aswRdr@ImagePath                                                                                \SystemRoot\System32\Drivers\aswrdr2.sys
Reg    HKLM\SYSTEM\ControlSet003\services\aswRdr@Group                                                                                    PNP_TDI
Reg    HKLM\SYSTEM\ControlSet003\services\aswRdr@DependOnService                                                                          tcpip?
Reg    HKLM\SYSTEM\ControlSet003\services\aswRdr\Parameters (not active ControlSet)                                                       
Reg    HKLM\SYSTEM\ControlSet003\services\aswRdr\Parameters@MSIgnoreLSPDefault                                                           
Reg    HKLM\SYSTEM\ControlSet003\services\aswRdr\Parameters@WSIgnoreLSPDefault                                                            nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg    HKLM\SYSTEM\ControlSet003\services\aswRvrt@Description                                                                              avast! Revert
Reg    HKLM\SYSTEM\ControlSet003\services\aswRvrt@DisplayName                                                                              aswRvrt
Reg    HKLM\SYSTEM\ControlSet003\services\aswRvrt@Type                                                                                    1
Reg    HKLM\SYSTEM\ControlSet003\services\aswRvrt@Start                                                                                    0
Reg    HKLM\SYSTEM\ControlSet003\services\aswRvrt@ErrorControl                                                                            1
Reg    HKLM\SYSTEM\ControlSet003\services\aswRvrt\Parameters (not active ControlSet)                                                     
Reg    HKLM\SYSTEM\ControlSet003\services\aswRvrt\Parameters@BootCounter                                                                  33
Reg    HKLM\SYSTEM\ControlSet003\services\aswRvrt\Parameters@ImproperShutdown                                                              1
Reg    HKLM\SYSTEM\ControlSet003\services\aswRvrt\Parameters@SystemRoot                                                                    \Device\Harddisk0\Partition1\Windows
Reg    HKLM\SYSTEM\ControlSet003\services\aswRvrt\Parameters@TickCounter                                                                  260886
Reg    HKLM\SYSTEM\ControlSet003\services\aswSnx@Description                                                                              avast! virtualization driver (aswSnx)
Reg    HKLM\SYSTEM\ControlSet003\services\aswSnx@DisplayName                                                                              aswSnx
Reg    HKLM\SYSTEM\ControlSet003\services\aswSnx@Type                                                                                      2
Reg    HKLM\SYSTEM\ControlSet003\services\aswSnx@Start                                                                                    1
Reg    HKLM\SYSTEM\ControlSet003\services\aswSnx@ErrorControl                                                                              1
Reg    HKLM\SYSTEM\ControlSet003\services\aswSnx@Group                                                                                    FSFilter Virtualization
Reg    HKLM\SYSTEM\ControlSet003\services\aswSnx@DependOnService                                                                          FltMgr?
Reg    HKLM\SYSTEM\ControlSet003\services\aswSnx\Instances (not active ControlSet)                                                       
Reg    HKLM\SYSTEM\ControlSet003\services\aswSnx\Instances@DefaultInstance                                                                aswSnx Instance
Reg    HKLM\SYSTEM\ControlSet003\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)                                       
Reg    HKLM\SYSTEM\ControlSet003\services\aswSnx\Instances\aswSnx Instance@Altitude                                                        137600
Reg    HKLM\SYSTEM\ControlSet003\services\aswSnx\Instances\aswSnx Instance@Flags                                                          0
Reg    HKLM\SYSTEM\ControlSet003\services\aswSnx\Parameters (not active ControlSet)                                                       
Reg    HKLM\SYSTEM\ControlSet003\services\aswSnx\Parameters@DataFolder                                                                    \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg    HKLM\SYSTEM\ControlSet003\services\aswSnx\Parameters@ProgramFolder                                                                  \DosDevices\C:\Program Files\AVAST Software\Avast
Reg    HKLM\SYSTEM\ControlSet003\services\aswSP@Description                                                                                avast! Self Protection
Reg    HKLM\SYSTEM\ControlSet003\services\aswSP@DisplayName                                                                                aswSP
Reg    HKLM\SYSTEM\ControlSet003\services\aswSP@Type                                                                                      1
Reg    HKLM\SYSTEM\ControlSet003\services\aswSP@Start                                                                                      1
Reg    HKLM\SYSTEM\ControlSet003\services\aswSP@ErrorControl                                                                              1
Reg    HKLM\SYSTEM\ControlSet003\services\aswSP\Parameters (not active ControlSet)                                                       
Reg    HKLM\SYSTEM\ControlSet003\services\aswSP\Parameters@BehavShield                                                                    1
Reg    HKLM\SYSTEM\ControlSet003\services\aswSP\Parameters@DataFolder                                                                      \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg    HKLM\SYSTEM\ControlSet003\services\aswSP\Parameters@GadgetFolder                                                                    \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg    HKLM\SYSTEM\ControlSet003\services\aswSP\Parameters@ProgramFilesFolder                                                              \DosDevices\C:\Program Files
Reg    HKLM\SYSTEM\ControlSet003\services\aswSP\Parameters@ProgramFolder                                                                  \DosDevices\C:\Program Files\AVAST Software\Avast
Reg    HKLM\SYSTEM\ControlSet003\services\aswTdi@Description                                                                              avast! Network Shield TDI driver
Reg    HKLM\SYSTEM\ControlSet003\services\aswTdi@DisplayName                                                                              avast! Network Shield Support
Reg    HKLM\SYSTEM\ControlSet003\services\aswTdi@Type                                                                                      1
Reg    HKLM\SYSTEM\ControlSet003\services\aswTdi@Start                                                                                    1
Reg    HKLM\SYSTEM\ControlSet003\services\aswTdi@ErrorControl                                                                              1
Reg    HKLM\SYSTEM\ControlSet003\services\aswTdi@Group                                                                                    PNP_TDI
Reg    HKLM\SYSTEM\ControlSet003\services\aswTdi@DependOnService                                                                          tcpip?
Reg    HKLM\SYSTEM\ControlSet003\services\aswVmm@Description                                                                              avast! VM Monitor
Reg    HKLM\SYSTEM\ControlSet003\services\aswVmm@DisplayName                                                                              aswVmm
Reg    HKLM\SYSTEM\ControlSet003\services\aswVmm@Type                                                                                      1
Reg    HKLM\SYSTEM\ControlSet003\services\aswVmm@Start                                                                                    0
Reg    HKLM\SYSTEM\ControlSet003\services\aswVmm@ErrorControl                                                                              1
Reg    HKLM\SYSTEM\ControlSet003\services\aswVmm\Parameters (not active ControlSet)                                                       
Reg    HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@Description                                                                    Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg    HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@DisplayName                                                                    avast! Antivirus
Reg    HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@ServiceSidType                                                                  1
Reg    HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@WOW64                                                                          1
Reg    HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@Type                                                                            32
Reg    HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@Start                                                                          2
Reg    HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@ErrorControl                                                                    1
Reg    HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@ImagePath                                                                      "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg    HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@Group                                                                          ShellSvcGroup
Reg    HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@DependOnService                                                                aswMonFlt?RpcSS?
Reg    HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@ObjectName                                                                      LocalSystem

