Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.07.2013, 07:59   #1
Tizzia
 
Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch - Icon17

Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch



Guten Abend, ich bin nur ein einfacher Nutzer, habe versucht die Files zu erstellen...hoffe es reicht.


Ich Hoffe ihr könnt mir helfen.
Computer ist lahm
Computer schaltet sich immer wieder ein.

Vielen Dank





OTL logfile created on: 03.07.2013 20:24:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kiki\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 61,96% Memory free
6,18 Gb Paging File | 4,51 Gb Available in Paging File | 72,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,37 Gb Total Space | 16,45 Gb Free Space | 14,14% Space Free | Partition Type: NTFS
Drive E: | 115,05 Gb Total Space | 1,79 Gb Free Space | 1,56% Space Free | Partition Type: NTFS

Computer Name: SOULFRIENDS1 | User Name: Kiki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.07.03 20:01:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kiki\Desktop\OTL.exe
PRC - [2013.06.05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Kiki\AppData\Local\Akamai\netsession_win.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.03.13 18:40:08 | 001,278,064 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee.com\Agent\mcagent.exe
PRC - [2013.02.19 15:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2013.02.19 15:08:52 | 000,169,320 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2013.02.19 15:06:50 | 000,203,840 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2012.12.14 17:18:50 | 001,481,200 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Citrix\Receiver\Receiver.exe
PRC - [2012.12.14 15:26:06 | 000,887,352 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Citrix\ICA Client\wfcrun32.exe
PRC - [2012.12.14 15:24:56 | 000,383,544 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Citrix\ICA Client\concentr.exe
PRC - [2012.12.12 14:37:10 | 000,054,320 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Citrix\SelfServicePlugin\SelfServicePlugin.exe
PRC - [2012.08.31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2012.04.17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.12.07 15:25:01 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2009.05.06 18:53:50 | 001,220,608 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.02.26 19:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009.01.19 11:20:40 | 001,985,080 | ---- | M] (NETGATE Technologies s.r.o.) -- C:\Programme\Spy Emergency 2008\SpyEmergency.exe
PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008.06.10 20:26:28 | 000,222,456 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2008.01.29 19:51:52 | 004,911,104 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 17:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2008.01.09 15:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2007.12.25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2007.12.25 14:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2007.11.21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe
PRC - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006.08.23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2013.05.16 10:11:01 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3da65115bf9debbf564861f6b123a2e4\System.Configuration.ni.dll
MOD - [2013.05.16 10:01:37 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\adc5863246b4c1f20b21d823bc6ee21b\System.Windows.Forms.ni.dll
MOD - [2013.02.14 15:11:09 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013.01.11 05:43:36 | 005,457,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\1beca67411be68bc4032f757b5ea6ebb\System.Xml.ni.dll
MOD - [2013.01.11 05:43:03 | 006,648,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\4ecb5cac26d2d944c36bce794fbeecf5\System.Data.ni.dll
MOD - [2013.01.11 04:32:19 | 001,597,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3c962fecd27f03689497125f43677fe3\System.Drawing.ni.dll
MOD - [2013.01.11 04:30:07 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2012.04.17 15:05:00 | 001,515,520 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2012.04.17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2012.04.17 15:05:00 | 000,559,244 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2012.04.17 15:05:00 | 000,516,599 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2012.04.17 15:05:00 | 000,389,120 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2012.04.17 15:05:00 | 000,172,032 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2012.04.17 15:05:00 | 000,151,552 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2012.04.17 15:05:00 | 000,103,936 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2012.04.17 15:05:00 | 000,094,208 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2009.03.30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007.09.13 15:11:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\RelevantKnowledge\rlservice.exe /service -- (RelevantKnowledge)
SRV - [2013.07.01 22:35:40 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
SRV - [2013.06.11 23:56:44 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.09 08:14:38 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.02.19 15:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2013.02.19 15:08:52 | 000,169,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2013.02.19 15:06:50 | 000,203,840 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012.11.16 22:07:20 | 000,279,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012.08.31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2012.08.31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2012.08.31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2012.08.31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2012.08.31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2012.08.31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012.03.08 18:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2011.12.07 15:25:01 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2011.12.07 15:24:53 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009.11.16 13:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.05.06 18:53:50 | 001,220,608 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2009.01.19 11:20:46 | 000,727,608 | ---- | M] (NETGATE Technologies s.r.o.) [Auto | Stopped] -- C:\Programme\Spy Emergency 2008\SpyEmergencySrv.exe -- (SpyEmrgSrv)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.06.10 20:26:28 | 000,222,456 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.01.21 17:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007.12.25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007.11.21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM)
SRV - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006.08.23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avfsfilter.sys -- (AVFSFilter)
DRV - [2013.02.19 15:15:04 | 000,060,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2013.02.19 15:12:24 | 000,210,608 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2013.02.19 15:10:52 | 000,092,632 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2013.02.19 15:09:52 | 000,565,888 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2013.02.19 15:09:02 | 000,363,080 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2013.02.19 15:08:40 | 000,065,928 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2013.02.19 15:08:20 | 000,235,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2013.02.19 15:07:50 | 000,133,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012.12.05 16:23:32 | 000,073,544 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2012.04.20 17:40:44 | 000,146,872 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2010.06.23 11:23:44 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.06.23 10:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.06.14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.04.27 04:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010.04.27 04:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2010.04.27 04:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2010.02.21 17:05:00 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009.12.22 16:07:00 | 000,108,768 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV08.sys -- (ACEDRV08)
DRV - [2009.09.16 11:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009.09.16 11:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009.06.10 01:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008.11.17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.10.09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.08.11 17:13:24 | 000,015,288 | ---- | M] (NETGATE Technologies s.r.o.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\spyemrg_access.sys -- (SpyEmrgAccess)
DRV - [2008.04.17 17:59:02 | 000,015,616 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95rc.sys -- (hcw95rc)
DRV - [2008.04.17 17:58:00 | 000,560,640 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95bda.sys -- (hcw95bda)
DRV - [2008.02.05 12:10:14 | 000,014,392 | ---- | M] (NETGATE Technologies s.r.o.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\spyemrg_guard.sys -- (SpyEmrgGuard)
DRV - [2008.02.05 12:10:10 | 000,012,344 | ---- | M] (NETGATE Technologies s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\spyemrg.sys -- (SpyEmrg)
DRV - [2008.01.21 16:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007.11.09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.09.26 07:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2006.11.28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.20 15:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006.11.02 02:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006.10.18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2005.01.19 11:14:38 | 000,211,712 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928)
DRV - [2005.01.19 11:11:16 | 000,022,016 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{041E2009-2712-4AD9-A4AC-50F9D8539177}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304564

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{041E2009-2712-4AD9-A4AC-50F9D8539177}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109868&tt=050412_30b&babsrc=SP_ss&mntrId=bc13d0e4000000000000001f3cb8cb39
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{AED1B68C-71DD-456A-ADB9-FB10DFDDE206}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
IE - HKCU\..\SearchScopes\{CD10120B-C165-4f8d-8C74-639629E238FF}: "URL" = hxxp://mystart.magentic.com/?search={searchTerms}&loc=search_box
IE - HKCU\..\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}: "URL" = hxxp://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "xemote-browser Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2618531&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?babsrc=HP_Prot"
FF - prefs.js..extensions.enabledAddons: wisestamp%40wisestamp.com:3.11.21
FF - prefs.js..extensions.enabledAddons: %7B694b57c6-ad53-4442-8290-c5539e368aac%7D:5.1
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7
FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.5.1
FF - prefs.js..extensions.enabledAddons: %7B0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff%7D:10.16.2.509
FF - prefs.js..extensions.enabledAddons: %7BD19CA586-DD6C-4a0a-96F8-14644F340D60%7D:15.1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44172
FF - prefs.js..extensions.enabledItems: {48405d3d-2674-4cd8-b1ef-9a719443bd3f}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: wisestamp@wisestamp.com:2.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://mystart.magentic.com/?loc=FF_Magentic_AddressBar&search="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Users\Kiki\AppData\Roaming\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013.07.03 19:49:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.06.09 08:14:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.09 08:14:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013.03.28 14:40:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.06.09 08:14:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.09 08:14:27 | 000,000,000 | ---D | M]

[2008.11.09 15:16:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kiki\AppData\Roaming\mozilla\Extensions
[2013.06.09 08:16:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kiki\AppData\Roaming\mozilla\Firefox\Profiles\0ocgl157.default\extensions
[2013.06.09 08:16:31 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE) -- C:\Users\Kiki\AppData\Roaming\mozilla\Firefox\Profiles\0ocgl157.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
[2011.03.14 22:38:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kiki\AppData\Roaming\mozilla\Firefox\Profiles\0ocgl157.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.23 18:26:42 | 000,000,000 | ---D | M] (SweetIM Toolbar) -- C:\Users\Kiki\AppData\Roaming\mozilla\Firefox\Profiles\0ocgl157.default\extensions\{694b57c6-ad53-4442-8290-c5539e368aac}
[2011.04.05 11:30:31 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Kiki\AppData\Roaming\mozilla\Firefox\Profiles\0ocgl157.default\extensions\engine@conduit.com
[2012.02.10 20:15:24 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Kiki\AppData\Roaming\mozilla\Firefox\Profiles\0ocgl157.default\extensions\piclens@cooliris.com
[2013.03.20 16:21:25 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\Kiki\AppData\Roaming\mozilla\firefox\profiles\0ocgl157.default\extensions\adblockpopups@jessehakanen.net.xpi
[2013.06.09 08:16:32 | 000,504,879 | ---- | M] () (No name found) -- C:\Users\Kiki\AppData\Roaming\mozilla\firefox\profiles\0ocgl157.default\extensions\toolbar@gmx.net.xpi
[2012.05.22 13:55:52 | 001,771,909 | ---- | M] () (No name found) -- C:\Users\Kiki\AppData\Roaming\mozilla\firefox\profiles\0ocgl157.default\extensions\wisestamp@wisestamp.com.xpi
[2012.12.15 06:16:40 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Kiki\AppData\Roaming\mozilla\firefox\profiles\0ocgl157.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.06.09 08:11:44 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Kiki\AppData\Roaming\mozilla\firefox\profiles\0ocgl157.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.02.13 12:55:52 | 000,000,931 | ---- | M] () -- C:\Users\Kiki\AppData\Roaming\mozilla\firefox\profiles\0ocgl157.default\searchplugins\conduit.xml
[2013.06.09 08:09:40 | 000,000,944 | ---- | M] () -- C:\Users\Kiki\AppData\Roaming\mozilla\firefox\profiles\0ocgl157.default\searchplugins\icqplugin.xml
[2010.05.01 10:49:38 | 000,002,149 | ---- | M] () -- C:\Users\Kiki\AppData\Roaming\mozilla\firefox\profiles\0ocgl157.default\searchplugins\MyStart Search.xml
[2013.05.10 00:46:46 | 000,004,103 | ---- | M] () -- C:\Users\Kiki\AppData\Roaming\mozilla\firefox\profiles\0ocgl157.default\searchplugins\SweetIM Search.xml
[2013.06.09 08:14:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.06.09 08:14:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.06.09 08:14:39 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.06.09 08:14:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2013.06.09 08:14:22 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
[2013.07.03 19:49:36 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE
[2009.09.21 11:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv522.dll
[2011.09.23 14:43:02 | 001,623,552 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv530.dll
[2006.09.26 14:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012.04.11 20:00:52 | 000,002,353 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2009.11.08 08:55:12 | 000,000,609 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober18681135.gif
[2009.11.28 01:23:15 | 000,000,175 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober18681135.src

