Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: festplatte füllt sich automatisch!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.11.2013, 23:13   #1
Falkonett
 
festplatte füllt sich automatisch! - Icon17

festplatte füllt sich automatisch!



Laufwerk (D füllt sich automatisch, wenn ich das Laufwerk anklicke und dann alle Ordner markiere, auf Eigenschaften mir das Datenvolumen dann anzeigen lasse berechnet der dann ungefähr 40 Gb... Dabei ist das Laufwerk 314 Gb groß... Assassins Creed 3 deinstalliert um zu sehen ob sich die Platte wieder von alleine füllt, und siehe da, einen Tag später wieder nur 19 mb frei............. Hilfe?!

Alt 12.11.2013, 05:42   #2
schrauber
/// the machine
/// TB-Ausbilder
 

festplatte füllt sich automatisch! - Standard

festplatte füllt sich automatisch!



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 12.11.2013, 06:19   #3
Falkonett
 
festplatte füllt sich automatisch! - Standard

festplatte füllt sich automatisch!



#
FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2013 01
Ran by Tomstin (administrator) on TOMSTIN-PC on 12-11-2013 07:01:58
Running from C:\Users\Tomstin\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) D:\Avira Antivirus\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) D:\Avira Antivirus\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\system32\CISVC.EXE
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
() D:\Program Files (x86)\Expat Shield\bin\openvpnas.exe
(AnchorFree Inc.) D:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe
() D:\Program Files (x86)\Expat Shield\bin\hsswd.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\tcpsvcs.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) D:\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Avira Operations GmbH & Co. KG) D:\Avira Antivirus\Avira\AntiVir Desktop\avshadow.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Microsoft Corporation) C:\Windows\System32\SndVol.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1612504 2013-10-20] (COMODO)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-07-28] (AMD)
HKCU\...\Run: [PeerBlock] - C:\Program Files\PeerBlock\peerblock.exe [2646128 2010-11-06] (PeerBlock, LLC)
HKCU\...\RunOnce: [CleanUp!] - C:\PROGRA~2\CleanUp!\cleanup.exe /WindowsRestart [442368 2006-06-25] (Steven R. Gould)
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!
MountPoints2: G - G:\SETUP.EXE
MountPoints2: {1acb6882-2547-11e2-8152-0019213cb04f} - F:\LaunchU3.exe -a
MountPoints2: {42fc8c30-0196-11e3-a8ff-0019213cb04f} - F:\Startme.exe
MountPoints2: {870d3b3b-8153-11e2-a7b7-0019213cb04f} - G:\SETUP.EXE
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - D:\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [tvncontrol] - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-10-11] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
AppInit_DLLs:     [0 ] ()
AppInit_DLLs-x32:     [0 ] ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD588F4CD18A9CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=3932343d-b94a-4f4c-86b6-b30c5bdcd972&pid=murb&k=0
SearchScopes: HKCU - {1646C8A2-445C-4F04-817C-91C43411A977} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKCU - {2064E130-29CE-4745-8DF9-B6B94C74F1F2} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=3932343d-b94a-4f4c-86b6-b30c5bdcd972&pid=murb&mode=bounce&k=0
SearchScopes: HKCU - {3CEE6FC4-FC4F-46DF-B397-4DB063ADE259} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=29e7304f-083b-4fc6-98b1-f37d3fd872d9&apn_sauid=2717D437-F875-4087-8768-F3CAD55FDC28
SearchScopes: HKCU - {69463CC3-D10E-4514-B1F3-B5C1E3715D11} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=3932343d-b94a-4f4c-86b6-b30c5bdcd972&pid=murb&mode=bounce&k=0
SearchScopes: HKCU - {C54C87CC-F39D-496E-A35A-CD475B245A92} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=3932343d-b94a-4f4c-86b6-b30c5bdcd972&pid=murb&mode=bounce&k=0
SearchScopes: HKCU - {F585DC5D-A570-453D-AE52-813BA5C0AD62} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=3932343d-b94a-4f4c-86b6-b30c5bdcd972&pid=murb&mode=bounce&k=0
SearchScopes: HKCU - {F9AA668C-A55A-4AB0-B9EE-73BC7308F49C} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=3932343d-b94a-4f4c-86b6-b30c5bdcd972&pid=murb&mode=bounce&k=0
SearchScopes: HKCU - {FC386457-C037-45E1-A989-F5E7B6FE33DF} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=3932343d-b94a-4f4c-86b6-b30c5bdcd972&pid=murb&mode=bounce&k=0
BHO: Expat Shield Class - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - D:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll (AnchorFree Inc.)