---- EOF - GMER 2.1 ----
Ich würde mich freuen wenn ihr mir wieder helfen könntet und eventuell noch ein-zwei Tipps raus haut um diesen Stress zu vermeiden.

Vielen Dank schonmal ... ich bin echt froh, dass es euch gibt!

Grüße aus Berlin

schrauber 26.08.2013 07:35
hi,

Additional.txt von FRST fehlt noch :)

Thomas030 26.08.2013 09:04
Oh, Entschuldigung, hab ich wohl vergessen.

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2013
Ran by Ismir Uebel at 2013-05-28 22:36:36 Run:
Running from C:\Users\Ismir Uebel\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03)
avast! Free Antivirus (Version: 8.0.1489.0)
CDBurnerXP (Version: 4.5.1.4003)
DivX-Setup (Version: 2.6.1.32)
FileHippo.com Update Checker
FileZilla Client 3.7.0.1 (Version: 3.7.0.1)
FLV Player 2.0 (build 25) (Version: 2.0 (build 25))
FormatFactory 3.0.1 (Version: 3.0.1)
GIMP 2.8.4 (Version: 2.8.4)
jAlbum (Version: 11.0.5)
Java 7 Update 21 (64-bit) (Version: 7.0.210)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MotoHelper 2.0.45 Driver 5.0.0 (Version: 2.0.45)
MotoHelper MergeModules (Version: 1.2.0)
Motorola Mobile Drivers Installation 5.0.0 (Version: 5.0.0)
Mozilla Firefox 20.0.1 (x86 en-US) (Version: 20.0.1)
Mozilla Maintenance Service (Version: 20.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
NVIDIA 3D Vision Controller-Treiber 314.07 (Version: 314.07)
NVIDIA 3D Vision Treiber 314.07 (Version: 314.07)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA Grafiktreiber 314.07 (Version: 314.07)
NVIDIA HD-Audiotreiber 1.3.23.1 (Version: 1.3.23.1)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1407)
NVIDIA Systemsteuerung 314.07 (Version: 314.07)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
Panda USB Vaccine 1.0.1.4
Phase 5 HTML-Editor (Version: 5.6.2.3)
Secunia PSI (3.0.0.4001) (Version: 3.0.0.4001)
TeamSpeak 3 Client (Version: 3.0.10.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
WinRAR 4.20 (32-Bit) (Version: 4.20.0)
World of Warcraft (Version: 5.2.0.16826)

==================== Restore Points  =========================

10-05-2013 16:15:29 Installed MSXML 4.0 SP3 Parser
12-05-2013 11:53:05 Windows Update
13-05-2013 18:39:28 Windows Update
15-05-2013 05:06:01 Windows Update
15-05-2013 21:47:48 Windows Update
21-05-2013 10:13:27 Windows Update
28-05-2013 20:00:52 Windows Update

==================== Faulty Device Manager Devices =============

Name: Coprozessor
Description: Coprozessor
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/14/2013 06:44:36 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847, Zeitstempel: 0x51650aee
Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847, Zeitstempel: 0x51650a09
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000b10e8
ID des fehlerhaften Prozesses: 0x1334
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (05/10/2013 06:18:17 PM) (Source: Application Error) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm Secunia PSI Agent wurde wegen dieses Fehlers geschlossen.

Programm: Secunia PSI Agent
Datei:

Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
        - diese sich im Netzwerk befindet,
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
        - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.