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{go ogle:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter}
CHR - homepage: hxxp://home.sweetim.com/?crg=3.02010003&st=12&barid={A9249580-4308-11DE-AEAA-001E3368F9BD}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Flatcast Viewer Plugin 5.2.2.454 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NpFv522.dll
CHR - plugin: Flatcast Viewer Plugin 5.3.0.784 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NpFv530.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\GamingWonderland\bar\1.bin\NPgtStub.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20130421192142.dll (McAfee, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll̀ File not found
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media)
O4 - HKLM..\Run: [GrooveMonitor] C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Kiki\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{415AC5BE-E6EE-4719-98AB-4D125F9F5722}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F077B84E-188E-41FA-84FC-6E7A3CE8FC22}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kiki\Pictures\Kendra Mae 17.05.2012.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kiki\Pictures\Kendra Mae 17.05.2012.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.07.03 20:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013.07.03 20:01:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kiki\Desktop\OTL.exe
[2013.07.01 13:33:25 | 000,000,000 | ---D | C] -- C:\Users\Kiki\AppData\Local\{EB7447EE-75B8-4B5D-BE7C-435A3993793F}
[2013.06.29 12:15:00 | 000,000,000 | ---D | C] -- C:\Users\Kiki\AppData\Roaming\acccore
[2013.06.29 12:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL OCP
[2013.06.29 12:12:25 | 000,000,000 | ---D | C] -- C:\Users\Kiki\AppData\Local\AOL OCP
[2013.06.29 12:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL
[2013.06.29 12:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2013.06.29 12:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2013.06.29 12:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2013.06.29 12:11:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2013.06.29 12:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\AIM6
[2013.06.28 16:48:23 | 000,000,000 | ---D | C] -- C:\Users\Kiki\AppData\Roaming\ArtifexMundi
[2013.06.27 19:20:56 | 000,000,000 | ---D | C] -- C:\Users\Kiki\Desktop\Bücher
[2013.06.26 17:41:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.06.26 17:41:26 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013.06.26 17:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.06.18 11:48:39 | 000,000,000 | ---D | C] -- C:\Users\Kiki\AppData\Roaming\viking_saga_en
[2013.06.11 00:01:58 | 000,000,000 | ---D | C] -- C:\Users\Kiki\AppData\Roaming\BlamGames
[2013.06.10 23:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\The Keepers 2 - Das Geheimnis des Waechterordens SA
[2013.06.09 08:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.06.07 16:16:46 | 000,000,000 | ---D | C] -- C:\ProgramData\CrioGames
[2013.06.07 16:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\Farm Tribe 2
[2013.06.04 17:01:32 | 000,000,000 | ---D | C] -- C:\Users\Kiki\AppData\Local\{49647C14-DA28-4B8F-B547-CD4D11231D7C}
[2013.06.03 22:19:24 | 000,000,000 | ---D | C] -- C:\Users\Kiki\AppData\Local\{E0BCBB0D-3041-4A41-9B62-74F240B3C9B2}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.07.03 20:29:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.03 20:13:38 | 000,001,091 | ---- | M] () -- C:\Users\Kiki\Desktop\Spybot - Search & Destroy.lnk
[2013.07.03 20:03:42 | 000,377,856 | ---- | M] () -- C:\Users\Kiki\Desktop\gmer_2.1.19163.exe
[2013.07.03 20:02:04 | 000,001,741 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2013.07.03 20:01:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kiki\Desktop\OTL.exe
[2013.07.03 20:00:01 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2013.07.03 19:55:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.03 19:48:48 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.03 19:48:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.03 19:48:11 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.03 19:47:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.03 19:46:20 | 000,000,020 | ---- | M] () -- C:\Users\Kiki\defogger_reenable
[2013.07.03 19:45:15 | 000,050,477 | ---- | M] () -- C:\Users\Kiki\Desktop\Defogger.exe
[2013.07.02 14:10:52 | 000,116,736 | ---- | M] () -- C:\Users\Kiki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.07.01 11:04:27 | 000,632,420 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.07.01 11:04:27 | 000,598,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.07.01 11:04:27 | 000,106,120 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.07.01 11:04:26 | 000,128,616 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.30 21:19:18 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013.06.29 12:12:24 | 000,000,446 | -H-- | M] () -- C:\IPH.PH
[2013.06.29 12:12:04 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\AOL Instant Messenger.lnk
[2013.06.26 17:41:26 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.06.26 15:34:56 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.06.15 08:07:56 | 000,000,922 | ---- | M] () -- C:\Users\Kiki\Desktop\Dropbox.lnk
[2013.06.11 00:01:40 | 000,001,263 | ---- | M] () -- C:\Users\Kiki\Desktop\The Keepers 2.lnk
[2013.06.05 10:55:02 | 000,343,931 | ---- | M] () -- C:\Users\Kiki\Documents\Thomas Reichelt.xps
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.07.03 20:03:39 | 000,377,856 | ---- | C] () -- C:\Users\Kiki\Desktop\gmer_2.1.19163.exe
[2013.07.03 19:45:55 | 000,000,020 | ---- | C] () -- C:\Users\Kiki\defogger_reenable
[2013.07.03 19:45:13 | 000,050,477 | ---- | C] () -- C:\Users\Kiki\Desktop\Defogger.exe
[2013.06.29 12:12:04 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\AOL Instant Messenger.lnk
[2013.06.29 12:11:13 | 000,000,446 | -H-- | C] () -- C:\IPH.PH
[2013.06.26 17:41:26 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.06.11 00:01:40 | 000,001,263 | ---- | C] () -- C:\Users\Kiki\Desktop\The Keepers 2.lnk
[2013.06.05 10:54:58 | 000,343,931 | ---- | C] () -- C:\Users\Kiki\Documents\Thomas Reichelt.xps
[2013.05.14 23:02:35 | 000,332,500 | ---- | C] () -- C:\Users\Kiki\AppData\Local\census.cache
[2013.05.14 23:02:07 | 000,234,458 | ---- | C] () -- C:\Users\Kiki\AppData\Local\ars.cache
[2013.05.14 22:45:10 | 000,000,036 | ---- | C] () -- C:\Users\Kiki\AppData\Local\housecall.guid.cache
[2013.05.13 17:09:09 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
[2013.05.13 17:05:24 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2013.05.13 17:05:23 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013.05.10 17:00:14 | 000,000,092 | ---- | C] () -- C:\Users\Kiki\AppData\Local\fusioncache.dat
[2013.05.10 00:47:35 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012.09.03 12:14:54 | 000,000,552 | ---- | C] () -- C:\Users\Kiki\AppData\Local\d3d8caps.dat
[2012.07.07 11:54:00 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad
[2012.04.11 20:01:31 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.04.11 20:01:31 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.01.12 23:36:52 | 000,765,381 | ---- | C] () -- C:\Users\Kiki\Anhang.pdf
[2011.10.17 19:51:46 | 000,715,038 | ---- | C] () -- C:\Windows\unins002.exe
[2011.10.17 19:51:46 | 000,002,324 | ---- | C] () -- C:\Windows\unins002.dat
[2011.09.21 18:47:33 | 000,100,352 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2011.09.21 18:47:31 | 000,162,304 | ---- | C] () -- C:\Windows\System32\libpng13.dll
[2011.09.21 18:47:30 | 000,394,752 | ---- | C] () -- C:\Windows\System32\cygwinb19.dll
[2011.09.21 18:47:26 | 001,202,763 | ---- | C] () -- C:\Windows\unins001.exe
[2011.09.21 18:47:26 | 000,012,748 | ---- | C] () -- C:\Windows\unins001.dat
[2011.02.28 23:01:12 | 000,000,409 | ---- | C] () -- C:\Users\Kiki\Isidiada.pgs
[2011.02.07 14:39:10 | 004,806,101 | ---- | C] () -- C:\Users\Kiki\Kirsten Jan,2011.JPG
[2011.02.07 14:37:37 | 000,197,935 | ---- | C] () -- C:\Users\Kiki\weihnachten.2008.jpg
[2010.12.29 19:12:25 | 000,128,624 | ---- | C] () -- C:\Users\Kiki\postident Jan.pdf
[2010.12.29 19:04:08 | 000,128,619 | ---- | C] () -- C:\Users\Kiki\postident Kiki.pdf
[2010.09.26 16:35:36 | 001,180,594 | ---- | C] () -- C:\Users\Kiki\25092010483.jpg
[2010.09.26 16:35:36 | 000,868,414 | ---- | C] () -- C:\Users\Kiki\23092010474.jpg
[2010.09.26 16:35:36 | 000,752,242 | ---- | C] () -- C:\Users\Kiki\25092010476.jpg
[2010.09.26 16:35:36 | 000,681,173 | ---- | C] () -- C:\Users\Kiki\25092010475.jpg
[2010.09.26 16:35:36 | 000,657,616 | ---- | C] () -- C:\Users\Kiki\01092010472.jpg
[2010.09.26 16:35:36 | 000,650,299 | ---- | C] () -- C:\Users\Kiki\25092010486.jpg
[2010.09.26 16:35:36 | 000,637,720 | ---- | C] () -- C:\Users\Kiki\25092010484.jpg
[2010.09.26 16:35:36 | 000,626,483 | ---- | C] () -- C:\Users\Kiki\25092010478.jpg
[2010.09.26 16:35:36 | 000,626,403 | ---- | C] () -- C:\Users\Kiki\25092010479.jpg
[2010.09.26 16:35:36 | 000,614,368 | ---- | C] () -- C:\Users\Kiki\15092010473.jpg
[2010.09.26 16:35:36 | 000,608,875 | ---- | C] () -- C:\Users\Kiki\25092010477.jpg
[2010.09.26 16:35:36 | 000,605,553 | ---- | C] () -- C:\Users\Kiki\25092010485.jpg
[2010.09.26 16:35:36 | 000,590,603 | ---- | C] () -- C:\Users\Kiki\25092010480.jpg
[2010.09.26 16:35:36 | 000,565,015 | ---- | C] () -- C:\Users\Kiki\25092010482.jpg
[2010.09.26 16:35:36 | 000,524,303 | ---- | C] () -- C:\Users\Kiki\25092010481.jpg
[2010.09.26 15:59:02 | 000,533,429 | ---- | C] () -- C:\Users\Kiki\25092010487.jpg
[2010.09.04 13:00:27 | 000,577,442 | ---- | C] () -- C:\Users\Kiki\WickiTel_Sep2010.jpg
[2010.09.04 13:00:27 | 000,099,459 | ---- | C] () -- C:\Users\Kiki\WickiTel_Sep2010.MHT
[2010.04.08 12:48:03 | 000,365,486 | ---- | C] () -- C:\Users\Kiki\kirsten 248.jpg
[2010.04.08 12:48:03 | 000,353,917 | ---- | C] () -- C:\Users\Kiki\kirsten 247.jpg
[2010.04.08 12:48:03 | 000,352,818 | ---- | C] () -- C:\Users\Kiki\kirsten 250.jpg
[2010.04.08 12:48:03 | 000,332,030 | ---- | C] () -- C:\Users\Kiki\kirsten 242.jpg
[2010.03.21 19:40:55 | 000,022,680 | ---- | C] () -- C:\Users\Kiki\AppData\Local\slot1.mm1
[2010.01.14 16:47:07 | 000,026,340 | ---- | C] () -- C:\Users\Kiki\AppData\Roaming\UserTile.png
[2009.11.22 17:41:52 | 000,000,016 | -H-- | C] () -- C:\Users\Kiki\mxfilerelatedcache.mxc2
[2009.11.22 17:26:11 | 000,038,977 | ---- | C] () -- C:\Users\Kiki\21-05-07_1927.jpg
[2009.10.13 20:46:12 | 000,696,277 | ---- | C] () -- C:\Users\Kiki\AppData\Roaming\unins000.exe
[2009.10.13 20:46:12 | 000,001,157 | ---- | C] () -- C:\Users\Kiki\AppData\Roaming\unins000.dat
[2009.09.07 18:56:23 | 000,124,177 | ---- | C] () -- C:\Users\Kiki\Anklageschrift.htm
[2009.09.07 18:38:09 | 002,090,142 | ---- | C] () -- C:\Users\Kiki\Anklageschrift.mdi
[2009.08.18 23:23:30 | 000,000,316 | ---- | C] () -- C:\Users\Kiki\Öffentlich - Verknüpfung.lnk
[2009.05.09 11:29:41 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2009.04.05 12:12:16 | 000,017,092 | ---- | C] () -- C:\Users\Kiki\AppData\Roaming\lili.xml
[2009.04.05 12:06:34 | 000,000,378 | ---- | C] () -- C:\Users\Kiki\AppData\Roaming\users.xml
[2008.10.27 21:00:47 | 000,000,255 | ---- | C] () -- C:\Users\Kiki\AppData\Roaming\mb3settings.xml
[2008.10.27 21:00:11 | 000,131,200 | ---- | C] () -- C:\Users\Kiki\AppData\Roaming\Tahoma_12.dds
[2008.10.27 21:00:11 | 000,004,096 | ---- | C] () -- C:\Users\Kiki\AppData\Roaming\Tahoma_12.crd
[2008.10.17 12:27:29 | 000,000,000 | ---- | C] () -- C:\Users\Kiki\AppData\Roaming\wklnhst.dat
[2008.10.08 22:31:44 | 000,000,016 | -H-- | C] () -- C:\Users\Kiki\AppData\Roaming\mxfilerelatedcache.mxc2
[2008.10.08 22:31:44 | 000,000,016 | -H-- | C] () -- C:\Users\Kiki\AppData\Local\mxfilerelatedcache.mxc2
[2008.10.06 14:31:59 | 000,001,356 | ---- | C] () -- C:\Users\Kiki\AppData\Local\d3d9caps.dat
[2008.10.06 12:04:29 | 000,116,736 | ---- | C] () -- C:\Users\Kiki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.06 11:51:11 | 000,000,365 | ---- | C] () -- C:\Users\Kiki\Music.lnk
[2002.07.01 16:13:30 | 000,000,224 | -HS- | C] () -- C:\Users\Kiki\AppData\Roaming\brun_nbeta12.dat

========== ZeroAccess Check ==========

[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010.08.15 16:54:47 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\1morebee
[2010.04.26 16:29:51 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\20000Leagues
[2012.06.08 13:19:10 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\4 Friends Games
[2013.06.29 12:15:00 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\acccore
[2009.09.22 19:28:48 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Aisle 5 Games, Inc
[2012.04.17 13:28:24 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Alawar
[2012.07.13 11:27:37 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Alawar Stargaze
[2013.06.15 18:56:31 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\AlawarEntertainment
[2013.05.09 19:21:42 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\AlderGames
[2012.07.21 19:42:40 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\aliasworlds
[2010.10.12 13:34:48 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Alltags-Programme
[2012.06.21 12:29:11 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Amaranth Games
[2008.11.06 17:51:39 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\AmuletAdventure
[2010.05.22 09:44:22 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Anabel
[2012.05.18 08:33:52 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Aquamarin Haushaltsbuch
[2010.10.09 09:21:59 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Archibald's Adventures
[2009.06.17 22:20:58 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Argonyt
[2012.05.03 14:07:52 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Artifex Mundi
[2013.06.28 16:48:23 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\ArtifexMundi
[2012.05.21 18:55:32 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Artogon
[2011.12.14 23:34:25 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Awem
[2010.09.14 17:28:01 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\AzuazGames
[2010.05.20 20:41:51 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\BeachPartyCraze
[2013.06.11 00:01:58 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\BlamGames
[2009.04.26 13:39:17 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\blg
[2009.03.06 23:47:56 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\BloodTies
[2012.10.13 14:13:17 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Blue Tea Games
[2012.08.01 14:37:06 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Boomzap
[2011.03.04 20:43:17 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Brunhilda_prime
[2013.02.03 21:20:56 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\calibre
[2011.03.01 21:29:23 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\CannyGames
[2010.12.19 18:39:22 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\casanova
[2013.06.09 20:22:24 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\cerasus.media
[2012.06.28 12:43:10 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Chayowo Games
[2012.09.17 15:46:20 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\CitadelArcanes
[2010.08.22 10:36:06 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\concept design
[2009.03.24 21:17:11 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Coyotes Tale
[2012.09.13 16:53:01 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\DAEMON Tools Lite
[2010.02.21 16:56:32 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\DAEMON Tools Pro
[2012.10.28 17:15:16 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\DAVA
[2012.05.06 12:03:56 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Deep Shadows
[2013.05.16 18:35:26 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\DominiGames
[2009.12.24 14:57:32 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Dragon Altar Games
[2010.05.10 10:46:41 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Dream Farm Games
[2011.02.11 13:50:51 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Dreamsdwell Stories 2
[2013.07.03 18:05:32 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Dropbox
[2013.03.03 20:46:45 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\DVDVideoSoft
[2012.02.01 19:13:27 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\e-academy Inc
[2011.04.08 13:38:45 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\ElementalsTheMagicKey
[2012.11.18 14:00:52 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Elephant Games
[2012.04.08 10:21:21 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\EnchantedCavern
[2011.06.10 23:50:02 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Enki Games
[2012.03.25 18:29:04 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\EntwinedSoD
[2011.03.20 11:47:45 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\EPSON
[2011.04.07 19:12:01 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\ERS G-Studio
[2012.09.15 15:01:34 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\ERS Game Studios
[2010.04.25 16:44:38 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Fabulous Finds
[2010.10.17 16:50:32 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Farm Mania 2
[2010.11.03 13:22:47 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\FarmerJane
[2011.12.07 15:47:15 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Fighters
[2012.09.15 15:03:45 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\flashInstallDE
[2010.10.25 17:28:39 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Flatcast
[2009.01.03 15:07:08 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\FloodLightGames
[2011.04.15 13:35:13 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Freeze Tag
[2011.07.18 14:52:31 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Friday's games
[2011.06.19 11:37:04 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Frozen Kingdom
[2008.11.15 23:49:38 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Gaijin Ent
[2012.10.08 15:14:01 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\gamehouse_adelantado
[2012.07.01 16:15:41 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\GameInvest
[2012.09.25 17:39:46 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\GameMill Entertainment
[2011.03.31 14:15:26 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Gamers Digital
[2012.06.26 15:19:05 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Games
[2009.06.09 17:24:34 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\gemsweeperextractedgfx
[2011.03.30 17:08:52 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\GetRightToGo
[2011.02.27 16:01:22 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Ghost Ship Studios
[2012.06.02 17:26:56 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Gogii
[2010.11.09 13:31:39 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Gogii Games
[2011.04.15 19:35:51 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\HdO Adventure
[2011.07.29 15:31:46 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\HeroCraft
[2009.06.15 22:07:27 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\HiT-MM
[2012.06.04 11:55:00 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\HTC
[2012.01.04 12:20:13 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2013.04.13 11:17:03 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\ICAClient
[2008.11.22 20:01:01 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\ICQ
[2011.04.08 16:59:58 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\iMaxGen
[2010.11.07 16:20:05 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Intenium
[2010.06.14 14:38:12 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Inteniumv1002
[2011.07.30 13:05:14 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Jewel Keepers Easter Island
[2012.04.22 17:31:24 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Jewel Match 3
[2011.07.29 20:05:21 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Jewel Time Deluxe
[2012.05.10 14:24:37 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Jewels of the East India Company
[2010.11.19 19:11:37 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\JuiceMania
[2013.02.10 14:20:30 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\KatGames
[2012.03.24 19:41:10 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Kutawaves Games
[2010.08.15 13:33:14 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\LaJangada
[2010.08.08 15:51:32 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Lazy Turtle Games
[2012.04.17 16:10:44 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\LegacyInteractive
[2011.01.16 16:13:36 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Local
[2009.09.05 23:12:26 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Lost in the City
[2009.11.28 19:07:09 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\MA
[2008.11.17 18:35:59 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Magic Academy
[2011.03.21 20:08:10 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Magic Academy 2
[2010.07.06 10:27:04 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Magic3
[2010.08.26 19:03:59 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\MagicMatch
[2009.10.30 19:58:18 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\MAGIX
[2010.11.25 18:18:25 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Merscom
[2012.02.27 01:24:19 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\ML
[2013.02.09 00:23:55 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\MMFApplications
[2011.08.14 08:36:45 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\MTpro
[2011.04.15 17:30:35 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Mutant Arcade
[2009.12.04 00:13:47 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\My Games
[2008.10.18 16:26:58 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\myphotobook
[2011.02.16 19:31:50 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Mystery of Mortlake Mansion
[2008.11.15 23:01:03 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Mysteryville2
[2010.10.18 19:35:51 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\NevoSoft Games
[2012.12.29 18:35:41 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Nitreal Games
[2012.10.05 13:10:26 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\northerntale_rondomedia_de
[2011.07.30 13:01:46 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\OG International Ltd
[2012.09.30 20:12:24 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\OpenCandy
[2012.05.31 17:31:34 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\PapDesigner
[2010.11.14 13:32:44 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\PC Suite
[2010.10.19 12:23:32 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Peace Craft
[2010.09.28 20:17:15 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\PeaceCraft2
[2012.08.01 19:55:47 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\PeaceCraft3
[2010.01.14 16:47:07 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\PeerNetworking
[2011.08.14 08:26:38 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Perspectix
[2010.09.06 17:31:58 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Ph03nixNewMedia
[2011.05.17 15:35:30 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\PlayFirst
[2012.09.08 12:44:17 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Playrix Entertainment
[2011.03.16 21:02:02 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\PoBros
[2009.04.19 15:43:12 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\PopCapv1002
[2010.09.17 18:07:20 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\PopCapv1003
[2010.09.17 18:32:03 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\PopCapv1006
[2011.03.14 16:32:50 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\ProtectDISC
[2012.05.03 16:13:58 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\quickclick
[2010.08.02 13:30:32 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\RainbowGames
[2009.03.24 18:10:00 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\RobinsonCrusoeBFGDE
[2010.03.16 16:05:48 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\RobinsonCrusoeCER
[2012.10.19 18:48:30 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Rumbic Studio
[2008.10.25 19:58:39 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Runes of Avalon 2
[2009.11.15 14:37:00 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Sahmon Games
[2012.02.27 00:57:26 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Samsung
[2010.08.26 19:03:59 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Saqqarah
[2010.05.09 17:35:15 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\ScreenSeven
[2009.03.08 14:47:23 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Se Analyzer Tool SA
[2010.06.29 17:12:44 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\SecretIslandDeuBF
[2008.12.29 16:51:30 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\SecretIslandEng
[2009.05.15 22:05:17 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\SerpentOfIsis
[2011.01.16 14:56:04 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\SevenSails
[2011.03.08 16:53:27 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\ShaoLin
[2010.10.20 13:24:12 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Shape games
[2011.05.31 10:55:55 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Silverback Productions
[2010.11.06 16:09:25 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Skip-Bo
[2011.01.20 22:34:52 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Sleepwalker Games
[2012.09.13 16:53:53 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Specialbit
[2009.02.28 20:10:05 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\SpinTop Games
[2008.10.27 13:33:25 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\SprillBermudeDeu
[2010.10.12 13:48:36 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Spy Emergency
[2010.08.26 19:03:59 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\StoneLoops!
[2012.01.24 23:36:46 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Striped Arts
[2009.03.24 22:26:12 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\SultansLabyrinth
[2013.05.10 08:52:09 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Systweak
[2012.10.03 16:08:51 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\tabagames
[2011.02.01 14:44:02 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Thinstall
[2011.05.21 16:54:55 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\TLOTGT
[2011.08.28 16:23:49 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Top Evidence
[2008.10.07 17:08:16 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\TOSHIBA
[2009.05.24 19:02:24 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Total Eclipse
[2010.07.21 19:05:46 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Trio
[2008.11.21 22:41:45 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\TuneUp Software
[2012.04.05 12:30:20 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Twilight Games
[2009.09.07 22:11:26 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Twintale Entertainment
[2012.05.28 12:42:07 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\URSE Games
[2013.06.29 19:47:06 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Usenet.nl
[2009.12.02 17:56:02 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\V-Games
[2011.07.31 11:43:28 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\ValGor 2
[2010.06.10 00:30:06 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Valusoft
[2011.03.28 20:17:17 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\VendelGAMES
[2010.11.17 20:32:04 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\VeniceMysteryData
[2013.06.18 14:38:58 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\viking_saga_en
[2012.10.17 18:18:00 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Western Software Technologies
[2011.03.13 12:38:54 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\WhiteBirdsProductions
[2012.05.10 14:24:29 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\WiiSports101in1
[2010.11.22 14:12:50 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Wildlife Park 2 - Farm World
[2012.08.30 15:28:09 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\World-Loom
[2010.05.04 14:59:21 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Zylom