BHO-x32: Expat Shield Class - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - D:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll (AnchorFree Inc.)
Toolbar: HKLM-x32 - No Name - {3444c3c5-6c56-4a16-a453-832b05bf6ea4} -  No File
DPF: HKLM-x32 {271A3CF5-5A54-447B-A08F-BE805F0DA60B} https://www.olb.de/olb_fb3_1857/plugin/AXFOAM.CAB
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Winsock: Catalog9 01 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 01 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 02 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 03 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 04 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 05 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 06 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 07 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 08 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 19 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{F2E7F5CF-0033-42D8-AB79-1B57E1F3C204}: [NameServer]8.8.8.8

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Tomstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Tomstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Tomstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Tomstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Social Fixer for Facebook) - C:\Users\Tomstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\8.0_0
CHR Extension: (Google Wallet) - C:\Users\Tomstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Tomstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; D:\Avira Antivirus\Avira\AntiVir Desktop\sched.exe [84024 2013-09-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Avira Antivirus\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-02] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; D:\Avira Antivirus\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-02] (Avira Operations GmbH & Co. KG)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2013-10-11] (Comodo Security Solutions, Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6254152 2013-10-20] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [164056 2013-09-24] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2104968 2013-10-09] ()
R2 ExpatShieldService; D:\Program Files (x86)\Expat Shield\bin\openvpnas.exe [331608 2012-01-17] ()
R2 ExpatSrv; D:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe [363336 2012-01-05] (AnchorFree Inc.)
S3 ExpatTrayService; D:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.EXE [77520 2012-01-17] ()
R2 ExpatWd; D:\Program Files (x86)\Expat Shield\bin\hsswd.exe [329544 2012-01-05] ()
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-10-11] (Comodo Security Solutions, Inc.)
S3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-27] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2013-05-07] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-09-24] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [709144 2013-09-24] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48872 2013-09-24] (COMODO)
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2012-03-19] (Arainia Solutions LLC)
S3 GWHid; C:\Windows\System32\DRIVERS\GWHid.sys [22648 2010-06-13] (Microsoft Corporation)
R1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [14888 2013-10-07] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [96800 2013-09-24] (COMODO)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 VL807; C:\Windows\System32\DRIVERS\VL807.sys [36728 2010-06-13] ()
S3 VL807; C:\Windows\SysWow64\DRIVERS\VL807.sys [28920 2010-06-13] ()
S3 cpuz135; \??\C:\Users\Tomstin\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [x]
S3 SANDRA; \??\D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1a\WNt500x64\Sandra.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-12 07:01 - 2013-11-12 07:01 - 00000000 ___DC C:\FRST
2013-11-12 07:00 - 2013-11-12 07:00 - 01957590 _____ (Farbar) C:\Users\Tomstin\Downloads\FRST64.exe
2013-11-12 06:08 - 2013-11-12 06:08 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
2013-11-12 06:08 - 2013-11-12 06:08 - 00000000 ____D C:\Program Files (x86)\CleanUp!