Zusätzliche Daten
Fehlerwert: 00000000
Datenträgertyp: 0

Error: (05/10/2013 06:18:17 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.4001, Zeitstempel: 0x50602ab1
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000096
Fehleroffset: 0x00048665
ID des fehlerhaften Prozesses: 0x4b4
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3

Error: (05/07/2013 07:29:37 PM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 658

Startzeit: 01ce4b44ab87d420

Endzeit: 5332

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 9fcf88e1-b73b-11e2-b455-002511c81c08

Error: (05/01/2013 11:24:50 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/01/2013 11:24:50 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/01/2013 11:24:50 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/01/2013 11:24:49 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/01/2013 11:24:49 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/01/2013 11:24:48 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (05/28/2013 09:58:59 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (05/28/2013 09:58:59 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (05/28/2013 09:38:55 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?28.?05.?2013 um 21:33:52 unerwartet heruntergefahren.

Error: (05/28/2013 09:32:52 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?28.?05.?2013 um 21:29:34 unerwartet heruntergefahren.

Error: (05/28/2013 08:49:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (05/28/2013 08:49:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (05/28/2013 08:47:40 PM) (Source: BugCheck) (User: )
Description: 0x00000101 (0x0000000000000061, 0x0000000000000000, 0xfffff880009ea180, 0x0000000000000001)C:\Windows\MEMORY.DMP052813-19344-01

Error: (05/28/2013 08:47:34 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?28.?05.?2013 um 20:41:10 unerwartet heruntergefahren.

Error: (05/28/2013 02:55:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (05/28/2013 02:55:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (05/14/2013 06:44:36 AM) (Source: Application Error)(User: )
Description: firefox.exe20.0.1.484751650aeexul.dll20.0.1.484751650a09c0000005000b10e8133401ce505c09775580C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dllfa29b8a0-bc50-11e2-a364-002511c81c08

Error: (05/10/2013 06:18:17 PM) (Source: Application Error)(User: )
Description: Secunia PSI Agent000000000

Error: (05/10/2013 06:18:17 PM) (Source: Application Error)(User: )
Description: PSIA.exe3.0.0.400150602ab1ole32.dll6.1.7601.175144ce7b96fc0000096000486654b401ce4d994aa6af80C:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Windows\syswow64\ole32.dll38c18c80-b98d-11e2-9a3b-002511c81c08

Error: (05/07/2013 07:29:37 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.1756765801ce4b44ab87d4205332C:\Windows\Explorer.EXE9fcf88e1-b73b-11e2-b455-002511c81c08

Error: (05/01/2013 11:24:50 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll

Error: (05/01/2013 11:24:50 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll

Error: (05/01/2013 11:24:50 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\DivX\DivX Plus Media Foundation Components\ACMWrapperDMO.dll

Error: (05/01/2013 11:24:49 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll

Error: (05/01/2013 11:24:49 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll

Error: (05/01/2013 11:24:48 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\DivX\DivX Plus Media Foundation Components\ACMWrapperDMO.dll
Ohhh ich seh gerade die is von Mai 2013 ... ist ja komisch, das ist die einzige die sich bei der Suche auf meinem Rechner gefunden hat. Dann hat er vom letzten scann offensichtlich keine angefertigt.
Soll ich nochmal scannen?

schrauber 26.08.2013 09:05
Ja, FRST öffnen, Haken setzen bei Additional und scannen, dann gibt es ne neue.