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:A3E39C6A
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:57B2B96C
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:C07A6A6B
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:315B4A13
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:5EF1AD34
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:AC83EA04
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:225CD7D5
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:A745DB5D
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:6BFA43EB
@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:AFC732F7
@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:A4E7D25F
@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:870649A4
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:B0456F0C
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:F84B8DB5
@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:B6D84F71
@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:9BAC4211
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:A4AF8D0D
@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:B54E4B5A
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:98DFF516
@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:206470A5
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:A7DA2BCD
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:78E0DF72
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:90D89144
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:4EE323A4
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C2F24DB5
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP31BE97C
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:6EA64886
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:28CDD861
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:13765436
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:A76A1B1B
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5CE65446
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:F6A0889A
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:C8D1C36C
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:A5CD91DF
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:EDC744FB
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E5B07840
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:9C3AAD57
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:737160C1
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:706B1D1A
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:17EB5BAE
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:9CF728A6
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5CE91C67

GMER
GMER Logfile:
Code: Alles auswählenAufklappen
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-03 21:50:28
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.BBFO 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Kiki\AppData\Local\Temp\pxlyafow.sys


---- Kernel code sections - GMER 2.1 ----

.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8B354000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8B39D000, 0x510, 0x40000040]
.text C:\Windows\system32\drivers\ACEDRV08.sys section is writeable [0x81C08000, 0x328BA, 0xE8000020]
.pklstb C:\Windows\system32\drivers\ACEDRV08.sys entry point in ".pklstb" section [0x81C4C000]
.relo2 C:\Windows\system32\drivers\ACEDRV08.sys unknown last section [0x81C68000, 0x8E, 0x42000040]
.vmp2 C:\Windows\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0xB011069D]

---- User code sections - GMER 2.1 ----

.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3208] kernel32.dll!LoadLibraryW 762C93F0 5 Bytes JMP 6CE58460 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3208] kernel32.dll!LoadLibraryA 762C956C 5 Bytes JMP 6CE58360 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD2 0x85 0x98 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF8 0x3C 0x3B 0x3E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC0 0x40 0x3D 0x47 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD2 0x85 0x98 0xFD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF8 0x3C 0x3B 0x3E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC0 0x40 0x3D 0x47 ...

---- EOF - GMER 2.1 ----

--- --- ---
GMER Logfile:
Code: Alles auswählenAufklappen
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-03 21:50:59
Windows 6.0.6002 Service Pack 2
Running: gmer_2.1.19163.exe; Driver: C:\Users\Kiki\AppData\Local\Temp\pxlyafow.sys


---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD2 0x85 0x98 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF8 0x3C 0x3B 0x3E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC0 0x40 0x3D 0x47 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD2 0x85 0x98 0xFD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF8 0x3C 0x3B 0x3E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC0 0x40 0x3D 0x47 ...

---- EOF - GMER 2.1 ----

--- --- ---
GMER Logfile:
Code: Alles auswählenAufklappen
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-03 21:50:59
Windows 6.0.6002 Service Pack 2
Running: gmer_2.1.19163.exe; Driver: C:\Users\Kiki\AppData\Local\Temp\pxlyafow.sys


---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD2 0x85 0x98 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF8 0x3C 0x3B 0x3E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC0 0x40 0x3D 0x47 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD2 0x85 0x98 0xFD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF8 0x3C 0x3B 0x3E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC0 0x40 0x3D 0x47 ...

---- EOF - GMER 2.1 ----

--- --- ---

Danke schönen Abend noch.
Geändert von Tizzia (Gestern um 22:04 Uhr)

Ich hoffe das reicht ich kann nicht ersehen ob mein Rechner infiziert ist, kann mir bitte jemand helfen.
MFG
Tizzia

Alt 04.07.2013, 08:01   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch - Standard

Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch



Hi,

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 04.07.2013, 22:24   #3
Tizzia
 
Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch - Icon17

Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch



Code:
ATTFilter
  Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-07-2013
Ran by Kiki at 2013-07-04 22:52:42
Running from C:\Users\Kiki\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.4512)
Abenteuer Rom - Das Raetsel Der Steine 1.00 (Version: 1.00)
Adobe AIR (Version: 3.7.0.1530)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
AIM
Akamai NetSession Interface Service
Allgemeine Runtime Files (x86) (Version: 1.0.3.2)
Amazing Adventures The Lost Tomb Deluxe (HKCU Version: 1.0.0)
Amazon Kindle
Big Fish Games: Game Manager (Version: 2.0.0.28)
calibre (Version: 0.9.37)
Camera RAW Plug-In for EPSON Creativity Suite (Version: 2.3.0.0)
CCleaner (Version: 4.01)
CD/DVD Drive Acoustic Silencer (Version: 2.02.01)
Citrix Authentication Manager (Version: 4.0.0.53726)
Citrix Receiver (DV) (Version: 13.4.0.25)
Citrix Receiver (HDX Flash-Umleitung) (Version: 13.4.0.25)
Citrix Receiver (USB) (Version: 13.4.0.25)
Citrix Receiver (Version: 13.4.0.25)
Citrix Receiver Inside (Version: 3.4.0.29585)
Citrix Receiver Updater (Version: 3.4.0.29577)
Citrix Receiver(Aero) (Version: 13.4.0.25)
com! Update Pack Builder 2008/09 4.1.1
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
Cradle of Rome 2
D3DX10 (Version: 15.4.2368.0902)
Desktop SMS (Version: 1.2.0)
Die große Kartenspiele-Box (Version: Die große Kartenspiele-Box)
Die Legende von Atlantis - Perlen aus der Tiefe 1.00 (Version: 1.00)
Die Wiege Ägyptens - Sammleredition
Die Wiege Roms
Dropbox (HKCU Version: 2.0.22)
DVD MovieFactory for TOSHIBA (Version: 5.51)
DVDVideoSoftTB DE Toolbar (Version: 6.9.0.16)
EPSON Stylus SX400 Series Printer Uninstall
Farm Tribe 2 1.00 (Version: 1.00)
Firebird SQL Server - MAGIX Edition (Version: 2.1.26.0)
Flatcast Viewer Plugin 5.2.2.454
Flatcast Viewer Plugin 5.3.0.784
Google Chrome (Version: 27.0.1453.116)
Google Drive (Version: 1.10.4769.632)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.145)
HTC BMP USB Driver (Version: 1.0.5375)
HTC Driver Installer (Version: 3.0.0.021)
HTC Sync (Version: 3.2.20)
IncrediMail (Version: 6.2.9.5079)
IncrediMail 2.0 (Version: 6.2.9.5079)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
IsoBuster 2.4 (Version: 2.4)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 26 (Version: 6.0.260)
Java(TM) 6 Update 3 (Version: 1.6.0.30)
Java(TM) 6 Update 7 (Version: 1.6.0.70)
Junk Mail filter update (Version: 15.4.3502.0922)
Kingdom Chronicles Sammleredition 1.00 (Version: 1.00)
MAGIX Digital Foto Maker SE 4.1.0.835 (D) (Version: 4.1.0.835)
McAfee Internet Security Suite (Version: 11.6.511)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 German Language Pack (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU (Version: 3.2.30729)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual J# 2.0 Redistributable Package (Version: 2.0.50727)
Microsoft XML Parser (Version: 8.0.7820.0)
Microsoft XML Parser (Version: 8.20.8730.4)
MKV Player 2.1.3
Mobipocket Creator 4.2 (Version: 4.2.41)
Mozilla Firefox 21.0 (x86 de) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nero BurnLite 10 (Version: 10.0.10500.5.100)
Nero BurnLite 10 (Version: 10.0.10600)
Nero Control Center 10 (Version: 10.0.13100.3.1)
Nero ControlCenter 10 Help (CHM) (Version: 1.0.10700)
Nero Core Components 10 (Version: 2.0.15100.0.1)
Nero Update (Version: 1.0.0018)
Online Plug-in (Version: 13.4.0.25)
OpenAL
PC Connectivity Solution (Version: 8.15.0.0)
Picasa 3 (Version: 3.9)
ProtectDisc Driver, Version 11 (Version: 11.0.0.14)
QuickTime (Version: 7.71.80.42)
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5559)
Realtek USB 2.0 Card Reader (Version: )
Recuva (Version: 1.45)
Restaurant Rush
Ritter Arthur 3
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.650.0)
Secure Download Manager (Version: 3.0.3)
Segoe UI (Version: 15.4.2271.0615)
Self-Service Plug-in (Version: 3.4.0.33684)
Shared C Run-time for x86 (Version: 10.0.0)
Skype™ 6.5 (Version: 6.5.158)
Spy Emergency 2008
Spybot - Search & Destroy (Version: 1.6.2)
Synaptics Pointing Device Driver (Version: 11.2.4.0)
System Requirements Lab
The Cross Formula 1.0.0.0 (Version: 1.0.0.0)
The Keepers 2 - Das Geheimnis des Waechterordens SA 1.00 (Version: 1.00)
TOSHIBA ConfigFree (Version: 7.1.27)
TOSHIBA DVD PLAYER (Version: 1.20.10)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Hardware Setup (Version: 2.00.06)
TOSHIBA Recovery Disc Creator (Version: 2.0.0.1b)
TOSHIBA Software Modem (Version: 2.1.77 (SM2177ALD04))
TOSHIBA Supervisor Password (Version: 2.00.03)
TOSHIBA Value Added Package (Version: 1.1.14)
TRDCReminder (Version: 1.00.0014)
TRORDCLauncher (Version: 1.0.0.1)
TuneUp Utilities 2009 (Version: 8.0.3310.3)
UBitMenuDE (Version: 01.04)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition
Usenet.nl
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Viewpoint Media Player
VLC media player 0.9.2 (Version: 0.9.2)
Winamp (Version: 5.541 )
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Encoder 9-Reihe
Windows Media Encoder 9-Reihe (Version: 9.00.3374)
Xvid MPEG-4 Video Codec
Yahoo! Software Update

==================== Restore Points  =========================

26-06-2013 15:40:19 Installed Skype™ 6.5
26-06-2013 15:55:48 Gerätetreiber-Paketinstallation: Labtec Bildverarbeitungsgeräte
27-06-2013 03:21:09 Windows Update
27-06-2013 16:24:51 Geplanter Prüfpunkt
28-06-2013 09:09:52 Windows Update
29-06-2013 04:43:37 Windows Update
30-06-2013 01:00:13 Windows Update
30-06-2013 19:17:39 Installed calibre
01-07-2013 08:59:46 Windows Update
02-07-2013 05:19:48 Windows Update
03-07-2013 07:05:53 Windows Update
04-07-2013 05:48:31 Windows Update

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0483A651-68B2-4E6B-9EB7-58F046D439C2} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3F99D9A1-80EC-419E-95B7-CF560914D62C} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {65563925-9F89-4155-9CEA-42558213F6E1} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation)
Task: {67F8F44B-3011-475E-9F6B-6A5AE07D75F9} - System32\Tasks\1-Klick-Wartung => C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16] (TuneUp Software GmbH)
Task: {6CE41F12-FE70-4F74-A086-557320931466} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {8EFADE76-1744-44C0-9A4E-820F77E99A59} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-16] (Google Inc.)
Task: {A37A8694-A4C3-42EA-B275-4E370D91C83B} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {A975B6DE-204D-4E50-86E2-1C171534ACC3} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Kiki => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {B5C8B94A-97A7-482E-9D1B-D50C001D7E46} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {CF99269A-AFEF-45B1-BB75-776E172B9E1A} - System32\Tasks\BFGLaunch_bfgprocess => C:\Program Files\bfgclient\bfgprocess.exe [2010-11-10] ()
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {E6C05CD9-9502-4A8A-8E26-9D3A2330F3CB} - System32\Tasks\BFGLaunch_bfgclient => C:\Program Files\bfgclient\bfgclient.exe [2010-11-10] ()
Task: {F35A771F-CE53-477B-84D4-CF15C5C5E285} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-21] (Microsoft Corp.)
Task: {F65CBCCF-C7F6-4669-88AF-89FA49A3CD4D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-16] (Google Inc.)
Task: {FCAFA005-E302-4169-A14E-A00E79528E3E} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-04-17] ()
Task: C:\Windows\Tasks\1-Klick-Wartung.job => C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2013 07:49:47 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 1.1 - Update "{6C298884-91FD-408C-9D90-5A59D2C29FD1}" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log enthalten.

Error: (07/04/2013 07:49:40 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 1.1 -- Fehler 1706.Für das Produkt "Microsoft .NET Framework 1.1" wurde kein gültiger Quellcode gefunden.  Windows Installer kann nicht fortfahren.

Error: (07/03/2013 09:15:38 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung gmer_2.1.19163.exe, Version 2.1.19163.0, Zeitstempel 0x515d31f0, fehlerhaftes Modul gmer_2.1.19163.exe, Version 2.1.19163.0, Zeitstempel 0x515d31f0, Ausnahmecode 0xc0000005, Fehleroffset 0x00012288,
Prozess-ID 0x1458, Anwendungsstartzeit gmer_2.1.19163.exe0.

Error: (07/03/2013 09:01:49 PM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (07/03/2013 08:24:00 PM) (Source: Application Hang) (User: )
Description: Programm SpyEmergency.exe, Version 5.0.605.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 12d4
Anfangszeit: 01ce781876861b58
Zeitpunkt der Beendigung: 16

Error: (07/03/2013 09:07:13 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 1.1 - Update "{6C298884-91FD-408C-9D90-5A59D2C29FD1}" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log enthalten.

Error: (07/03/2013 09:07:06 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 1.1 -- Fehler 1706.Für das Produkt "Microsoft .NET Framework 1.1" wurde kein gültiger Quellcode gefunden.  Windows Installer kann nicht fortfahren.

Error: (07/02/2013 07:21:07 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 1.1 - Update "{6C298884-91FD-408C-9D90-5A59D2C29FD1}" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log enthalten.

Error: (07/02/2013 07:20:58 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 1.1 -- Fehler 1706.Für das Produkt "Microsoft .NET Framework 1.1" wurde kein gültiger Quellcode gefunden.  Windows Installer kann nicht fortfahren.

Error: (07/01/2013 04:53:04 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung htcUPCTLoader.exe, Version 1.0.2.34, Zeitstempel 0x4f8cde22, fehlerhaftes Modul HtcDetect.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x4f8cccb6, Ausnahmecode 0xc0000005, Fehleroffset 0x02d82f2e,
Prozess-ID 0xf04, Anwendungsstartzeit htcUPCTLoader.exe0.