2013-11-12 06:07 - 2013-11-12 06:08 - 00339257 _____ C:\Users\Tomstin\Downloads\CleanUp452.exe
2013-11-11 23:41 - 2013-11-11 23:41 - 00001292 _____ C:\Users\Public\Desktop\Ashampoo Registry Cleaner.lnk
2013-11-11 23:41 - 2013-11-11 23:41 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2013-11-11 23:33 - 2013-11-11 23:33 - 00064792 _____ C:\Users\Tomstin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-11 23:32 - 2013-11-12 06:02 - 00000112 _____ C:\Windows\setupact.log
2013-11-11 23:32 - 2013-11-11 23:32 - 00307040 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-11 23:32 - 2013-11-11 23:32 - 00000000 _____ C:\Windows\setuperr.log
2013-11-11 12:36 - 2013-11-11 12:36 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Danny_Tuppeny
2013-11-10 19:27 - 2013-11-10 19:27 - 00018718 _____ C:\Users\Tomstin\Documents\Einteilung der Gruppenarbeit.odt
2013-11-08 20:59 - 2013-11-08 20:59 - 00267596 _____ C:\Users\Tomstin\Downloads\afb_video_pal_001.wmv
2013-11-02 08:50 - 2012-12-18 00:04 - 00000000 ____D C:\Users\Tomstin\Desktop\Postal3-Advanced-German-Patch
2013-11-02 08:45 - 2013-11-02 08:49 - 14191339 _____ C:\Users\Tomstin\Downloads\Postal_3_Advanced_Germanpatch-RAiNER.rar
2013-11-01 22:26 - 2013-11-02 02:41 - 501561721 _____ C:\Users\Tomstin\Downloads\FreeRoaming.Files.rar
2013-11-01 00:53 - 2013-11-01 00:53 - 00001424 _____ C:\Users\Tomstin\Documents\gfjjghj+.txt
2013-11-01 00:53 - 2013-11-01 00:53 - 00000339 _____ C:\Users\Tomstin\Documents\ax_files.xml
2013-10-31 20:33 - 2013-10-31 20:33 - 00000000 ___DC C:\dumps
2013-10-31 16:42 - 2013-10-31 16:42 - 00000000 ____D C:\Program Files (x86)\Alcohol Soft
2013-10-31 16:29 - 2013-10-31 16:30 - 00000000 ____D C:\Users\Tomstin\Desktop\Alcohol 120% v2.0.2.4713
2013-10-31 16:27 - 2013-10-31 16:27 - 00002958 _____ C:\Windows\System32\Tasks\{DF085E31-F253-4802-B17B-E383E11DD3AE}
2013-10-31 16:24 - 2013-10-31 16:24 - 00001162 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-10-31 16:24 - 2013-10-31 16:24 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-10-31 16:24 - 2013-06-06 07:24 - 00035112 _____ (TeamViewer GmbH) C:\Windows\system32\Drivers\teamviewervpn.sys
2013-10-31 16:23 - 2013-10-31 16:23 - 05831344 _____ (TeamViewer GmbH) C:\Users\Tomstin\Downloads\TeamViewer_Setup_de_8.0.22298.exe
2013-10-31 11:31 - 2013-10-31 11:31 - 00002958 _____ C:\Windows\System32\Tasks\{D5F981D7-E3AF-4B7E-9551-6686756E2B29}
2013-10-31 11:31 - 2013-10-31 11:31 - 00002958 _____ C:\Windows\System32\Tasks\{A4565EC7-AF95-4C0B-B644-38E81324C47B}
2013-10-31 10:34 - 2013-11-02 12:14 - 00000000 ____D C:\Program Files (x86)\Postal.3
2013-10-29 01:29 - 2013-11-06 18:47 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Vidalia
2013-10-28 23:28 - 2013-10-28 23:28 - 00000796 _____ C:\Users\Tomstin\AppData\Local\recently-used.xbel
2013-10-28 23:27 - 2013-10-28 23:28 - 00000000 ____D C:\Users\Tomstin\AppData\Local\gtk-2.0
2013-10-28 23:08 - 2013-10-28 23:10 - 22116616 _____ (Wireshark development team) C:\Users\Tomstin\Downloads\Wireshark-win32-1.10.2.exe
2013-10-28 23:05 - 2013-11-11 12:57 - 00000000 ____D C:\Program Files (x86)\Look@LAN
2013-10-28 23:05 - 2013-10-28 23:04 - 00720896 _____ (Indigo Rose Corporation) C:\Windows\iun6002.exe
2013-10-28 23:04 - 2013-10-28 23:04 - 02167447 _____ (Indigo Rose Corporation hxxp://www.indigorose.com) C:\Users\Tomstin\Downloads\lalsetup250.exe
2013-10-28 21:29 - 2013-10-28 21:48 - 00000000 ____D C:\Users\Tomstin\Downloads\Far Cry 3 PW-Thircase
2013-10-27 21:44 - 2013-10-27 21:44 - 02279914 _____ C:\Users\Tomstin\Downloads\far_cry3_v102_dx11_trn25.zip
2013-10-25 22:04 - 2013-10-25 22:43 - 117224776 _____ C:\Users\Tomstin\Downloads\rre.rar