Thomas030 26.08.2013 09:18
so dann hier nochmal beide ganz frisch:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2013 02
Ran by Ismir Uebel (administrator) on 26-08-2013 10:14:24
Running from C:\Users\Ismir Uebel\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\system32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\system: [LogonHoursAction] 2
MountPoints2: {de962ca5-77b2-11e2-92be-806e6f6e6963} - D:\Autorun.exe
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKU\täglicher Gebrauch\...\Policies\system: [LogonHoursAction] 2
HKU\täglicher Gebrauch\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\UpdatusUser\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
HKU\UpdatusUser\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\UpdatusUser\...\Policies\system: [LogonHoursAction] 2
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK-Konfigurationstool.lnk
ShortcutTarget: TP-LINK-Konfigurationstool.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK-Konfigurationstool\TWCU.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ismir Uebel\AppData\Roaming\Mozilla\Firefox\Profiles\n5e0hy97.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\Ismir Uebel\AppData\Roaming\Mozilla\Firefox\Profiles\n5e0hy97.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: DownloadHelper - C:\Users\Ismir Uebel\AppData\Roaming\Mozilla\Firefox\Profiles\n5e0hy97.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: No Name - C:\Users\Ismir Uebel\AppData\Roaming\Mozilla\Firefox\Profiles\n5e0hy97.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Ismir Uebel\AppData\Roaming\Mozilla\Firefox\Profiles\n5e0hy97.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [226624 2011-01-27] ()
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-30] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-10-25] (Realtek Semiconductor Corporation                          )
R3 trustms; C:\Windows\System32\drivers\trustms.sys [12416 2010-11-15] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-26 00:47 - 2013-08-26 00:47 - 00000484 _____ C:\Users\Ismir Uebel\Desktop\defogger_disable.log
2013-08-26 00:47 - 2013-08-26 00:47 - 00000000 _____ C:\Users\Ismir Uebel\defogger_reenable
2013-08-26 00:44 - 2013-08-26 09:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-26 00:34 - 2013-08-26 00:34 - 00377856 _____ C:\Users\Ismir Uebel\Desktop\gmer_2.1.19163.exe
2013-08-26 00:33 - 2013-08-26 00:34 - 01576630 _____ (Farbar) C:\Users\Ismir Uebel\Desktop\FRST64.exe
2013-08-26 00:33 - 2013-08-26 00:33 - 00050477 _____ C:\Users\Ismir Uebel\Desktop\Defogger.exe
2013-08-25 14:40 - 2013-08-25 15:28 - 00000000 ____D C:\Users\Ismir Uebel\Documents\Command and Conquer Generals Data
2013-08-23 14:48 - 2013-08-23 15:48 - 00000000 ____D C:\Users\Ismir Uebel\Documents\Command and Conquer Generals Zero Hour Data
2013-08-23 14:14 - 2013-08-23 14:14 - 00014064 _____ C:\Users\Ismir Uebel\Desktop\Dienstplan September.odt
2013-08-23 13:30 - 2013-08-23 13:30 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\OpenOffice
2013-08-22 10:48 - 2013-08-22 11:42 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Neuer Ordner
2013-08-21 16:53 - 2013-08-21 16:53 - 03272136 _____ (Secunia) C:\Users\Ismir Uebel\Downloads\PSISetup711.exe
2013-08-21 12:09 - 2013-08-21 12:09 - 00009869 _____ C:\Users\ISMIRU~1\AppData\Local\recently-used.xbel
2013-08-18 16:24 - 2013-08-18 16:24 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-08-18 13:16 - 2013-08-18 13:16 - 00003262 _____ C:\Windows\System32\Tasks\{D0C60491-CDE1-4122-94E4-5116A5D060B4}
2013-08-18 12:59 - 2013-08-18 12:59 - 00001252 _____ C:\Users\Public\Desktop\Command & Conquer.lnk
2013-08-18 12:48 - 2013-08-18 12:48 - 00000000 ____D C:\Program Files (x86)\EA Games
2013-08-18 11:15 - 2013-08-24 08:22 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-08-18 11:14 - 2013-08-18 11:15 - 04817275 _____ (Tim Kosse) C:\Users\Ismir Uebel\Downloads\FileZilla_3.7.2_win32-setup.exe
2013-08-18 11:13 - 2013-08-18 11:13 - 01620836 _____ (FileZilla Project) C:\Users\Ismir Uebel\Downloads\FileZilla_Server-0_9_41.exe
2013-08-15 09:47 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 09:47 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 09:47 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 09:47 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 09:47 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 09:47 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 09:47 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 09:47 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 09:47 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 09:47 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 09:47 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 09:47 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 08:43 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 08:43 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 08:43 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 08:43 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 08:43 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 08:43 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 08:43 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 08:43 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 08:42 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 08:42 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 08:42 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 08:42 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 08:42 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 08:42 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 08:42 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 08:42 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 08:42 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 08:42 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 08:42 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 08:42 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 08:42 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 08:42 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 08:42 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 08:42 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 08:42 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 08:42 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 08:42 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-09 20:06 - 2013-08-09 20:07 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\messer
2013-08-06 17:06 - 2013-08-06 17:22 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Resist Fotos
2013-08-06 17:04 - 2013-08-06 17:06 - 200804141 _____ C:\Users\Ismir Uebel\Downloads\Resist.zip
2013-08-06 14:48 - 2013-08-06 14:56 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Resist To Exist Shirts
2013-08-01 10:55 - 2013-08-01 10:55 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-08-01 10:54 - 2013-08-01 10:54 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-08-01 09:38 - 2013-08-01 09:39 - 162401424 _____ C:\Users\Ismir Uebel\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_de.exe
2013-07-30 16:33 - 2013-07-30 16:33 - 00000000 ____D C:\ProgramData\EA Core
2013-07-30 16:32 - 2013-07-30 16:32 - 00000000 ____D C:\Users\Ismir Uebel\Documents\MeinSpore-Kreationen
2013-07-30 16:31 - 2013-07-30 16:39 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\SPORE
2013-07-30 16:31 - 2013-07-30 16:31 - 00000000 __RHD C:\Users\Ismir Uebel\AppData\Roaming\SecuROM
2013-07-30 16:31 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2013-07-30 16:31 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-07-30 16:30 - 2013-08-18 12:59 - 00018681 _____ C:\Windows\DirectX.log
2013-07-30 16:15 - 2013-07-30 16:15 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-07-30 16:14 - 2013-07-31 19:04 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\Origin
2013-07-30 16:14 - 2013-07-30 16:15 - 00000000 ____D C:\Users\ISMIRU~1\AppData\Local\Origin
2013-07-30 16:12 - 2013-08-18 12:00 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-30 16:12 - 2013-07-30 16:15 - 00000000 ____D C:\ProgramData\Origin
2013-07-30 16:12 - 2013-07-30 16:12 - 00000979 _____ C:\Users\Public\Desktop\Origin.lnk
2013-07-30 16:12 - 2013-07-30 16:12 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-07-30 16:11 - 2013-07-30 16:11 - 16949128 _____ (Electronic Arts, Inc.) C:\Users\Ismir Uebel\Downloads\OriginThinSetup.exe
2013-07-29 11:44 - 2013-07-29 11:48 - 50742119 _____ C:\Users\Ismir Uebel\Downloads\Knochenfabrik - Ameisenstaat (1999).rar