System errors:
=============
Error: (07/04/2013 07:51:31 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2742597){80914F48-FE80-479C-86DB-DBA893EF9397}202

Error: (07/03/2013 07:49:19 PM) (Source: Service Control Manager) (User: )
Description: Spy Emergency Engine Service%%1053

Error: (07/03/2013 07:49:19 PM) (Source: Service Control Manager) (User: )
Description: 30000Spy Emergency Engine Service

Error: (07/03/2013 09:09:03 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2742597){80914F48-FE80-479C-86DB-DBA893EF9397}202

Error: (07/02/2013 07:22:56 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2742597){80914F48-FE80-479C-86DB-DBA893EF9397}202

Error: (07/01/2013 10:36:13 PM) (Source: Service Control Manager) (User: )
Description: 30000Akamai

Error: (07/01/2013 11:05:28 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2742597){80914F48-FE80-479C-86DB-DBA893EF9397}202

Error: (06/30/2013 03:03:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2742597){80914F48-FE80-479C-86DB-DBA893EF9397}202

Error: (06/29/2013 10:42:13 PM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (06/29/2013 06:47:44 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2742597){80914F48-FE80-479C-86DB-DBA893EF9397}202


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-03-10 12:47:00.907
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\igdumd32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-03-10 12:47:00.656
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\igdumd32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-01 09:39:01.484
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\igdumd32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-01 09:39:00.901
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\igdumd32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-28 19:08:09.918
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\igdumd32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-28 19:08:09.687
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\igdumd32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-12 13:27:21.315
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\igdumd32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-12 13:27:21.123
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\igdumd32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-12 13:27:20.929
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\IDM\Desktop SMS\oehook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-12 13:27:20.736
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\IDM\Desktop SMS\oehook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 37%
Total physical RAM: 3061.22 MB
Available physical RAM: 1919.77 MB
Total Pagefile: 6326.73 MB
Available Pagefile: 4629.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.91 MB

==================== Drives ================================

Drive c: (Kiki-1) (Fixed) (Total:116.37 GB) (Free:16.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Kiki-2) (Fixed) (Total:115.05 GB) (Free:1.79 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: B4ECF4B8)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=115 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         



FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013
Ran by Kiki (administrator) on 04-07-2013 22:50:16
Running from C:\Users\Kiki\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
() C:\Program Files\ICQ6Toolbar\ICQ Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(NETGATE Technologies s.r.o.) C:\Programme\Spy Emergency 2008\SpyEmergencySrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(TuneUp Software) C:\Windows\System32\TUProgSt.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Microsoft Corporation) C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Akamai Technologies, Inc.) C:\Users\Kiki\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Akamai Technologies, Inc.) C:\Users\Kiki\AppData\Local\Akamai\netsession_win.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [NDSTray.exe] NDSTray.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1278064 2013-03-13] (McAfee, Inc.)
HKLM\...\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [651264 2012-04-17] ()
HKLM\...\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto [1507328 2007-06-18] (Interactive Digital Media)
HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [Akamai NetSession Interface] "C:\Users\Kiki\AppData\Local\Akamai\netsession_win.exe" [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [19604072 2013-06-03] (Skype Technologies S.A.)
HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-01-29] ()
HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-01-29] ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
HKLM SearchScopes: DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304564
SearchScopes: HKLM - {041E2009-2712-4AD9-A4AC-50F9D8539177} URL = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304564
HKCU SearchScopes: DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=109868&tt=050412_30b&babsrc=SP_ss&mntrId=bc13d0e4000000000000001f3cb8cb39
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=109868&tt=050412_30b&babsrc=SP_ss&mntrId=bc13d0e4000000000000001f3cb8cb39
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {AED1B68C-71DD-456A-ADB9-FB10DFDDE206} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
SearchScopes: HKCU - {CD10120B-C165-4f8d-8C74-639629E238FF} URL = hxxp://mystart.magentic.com/?search={searchTerms}&loc=search_box
SearchScopes: HKCU - {E08A9998-D98F-476f-8F5C-37C80FE0A4DA} URL = hxxp://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
BHO: DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130421192142.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKLM - DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
Toolbar: HKCU -No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} -  No File
Toolbar: HKCU -DVDVideoSoftTB DE Toolbar - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default
FF user.js: detected! => C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\user.js
FF SelectedSearchEngine: Google
FF Homepage: hxxp://search.babylon.com/?babsrc=HP_Prot
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Citrix.com/npican - C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=0.9.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 - C:\Users\Kiki\AppData\Roaming\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF SearchPlugin: C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\searchplugins\SweetIM Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\WebSearchober18681135.gif
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\WebSearchober18681135.src
FF Extension: No Name - C:\Users\Kiki\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Conduit Engine  - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\engine@conduit.com
FF Extension: Cooliris - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\piclens@cooliris.com
FF Extension: DVDVideoSoftTB DE  - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: SweetIM Toolbar - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\{694b57c6-ad53-4442-8290-c5539e368aac}
FF Extension: adblockpopups - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: toolbar - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\toolbar@gmx.net.xpi
FF Extension: wisestamp - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\wisestamp@wisestamp.com.xpi
FF Extension: No Name - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] C:\Program Files\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files\Common Files\McAfee\SystemCore
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR HomePage: hxxp://home.sweetim.com/?crg=3.02010003&st=12&barid={A9249580-4308-11DE-AEAA-001E3368F9BD}
CHR RestoreOnStartup: "hxxp://home.sweetim.com/?crg=3.02010003&st=12&barid={A9249580-4308-11DE-AEAA-001E3368F9BD}", "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.0.147) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 7) - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Flatcast Viewer Plugin 5.2.2.454) - C:\Program Files\Mozilla Firefox\plugins\NpFv522.dll (1 mal 1 Software GmbH)
CHR Plugin: (Flatcast Viewer Plugin 5.3.0.784) - C:\Program Files\Mozilla Firefox\plugins\NpFv530.dll (1 mal 1 Software GmbH)
CHR Plugin: (Windows Genuine Advantage) - C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Zylom Plugin) - C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll (Zylom)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\GamingWonderland\bar\1.bin\NPgtStub.dll No File
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Yahoo! activeX Plug-in Bridge) - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (McAfee SecurityCenter) - c:\progra~1\mcafee\msc\npmcsn~1.dll ()

========================== Services (Whitelisted) =================

R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1220608 2009-05-06] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
R2 ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [222456 2008-06-10] ()
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [279048 2012-11-16] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [203840 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [172416 2013-02-19] (McAfee, Inc.)
S3 Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SpyEmrgSrv; C:\Programme\Spy Emergency 2008\SpyEmergencySrv.exe [727608 2009-01-19] (NETGATE Technologies s.r.o.)
R2 TOSHIBA SMART Log Service; c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [361288 2011-12-07] (TuneUp Software)
R2 TuneUp.ProgramStatisticsSvc; C:\Windows\System32\TUProgSt.exe [604488 2011-12-07] (TuneUp Software)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
S2 RelevantKnowledge; C:\Program Files\RelevantKnowledge\rlservice.exe /service [x]

==================== Drivers (Whitelisted) ====================

R2 ACEDRV08; C:\Windows\system32\drivers\ACEDRV08.sys [108768 2009-12-22] (Protect Software GmbH)
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-02-19] (McAfee, Inc.)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [560640 2008-04-17] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [15616 2008-04-17] (Hauppauge Computer Works, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [146872 2012-04-20] (McAfee, Inc.)
S3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2010-06-23] (Windows (R) Win 7 DDK provider)
R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
S3 LVUSBSta; C:\Windows\System32\DRIVERS\LVUSBSta.sys [22016 2005-01-19] (Labtec Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133416 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [235264 2013-02-19] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [363080 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565888 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92632 2013-02-19] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-09-16] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [210608 2013-02-19] (McAfee, Inc.)
S3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [211712 2005-01-19] (Labtec Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-02-21] (Duplex Secure Ltd.)
R1 SpyEmrg; C:\Windows\System32\Drivers\spyemrg.sys [12344 2008-02-05] (NETGATE Technologies s.r.o.)
R3 SpyEmrgAccess; C:\Windows\System32\Drivers\spyemrg_access.sys [15288 2008-08-11] (NETGATE Technologies s.r.o.)
R3 SpyEmrgGuard; C:\Windows\System32\Drivers\spyemrg_guard.sys [14392 2008-02-05] (NETGATE Technologies s.r.o.)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-04-27] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-04-27] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-04-27] (MCCI Corporation)
S3 AVFSFilter; system32\DRIVERS\avfsfilter.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
U3 mfeavfk01; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-04 22:49 - 2013-07-04 22:49 - 00000000 ____D C:\FRST
2013-07-04 21:15 - 2013-07-04 21:15 - 01373373 ____A (Farbar) C:\Users\Kiki\Desktop\FRST.exe
2013-07-03 21:50 - 2013-07-03 21:50 - 00005282 ____A C:\Users\Kiki\Documents\GMER.log
2013-07-03 21:50 - 2013-07-03 21:50 - 00003017 ____A C:\Users\Kiki\Documents\GMER 2.log
2013-07-03 20:51 - 2013-07-03 20:51 - 00103680 ____A (GMER) C:\pxlyafow.sys
2013-07-03 20:38 - 2013-07-03 20:38 - 00063682 ____A C:\Users\Kiki\Desktop\Extras.Txt
2013-07-03 20:37 - 2013-07-03 20:37 - 00180128 ____A C:\Users\Kiki\Desktop\OTL.Txt
2013-07-03 20:03 - 2013-07-03 20:03 - 00377856 ____A C:\Users\Kiki\Desktop\gmer_2.1.19163.exe
2013-07-03 20:01 - 2013-07-03 20:01 - 00602112 ____A (OldTimer Tools) C:\Users\Kiki\Desktop\OTL.exe
2013-07-03 19:52 - 2013-07-04 20:48 - 00043870 ____A C:\Windows\WindowsUpdate.log
2013-07-03 19:45 - 2013-07-03 19:46 - 00000630 ____A C:\Users\Kiki\Downloads\defogger_disable.log
2013-07-03 19:45 - 2013-07-03 19:46 - 00000020 ____A C:\Users\Kiki\defogger_reenable
2013-07-03 19:45 - 2013-07-03 19:45 - 00050477 ____A C:\Users\Kiki\Desktop\Defogger.exe
2013-07-02 00:56 - 2013-07-02 00:56 - 00004036 ____A C:\Users\Kiki\Downloads\c977f4972ad8a2eab3432e0113bf9be4.dlc
2013-07-01 13:33 - 2013-07-01 13:33 - 00000000 ____D C:\Users\Kiki\AppData\Local\{EB7447EE-75B8-4B5D-BE7C-435A3993793F}
2013-06-30 21:14 - 2013-06-30 21:15 - 52086272 ____A C:\Users\Kiki\Downloads\calibre-0.9.37.msi
2013-06-30 12:31 - 2013-06-30 12:31 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f (1).dlc
2013-06-30 12:30 - 2013-06-30 12:30 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f.dlc
2013-06-30 12:28 - 2013-06-30 12:28 - 00005188 ____A C:\Users\Kiki\Downloads\4dd1b9c6875dc7374f44106f36cd3cdf.dlc
2013-06-30 08:07 - 2013-06-30 08:07 - 00002500 ____A C:\Users\Kiki\Downloads\acfd7416390d25d5d0b220573f1cda4a.dlc
2013-06-29 12:15 - 2013-06-29 12:15 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\acccore
2013-06-29 12:12 - 2013-06-29 12:12 - 00001802 ____A C:\Users\Public\Desktop\AOL Instant Messenger.lnk
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\Users\Kiki\AppData\Local\AOL OCP
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\ProgramData\Viewpoint
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\ProgramData\AOL OCP
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\ProgramData\AOL
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\Program Files\Viewpoint
2013-06-29 12:11 - 2013-06-29 12:12 - 00000446 ___AH C:\IPH.PH
2013-06-29 12:11 - 2013-06-29 12:12 - 00000000 ____D C:\Program Files\AIM6
2013-06-29 12:11 - 2013-06-29 12:11 - 00000000 ____D C:\Program Files\Common Files\AOL
2013-06-29 12:07 - 2013-06-29 12:07 - 00000041 ____A C:\Users\Kiki\Downloads\12775.asx
2013-06-29 09:08 - 2013-06-29 09:08 - 00003888 ____A C:\Users\Kiki\Downloads\00bw860a1t42705-ul.to.dlc
2013-06-29 09:03 - 2013-06-29 09:03 - 00001112 ____A C:\Users\Kiki\Downloads\c9hgt58rf26382b.dlc
2013-06-29 06:45 - 2013-06-29 06:45 - 00026160 ____A C:\Users\Kiki\Downloads\4d90db1e7b014a93b3f69deb2d4be2db.dlc
2013-06-28 16:48 - 2013-06-28 16:48 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\ArtifexMundi
2013-06-27 19:20 - 2013-06-27 19:51 - 00000000 ____D C:\Users\Kiki\Desktop\Bücher
2013-06-26 23:04 - 2013-06-26 23:04 - 00003312 ____A C:\Users\Kiki\Downloads\75aa965832ce71c749c703bc128d48be.dlc
2013-06-26 17:56 - 2013-06-26 17:56 - 00001394 ____A C:\Windows\System32\lvcoinst.log
2013-06-26 17:41 - 2013-06-26 17:41 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk
2013-06-26 17:41 - 2013-06-26 17:41 - 00000000 ___RD C:\Program Files\Skype
2013-06-26 17:41 - 2013-06-26 17:41 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-06-26 17:38 - 2013-06-26 17:39 - 23416832 ____A C:\Users\Kiki\Downloads\SkypeSetup_6.5.32.158.msi
2013-06-16 07:45 - 2013-06-16 07:45 - 00001368 ____A C:\Users\Kiki\Downloads\7e1205abbc7d9f29e1c56cc801107dd4.dlc
2013-06-16 07:43 - 2013-06-16 07:43 - 00001368 ____A C:\Users\Kiki\Downloads\bf86151731dd28ed0107992a01975a75.dlc
2013-06-15 10:20 - 2013-06-15 10:20 - 00011489 ____A C:\Users\Kiki\Desktop\PW DTAG.xlsx
2013-06-15 10:14 - 2013-06-15 10:20 - 00011497 ____A C:\Users\Kiki\Downloads\Passwörter (2).xlsx
2013-06-13 08:47 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 08:47 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 08:47 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-13 08:47 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 08:47 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 08:47 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-13 08:47 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-13 08:47 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 08:47 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-13 08:47 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 08:47 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 08:46 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 08:46 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 08:46 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 08:46 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-13 08:46 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 09:31 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 09:31 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 09:31 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 09:31 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 09:30 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 09:30 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-11 23:46 - 2013-06-11 23:46 - 00004100 ____A C:\Users\Kiki\Downloads\430b688dfa28a714e695674e73f9c74b.dlc
2013-06-11 00:01 - 2013-06-11 00:01 - 00001263 ____A C:\Users\Kiki\Desktop\The Keepers 2.lnk
2013-06-11 00:01 - 2013-06-11 00:01 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\BlamGames
2013-06-10 23:56 - 2013-06-11 00:01 - 00000000 ____D C:\Program Files\The Keepers 2 - Das Geheimnis des Waechterordens SA
2013-06-09 12:50 - 2013-06-09 12:50 - 00003120 ____A C:\Users\Kiki\Downloads\f52e53a14bc5c607cb844a30e7df4321.dlc
2013-06-09 08:14 - 2013-06-09 08:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\ProgramData\CrioGames
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\Program Files\Farm Tribe 2
2013-06-05 10:54 - 2013-06-05 10:55 - 00343931 ____A C:\Users\Kiki\Documents\Thomas Reichelt.xps
2013-06-04 22:46 - 2013-06-04 22:46 - 00004868 ____A C:\Users\Kiki\Downloads\6302faa856850680ddca153884302543 (1).dlc
2013-06-04 22:44 - 2013-06-04 22:44 - 00004868 ____A C:\Users\Kiki\Downloads\6302faa856850680ddca153884302543.dlc
2013-06-04 17:01 - 2013-06-04 17:01 - 00000000 ____D C:\Users\Kiki\AppData\Local\{49647C14-DA28-4B8F-B547-CD4D11231D7C}