2013-10-25 21:30 - 2013-10-25 21:30 - 00770638 _____ C:\Users\Tomstin\Downloads\Phillips, Susan Elizabeth - Ch - jo_741.txt
2013-10-25 18:37 - 2013-11-03 18:24 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-10-25 04:36 - 2013-10-25 07:35 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.rar
2013-10-25 04:04 - 2013-10-25 04:34 - 177274998 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r10
2013-10-24 21:45 - 2013-10-25 03:43 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r09
2013-10-24 08:10 - 2013-10-24 11:09 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r08
2013-10-23 16:04 - 2013-10-23 16:04 - 01060070 _____ C:\Users\Tomstin\Downloads\adwcleaner-3.010.exe
2013-10-23 13:57 - 2013-10-23 17:41 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r07
2013-10-23 09:11 - 2013-10-27 20:57 - 00000000 ____D C:\ProgramData\Orbit
2013-10-23 08:21 - 2013-10-23 08:21 - 00000000 ____D C:\Users\Tomstin\Desktop\Rabiat - Ohne Kompromisse (2007)
2013-10-23 07:48 - 2013-10-23 10:47 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r06
2013-10-23 05:00 - 2013-10-23 07:16 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r05
2013-10-23 04:55 - 2013-10-23 04:55 - 00882489 _____ (Methlabs Productions                                        ) C:\Users\Tomstin\Downloads\pg2-050918-nt.exe
2013-10-23 04:27 - 2013-10-23 04:27 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-10-23 04:26 - 2013-10-23 07:53 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-23 04:26 - 2013-10-23 04:31 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-10-23 04:26 - 2013-10-23 04:26 - 00001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-10-23 04:26 - 2013-09-20 09:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2013-10-23 04:17 - 2013-10-23 04:19 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Tomstin\Downloads\spybot-2.2.exe
2013-10-23 04:14 - 2013-10-28 21:00 - 00000000 ____D C:\Program Files (x86)\Vidalia Bridge Bundle
2013-10-23 04:08 - 2013-10-23 04:10 - 09636506 _____ C:\Users\Tomstin\Downloads\vidalia-bridge-bundle-0.2.3.25-0.2.21.exe
2013-10-23 01:40 - 2013-10-23 04:17 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r04
2013-10-22 20:37 - 2013-10-23 19:32 - 00007310 _____ C:\Windows\system32\Drivers\fvstore.dat
2013-10-22 20:37 - 2013-10-22 20:37 - 00000000 __HDC C:\VTRoot
2013-10-22 18:42 - 2013-11-10 19:35 - 00000000 ____D C:\Users\Tomstin\Desktop\Oldenburg Klassenprojekt
2013-10-22 18:32 - 2013-11-11 12:45 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Apple
2013-10-22 18:21 - 2013-10-22 18:29 - 97206096 _____ (Apple Inc.) C:\Users\Tomstin\Downloads\iTunes64Setup.exe
2013-10-22 18:17 - 2013-10-22 18:36 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Syncios
2013-10-22 18:14 - 2013-10-22 18:15 - 15678968 _____ (Anvsoft, Inc.                                               ) C:\Users\Tomstin\Downloads\syncios.exe
2013-10-22 18:11 - 2013-10-23 00:10 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r03
2013-10-22 18:05 - 2013-10-22 18:05 - 00085282 _____ C:\Users\Tomstin\Downloads\tunesviewer_1.5.1.deb
2013-10-22 15:42 - 2013-10-22 15:49 - 21357603 _____ C:\Users\Tomstin\Downloads\10.000 Sprüche, Witze & Zitate v1.2 [Cracked by Boerse.BZ].apk
2013-10-22 12:17 - 2013-10-22 16:01 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r02
2013-10-22 08:16 - 2013-10-22 11:15 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r01
2013-10-22 04:38 - 2013-10-22 06:53 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r00
2013-10-20 19:21 - 2013-10-20 19:21 - 00010665 _____ C:\Users\Tomstin\Documents\Teil 14.odt
2013-10-20 19:02 - 2013-10-20 19:02 - 00010731 _____ C:\Users\Tomstin\Documents\Teil 13 Schule.odt