==================== One Month Modified Files and Folders =======

2013-08-26 09:48 - 2009-07-14 06:45 - 00014928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-26 09:48 - 2009-07-14 06:45 - 00014928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-26 09:42 - 2013-08-26 00:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-26 09:42 - 2013-06-05 23:16 - 01216841 _____ C:\Windows\WindowsUpdate.log
2013-08-26 09:42 - 2013-05-29 12:16 - 00001075 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-26 09:42 - 2013-05-29 12:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-26 09:41 - 2013-04-18 06:32 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-08-26 09:41 - 2013-02-27 22:25 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-26 09:40 - 2013-06-05 23:16 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-26 09:40 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-26 09:40 - 2009-07-14 06:51 - 01071394 _____ C:\Windows\setupact.log
2013-08-26 00:57 - 2013-08-26 00:57 - 00072114 _____ C:\Users\Ismir Uebel\Desktop\gmer scan.log
2013-08-26 00:47 - 2013-08-26 00:47 - 00000484 _____ C:\Users\Ismir Uebel\Desktop\defogger_disable.log
2013-08-26 00:47 - 2013-08-26 00:47 - 00000000 _____ C:\Users\Ismir Uebel\defogger_reenable
2013-08-26 00:47 - 2013-06-05 23:18 - 00000000 ____D C:\Users\Ismir Uebel
2013-08-26 00:34 - 2013-08-26 00:34 - 00377856 _____ C:\Users\Ismir Uebel\Desktop\gmer_2.1.19163.exe
2013-08-26 00:34 - 2013-08-26 00:33 - 01576630 _____ (Farbar) C:\Users\Ismir Uebel\Desktop\FRST64.exe
2013-08-26 00:33 - 2013-08-26 00:33 - 00050477 _____ C:\Users\Ismir Uebel\Desktop\Defogger.exe
2013-08-26 00:19 - 2013-02-16 02:26 - 00058764 _____ C:\Windows\PFRO.log
2013-08-25 15:28 - 2013-08-25 14:40 - 00000000 ____D C:\Users\Ismir Uebel\Documents\Command and Conquer Generals Data
2013-08-24 08:22 - 2013-08-18 11:15 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-08-23 15:48 - 2013-08-23 14:48 - 00000000 ____D C:\Users\Ismir Uebel\Documents\Command and Conquer Generals Zero Hour Data
2013-08-23 14:14 - 2013-08-23 14:14 - 00014064 _____ C:\Users\Ismir Uebel\Desktop\Dienstplan September.odt
2013-08-23 13:30 - 2013-08-23 13:30 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\OpenOffice
2013-08-22 12:31 - 2013-02-16 18:17 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Filme - intern
2013-08-22 11:42 - 2013-08-22 10:48 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Neuer Ordner
2013-08-22 10:29 - 2013-06-06 09:36 - 00071944 _____ C:\Users\ISMIRU~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-21 16:53 - 2013-08-21 16:53 - 03272136 _____ (Secunia) C:\Users\Ismir Uebel\Downloads\PSISetup711.exe
2013-08-21 13:06 - 2009-07-14 19:58 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-08-21 13:06 - 2009-07-14 19:58 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-08-21 13:06 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-21 12:17 - 2013-07-24 16:00 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\patches
2013-08-21 12:15 - 2013-04-01 12:55 - 00000000 ____D C:\Users\Ismir Uebel\.gimp-2.8
2013-08-21 12:09 - 2013-08-21 12:09 - 00009869 _____ C:\Users\ISMIRU~1\AppData\Local\recently-used.xbel
2013-08-19 22:42 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-18 19:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-18 16:28 - 2009-07-14 06:45 - 00315552 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-18 16:24 - 2013-08-18 16:24 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-08-18 13:16 - 2013-08-18 13:16 - 00003262 _____ C:\Windows\System32\Tasks\{D0C60491-CDE1-4122-94E4-5116A5D060B4}
2013-08-18 13:15 - 2013-02-15 23:14 - 00000000 ____D C:\Users\ISMIRU~1\AppData\Local\VirtualStore
2013-08-18 12:59 - 2013-08-18 12:59 - 00001252 _____ C:\Users\Public\Desktop\Command & Conquer.lnk
2013-08-18 12:59 - 2013-07-30 16:30 - 00018681 _____ C:\Windows\DirectX.log
2013-08-18 12:48 - 2013-08-18 12:48 - 00000000 ____D C:\Program Files (x86)\EA Games
2013-08-18 12:48 - 2013-07-10 18:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-18 12:00 - 2013-07-30 16:12 - 00000000 ____D C:\Program Files (x86)\Origin
2013-08-18 11:15 - 2013-08-18 11:14 - 04817275 _____ (Tim Kosse) C:\Users\Ismir Uebel\Downloads\FileZilla_3.7.2_win32-setup.exe
2013-08-18 11:15 - 2013-02-17 13:10 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\FileZilla
2013-08-18 11:13 - 2013-08-18 11:13 - 01620836 _____ (FileZilla Project) C:\Users\Ismir Uebel\Downloads\FileZilla_Server-0_9_41.exe
2013-08-15 09:43 - 2013-07-22 11:52 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 09:42 - 2013-06-06 09:59 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 12:49 - 2013-02-16 03:54 - 00000000 ____D C:\World of Warcraft
2013-08-12 18:42 - 2013-04-29 06:19 - 00001949 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2013-08-12 18:42 - 2013-04-29 06:19 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2013-08-09 20:07 - 2013-08-09 20:06 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\messer
2013-08-06 17:22 - 2013-08-06 17:06 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Resist Fotos
2013-08-06 17:06 - 2013-08-06 17:04 - 200804141 _____ C:\Users\Ismir Uebel\Downloads\Resist.zip
2013-08-06 14:57 - 2013-02-16 03:58 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Ismir
2013-08-06 14:56 - 2013-08-06 14:48 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Resist To Exist Shirts
2013-08-01 10:55 - 2013-08-01 10:55 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-08-01 10:54 - 2013-08-01 10:54 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-08-01 10:54 - 2013-02-16 03:34 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2013-08-01 10:51 - 2013-03-10 12:12 - 00011776 ___SH C:\Users\Ismir Uebel\Thumbs.db
2013-08-01 09:39 - 2013-08-01 09:38 - 162401424 _____ C:\Users\Ismir Uebel\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_de.exe
2013-07-31 19:04 - 2013-07-30 16:14 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\Origin
2013-07-30 16:39 - 2013-07-30 16:31 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\SPORE
2013-07-30 16:33 - 2013-07-30 16:33 - 00000000 ____D C:\ProgramData\EA Core
2013-07-30 16:32 - 2013-07-30 16:32 - 00000000 ____D C:\Users\Ismir Uebel\Documents\MeinSpore-Kreationen
2013-07-30 16:31 - 2013-07-30 16:31 - 00000000 __RHD C:\Users\Ismir Uebel\AppData\Roaming\SecuROM
2013-07-30 16:15 - 2013-07-30 16:15 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-07-30 16:15 - 2013-07-30 16:14 - 00000000 ____D C:\Users\ISMIRU~1\AppData\Local\Origin
2013-07-30 16:15 - 2013-07-30 16:12 - 00000000 ____D C:\ProgramData\Origin
2013-07-30 16:12 - 2013-07-30 16:12 - 00000979 _____ C:\Users\Public\Desktop\Origin.lnk
2013-07-30 16:12 - 2013-07-30 16:12 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-07-30 16:11 - 2013-07-30 16:11 - 16949128 _____ (Electronic Arts, Inc.) C:\Users\Ismir Uebel\Downloads\OriginThinSetup.exe
2013-07-29 11:48 - 2013-07-29 11:44 - 50742119 _____ C:\Users\Ismir Uebel\Downloads\Knochenfabrik - Ameisenstaat (1999).rar