==================== One Month Modified Files and Folders ========

2013-07-04 22:49 - 2013-07-04 22:49 - 00000000 ____D C:\FRST
2013-07-04 22:47 - 2013-07-03 19:52 - 00043870 ____A C:\Windows\WindowsUpdate.log
2013-07-04 22:41 - 2006-11-02 14:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-04 22:41 - 2006-11-02 14:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-04 22:29 - 2011-09-16 11:51 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-04 22:00 - 2011-12-07 15:25 - 00000522 ____A C:\Windows\Tasks\1-Klick-Wartung.job
2013-07-04 21:55 - 2012-04-04 18:59 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-04 21:15 - 2013-07-04 21:15 - 01373373 ____A (Farbar) C:\Users\Kiki\Desktop\FRST.exe
2013-07-04 21:05 - 2013-01-06 00:12 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Skype
2013-07-04 20:53 - 2012-04-04 19:03 - 00001741 ____A C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
2013-07-04 20:43 - 2012-06-04 11:54 - 00000000 ____D C:\Users\Kiki\AppData\Local\Htc
2013-07-04 20:41 - 2011-09-16 11:51 - 00001090 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-04 20:41 - 2011-08-13 21:10 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-07-04 20:41 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-04 09:01 - 2006-11-02 15:01 - 00032558 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-03 21:50 - 2013-07-03 21:50 - 00005282 ____A C:\Users\Kiki\Documents\GMER.log
2013-07-03 21:50 - 2013-07-03 21:50 - 00003017 ____A C:\Users\Kiki\Documents\GMER 2.log
2013-07-03 20:51 - 2013-07-03 20:51 - 00103680 ____A (GMER) C:\pxlyafow.sys
2013-07-03 20:38 - 2013-07-03 20:38 - 00063682 ____A C:\Users\Kiki\Desktop\Extras.Txt
2013-07-03 20:37 - 2013-07-03 20:37 - 00180128 ____A C:\Users\Kiki\Desktop\OTL.Txt
2013-07-03 20:13 - 2010-11-19 20:54 - 00001091 ____A C:\Users\Kiki\Desktop\Spybot - Search & Destroy.lnk
2013-07-03 20:11 - 2010-11-19 20:54 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-03 20:03 - 2013-07-03 20:03 - 00377856 ____A C:\Users\Kiki\Desktop\gmer_2.1.19163.exe
2013-07-03 20:01 - 2013-07-03 20:01 - 00602112 ____A (OldTimer Tools) C:\Users\Kiki\Desktop\OTL.exe
2013-07-03 19:46 - 2013-07-03 19:45 - 00000630 ____A C:\Users\Kiki\Downloads\defogger_disable.log
2013-07-03 19:46 - 2013-07-03 19:45 - 00000020 ____A C:\Users\Kiki\defogger_reenable
2013-07-03 19:45 - 2013-07-03 19:45 - 00050477 ____A C:\Users\Kiki\Desktop\Defogger.exe
2013-07-03 19:45 - 2008-10-06 11:46 - 00000000 ___AD C:\users\Kiki
2013-07-03 18:05 - 2013-02-23 21:52 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Dropbox
2013-07-02 14:10 - 2008-10-06 12:04 - 00116736 ____A C:\Users\Kiki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-02 00:56 - 2013-07-02 00:56 - 00004036 ____A C:\Users\Kiki\Downloads\c977f4972ad8a2eab3432e0113bf9be4.dlc
2013-07-01 13:33 - 2013-07-01 13:33 - 00000000 ____D C:\Users\Kiki\AppData\Local\{EB7447EE-75B8-4B5D-BE7C-435A3993793F}
2013-07-01 11:04 - 2008-01-21 09:16 - 01456404 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-30 21:19 - 2012-04-25 21:08 - 00000847 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2013-06-30 21:19 - 2012-04-25 21:07 - 00000000 ____D C:\Program Files\Calibre2
2013-06-30 21:15 - 2013-06-30 21:14 - 52086272 ____A C:\Users\Kiki\Downloads\calibre-0.9.37.msi
2013-06-30 12:31 - 2013-06-30 12:31 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f (1).dlc
2013-06-30 12:30 - 2013-06-30 12:30 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f.dlc
2013-06-30 12:28 - 2013-06-30 12:28 - 00005188 ____A C:\Users\Kiki\Downloads\4dd1b9c6875dc7374f44106f36cd3cdf.dlc
2013-06-30 10:48 - 2008-10-06 13:17 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Winamp
2013-06-30 08:07 - 2013-06-30 08:07 - 00002500 ____A C:\Users\Kiki\Downloads\acfd7416390d25d5d0b220573f1cda4a.dlc
2013-06-30 07:05 - 2011-06-13 20:09 - 00000000 ____D C:\Windows\Minidump
2013-06-29 19:47 - 2011-04-15 13:06 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Usenet.nl
2013-06-29 19:38 - 2011-04-15 13:06 - 00000000 ____D C:\Users\Kiki\Documents\Usenet.nl
2013-06-29 12:15 - 2013-06-29 12:15 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\acccore
2013-06-29 12:12 - 2013-06-29 12:12 - 00001802 ____A C:\Users\Public\Desktop\AOL Instant Messenger.lnk
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\Users\Kiki\AppData\Local\AOL OCP
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\ProgramData\Viewpoint
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\ProgramData\AOL OCP
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\ProgramData\AOL
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\Program Files\Viewpoint
2013-06-29 12:12 - 2013-06-29 12:11 - 00000446 ___AH C:\IPH.PH
2013-06-29 12:12 - 2013-06-29 12:11 - 00000000 ____D C:\Program Files\AIM6
2013-06-29 12:11 - 2013-06-29 12:11 - 00000000 ____D C:\Program Files\Common Files\AOL
2013-06-29 12:07 - 2013-06-29 12:07 - 00000041 ____A C:\Users\Kiki\Downloads\12775.asx
2013-06-29 09:08 - 2013-06-29 09:08 - 00003888 ____A C:\Users\Kiki\Downloads\00bw860a1t42705-ul.to.dlc
2013-06-29 09:03 - 2013-06-29 09:03 - 00001112 ____A C:\Users\Kiki\Downloads\c9hgt58rf26382b.dlc
2013-06-29 06:45 - 2013-06-29 06:45 - 00026160 ____A C:\Users\Kiki\Downloads\4d90db1e7b014a93b3f69deb2d4be2db.dlc
2013-06-28 18:53 - 2011-11-10 04:01 - 00000000 ____D C:\Users\Kiki\AppData\Local\Akamai
2013-06-28 16:48 - 2013-06-28 16:48 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\ArtifexMundi
2013-06-27 19:51 - 2013-06-27 19:20 - 00000000 ____D C:\Users\Kiki\Desktop\Bücher
2013-06-27 00:06 - 2012-12-15 04:08 - 00262144 ____A C:\Windows\System32\config\ELAM
2013-06-26 23:04 - 2013-06-26 23:04 - 00003312 ____A C:\Users\Kiki\Downloads\75aa965832ce71c749c703bc128d48be.dlc
2013-06-26 17:56 - 2013-06-26 17:56 - 00001394 ____A C:\Windows\System32\lvcoinst.log
2013-06-26 17:56 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\twain_32
2013-06-26 17:41 - 2013-06-26 17:41 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk
2013-06-26 17:41 - 2013-06-26 17:41 - 00000000 ___RD C:\Program Files\Skype
2013-06-26 17:41 - 2013-06-26 17:41 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-06-26 17:41 - 2013-01-06 00:11 - 00000000 ____D C:\ProgramData\Skype
2013-06-26 17:39 - 2013-06-26 17:38 - 23416832 ____A C:\Users\Kiki\Downloads\SkypeSetup_6.5.32.158.msi
2013-06-26 15:34 - 2012-09-13 16:40 - 00001977 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-16 07:45 - 2013-06-16 07:45 - 00001368 ____A C:\Users\Kiki\Downloads\7e1205abbc7d9f29e1c56cc801107dd4.dlc
2013-06-16 07:43 - 2013-06-16 07:43 - 00001368 ____A C:\Users\Kiki\Downloads\bf86151731dd28ed0107992a01975a75.dlc
2013-06-15 18:56 - 2012-02-26 05:30 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\AlawarEntertainment
2013-06-15 18:51 - 2012-12-30 13:13 - 00000000 ____D C:\Program Files\GameforgeLive
2013-06-15 10:20 - 2013-06-15 10:20 - 00011489 ____A C:\Users\Kiki\Desktop\PW DTAG.xlsx
2013-06-15 10:20 - 2013-06-15 10:14 - 00011497 ____A C:\Users\Kiki\Downloads\Passwörter (2).xlsx
2013-06-15 08:07 - 2013-02-23 21:55 - 00000922 ____A C:\Users\Kiki\Desktop\Dropbox.lnk
2013-06-13 17:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-13 09:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 08:49 - 2008-02-25 10:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-13 08:42 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-11 23:56 - 2012-04-04 18:59 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-11 23:56 - 2011-06-13 20:49 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-11 23:46 - 2013-06-11 23:46 - 00004100 ____A C:\Users\Kiki\Downloads\430b688dfa28a714e695674e73f9c74b.dlc
2013-06-11 00:01 - 2013-06-11 00:01 - 00001263 ____A C:\Users\Kiki\Desktop\The Keepers 2.lnk
2013-06-11 00:01 - 2013-06-11 00:01 - 00000AAaa000 ____D C:\Users\Kiki\AppData\Roaming\BlamGames
2013-06-11 00:01 - 2013-06-10 23:56 - 00000000 ____D C:\Program Files\The Keepers 2 - Das Geheimnis des Waechterordens SA
2013-06-09 20:22 - 2008-10-27 20:54 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\cerasus.media
2013-06-09 12:50 - 2013-06-09 12:50 - 00003120 ____A C:\Users\Kiki\Downloads\f52e53a14bc5c607cb844a30e7df4321.dlc
2013-06-09 10:29 - 2012-05-04 06:10 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-09 08:14 - 2013-06-09 08:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\ProgramData\CrioGames
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\Program Files\Farm ATribe 2
2013-06-05 10:55 - 2013-06-05 10:54 - 00343931 ____A C:\Users\Kiki\Documents\Thomas Reichelt.xps
2013-06-04 22:46 - 2013-06-04 22:46 - 00004868 ____A C:\Users\Kiki\Downloads\6302faa856850680ddca153884302543 (1).dlc
2013-06-04 22:44 - 2013-06-04 22:44 - 00004868 ____A C:\Users\Kiki\Downloads\6302faa856850680ddca153884302543.dlc
2013-06-04 17:01 - 2013-06-04 17:01 - 00000000 ____D C:\Users\Kiki\AppData\Local\{49647C14-DA28-4B8F-B547-CD4D11231D7C}
2013-06-04 10:59 - 2013-05-26 18:19 - 00000000 ____D C:\Users\Kiki\Desktop\Erika

Files to move or delete:
====================
C:\ProgramData\go_0molg.pad

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-04 20:49

==================== End Of Log ============================
         
--- --- ---





Dann hoffe ich mal das ich alles richtig gemacht lg Tizzia
__________________

Alt 05.07.2013, 09:08   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch - Standard

Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.07.2013, 19:19   #5
Tizzia
 
Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch - Icon17

Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch



Guten Abend ...

leider läuft dieses Combofix bei mir nicht
bekomme die Meldung.....
Wiederherrstellungspunkt wird erstellt
scannt ihren Rechner
und dann kommt SYNTAXFEHLER....innerhalb von Sekunden...

lg
Tizzia: Balla: : Killpc:


Alt 06.07.2013, 08:42   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch - Standard

Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch



Komisch

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST Log bitte.
__________________
--> Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch

Alt 06.07.2013, 11:06   #7
Tizzia
 
Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch - Standard

Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch



Dies war der erste Streich.....


Code:
ATTFilter
# AdwCleaner v2.304 - Datei am 06/07/2013 um 11:53:18 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Kiki - SOULFRIENDS1
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Kiki\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : ICQ Service
Gestoppt & Gelöscht : RelevantKnowledge

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\searchplugins\MyStart Search.xml
Datei Gelöscht : C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\searchplugins\SweetIM Search.xml
Datei Gelöscht : C:\Windows\system32\roboot.exe
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\DAEMON Tools Toolbar
Ordner Gelöscht : C:\Program Files\DVDVideoSoftTB_DE
Ordner Gelöscht : C:\Program Files\Free Ride Games
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files\SweetIM
Ordner Gelöscht : C:\Program Files\Viewpoint
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\iWin
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\ProgramData\Viewpoint
Ordner Gelöscht : C:\Users\Kiki\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Kiki\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Kiki\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Kiki\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Kiki\AppData\LocalLow\DVDVideoSoftTB_DE
Ordner Gelöscht : C:\Users\Kiki\AppData\LocalLow\GamingWonderland
Ordner Gelöscht : C:\Users\Kiki\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Conduit
Ordner Gelöscht : C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\ConduitEngine
Ordner Gelöscht : C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\CT2625848
Ordner Gelöscht : C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
Ordner Gelöscht : C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\extensions\engine@conduit.com
Ordner Gelöscht : C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Smartbar
Ordner Gelöscht : C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\SweetIMToolbarData
Ordner Gelöscht : C:\Users\Kiki\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Alexa Internet
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB_DE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
         

Alt 06.07.2013, 11:11   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch - Standard

Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch



wenn du durch bist bitte COmbofix löschen und neu laden, laufen lassen. Das Problem wurde behoben
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.07.2013, 11:21   #9
Tizzia
 
Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch - Standard

Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch



Nach dem FRST lasse ich den Combofix laufen...

Erstmal vielen lieben Dank für Deine Hilfe...

Dies ist der zweite Teil...


Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Kiki on 06.07.2013 at 12:14:01,81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AED1B68C-71DD-456A-ADB9-FB10DFDDE206}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\Users\Kiki\AppData\Roaming\fighters"
Successfully deleted: [Folder] "C:\Users\Kiki\AppData\Roaming\systweak"
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{051EC767-4C64-4880-BECB-9C9BD12BA00A}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{070D9F1D-0384-4336-83F0-3794BB9ECDFA}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{0911463D-D311-4908-995D-DCA93DFA5034}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{0BD44A45-A9B3-4C6F-8AC7-34EECCD0ED3B}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{0CC8F6A7-E1BF-4AB8-910E-DDA9702E083F}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{0D04EECA-FBEA-45F0-A341-BE2AB2878A15}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{12EFCD2C-DD10-4913-9F05-FDB866C630D7}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{169B3A13-F8B6-4BD9-A717-2C5179B1CACD}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{1EA8CAC1-50B5-457E-9C7B-28185797F0B8}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{2279403B-68C9-4A97-A4AD-995BCD61F4F8}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{278AD1BA-70C9-4FDF-84DE-B6E755C0C821}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{2EE2B46D-A658-4057-B90B-DBEB85360279}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{341BE17F-E2E9-4B7A-90BB-79232782E51C}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{375EC84D-986E-40A5-8CC5-C0EC18C26F65}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{387318EC-C50E-4E53-90EF-F7156322D9B4}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{3DFA490A-7544-4B4E-A432-330BCAE0F65E}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{4036AF6F-E662-43A2-A9D4-C324D1B77372}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{45C67710-5B4E-438C-86AB-510B74F31840}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{4678BDFC-6B97-43E1-A9AB-39146C1323AF}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{4833E803-25C5-4B7A-A564-EC38A1608CCA}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{49647C14-DA28-4B8F-B547-CD4D11231D7C}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{49D31BFD-DB6E-4D36-83BF-E206C265FFF7}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{4B21805B-A3B6-4D60-8F85-79DE912BB5BF}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{4F66DB52-641D-46C6-9C78-38802086DE7D}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{5129303A-D694-4622-93F3-2C02BEC885FE}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{5513BFBD-678B-4DF8-96EA-7EB2F79BF3BA}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{5637CBB0-BC05-439E-9533-635D19E9CF45}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{616E8CAC-78B0-4960-A566-F36CFE6F6AE8}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{66A604BA-6E4C-4E68-882F-8F0164C17A41}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{66AF18C5-76A7-4175-9FF2-6F8C8BC3C980}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{687994B0-B37E-4D59-A341-5E3E5E072272}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{6A4BB70E-DBCA-4C6F-A665-1110892DAB05}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{7102D115-E357-4DD4-9C3C-06510CAB86B9}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{76920DA1-46A1-417F-A9D4-2BA8773ED2AC}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{7BEFBA49-5F79-4BDB-A0DB-F876139D8B38}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{7E4E8E38-C6A6-4971-A82A-55A5690A8080}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{8265FCE6-818B-4E18-9777-7547C79BBA14}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{8499B857-E8BC-47AE-81AF-92621F0ABDB7}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{8B13C37C-3A3C-4088-B845-FBFCED6E2ECE}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{8CDDFF03-E3DF-498C-B3CE-818B6E267E34}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{8F67FC18-C73A-44DF-81C1-0D023C9230DF}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{9084532B-9A9E-4CA8-B092-E174B596486C}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{92668636-8B59-42BB-A324-B9E930EE4897}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{92B182E5-C85E-42B6-85D2-8B26BFC493F3}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{952006AD-55C0-4A10-B964-0755C67B32F3}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{965C1382-60B5-4C94-AC2D-E10A42B319CB}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{96881EE9-A801-4AE7-A4E3-E10B026EF8AC}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{A02D1600-4594-4BEB-8128-042BD7790173}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{A2F59890-3BEE-40A0-B4C3-C3B01637D6E0}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{A57BF59E-2E4A-47CC-A3D1-5C12FD3D8329}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{ABA02DEA-025F-4772-B137-ABEAB12AB415}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{ACABBE11-CCA7-4961-A97A-A95E43AF8D3A}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{AF755D45-ACF3-4517-B80C-8C89A1665F27}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{B3A07C95-7508-4FA4-BD68-0D881BBE6300}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{B85C452C-F566-49FB-9365-A4C2DD5054F6}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{BADC35DB-0493-4826-9CA7-A5E523003E52}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{BDD5D12A-923A-49F6-AD65-B0CE1049BCDC}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{BE36D1E2-179C-43CE-B2F5-7AEEA346163A}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{C7327C0A-62A7-49B6-8AE8-134DBA58F6A9}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{C9E7FE6E-38AC-41A4-B98D-94B97CF15F4E}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{CC17AA42-0933-4A1F-BCC5-4DFD55DB48B8}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{CFEC65A1-5F0F-419F-8BC1-7D5CA81B59E4}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{D31C7DE5-8C26-48AA-98EB-97DDCA0C6296}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{D82FC686-2B70-47C6-9FF7-05E5F20BB442}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{DD82CB5E-7B36-4E04-ADAE-721AC981153C}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{DDAA7F84-66BF-4691-9638-8E3D5F832B74}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{DE17851E-BD46-4558-81A4-D9EEE51E7423}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{DEBA5BA6-B177-41A7-B070-199B58E7360C}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{E0BCBB0D-3041-4A41-9B62-74F240B3C9B2}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{E71805B8-53F8-46AE-A81F-72E372670FCC}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{EB7447EE-75B8-4B5D-BE7C-435A3993793F}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{EBDF99AA-3337-403E-8C4B-880D26229EF7}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{EDE08880-D303-4CA2-A43B-32F1C1CB7A47}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{EED5AD63-27B0-4BD5-8F79-128C9130204F}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{EF1125AC-0E62-4DE2-9791-E6E363694028}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{F038FA52-3BBE-4EA7-AFD8-313788624947}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{F20BE923-9EF7-4286-8C93-DF09103D3E69}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{F2B10082-1B1C-4279-8E6C-32BE919A1A91}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{F8B30230-69C9-4F9F-A141-F5544026140A}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{FA268A60-E33A-4AC1-A15B-C266205B1DF0}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{FBC8D14B-741B-4186-9711-0B50C8810791}



~~~ FireFox

Emptied folder: C:\Users\Kiki\AppData\Roaming\mozilla\firefox\profiles\0ocgl157.default\minidumps [47 files]