2013-10-20 18:47 - 2013-10-20 18:55 - 00010612 _____ C:\Users\Tomstin\Documents\Unbenannt 1.odt
2013-10-20 18:37 - 2013-10-20 19:08 - 00011414 _____ C:\Users\Tomstin\Documents\Teil 12 Schule.odt
2013-10-20 18:27 - 2013-10-20 18:27 - 00011149 _____ C:\Users\Tomstin\Documents\Teil 11 Schule.odt
2013-10-20 18:19 - 2013-10-20 18:19 - 00011095 _____ C:\Users\Tomstin\Documents\Teil 10 Schule.odt
2013-10-20 18:03 - 2013-10-20 18:03 - 00010933 _____ C:\Users\Tomstin\Documents\Teil 9 Schule.odt
2013-10-20 17:52 - 2013-10-20 17:52 - 00008767 _____ C:\Users\Tomstin\Documents\Teil 8 Schule.odt
2013-10-20 17:49 - 2013-10-20 17:49 - 00008774 _____ C:\Users\Tomstin\Documents\Teil 7 Schule.odt
2013-10-20 17:47 - 2013-10-20 17:47 - 00008754 _____ C:\Users\Tomstin\Documents\Teil 6 Schule.odt
2013-10-20 17:46 - 2013-10-20 17:47 - 00008779 _____ C:\Users\Tomstin\Documents\Teil 5 Schule.odt
2013-10-20 17:45 - 2013-10-20 17:47 - 00008777 _____ C:\Users\Tomstin\Documents\Teil 4 Schulke.odt
2013-10-20 17:44 - 2013-10-20 18:07 - 00012300 _____ C:\Users\Tomstin\Documents\Teil 3 Schule.odt
2013-10-20 14:50 - 2013-10-20 14:50 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Comodo
2013-10-20 09:21 - 2013-10-20 09:21 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2013-10-20 09:19 - 2013-10-20 14:50 - 00000000 ____D C:\ProgramData\COMODO
2013-10-20 09:19 - 2013-10-20 09:20 - 00000000 ___SD C:\ProgramData\Shared Space
2013-10-20 09:19 - 2013-10-20 09:19 - 00000000 ____D C:\Program Files\COMODO
2013-10-20 09:18 - 2013-10-20 09:27 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2013-10-20 09:18 - 2013-10-20 09:27 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2013-10-20 09:18 - 2013-10-20 09:26 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-10-20 09:18 - 2013-10-20 09:18 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Comodo
2013-10-20 09:18 - 2013-10-20 09:18 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-10-20 09:08 - 2013-10-20 09:17 - 214262072 _____ (COMODO) C:\Users\Tomstin\Downloads\cfw_installer63.exe
2013-10-20 09:04 - 2013-10-20 09:04 - 00504808 _____ C:\Users\Tomstin\Downloads\BySoftFreeRAM40.exe
2013-10-19 16:37 - 2013-10-19 16:37 - 00335136 _____ C:\Users\Tomstin\Downloads\Setup.exe
2013-10-19 16:31 - 2013-10-19 16:31 - 00818592 _____ () C:\Users\Tomstin\Downloads\VideoPerformerSetup.exe
2013-10-19 05:59 - 2013-11-11 23:04 - 00064000 ___SH C:\Users\Tomstin\Thumbs.db
2013-10-18 16:23 - 2013-10-18 16:23 - 00009821 _____ C:\Users\Tomstin\Documents\Teil 2 Schule.odt
2013-10-18 16:19 - 2013-10-20 18:07 - 00010601 _____ C:\Users\Tomstin\Documents\Teil 1 Schule.odt

==================== One Month Modified Files and Folders =======

2013-11-12 07:02 - 2009-07-14 04:20 - 00000000 ___RD C:\Users\Default
2013-11-12 07:01 - 2013-11-12 07:01 - 00000000 ___DC C:\FRST
2013-11-12 07:00 - 2013-11-12 07:00 - 01957590 _____ (Farbar) C:\Users\Tomstin\Downloads\FRST64.exe
2013-11-12 06:37 - 2013-10-10 16:32 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-12 06:22 - 2013-08-07 05:22 - 00001216 _____ C:\Windows\Tasks\HDvid Codec V1-updater.job
2013-11-12 06:22 - 2013-08-07 05:22 - 00001210 _____ C:\Windows\Tasks\HDvid Codec V1-codedownloader.job
2013-11-12 06:22 - 2013-08-07 05:22 - 00001120 _____ C:\Windows\Tasks\HDvid Codec V1-enabler.job
2013-11-12 06:14 - 2012-04-05 06:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-12 06:10 - 2009-07-14 05:45 - 00020480 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-12 06:10 - 2009-07-14 05:45 - 00020480 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-12 06:08 - 2013-11-12 06:08 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
2013-11-12 06:08 - 2013-11-12 06:08 - 00000000 ____D C:\Program Files (x86)\CleanUp!