Files to move or delete:
====================
C:\Users\ISMIRU~1\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\nvStInst.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\oKTSypeZ.exe.part
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\InstallHelper.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\EnumDevLib.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\IpLib.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\libeay32.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\RTLDHCP.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\RtlICS.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\RtlIhvOid.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\RtlLib.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\EnumDevLib.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\IpLib.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\libeay32.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\RTLDHCP.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\RtlICS.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\RtlIhvOid.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\RtlLib.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\WDEE85E.tmp\CddbLangDE.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\WDEBC0D.tmp\CddbLangDE.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\WDE5253.tmp\CddbLangDE.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\nsp2B29.tmp\LangDLL.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\nsp2B29.tmp\nsis_chklist.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\mProjector3175261488\mPlayer.3.1.1k.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\MozUpdater\bgupdate\updater.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\dotNetFx40LP_Full_x86_x64de.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\Setup.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupEngine.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUi.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUtility.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\sqmapi.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3082\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3076\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2070\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2052\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1055\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1053\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1049\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1046\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1045\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1044\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1043\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1042\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1041\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1040\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1038\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1037\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1036\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1035\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1033\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1032\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1031\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1030\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1029\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1028\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1025\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\isp3F16.tmp\_Setup.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 18:33

==================== End Of Log ============================
--- --- ---


und

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-08-2013 02
Ran by Ismir Uebel at 2013-08-26 10:15:07
Running from C:\Users\Ismir Uebel\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
Bing-Desktop (x32 Version: 1.3.171.0)
CDBurnerXP (x32 Version: 4.5.2.4214)
Command & Conquer Die ersten 10 Jahre (x32 Version: 1.00.0000)
DivX-Setup (x32 Version: 2.6.1.32)
FileZilla Client 3.7.3 (x32 Version: 3.7.3)
FLV Player 2.0 (build 25) (x32 Version: 2.0 (build 25))
FormatFactory 3.0.1 (x32 Version: 3.0.1)
jAlbum (x32 Version: 11.0.5)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MotoHelper 2.0.45 Driver 5.0.0 (x32 Version: 2.0.45)
MotoHelper MergeModules (x32 Version: 1.2.0)
Motorola Mobile Drivers Installation 5.0.0 (Version: 5.0.0)
Mozilla Firefox 23.0 (x86 de) (x32 Version: 23.0)
Mozilla Maintenance Service (x32 Version: 23.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
NVIDIA 3D Vision Controller-Treiber 320.49 (Version: 320.49)
NVIDIA 3D Vision Treiber 320.49 (Version: 320.49)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA Grafiktreiber 320.49 (Version: 320.49)
NVIDIA HD-Audiotreiber 1.3.24.2 (Version: 1.3.24.2)
NVIDIA Install Application (Version: 2.1002.124.810)
NVIDIA PhysX (x32 Version: 9.13.0604)
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2049)
NVIDIA Systemsteuerung 320.49 (Version: 320.49)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
OpenOffice 4.0.0 (x32 Version: 4.00.9702)
Origin (x32 Version: 9.3.1.4482)
P 2.8.4 (Version: 2.8.4)
Panda USB Vaccine 1.0.1.4 (x32)
Phase 5 HTML-Editor (x32 Version: 5.6.2.3)
PosteRazor (x32 Version: 1.5)
Secunia PSI (3.0.0.7011) (x32 Version: 3.0.0.7011)
SPORE™ (x32 Version: 1.05.0001)
TeamSpeak 3 Client (Version: 3.0.10.1)
TP-LINK 300Mbps Wireless USB Adapter Treiber (x32 Version: 1.3.1)
TP-LINK-Konfigurationstool (x32 Version: 1.3.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
Winamp (x32 Version: 5.64 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0)
World of Warcraft (x32 Version: 5.3.0.17128)