~~~ Event Viewer Logs were cleared
         

Alt 06.07.2013, 11:22   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch - Standard

Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch



ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.07.2013, 11:31   #11
Tizzia
 
Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch - Standard

Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013
Ran by Kiki (administrator) on 06-07-2013 12:28:30
Running from C:\Users\Kiki\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(NETGATE Technologies s.r.o.) C:\Programme\Spy Emergency 2008\SpyEmergencySrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(TuneUp Software) C:\Windows\System32\TUProgSt.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Microsoft Corporation) C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
(Akamai Technologies, Inc.) C:\Users\Kiki\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Akamai Technologies, Inc.) C:\Users\Kiki\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Core\mchost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [NDSTray.exe] NDSTray.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1278064 2013-03-13] (McAfee, Inc.)
HKLM\...\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [651264 2012-04-17] ()
HKLM\...\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto [1507328 2007-06-18] (Interactive Digital Media)
HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [Akamai NetSession Interface] "C:\Users\Kiki\AppData\Local\Akamai\netsession_win.exe" [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [19604072 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Policies\system: [disableregistrytools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-01-29] ()
HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-01-29] ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - {041E2009-2712-4AD9-A4AC-50F9D8539177} URL = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Citrix.com/npican - C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=0.9.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 - C:\Users\Kiki\AppData\Roaming\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\WebSearchober18681135.gif
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\WebSearchober18681135.src
FF Extension: No Name - C:\Users\Kiki\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Cooliris - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\piclens@cooliris.com
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: SweetIM Toolbar - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\{694b57c6-ad53-4442-8290-c5539e368aac}
FF Extension: adblockpopups - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: toolbar - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\toolbar@gmx.net.xpi
FF Extension: wisestamp - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\wisestamp@wisestamp.com.xpi
FF Extension: No Name - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

========================== Services (Whitelisted) =================

R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1220608 2009-05-06] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [279048 2012-11-16] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [203840 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [172416 2013-02-19] (McAfee, Inc.)
S3 Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SpyEmrgSrv; C:\Programme\Spy Emergency 2008\SpyEmergencySrv.exe [727608 2009-01-19] (NETGATE Technologies s.r.o.)
R2 TOSHIBA SMART Log Service; c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [361288 2011-12-07] (TuneUp Software)
R2 TuneUp.ProgramStatisticsSvc; C:\Windows\System32\TUProgSt.exe [604488 2011-12-07] (TuneUp Software)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)

==================== Drivers (Whitelisted) ====================

R2 ACEDRV08; C:\Windows\system32\drivers\ACEDRV08.sys [108768 2009-12-22] (Protect Software GmbH)
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-02-19] (McAfee, Inc.)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [560640 2008-04-17] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [15616 2008-04-17] (Hauppauge Computer Works, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [146872 2012-04-20] (McAfee, Inc.)
S3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2010-06-23] (Windows (R) Win 7 DDK provider)
R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
S3 LVUSBSta; C:\Windows\System32\DRIVERS\LVUSBSta.sys [22016 2005-01-19] (Labtec Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133416 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [235264 2013-02-19] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [363080 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565888 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92632 2013-02-19] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-09-16] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [210608 2013-02-19] (McAfee, Inc.)
S3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [211712 2005-01-19] (Labtec Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-02-21] (Duplex Secure Ltd.)
R1 SpyEmrg; C:\Windows\System32\Drivers\spyemrg.sys [12344 2008-02-05] (NETGATE Technologies s.r.o.)
R3 SpyEmrgAccess; C:\Windows\System32\Drivers\spyemrg_access.sys [15288 2008-08-11] (NETGATE Technologies s.r.o.)
R3 SpyEmrgGuard; C:\Windows\System32\Drivers\spyemrg_guard.sys [14392 2008-02-05] (NETGATE Technologies s.r.o.)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-04-27] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-04-27] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-04-27] (MCCI Corporation)
S3 AVFSFilter; system32\DRIVERS\avfsfilter.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
U3 mfeavfk01; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-06 12:16 - 2013-07-06 12:16 - 00009844 ____A C:\Users\Kiki\Desktop\JRT.txt
2013-07-06 12:13 - 2013-07-06 12:13 - 00000000 ____D C:\Windows\ERUNT
2013-07-06 12:13 - 2013-07-06 12:13 - 00000000 ____D C:\JRT
2013-07-06 11:53 - 2013-07-06 11:53 - 00039692 ____A C:\AdwCleaner[S1].txt
2013-07-06 11:46 - 2013-07-06 11:46 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Kiki\Desktop\JRT.exe
2013-07-06 11:45 - 2013-07-06 11:45 - 00650027 ____A C:\Users\Kiki\Desktop\adwcleaner.exe
2013-07-05 21:28 - 2013-07-06 11:55 - 00005672 ____A C:\Windows\PFRO.log
2013-07-05 20:04 - 2013-07-05 20:05 - 00000000 ___SD C:\ComboFix
2013-07-05 20:01 - 2013-07-05 20:01 - 05085843 ____R (Swearware) C:\Users\Kiki\Desktop\ComboFix.exe
2013-07-05 19:43 - 2013-07-05 19:43 - 00000000 ____D C:\Windows\erdnt
2013-07-05 19:43 - 2013-07-05 19:43 - 00000000 ____D C:\Qoobox
2013-07-05 19:43 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-05 19:43 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-05 19:43 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-05 19:42 - 2013-07-05 20:04 - 00000000 ___SD C:\32788R22FWJFW
2013-07-04 22:52 - 2013-07-04 23:17 - 00000001 ____A C:\Users\Kiki\Desktop\Addition.txt
2013-07-04 22:49 - 2013-07-04 22:49 - 00000000 ____D C:\FRST
2013-07-04 21:15 - 2013-07-04 21:15 - 01373373 ____A (Farbar) C:\Users\Kiki\Desktop\FRST.exe
2013-07-03 21:50 - 2013-07-03 21:50 - 00005282 ____A C:\Users\Kiki\Documents\GMER.log
2013-07-03 21:50 - 2013-07-03 21:50 - 00003017 ____A C:\Users\Kiki\Documents\GMER 2.log
2013-07-03 20:51 - 2013-07-03 20:51 - 00103680 ____A (GMER) C:\pxlyafow.sys
2013-07-03 20:38 - 2013-07-03 20:38 - 00063682 ____A C:\Users\Kiki\Desktop\Extras.Txt
2013-07-03 20:37 - 2013-07-03 20:37 - 00180128 ____A C:\Users\Kiki\Desktop\OTL.Txt
2013-07-03 20:03 - 2013-07-03 20:03 - 00377856 ____A C:\Users\Kiki\Desktop\gmer_2.1.19163.exe
2013-07-03 20:01 - 2013-07-03 20:01 - 00602112 ____A (OldTimer Tools) C:\Users\Kiki\Desktop\OTL.exe
2013-07-03 19:52 - 2013-07-06 12:18 - 00162876 ____A C:\Windows\WindowsUpdate.log
2013-07-03 19:45 - 2013-07-03 19:46 - 00000630 ____A C:\Users\Kiki\Downloads\defogger_disable.log
2013-07-03 19:45 - 2013-07-03 19:46 - 00000020 ____A C:\Users\Kiki\defogger_reenable
2013-07-03 19:45 - 2013-07-03 19:45 - 00050477 ____A C:\Users\Kiki\Desktop\Defogger.exe
2013-07-02 00:56 - 2013-07-02 00:56 - 00004036 ____A C:\Users\Kiki\Downloads\c977f4972ad8a2eab3432e0113bf9be4.dlc
2013-06-30 21:14 - 2013-06-30 21:15 - 52086272 ____A C:\Users\Kiki\Downloads\calibre-0.9.37.msi
2013-06-30 12:31 - 2013-06-30 12:31 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f (1).dlc
2013-06-30 12:30 - 2013-06-30 12:30 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f.dlc
2013-06-30 12:28 - 2013-06-30 12:28 - 00005188 ____A C:\Users\Kiki\Downloads\4dd1b9c6875dc7374f44106f36cd3cdf.dlc
2013-06-30 08:07 - 2013-06-30 08:07 - 00002500 ____A C:\Users\Kiki\Downloads\acfd7416390d25d5d0b220573f1cda4a.dlc
2013-06-29 12:12 - 2013-07-06 08:38 - 00000000 ____D C:\ProgramData\AOL
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\ProgramData\AOL OCP
2013-06-29 12:11 - 2013-06-29 12:12 - 00000446 ___AH C:\IPH.PH
2013-06-29 12:07 - 2013-06-29 12:07 - 00000041 ____A C:\Users\Kiki\Downloads\12775.asx
2013-06-29 09:08 - 2013-06-29 09:08 - 00003888 ____A C:\Users\Kiki\Downloads\00bw860a1t42705-ul.to.dlc
2013-06-29 09:03 - 2013-06-29 09:03 - 00001112 ____A C:\Users\Kiki\Downloads\c9hgt58rf26382b.dlc
2013-06-29 06:45 - 2013-06-29 06:45 - 00026160 ____A C:\Users\Kiki\Downloads\4d90db1e7b014a93b3f69deb2d4be2db.dlc
2013-06-28 16:48 - 2013-06-28 16:48 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\ArtifexMundi
2013-06-27 19:20 - 2013-06-27 19:51 - 00000000 ____D C:\Users\Kiki\Desktop\Bücher
2013-06-26 23:04 - 2013-06-26 23:04 - 00003312 ____A C:\Users\Kiki\Downloads\75aa965832ce71c749c703bc128d48be.dlc
2013-06-26 17:56 - 2013-06-26 17:56 - 00001394 ____A C:\Windows\System32\lvcoinst.log
2013-06-26 17:41 - 2013-06-26 17:41 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk
2013-06-26 17:41 - 2013-06-26 17:41 - 00000000 ___RD C:\Program Files\Skype
2013-06-26 17:41 - 2013-06-26 17:41 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-06-26 17:38 - 2013-06-26 17:39 - 23416832 ____A C:\Users\Kiki\Downloads\SkypeSetup_6.5.32.158.msi
2013-06-16 07:45 - 2013-06-16 07:45 - 00001368 ____A C:\Users\Kiki\Downloads\7e1205abbc7d9f29e1c56cc801107dd4.dlc
2013-06-16 07:43 - 2013-06-16 07:43 - 00001368 ____A C:\Users\Kiki\Downloads\bf86151731dd28ed0107992a01975a75.dlc
2013-06-15 10:20 - 2013-06-15 10:20 - 00011489 ____A C:\Users\Kiki\Desktop\PW DTAG.xlsx
2013-06-15 10:14 - 2013-06-15 10:20 - 00011497 ____A C:\Users\Kiki\Downloads\Passwörter (2).xlsx
2013-06-13 08:47 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 08:47 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 08:47 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-13 08:47 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 08:47 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 08:47 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-13 08:47 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-13 08:47 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 08:47 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-13 08:47 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 08:47 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 08:46 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 08:46 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 08:46 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 08:46 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-13 08:46 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 09:31 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 09:31 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 09:31 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 09:31 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 09:30 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 09:30 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-11 23:46 - 2013-06-11 23:46 - 00004100 ____A C:\Users\Kiki\Downloads\430b688dfa28a714e695674e73f9c74b.dlc
2013-06-11 00:01 - 2013-06-11 00:01 - 00001263 ____A C:\Users\Kiki\Desktop\The Keepers 2.lnk
2013-06-11 00:01 - 2013-06-11 00:01 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\BlamGames
2013-06-10 23:56 - 2013-06-11 00:01 - 00000000 ____D C:\Program Files\The Keepers 2 - Das Geheimnis des Waechterordens SA
2013-06-09 12:50 - 2013-06-09 12:50 - 00003120 ____A C:\Users\Kiki\Downloads\f52e53a14bc5c607cb844a30e7df4321.dlc
2013-06-09 08:14 - 2013-07-06 12:22 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\ProgramData\CrioGames
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\Program Files\Farm Tribe 2