2013-11-12 06:08 - 2013-11-12 06:07 - 00339257 _____ C:\Users\Tomstin\Downloads\CleanUp452.exe
2013-11-12 06:08 - 2009-07-14 18:58 - 00756430 _____ C:\Windows\system32\perfh007.dat
2013-11-12 06:08 - 2009-07-14 18:58 - 00165434 _____ C:\Windows\system32\perfc007.dat
2013-11-12 06:08 - 2009-07-14 06:13 - 01747582 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-12 06:03 - 2013-08-01 21:23 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce8ef5a7dc11.job
2013-11-12 06:02 - 2013-11-11 23:32 - 00000112 _____ C:\Windows\setupact.log
2013-11-12 06:02 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-12 00:26 - 2013-01-09 09:43 - 01107028 _____ C:\Windows\WindowsUpdate.log
2013-11-11 23:41 - 2013-11-11 23:41 - 00001292 _____ C:\Users\Public\Desktop\Ashampoo Registry Cleaner.lnk
2013-11-11 23:41 - 2013-11-11 23:41 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2013-11-11 23:33 - 2013-11-11 23:33 - 00064792 _____ C:\Users\Tomstin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-11 23:32 - 2013-11-11 23:32 - 00307040 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-11 23:32 - 2013-11-11 23:32 - 00000000 _____ C:\Windows\setuperr.log
2013-11-11 23:20 - 2013-07-23 19:11 - 00000000 ____D C:\Users\Tomstin\Desktop\dvd
2013-11-11 23:09 - 2011-11-24 21:08 - 00000000 ____D C:\Users\Tomstin\Documents\My Games
2013-11-11 23:06 - 2011-11-20 10:13 - 00000000 ____D C:\Users\Tomstin
2013-11-11 23:04 - 2013-10-19 05:59 - 00064000 ___SH C:\Users\Tomstin\Thumbs.db
2013-11-11 19:04 - 2013-09-20 21:27 - 00000000 ____D C:\Users\Tomstin\SecurityScans
2013-11-11 19:04 - 2013-09-02 16:47 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\vlc
2013-11-11 19:04 - 2013-04-18 18:15 - 00000000 ____D C:\Program Files\PeerBlock
2013-11-11 18:53 - 2013-08-01 22:41 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Opera Software
2013-11-11 18:53 - 2013-08-01 22:41 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Opera Software
2013-11-11 18:53 - 2013-08-01 22:41 - 00000000 ____D C:\Program Files (x86)\Opera
2013-11-11 12:57 - 2013-10-28 23:05 - 00000000 ____D C:\Program Files (x86)\Look@LAN
2013-11-11 12:56 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-11-11 12:54 - 2012-09-29 05:49 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-11-11 12:45 - 2013-10-22 18:32 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-11 12:36 - 2013-11-11 12:36 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Danny_Tuppeny
2013-11-11 12:36 - 2013-08-01 03:34 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\G+ Notifier
2013-11-10 19:50 - 2011-12-15 20:22 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-11-10 19:50 - 2011-12-15 18:02 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-11-10 19:35 - 2013-10-22 18:42 - 00000000 ____D C:\Users\Tomstin\Desktop\Oldenburg Klassenprojekt
2013-11-10 19:28 - 2013-09-19 17:21 - 00000099 _____ C:\Users\Public\LMDebug.log
2013-11-10 19:27 - 2013-11-10 19:27 - 00018718 _____ C:\Users\Tomstin\Documents\Einteilung der Gruppenarbeit.odt
2013-11-08 23:45 - 2012-04-05 16:05 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\ICQ
2013-11-08 20:59 - 2013-11-08 20:59 - 00267596 _____ C:\Users\Tomstin\Downloads\afb_video_pal_001.wmv
2013-11-07 22:19 - 2011-12-15 18:02 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-11-06 19:51 - 2013-06-12 14:06 - 00000000 ____D C:\Windows\pss
2013-11-06 18:47 - 2013-10-29 01:29 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Vidalia