==================== Restore Points  =========================

15-08-2013 07:41:31 Windows Update
18-08-2013 10:48:31 Installiert Command & Conquer Die ersten 10 Jahre
19-08-2013 08:00:47 Windows-Sicherung
20-08-2013 06:01:09 Windows Update
26-08-2013 07:50:59 Windows-Sicherung

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0BBE5BCD-2836-4487-A909-E1F560891DEC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {3C3A1CDA-0950-4EDC-BE8F-63A4A26A4C85} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-13] (Adobe Systems Incorporated)
Task: {51483FA3-3041-4CD2-9699-497DDB1C66B4} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {59C932E9-D492-4049-A3D8-EB55827CFD1C} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {61FB653C-478F-4BAB-8622-05407E373B47} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {7A3F5438-0429-4A2A-9DA9-31E58C6A6D25} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {8A907C1F-F026-4ABE-AAF6-CB2348136987} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {98AA0F46-07C4-4493-ACE8-C446B7991C30} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {A96F0D0C-1789-49F4-AFB3-CF811BB7605C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {C0D7F1BC-1DFE-44C5-B1E9-A5416FF199CC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {C78ED25B-2E98-48C5-BF6F-E18C42A4A65C} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {CAF4A85B-ED87-4E03-B751-76592CF4F384} - \SidebarExecute No Task File
Task: {D6A437D8-D612-4735-A0BC-4831F9101D5C} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe


==================== Faulty Device Manager Devices =============

Name: Coprozessor
Description: Coprozessor
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/26/2013 09:42:02 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.7011, Zeitstempel: 0x51d3d69b
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004866a
ID des fehlerhaften Prozesses: 0x8e0
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3

Error: (08/26/2013 01:04:28 AM) (Source: Application Hang) (User: )
Description: Programm updater.exe, Version 23.0.0.4959 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: c84

Startzeit: 01cea1e6c3d0c480

Endzeit: 0

Anwendungspfad: C:\Users\ISMIRU~1\AppData\Local\Temp\MozUpdater\bgupdate\updater.exe

Berichts-ID:

Error: (08/22/2013 11:47:24 AM) (Source: Application Hang) (User: )
Description: Programm USBVaccine.exe, Version 1.0.1.4 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 94c

Startzeit: 01ce9f0d5a8eb440

Endzeit: 2

Anwendungspfad: C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe

Berichts-ID:

Error: (07/15/2013 10:13:19 AM) (Source: Application Hang) (User: )
Description: Programm USBVaccine.exe, Version 1.0.1.4 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: a80

Startzeit: 01ce812e39d9aa40

Endzeit: 3

Anwendungspfad: C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe

Berichts-ID: 67028231-ed26-11e2-895e-002511c81c08

Error: (06/09/2013 07:22:19 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "mscorlib, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=x86" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (06/09/2013 07:22:12 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "mscorlib, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=amd64" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (06/08/2013 11:00:21 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Design, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (06/08/2013 11:00:21 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Windows.Forms, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (06/08/2013 11:00:21 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Drawing, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (06/08/2013 11:00:21 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.


System errors:
=============
Error: (08/26/2013 09:43:08 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (08/26/2013 09:43:08 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/26/2013 09:42:04 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Secunia PSI Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/26/2013 09:40:29 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (08/26/2013 01:01:13 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (08/26/2013 01:01:13 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/26/2013 00:58:51 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (08/26/2013 00:31:46 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (08/26/2013 00:31:46 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/26/2013 00:29:35 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126


Microsoft Office Sessions:
=========================
Error: (08/26/2013 09:42:02 AM) (Source: Application Error)(User: )
Description: PSIA.exe3.0.0.701151d3d69bole32.dll6.1.7601.175144ce7b96fc00000050004866a8e001cea22f9857ca80C:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Windows\syswow64\ole32.dllfe7fad00-0e22-11e3-9d6e-002511c81c08

Error: (08/26/2013 01:04:28 AM) (Source: Application Hang)(User: )
Description: updater.exe23.0.0.4959c8401cea1e6c3d0c4800C:\Users\ISMIRU~1\AppData\Local\Temp\MozUpdater\bgupdate\updater.exe

Error: (08/22/2013 11:47:24 AM) (Source: Application Hang)(User: )
Description: USBVaccine.exe1.0.1.494c01ce9f0d5a8eb4402C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe

Error: (07/15/2013 10:13:19 AM) (Source: Application Hang)(User: )
Description: USBVaccine.exe1.0.1.4a8001ce812e39d9aa403C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe67028231-ed26-11e2-895e-002511c81c08

Error: (06/09/2013 07:22:19 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "mscorlib, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=x86" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (06/09/2013 07:22:12 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "mscorlib, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=amd64" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (06/08/2013 11:00:21 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Design, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (06/08/2013 11:00:21 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Windows.Forms, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (06/08/2013 11:00:21 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Drawing, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (06/08/2013 11:00:21 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.