==================== One Month Modified Files and Folders ========

2013-07-06 12:29 - 2011-09-16 11:51 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-06 12:22 - 2013-06-09 08:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-06 12:18 - 2013-07-03 19:52 - 00162876 ____A C:\Windows\WindowsUpdate.log
2013-07-06 12:16 - 2013-07-06 12:16 - 00009844 ____A C:\Users\Kiki\Desktop\JRT.txt
2013-07-06 12:13 - 2013-07-06 12:13 - 00000000 ____D C:\Windows\ERUNT
2013-07-06 12:13 - 2013-07-06 12:13 - 00000000 ____D C:\JRT
2013-07-06 12:08 - 2013-01-06 00:12 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Skype
2013-07-06 12:00 - 2011-12-07 15:25 - 00000522 ____A C:\Windows\Tasks\1-Klick-Wartung.job
2013-07-06 11:59 - 2012-04-04 19:03 - 00001741 ____A C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
2013-07-06 11:57 - 2012-12-15 04:08 - 00262144 ____A C:\Windows\System32\config\ELAM
2013-07-06 11:56 - 2012-06-04 11:54 - 00000000 ____D C:\Users\Kiki\AppData\Local\Htc
2013-07-06 11:55 - 2013-07-05 21:28 - 00005672 ____A C:\Windows\PFRO.log
2013-07-06 11:55 - 2011-09-16 11:51 - 00001090 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-06 11:55 - 2011-08-13 21:10 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-07-06 11:55 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-06 11:55 - 2006-11-02 14:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-06 11:55 - 2006-11-02 14:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-06 11:54 - 2006-11-02 15:01 - 00032558 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-06 11:53 - 2013-07-06 11:53 - 00039692 ____A C:\AdwCleaner[S1].txt
2013-07-06 11:46 - 2013-07-06 11:46 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Kiki\Desktop\JRT.exe
2013-07-06 11:45 - 2013-07-06 11:45 - 00650027 ____A C:\Users\Kiki\Desktop\adwcleaner.exe
2013-07-06 08:55 - 2012-04-04 18:59 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-06 08:38 - 2013-06-29 12:12 - 00000000 ____D C:\ProgramData\AOL
2013-07-05 20:05 - 2013-07-05 20:04 - 00000000 ___SD C:\ComboFix
2013-07-05 20:04 - 2013-07-05 19:42 - 00000000 ___SD C:\32788R22FWJFW
2013-07-05 20:01 - 2013-07-05 20:01 - 05085843 ____R (Swearware) C:\Users\Kiki\Desktop\ComboFix.exe
2013-07-05 19:43 - 2013-07-05 19:43 - 00000000 ____D C:\Windows\erdnt
2013-07-05 19:43 - 2013-07-05 19:43 - 00000000 ____D C:\Qoobox
2013-07-05 19:41 - 2010-11-19 20:54 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-05 17:17 - 2008-01-21 09:16 - 01456404 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-05 17:16 - 2008-10-06 12:04 - 00123904 ____A C:\Users\Kiki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-04 23:17 - 2013-07-04 22:52 - 00000001 ____A C:\Users\Kiki\Desktop\Addition.txt
2013-07-04 22:49 - 2013-07-04 22:49 - 00000000 ____D C:\FRST
2013-07-04 21:15 - 2013-07-04 21:15 - 01373373 ____A (Farbar) C:\Users\Kiki\Desktop\FRST.exe
2013-07-03 21:50 - 2013-07-03 21:50 - 00005282 ____A C:\Users\Kiki\Documents\GMER.log
2013-07-03 21:50 - 2013-07-03 21:50 - 00003017 ____A C:\Users\Kiki\Documents\GMER 2.log
2013-07-03 20:51 - 2013-07-03 20:51 - 00103680 ____A (GMER) C:\pxlyafow.sys
2013-07-03 20:38 - 2013-07-03 20:38 - 00063682 ____A C:\Users\Kiki\Desktop\Extras.Txt
2013-07-03 20:37 - 2013-07-03 20:37 - 00180128 ____A C:\Users\Kiki\Desktop\OTL.Txt
2013-07-03 20:13 - 2010-11-19 20:54 - 00001091 ____A C:\Users\Kiki\Desktop\Spybot - Search & Destroy.lnk
2013-07-03 20:03 - 2013-07-03 20:03 - 00377856 ____A C:\Users\Kiki\Desktop\gmer_2.1.19163.exe
2013-07-03 20:01 - 2013-07-03 20:01 - 00602112 ____A (OldTimer Tools) C:\Users\Kiki\Desktop\OTL.exe
2013-07-03 19:46 - 2013-07-03 19:45 - 00000630 ____A C:\Users\Kiki\Downloads\defogger_disable.log
2013-07-03 19:46 - 2013-07-03 19:45 - 00000020 ____A C:\Users\Kiki\defogger_reenable
2013-07-03 19:45 - 2013-07-03 19:45 - 00050477 ____A C:\Users\Kiki\Desktop\Defogger.exe
2013-07-03 19:45 - 2008-10-06 11:46 - 00000000 ___AD C:\users\Kiki
2013-07-03 18:05 - 2013-02-23 21:52 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Dropbox
2013-07-02 00:56 - 2013-07-02 00:56 - 00004036 ____A C:\Users\Kiki\Downloads\c977f4972ad8a2eab3432e0113bf9be4.dlc
2013-06-30 21:19 - 2012-04-25 21:08 - 00000847 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2013-06-30 21:19 - 2012-04-25 21:07 - 00000000 ____D C:\Program Files\Calibre2
2013-06-30 21:15 - 2013-06-30 21:14 - 52086272 ____A C:\Users\Kiki\Downloads\calibre-0.9.37.msi
2013-06-30 12:31 - 2013-06-30 12:31 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f (1).dlc
2013-06-30 12:30 - 2013-06-30 12:30 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f.dlc
2013-06-30 12:28 - 2013-06-30 12:28 - 00005188 ____A C:\Users\Kiki\Downloads\4dd1b9c6875dc7374f44106f36cd3cdf.dlc
2013-06-30 10:48 - 2008-10-06 13:17 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Winamp
2013-06-30 08:07 - 2013-06-30 08:07 - 00002500 ____A C:\Users\Kiki\Downloads\acfd7416390d25d5d0b220573f1cda4a.dlc
2013-06-30 07:05 - 2011-06-13 20:09 - 00000000 ____D C:\Windows\Minidump
2013-06-29 19:47 - 2011-04-15 13:06 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Usenet.nl
2013-06-29 19:38 - 2011-04-15 13:06 - 00000000 ____D C:\Users\Kiki\Documents\Usenet.nl
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\ProgramData\AOL OCP
2013-06-29 12:12 - 2013-06-29 12:11 - 00000446 ___AH C:\IPH.PH
2013-06-29 12:07 - 2013-06-29 12:07 - 00000041 ____A C:\Users\Kiki\Downloads\12775.asx
2013-06-29 09:08 - 2013-06-29 09:08 - 00003888 ____A C:\Users\Kiki\Downloads\00bw860a1t42705-ul.to.dlc
2013-06-29 09:03 - 2013-06-29 09:03 - 00001112 ____A C:\Users\Kiki\Downloads\c9hgt58rf26382b.dlc
2013-06-29 06:45 - 2013-06-29 06:45 - 00026160 ____A C:\Users\Kiki\Downloads\4d90db1e7b014a93b3f69deb2d4be2db.dlc
2013-06-28 18:53 - 2011-11-10 04:01 - 00000000 ____D C:\Users\Kiki\AppData\Local\Akamai
2013-06-28 16:48 - 2013-06-28 16:48 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\ArtifexMundi
2013-06-27 19:51 - 2013-06-27 19:20 - 00000000 ____D C:\Users\Kiki\Desktop\Bücher
2013-06-26 23:04 - 2013-06-26 23:04 - 00003312 ____A C:\Users\Kiki\Downloads\75aa965832ce71c749c703bc128d48be.dlc
2013-06-26 17:56 - 2013-06-26 17:56 - 00001394 ____A C:\Windows\System32\lvcoinst.log
2013-06-26 17:56 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\twain_32
2013-06-26 17:41 - 2013-06-26 17:41 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk
2013-06-26 17:41 - 2013-06-26 17:41 - 00000000 ___RD C:\Program Files\Skype
2013-06-26 17:41 - 2013-06-26 17:41 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-06-26 17:41 - 2013-01-06 00:11 - 00000000 ____D C:\ProgramData\Skype
2013-06-26 17:39 - 2013-06-26 17:38 - 23416832 ____A C:\Users\Kiki\Downloads\SkypeSetup_6.5.32.158.msi
2013-06-26 15:34 - 2012-09-13 16:40 - 00001977 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-16 07:45 - 2013-06-16 07:45 - 00001368 ____A C:\Users\Kiki\Downloads\7e1205abbc7d9f29e1c56cc801107dd4.dlc
2013-06-16 07:43 - 2013-06-16 07:43 - 00001368 ____A C:\Users\Kiki\Downloads\bf86151731dd28ed0107992a01975a75.dlc
2013-06-15 18:56 - 2012-02-26 05:30 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\AlawarEntertainment
2013-06-15 18:51 - 2012-12-30 13:13 - 00000000 ____D C:\Program Files\GameforgeLive
2013-06-15 10:20 - 2013-06-15 10:20 - 00011489 ____A C:\Users\Kiki\Desktop\PW DTAG.xlsx
2013-06-15 10:20 - 2013-06-15 10:14 - 00011497 ____A C:\Users\Kiki\Downloads\Passwörter (2).xlsx
2013-06-15 08:07 - 2013-02-23 21:55 - 00000922 ____A C:\Users\Kiki\Desktop\Dropbox.lnk
2013-06-13 17:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-13 09:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 08:49 - 2008-02-25 10:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-13 08:42 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-11 23:56 - 2012-04-04 18:59 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-11 23:56 - 2011-06-13 20:49 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-11 23:46 - 2013-06-11 23:46 - 00004100 ____A C:\Users\Kiki\Downloads\430b688dfa28a714e695674e73f9c74b.dlc
2013-06-11 00:01 - 2013-06-11 00:01 - 00001263 ____A C:\Users\Kiki\Desktop\The Keepers 2.lnk
2013-06-11 00:01 - 2013-06-11 00:01 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\BlamGames
2013-06-11 00:01 - 2013-06-10 23:56 - 00000000 ____D C:\Program Files\The Keepers 2 - Das Geheimnis des Waechterordens SA
2013-06-09 20:22 - 2008-10-27 20:54 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\cerasus.media
2013-06-09 12:50 - 2013-06-09 12:50 - 00003120 ____A C:\Users\Kiki\Downloads\f52e53a14bc5c607cb844a30e7df4321.dlc
2013-06-09 10:29 - 2012-05-04 06:10 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\ProgramData\CrioGames
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\Program Files\Farm Tribe 2

Files to move or delete:
====================
C:\ProgramData\go_0molg.pad

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-06 12:04

==================== End Of Log ============================
         
--- --- ---

Alt 06.07.2013, 11:37   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch - Standard

Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch



Dann jetzt Combofix.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.07.2013, 11:57   #13
Tizzia
 
Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch - Standard

Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch



FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013
Ran by Kiki (administrator) on 06-07-2013 12:56:29
Running from C:\Users\Kiki\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(NETGATE Technologies s.r.o.) C:\Programme\Spy Emergency 2008\SpyEmergencySrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(TuneUp Software) C:\Windows\System32\TUProgSt.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Microsoft Corporation) C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Core\mchost.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Programme\Microsoft Office\Office12\POWERPNT.EXE
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Programme\Microsoft Office\Office12\OIS.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [NDSTray.exe] NDSTray.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1278064 2013-03-13] (McAfee, Inc.)
HKLM\...\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [651264 2012-04-17] ()
HKLM\...\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto [1507328 2007-06-18] (Interactive Digital Media)
HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [Akamai NetSession Interface] "C:\Users\Kiki\AppData\Local\Akamai\netsession_win.exe" [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [19604072 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Policies\system: [disableregistrytools] 0
HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-01-29] ()
HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-01-29] ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - {041E2009-2712-4AD9-A4AC-50F9D8539177} URL = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Citrix.com/npican - C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=0.9.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 - C:\Users\Kiki\AppData\Roaming\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\WebSearchober18681135.gif
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\WebSearchober18681135.src
FF Extension: No Name - C:\Users\Kiki\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Cooliris - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\piclens@cooliris.com
FF Extension: No Name - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\staged
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: SweetIM Toolbar - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\{694b57c6-ad53-4442-8290-c5539e368aac}
FF Extension: adblockpopups - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: toolbar - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\toolbar@gmx.net.xpi
FF Extension: wisestamp - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\wisestamp@wisestamp.com.xpi
FF Extension: No Name - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

========================== Services (Whitelisted) =================

R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1220608 2009-05-06] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [279048 2012-11-16] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [203840 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [172416 2013-02-19] (McAfee, Inc.)
S3 Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SpyEmrgSrv; C:\Programme\Spy Emergency 2008\SpyEmergencySrv.exe [727608 2009-01-19] (NETGATE Technologies s.r.o.)
R2 TOSHIBA SMART Log Service; c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [361288 2011-12-07] (TuneUp Software)
R2 TuneUp.ProgramStatisticsSvc; C:\Windows\System32\TUProgSt.exe [604488 2011-12-07] (TuneUp Software)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)

==================== Drivers (Whitelisted) ====================

R2 ACEDRV08; C:\Windows\system32\drivers\ACEDRV08.sys [108768 2009-12-22] (Protect Software GmbH)
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-02-19] (McAfee, Inc.)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [560640 2008-04-17] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [15616 2008-04-17] (Hauppauge Computer Works, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [146872 2012-04-20] (McAfee, Inc.)
S3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2010-06-23] (Windows (R) Win 7 DDK provider)
R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
S3 LVUSBSta; C:\Windows\System32\DRIVERS\LVUSBSta.sys [22016 2005-01-19] (Labtec Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133416 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [235264 2013-02-19] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [363080 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565888 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92632 2013-02-19] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-09-16] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [210608 2013-02-19] (McAfee, Inc.)
S3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [211712 2005-01-19] (Labtec Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-02-21] (Duplex Secure Ltd.)
R1 SpyEmrg; C:\Windows\System32\Drivers\spyemrg.sys [12344 2008-02-05] (NETGATE Technologies s.r.o.)
R3 SpyEmrgAccess; C:\Windows\System32\Drivers\spyemrg_access.sys [15288 2008-08-11] (NETGATE Technologies s.r.o.)
R3 SpyEmrgGuard; C:\Windows\System32\Drivers\spyemrg_guard.sys [14392 2008-02-05] (NETGATE Technologies s.r.o.)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-04-27] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-04-27] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-04-27] (MCCI Corporation)
S3 AVFSFilter; system32\DRIVERS\avfsfilter.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
U3 mfeavfk01; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-06 12:35 - 2013-07-06 12:36 - 00000000 ___SD C:\ComboFix
2013-07-06 12:16 - 2013-07-06 12:16 - 00009844 ____A C:\Users\Kiki\Desktop\JRT.txt
2013-07-06 12:13 - 2013-07-06 12:13 - 00000000 ____D C:\Windows\ERUNT
2013-07-06 12:13 - 2013-07-06 12:13 - 00000000 ____D C:\JRT
2013-07-06 11:53 - 2013-07-06 11:53 - 00039692 ____A C:\AdwCleaner[S1].txt
2013-07-06 11:46 - 2013-07-06 11:46 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Kiki\Desktop\JRT.exe
2013-07-06 11:45 - 2013-07-06 11:45 - 00650027 ____A C:\Users\Kiki\Desktop\adwcleaner.exe
2013-07-05 21:28 - 2013-07-06 11:55 - 00005672 ____A C:\Windows\PFRO.log
2013-07-05 20:01 - 2013-07-05 20:01 - 05085843 ____R (Swearware) C:\Users\Kiki\Desktop\ComboFix.exe
2013-07-05 19:43 - 2013-07-05 19:43 - 00000000 ____D C:\Windows\erdnt
2013-07-05 19:43 - 2013-07-05 19:43 - 00000000 ____D C:\Qoobox
2013-07-05 19:43 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-05 19:43 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-05 19:43 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-05 19:42 - 2013-07-06 12:35 - 00000000 ___SD C:\32788R22FWJFW
2013-07-04 22:52 - 2013-07-04 23:17 - 00000001 ____A C:\Users\Kiki\Desktop\Addition.txt
2013-07-04 22:49 - 2013-07-04 22:49 - 00000000 ____D C:\FRST
2013-07-04 21:15 - 2013-07-04 21:15 - 01373373 ____A (Farbar) C:\Users\Kiki\Desktop\FRST.exe
2013-07-03 21:50 - 2013-07-03 21:50 - 00005282 ____A C:\Users\Kiki\Documents\GMER.log
2013-07-03 21:50 - 2013-07-03 21:50 - 00003017 ____A C:\Users\Kiki\Documents\GMER 2.log
2013-07-03 20:51 - 2013-07-03 20:51 - 00103680 ____A (GMER) C:\pxlyafow.sys
2013-07-03 20:38 - 2013-07-03 20:38 - 00063682 ____A C:\Users\Kiki\Desktop\Extras.Txt
2013-07-03 20:37 - 2013-07-03 20:37 - 00180128 ____A C:\Users\Kiki\Desktop\OTL.Txt
2013-07-03 20:03 - 2013-07-03 20:03 - 00377856 ____A C:\Users\Kiki\Desktop\gmer_2.1.19163.exe
2013-07-03 20:01 - 2013-07-03 20:01 - 00602112 ____A (OldTimer Tools) C:\Users\Kiki\Desktop\OTL.exe
2013-07-03 19:52 - 2013-07-06 12:56 - 00185530 ____A C:\Windows\WindowsUpdate.log
2013-07-03 19:45 - 2013-07-03 19:46 - 00000630 ____A C:\Users\Kiki\Downloads\defogger_disable.log
2013-07-03 19:45 - 2013-07-03 19:46 - 00000020 ____A C:\Users\Kiki\defogger_reenable
2013-07-03 19:45 - 2013-07-03 19:45 - 00050477 ____A C:\Users\Kiki\Desktop\Defogger.exe
2013-07-02 00:56 - 2013-07-02 00:56 - 00004036 ____A C:\Users\Kiki\Downloads\c977f4972ad8a2eab3432e0113bf9be4.dlc
2013-06-30 21:14 - 2013-06-30 21:15 - 52086272 ____A C:\Users\Kiki\Downloads\calibre-0.9.37.msi
2013-06-30 12:31 - 2013-06-30 12:31 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f (1).dlc
2013-06-30 12:30 - 2013-06-30 12:30 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f.dlc
2013-06-30 12:28 - 2013-06-30 12:28 - 00005188 ____A C:\Users\Kiki\Downloads\4dd1b9c6875dc7374f44106f36cd3cdf.dlc
2013-06-30 08:07 - 2013-06-30 08:07 - 00002500 ____A C:\Users\Kiki\Downloads\acfd7416390d25d5d0b220573f1cda4a.dlc
2013-06-29 12:12 - 2013-07-06 08:38 - 00000000 ____D C:\ProgramData\AOL
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\ProgramData\AOL OCP
2013-06-29 12:11 - 2013-06-29 12:12 - 00000446 ___AH C:\IPH.PH
2013-06-29 12:07 - 2013-06-29 12:07 - 00000041 ____A C:\Users\Kiki\Downloads\12775.asx
2013-06-29 09:08 - 2013-06-29 09:08 - 00003888 ____A C:\Users\Kiki\Downloads\00bw860a1t42705-ul.to.dlc
2013-06-29 09:03 - 2013-06-29 09:03 - 00001112 ____A C:\Users\Kiki\Downloads\c9hgt58rf26382b.dlc
2013-06-29 06:45 - 2013-06-29 06:45 - 00026160 ____A C:\Users\Kiki\Downloads\4d90db1e7b014a93b3f69deb2d4be2db.dlc
2013-06-28 16:48 - 2013-06-28 16:48 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\ArtifexMundi
2013-06-27 19:20 - 2013-06-27 19:51 - 00000000 ____D C:\Users\Kiki\Desktop\Bücher
2013-06-26 23:04 - 2013-06-26 23:04 - 00003312 ____A C:\Users\Kiki\Downloads\75aa965832ce71c749c703bc128d48be.dlc
2013-06-26 17:56 - 2013-06-26 17:56 - 00001394 ____A C:\Windows\System32\lvcoinst.log
2013-06-26 17:41 - 2013-06-26 17:41 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk
2013-06-26 17:41 - 2013-06-26 17:41 - 00000000 ___RD C:\Program Files\Skype
2013-06-26 17:41 - 2013-06-26 17:41 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-06-26 17:38 - 2013-06-26 17:39 - 23416832 ____A C:\Users\Kiki\Downloads\SkypeSetup_6.5.32.158.msi
2013-06-16 07:45 - 2013-06-16 07:45 - 00001368 ____A C:\Users\Kiki\Downloads\7e1205abbc7d9f29e1c56cc801107dd4.dlc
2013-06-16 07:43 - 2013-06-16 07:43 - 00001368 ____A C:\Users\Kiki\Downloads\bf86151731dd28ed0107992a01975a75.dlc
2013-06-15 10:20 - 2013-06-15 10:20 - 00011489 ____A C:\Users\Kiki\Desktop\PW DTAG.xlsx
2013-06-15 10:14 - 2013-06-15 10:20 - 00011497 ____A C:\Users\Kiki\Downloads\Passwörter (2).xlsx
2013-06-13 08:47 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 08:47 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 08:47 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-13 08:47 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 08:47 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 08:47 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-13 08:47 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-13 08:47 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 08:47 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-13 08:47 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 08:47 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 08:46 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 08:46 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 08:46 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 08:46 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-13 08:46 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 09:31 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 09:31 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 09:31 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 09:31 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 09:30 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 09:30 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-11 23:46 - 2013-06-11 23:46 - 00004100 ____A C:\Users\Kiki\Downloads\430b688dfa28a714e695674e73f9c74b.dlc
2013-06-11 00:01 - 2013-06-11 00:01 - 00001263 ____A C:\Users\Kiki\Desktop\The Keepers 2.lnk
2013-06-11 00:01 - 2013-06-11 00:01 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\BlamGames
2013-06-10 23:56 - 2013-06-11 00:01 - 00000000 ____D C:\Program Files\The Keepers 2 - Das Geheimnis des Waechterordens SA
2013-06-09 12:50 - 2013-06-09 12:50 - 00003120 ____A C:\Users\Kiki\Downloads\f52e53a14bc5c607cb844a30e7df4321.dlc
2013-06-09 08:14 - 2013-07-06 12:22 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\ProgramData\CrioGames
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\Program Files\Farm Tribe 2