2013-11-06 12:57 - 2011-11-20 10:36 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-06 11:38 - 2013-10-07 06:32 - 00000000 ____D C:\Users\Tomstin\AppData\Local\PrivaZer
2013-11-03 18:24 - 2013-10-25 18:37 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-11-02 12:14 - 2013-10-31 10:34 - 00000000 ____D C:\Program Files (x86)\Postal.3
2013-11-02 12:14 - 2012-07-22 13:38 - 00000000 ____D C:\Users\DefaultAppPool
2013-11-02 12:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-02 12:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-11-02 12:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-11-02 08:49 - 2013-11-02 08:45 - 14191339 _____ C:\Users\Tomstin\Downloads\Postal_3_Advanced_Germanpatch-RAiNER.rar
2013-11-02 02:41 - 2013-11-01 22:26 - 501561721 _____ C:\Users\Tomstin\Downloads\FreeRoaming.Files.rar
2013-11-01 00:53 - 2013-11-01 00:53 - 00001424 _____ C:\Users\Tomstin\Documents\gfjjghj+.txt
2013-11-01 00:53 - 2013-11-01 00:53 - 00000339 _____ C:\Users\Tomstin\Documents\ax_files.xml
2013-10-31 20:33 - 2013-10-31 20:33 - 00000000 ___DC C:\dumps
2013-10-31 16:42 - 2013-10-31 16:42 - 00000000 ____D C:\Program Files (x86)\Alcohol Soft
2013-10-31 16:30 - 2013-10-31 16:29 - 00000000 ____D C:\Users\Tomstin\Desktop\Alcohol 120% v2.0.2.4713
2013-10-31 16:27 - 2013-10-31 16:27 - 00002958 _____ C:\Windows\System32\Tasks\{DF085E31-F253-4802-B17B-E383E11DD3AE}
2013-10-31 16:24 - 2013-10-31 16:24 - 00001162 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-10-31 16:24 - 2013-10-31 16:24 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-10-31 16:23 - 2013-10-31 16:23 - 05831344 _____ (TeamViewer GmbH) C:\Users\Tomstin\Downloads\TeamViewer_Setup_de_8.0.22298.exe
2013-10-31 11:31 - 2013-10-31 11:31 - 00002958 _____ C:\Windows\System32\Tasks\{D5F981D7-E3AF-4B7E-9551-6686756E2B29}
2013-10-31 11:31 - 2013-10-31 11:31 - 00002958 _____ C:\Windows\System32\Tasks\{A4565EC7-AF95-4C0B-B644-38E81324C47B}
2013-10-28 23:28 - 2013-10-28 23:28 - 00000796 _____ C:\Users\Tomstin\AppData\Local\recently-used.xbel
2013-10-28 23:28 - 2013-10-28 23:27 - 00000000 ____D C:\Users\Tomstin\AppData\Local\gtk-2.0
2013-10-28 23:10 - 2013-10-28 23:08 - 22116616 _____ (Wireshark development team) C:\Users\Tomstin\Downloads\Wireshark-win32-1.10.2.exe
2013-10-28 23:04 - 2013-10-28 23:05 - 00720896 _____ (Indigo Rose Corporation) C:\Windows\iun6002.exe
2013-10-28 23:04 - 2013-10-28 23:04 - 02167447 _____ (Indigo Rose Corporation hxxp://www.indigorose.com) C:\Users\Tomstin\Downloads\lalsetup250.exe
2013-10-28 21:48 - 2013-10-28 21:29 - 00000000 ____D C:\Users\Tomstin\Downloads\Far Cry 3 PW-Thircase
2013-10-28 21:26 - 2013-10-06 09:55 - 00000000 ____D C:\Users\Tomstin\Downloads\Macht & Ehre - Schwarzer Orden (2003) lossless
2013-10-28 21:01 - 2013-10-09 20:06 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Ubisoft Game Launcher
2013-10-28 21:01 - 2013-10-08 21:22 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-10-28 21:00 - 2013-10-23 04:14 - 00000000 ____D C:\Program Files (x86)\Vidalia Bridge Bundle
2013-10-28 17:05 - 2012-12-07 13:15 - 00000000 ____D C:\Users\Tomstin\AppData\Local\My Games
2013-10-27 21:44 - 2013-10-27 21:44 - 02279914 _____ C:\Users\Tomstin\Downloads\far_cry3_v102_dx11_trn25.zip
2013-10-27 20:59 - 2011-12-15 20:22 - 00000000 ____D C:\Users\Tomstin\AppData\Local\PunkBuster