==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 8191.24 MB
Available physical RAM: 6721.33 MB
Total Pagefile: 16380.67 MB
Available Pagefile: 14926.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:374.71 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DE10J) (CDROM) (Total:7.01 GB) (Free:0 GB) UDF
Drive f: (VERBATIM) (Fixed) (Total:232.83 GB) (Free:88.45 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 0DFADDDB)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 233 GB) (Disk ID: 06B9DB8A)
Partition 1: (Not Active) - (Size=233 GB) - (Type=0C)

==================== End Of Log ============================

schrauber 26.08.2013 11:47
Zeig mal bitte nen Screenshot von den Ordnern.

Bei Firefox will er immer von Version 23 auf 23.1 updaten oder wie?

Thomas030 27.08.2013 07:05
Er möchte halt immer wieder, dass ich den PC neu starte um updates zu installieren, was genau weiß ich jetzt auch nicht, ist auch nicht bei jedem Neustart von Firfox. Ich mache davon dann nächste mal auch nen Screenshot.

Und hier der Screenshot von den Ordnern:

http://img3.fotos-hochladen.net/uplo...6d82zvsuri.png

und das kommt, wenn ich einen "verschlossenen" Ordner öffnen möchte:

http://img3.fotos-hochladen.net/uplo...x7djm6piwt.png

Hier nochmal ergänzend, was eventuell hilfreiches, zum Firefox-Problem.
Secunia PSI will da auch ständig updaten, aber der Vorgang kommt nicht zum Ende und beginnt immer wieder neu ...

http://img3.fotos-hochladen.net/uplo...ix8tp69ver.png

schrauber 27.08.2013 11:00
Zitat:
Er möchte halt immer wieder, dass ich den PC neu starte um updates zu installieren, was genau weiß ich jetzt auch nicht, ist auch nicht bei jedem Neustart von Firfox. Ich mache davon dann nächste mal auch nen Screenshot.
Den PC neustarten??? Oder nur Firefox? Und von welcher Version auf welche Version?

Screenshot sehe ich keinen.

Thomas030 28.08.2013 08:05
Liste der Anhänge anzeigen (Anzahl: 3)
Ich soll den PC neu starten.
Bei Secunia steht er will von 20.0.1. auf 23.x updaten aber wenn ich über Firefox selbst versuche zu updaten, sagt er, dass alles aktuell ist.
Ich habe die drei Screenshots (.png Format) mal als Dateianhang hinzugefügt.
Hoffe du kannst sie dann sehen, bei mir werden sie auch im Forum angezeigt.

schrauber 28.08.2013 09:39
Dann spinnt Secunia, ignorier das. Oder startet Firefox von sich aus ein Update?

Du lässt versteckte Dateien und Ordner anzeigen, daher siehst Du Recycler und Co. Einzig der Programme-Ordner ist komisch. Kannst Du mit Rechtsklick die Rechte übernehmen?

Thomas030 28.08.2013 11:40
Firefox hat ebend wieder geupdatet aber dann angezeigt, in nem extra Tab, dass er aktull ist.
Und ich kann da nix ändern an dem Programme Ordner. Egal ob ich auf SYSTEM, Mich als Nutzer oder Admin umstelle, es ändert sich nix und ich kann den Ordner nicht öffnen, gleiches bei den beiden anderen verschlossenen.

schrauber 28.08.2013 16:43
Downloade dir bitte Windows Repair (All In One) von hier.

Thomas030 28.08.2013 21:13
Liste der Anhänge anzeigen (Anzahl: 1)
So, erledigt ... jetzt sind sie nicht mehr verschlossen sondern Verknüpfungen.
Hier nochmal nen Screenshot (auch als Anhang)
http://www.fotos-hochladen.net/uploa...nxv1k02osy.png

schrauber 29.08.2013 08:06
und wohin zeigen die Verknüpfungen?

Thomas030 29.08.2013 08:19
Die Verknüpfung von Programme führt zu Programme.
Im Programme Ordner ist wieder ein verschlossener Ordner Namens "Gemeinsame Dateien"

Die Verknüpfung Dokumente und Einstellungen führt zu Dokumente und Einstellungen (Wobei dieser Ordner auf der Festplatte C (laut Pfad) liegen soll, dort aber nicht angezeigt wird).
Im Ordner Dokumente und Einstellungen ist ein Ordner mit solch einem Schloss, ich kann ihn aber öffnen, Namens: "All Users".

Und der Ordner Documents and Settings zeigt zwar kein Schloss mehr an aber ich kann ihn trotzdem nicht öffnen bzw. die Verknüpfung führt nirgendwo hin. (Kann nicht zugegriffen werden)


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:18 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131