==================== One Month Modified Files and Folders ========

2013-07-06 12:56 - 2013-07-03 19:52 - 00185530 ____A C:\Windows\WindowsUpdate.log
2013-07-06 12:55 - 2012-04-04 18:59 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-06 12:36 - 2013-07-06 12:35 - 00000000 ___SD C:\ComboFix
2013-07-06 12:35 - 2013-07-05 19:42 - 00000000 ___SD C:\32788R22FWJFW
2013-07-06 12:29 - 2011-09-16 11:51 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-06 12:22 - 2013-06-09 08:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-06 12:16 - 2013-07-06 12:16 - 00009844 ____A C:\Users\Kiki\Desktop\JRT.txt
2013-07-06 12:13 - 2013-07-06 12:13 - 00000000 ____D C:\Windows\ERUNT
2013-07-06 12:13 - 2013-07-06 12:13 - 00000000 ____D C:\JRT
2013-07-06 12:08 - 2013-01-06 00:12 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Skype
2013-07-06 12:00 - 2011-12-07 15:25 - 00000522 ____A C:\Windows\Tasks\1-Klick-Wartung.job
2013-07-06 11:59 - 2012-04-04 19:03 - 00001741 ____A C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
2013-07-06 11:57 - 2012-12-15 04:08 - 00262144 ____A C:\Windows\System32\config\ELAM
2013-07-06 11:56 - 2012-06-04 11:54 - 00000000 ____D C:\Users\Kiki\AppData\Local\Htc
2013-07-06 11:55 - 2013-07-05 21:28 - 00005672 ____A C:\Windows\PFRO.log
2013-07-06 11:55 - 2011-09-16 11:51 - 00001090 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-06 11:55 - 2011-08-13 21:10 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-07-06 11:55 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-06 11:55 - 2006-11-02 14:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-06 11:55 - 2006-11-02 14:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-06 11:54 - 2006-11-02 15:01 - 00032558 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-06 11:53 - 2013-07-06 11:53 - 00039692 ____A C:\AdwCleaner[S1].txt
2013-07-06 11:46 - 2013-07-06 11:46 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Kiki\Desktop\JRT.exe
2013-07-06 11:45 - 2013-07-06 11:45 - 00650027 ____A C:\Users\Kiki\Desktop\adwcleaner.exe
2013-07-06 08:38 - 2013-06-29 12:12 - 00000000 ____D C:\ProgramData\AOL
2013-07-05 20:01 - 2013-07-05 20:01 - 05085843 ____R (Swearware) C:\Users\Kiki\Desktop\ComboFix.exe
2013-07-05 19:43 - 2013-07-05 19:43 - 00000000 ____D C:\Windows\erdnt
2013-07-05 19:43 - 2013-07-05 19:43 - 00000000 ____D C:\Qoobox
2013-07-05 19:41 - 2010-11-19 20:54 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-05 17:17 - 2008-01-21 09:16 - 01456404 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-05 17:16 - 2008-10-06 12:04 - 00123904 ____A C:\Users\Kiki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-04 23:17 - 2013-07-04 22:52 - 00000001 ____A C:\Users\Kiki\Desktop\Addition.txt
2013-07-04 22:49 - 2013-07-04 22:49 - 00000000 ____D C:\FRST
2013-07-04 21:15 - 2013-07-04 21:15 - 01373373 ____A (Farbar) C:\Users\Kiki\Desktop\FRST.exe
2013-07-03 21:50 - 2013-07-03 21:50 - 00005282 ____A C:\Users\Kiki\Documents\GMER.log
2013-07-03 21:50 - 2013-07-03 21:50 - 00003017 ____A C:\Users\Kiki\Documents\GMER 2.log
2013-07-03 20:51 - 2013-07-03 20:51 - 00103680 ____A (GMER) C:\pxlyafow.sys
2013-07-03 20:38 - 2013-07-03 20:38 - 00063682 ____A C:\Users\Kiki\Desktop\Extras.Txt
2013-07-03 20:37 - 2013-07-03 20:37 - 00180128 ____A C:\Users\Kiki\Desktop\OTL.Txt
2013-07-03 20:13 - 2010-11-19 20:54 - 00001091 ____A C:\Users\Kiki\Desktop\Spybot - Search & Destroy.lnk
2013-07-03 20:03 - 2013-07-03 20:03 - 00377856 ____A C:\Users\Kiki\Desktop\gmer_2.1.19163.exe
2013-07-03 20:01 - 2013-07-03 20:01 - 00602112 ____A (OldTimer Tools) C:\Users\Kiki\Desktop\OTL.exe
2013-07-03 19:46 - 2013-07-03 19:45 - 00000630 ____A C:\Users\Kiki\Downloads\defogger_disable.log
2013-07-03 19:46 - 2013-07-03 19:45 - 00000020 ____A C:\Users\Kiki\defogger_reenable
2013-07-03 19:45 - 2013-07-03 19:45 - 00050477 ____A C:\Users\Kiki\Desktop\Defogger.exe
2013-07-03 19:45 - 2008-10-06 11:46 - 00000000 ___AD C:\users\Kiki
2013-07-03 18:05 - 2013-02-23 21:52 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Dropbox
2013-07-02 00:56 - 2013-07-02 00:56 - 00004036 ____A C:\Users\Kiki\Downloads\c977f4972ad8a2eab3432e0113bf9be4.dlc
2013-06-30 21:19 - 2012-04-25 21:08 - 00000847 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2013-06-30 21:19 - 2012-04-25 21:07 - 00000000 ____D C:\Program Files\Calibre2
2013-06-30 21:15 - 2013-06-30 21:14 - 52086272 ____A C:\Users\Kiki\Downloads\calibre-0.9.37.msi
2013-06-30 12:31 - 2013-06-30 12:31 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f (1).dlc
2013-06-30 12:30 - 2013-06-30 12:30 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f.dlc
2013-06-30 12:28 - 2013-06-30 12:28 - 00005188 ____A C:\Users\Kiki\Downloads\4dd1b9c6875dc7374f44106f36cd3cdf.dlc
2013-06-30 10:48 - 2008-10-06 13:17 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Winamp
2013-06-30 08:07 - 2013-06-30 08:07 - 00002500 ____A C:\Users\Kiki\Downloads\acfd7416390d25d5d0b220573f1cda4a.dlc
2013-06-30 07:05 - 2011-06-13 20:09 - 00000000 ____D C:\Windows\Minidump
2013-06-29 19:47 - 2011-04-15 13:06 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Usenet.nl
2013-06-29 19:38 - 2011-04-15 13:06 - 00000000 ____D C:\Users\Kiki\Documents\Usenet.nl
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\ProgramData\AOL OCP
2013-06-29 12:12 - 2013-06-29 12:11 - 00000446 ___AH C:\IPH.PH
2013-06-29 12:07 - 2013-06-29 12:07 - 00000041 ____A C:\Users\Kiki\Downloads\12775.asx
2013-06-29 09:08 - 2013-06-29 09:08 - 00003888 ____A C:\Users\Kiki\Downloads\00bw860a1t42705-ul.to.dlc
2013-06-29 09:03 - 2013-06-29 09:03 - 00001112 ____A C:\Users\Kiki\Downloads\c9hgt58rf26382b.dlc
2013-06-29 06:45 - 2013-06-29 06:45 - 00026160 ____A C:\Users\Kiki\Downloads\4d90db1e7b014a93b3f69deb2d4be2db.dlc
2013-06-28 18:53 - 2011-11-10 04:01 - 00000000 ____D C:\Users\Kiki\AppData\Local\Akamai
2013-06-28 16:48 - 2013-06-28 16:48 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\ArtifexMundi
2013-06-27 19:51 - 2013-06-27 19:20 - 00000000 ____D C:\Users\Kiki\Desktop\Bücher
2013-06-26 23:04 - 2013-06-26 23:04 - 00003312 ____A C:\Users\Kiki\Downloads\75aa965832ce71c749c703bc128d48be.dlc
2013-06-26 17:56 - 2013-06-26 17:56 - 00001394 ____A C:\Windows\System32\lvcoinst.log
2013-06-26 17:56 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\twain_32
2013-06-26 17:41 - 2013-06-26 17:41 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk
2013-06-26 17:41 - 2013-06-26 17:41 - 00000000 ___RD C:\Program Files\Skype
2013-06-26 17:41 - 2013-06-26 17:41 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-06-26 17:41 - 2013-01-06 00:11 - 00000000 ____D C:\ProgramData\Skype
2013-06-26 17:39 - 2013-06-26 17:38 - 23416832 ____A C:\Users\Kiki\Downloads\SkypeSetup_6.5.32.158.msi
2013-06-26 15:34 - 2012-09-13 16:40 - 00001977 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-16 07:45 - 2013-06-16 07:45 - 00001368 ____A C:\Users\Kiki\Downloads\7e1205abbc7d9f29e1c56cc801107dd4.dlc
2013-06-16 07:43 - 2013-06-16 07:43 - 00001368 ____A C:\Users\Kiki\Downloads\bf86151731dd28ed0107992a01975a75.dlc
2013-06-15 18:56 - 2012-02-26 05:30 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\AlawarEntertainment
2013-06-15 18:51 - 2012-12-30 13:13 - 00000000 ____D C:\Program Files\GameforgeLive
2013-06-15 10:20 - 2013-06-15 10:20 - 00011489 ____A C:\Users\Kiki\Desktop\PW DTAG.xlsx
2013-06-15 10:20 - 2013-06-15 10:14 - 00011497 ____A C:\Users\Kiki\Downloads\Passwörter (2).xlsx
2013-06-15 08:07 - 2013-02-23 21:55 - 00000922 ____A C:\Users\Kiki\Desktop\Dropbox.lnk
2013-06-13 17:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-13 09:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 08:49 - 2008-02-25 10:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-13 08:42 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-11 23:56 - 2012-04-04 18:59 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-11 23:56 - 2011-06-13 20:49 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-11 23:46 - 2013-06-11 23:46 - 00004100 ____A C:\Users\Kiki\Downloads\430b688dfa28a714e695674e73f9c74b.dlc
2013-06-11 00:01 - 2013-06-11 00:01 - 00001263 ____A C:\Users\Kiki\Desktop\The Keepers 2.lnk
2013-06-11 00:01 - 2013-06-11 00:01 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\BlamGames
2013-06-11 00:01 - 2013-06-10 23:56 - 00000000 ____D C:\Program Files\The Keepers 2 - Das Geheimnis des Waechterordens SA
2013-06-09 20:22 - 2008-10-27 20:54 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\cerasus.media
2013-06-09 12:50 - 2013-06-09 12:50 - 00003120 ____A C:\Users\Kiki\Downloads\f52e53a14bc5c607cb844a30e7df4321.dlc
2013-06-09 10:29 - 2012-05-04 06:10 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\ProgramData\CrioGames
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\Program Files\Farm Tribe 2

Files to move or delete:
====================
C:\ProgramData\go_0molg.pad

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-06 12:04

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---


Hallo,

wie vorher läuft der Combofix wohl nicht richtig bei mir,
bekomme wieder die Meldung SYNTAXFEHLER....
ich habe den FRST jetzt noch mal nach dem Versuch mit Combofix laufen lassen...

einen lieben Gruß
Tizzia

Hallo nochmal,
hinzu kommt jetzt Fehlermeldung beim Neustart
Anwendungsinitialisierung 0X 800 106 b a. Der Dienst dieses Programmes
wurde aufgrund eines Problems angehalten.
Führen sie zum Start des Dienstes einen Neustart des Computers aus oder
suchen Sie Hilfe unter Support und Hilfe, Informationen zum manuellen Start
eines Dienstes ...

sorry aber ich Glaube mein Rechner spinnt... Google kann ich als Browser nicht mehr
benutzen gehe im Moment über FireFox rein...

lg
Tizzia

Hallo schrauber,
jetzt kann ich über Firefox auch nicht mehr online...
wenn ich nach Facebook zum Beispiel gehe läuft nichts...
Aber ich habe ja den Internetexplorer noch...damit funktioniert es ...
plöder Rechner ... ja ich weis es liegt immer an dem der dran sitzt....
also plöder Nutzer***g**
lg
Tizzia

Alt 06.07.2013, 14:52   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch - Standard

Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch



Hi,

immer langsam. Firefox komplett zurücksetzen.

Setze folgendermassen den Internet Explorer zurück:
  • Öffne den Internet Explorer und gehe zu Extras -> Internetoptionen.
  • Klicke in der Registerkarte Erweitert unter "Internet Explorer-Einstellungen zurücksetzen" auf Zurücksetzen...
  • Klicke im Dialogfeld "Internet Explorer-Einstellungen zurücksetzen" zum Bestätigen auf Zurücksetzen.
(Hier findest du die bebilderte Anleitung.)


Hast Du Combofix gelöscht und eine neue Version geladen?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.07.2013, 15:05   #15
Tizzia
 
Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch - Standard

Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch



Erledigt und lade Combofix neu....Danke..

lg
Tizzia

Hi,
habe Combofix erneut geladen.....nun komme ich schon mal bis Files 40 und dann geht nichts mehr, habe jetzt ca 60 Minuten gewartet ob sich was tut, ausser das der Rechner sich aufhängt wenn ich die Maus bewege geschieht nichts....und Logfiles ....gibt es nicht....
Habe meinem Rechner jetzt die Füsse weggezogen und neu gestartet.....er läuft...
Noch eine Idee ??

lg
Tizzia

Antwort

Themen zu Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch
adobe, adobe flash player, akamai, autorun, bho, defender, ebay, error, explorer, firefox, flash player, format, freeze, gmx.net, home, infiziert, logfile, mindspark, mindspark toolbar, mozilla, programme, realtek, registry, safer networking, scan, search the web, senden, software, temp, thomas, vista



Ähnliche Themen: Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch


  1. Pc fährt automtisch runter und wieder hoch nach kurzen lauten lüftergeräusch
    Netzwerk und Hardware - 16.11.2014 (4)
  2. Windows 8: BKA-Trojaner/abgesicherter Modus eingeschaltet- fährt nicht mehr hoch!
    Plagegeister aller Art und deren Bekämpfung - 27.05.2014 (6)
  3. Versetze den Computer in den Energie Stromsparmodus keine 3 Minuten später fährt er wieder hoch!
    Alles rund um Windows - 04.07.2013 (7)
  4. Rechner fährt aus Ruhezustand und Energiesparmodus gleich wieder hoch!
    Alles rund um Windows - 14.05.2013 (3)
  5. Mein Avastvirenscan legt nach ca 30 Minuten Rechner immer wieder lahm
    Plagegeister aller Art und deren Bekämpfung - 12.05.2013 (5)
  6. Rechner fährt Windows nicht hoch nach zusätzlichem Speichereinbau
    Netzwerk und Hardware - 06.11.2012 (14)
  7. Rechner fährt erst nach mehreren Einschaltversuchen hoch
    Netzwerk und Hardware - 09.07.2012 (3)
  8. PC fährt nach Shutdown automatisch wieder hoch
    Alles rund um Windows - 06.01.2011 (3)
  9. Nach Boot Safe mit Superantispyware fährt Rechner nicht mehr hoch
    Alles rund um Windows - 27.01.2010 (23)
  10. PC fährt immer wieder hoch und runter, dann Meldung, dass PC heruntergefahren wird ..
    Log-Analyse und Auswertung - 29.12.2009 (15)
  11. PC fährt automatisch nach einschalten wieder hoch und Softwarefälschung....
    Plagegeister aller Art und deren Bekämpfung - 05.04.2009 (0)
  12. PC fährt runter u wieder hoch. Virus oder wird er zu heiss?
    Plagegeister aller Art und deren Bekämpfung - 15.09.2008 (9)
  13. PC fährt über 4 Minuten hoch
    Log-Analyse und Auswertung - 31.12.2007 (10)
  14. Windows fährt hoch, meldet sich an und fährt sofort wieder runter
    Alles rund um Windows - 27.11.2007 (1)
  15. Rechner fährt nicht mehr hoch nach Einbau einer neuen Grafikkarte!!
    Netzwerk und Hardware - 09.02.2005 (10)
  16. Mein Rechner fährt nach ca. 2 Minuten selbständig runter!!!
    Plagegeister aller Art und deren Bekämpfung - 08.01.2005 (16)
  17. HILFE RECHNER GEHT EINFACH AUS UND FÄHRT WIEDER HOCH
    Plagegeister aller Art und deren Bekämpfung - 10.06.2004 (4)

Zum Thema Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch - Guten Abend, ich bin nur ein einfacher Nutzer, habe versucht die Files zu erstellen...hoffe es reicht. Ich Hoffe ihr könnt mir helfen. Computer ist lahm Computer schaltet sich immer wieder - Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch...
Archiv
Du betrachtest: Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.