2013-10-27 20:59 - 2011-12-15 18:02 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-27 20:57 - 2013-10-23 09:11 - 00000000 ____D C:\ProgramData\Orbit
2013-10-25 22:43 - 2013-10-25 22:04 - 117224776 _____ C:\Users\Tomstin\Downloads\rre.rar
2013-10-25 21:30 - 2013-10-25 21:30 - 00770638 _____ C:\Users\Tomstin\Downloads\Phillips, Susan Elizabeth - Ch - jo_741.txt
2013-10-25 07:35 - 2013-10-25 04:36 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.rar
2013-10-25 04:34 - 2013-10-25 04:04 - 177274998 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r10
2013-10-25 03:43 - 2013-10-24 21:45 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r09
2013-10-24 21:16 - 2013-09-01 22:25 - 00000000 ____D C:\Users\Tomstin\Downloads\Bilder
2013-10-24 11:09 - 2013-10-24 08:10 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r08
2013-10-23 19:32 - 2013-10-22 20:37 - 00007310 _____ C:\Windows\system32\Drivers\fvstore.dat
2013-10-23 19:29 - 2013-09-03 18:00 - 00000000 ___DC C:\AdwCleaner
2013-10-23 17:41 - 2013-10-23 13:57 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r07
2013-10-23 16:04 - 2013-10-23 16:04 - 01060070 _____ C:\Users\Tomstin\Downloads\adwcleaner-3.010.exe
2013-10-23 10:47 - 2013-10-23 07:48 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r06
2013-10-23 08:21 - 2013-10-23 08:21 - 00000000 ____D C:\Users\Tomstin\Desktop\Rabiat - Ohne Kompromisse (2007)
2013-10-23 07:53 - 2013-10-23 04:26 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-23 07:16 - 2013-10-23 05:00 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r05
2013-10-23 04:55 - 2013-10-23 04:55 - 00882489 _____ (Methlabs Productions                                        ) C:\Users\Tomstin\Downloads\pg2-050918-nt.exe
2013-10-23 04:31 - 2013-10-23 04:26 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-10-23 04:27 - 2013-10-23 04:27 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-10-23 04:26 - 2013-10-23 04:26 - 00001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-10-23 04:19 - 2013-10-23 04:17 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Tomstin\Downloads\spybot-2.2.exe
2013-10-23 04:17 - 2013-10-23 01:40 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r04
2013-10-23 04:10 - 2013-10-23 04:08 - 09636506 _____ C:\Users\Tomstin\Downloads\vidalia-bridge-bundle-0.2.3.25-0.2.21.exe
2013-10-23 00:10 - 2013-10-22 18:11 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r03
2013-10-22 20:37 - 2013-10-22 20:37 - 00000000 __HDC C:\VTRoot
2013-10-22 18:36 - 2013-10-22 18:17 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Syncios
2013-10-22 18:36 - 2012-09-29 05:51 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Apple Computer
2013-10-22 18:32 - 2012-09-29 05:51 - 00000000 ____D C:\ProgramData\Apple Computer
2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Apple
2013-10-22 18:30 - 2012-09-29 05:49 - 00000000 ____D C:\ProgramData\Apple
2013-10-22 18:29 - 2013-10-22 18:21 - 97206096 _____ (Apple Inc.) C:\Users\Tomstin\Downloads\iTunes64Setup.exe
2013-10-22 18:15 - 2013-10-22 18:14 - 15678968 _____ (Anvsoft, Inc.                                               ) C:\Users\Tomstin\Downloads\syncios.exe
2013-10-22 18:05 - 2013-10-22 18:05 - 00085282 _____ C:\Users\Tomstin\Downloads\tunesviewer_1.5.1.deb
2013-10-22 16:01 - 2013-10-22 12:17 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r02
2013-10-22 15:49 - 2013-10-22 15:42 - 21357603 _____ C:\Users\Tomstin\Downloads\10.000 Sprüche, Witze & Zitate v1.2 [Cracked by Boerse.BZ].apk
2013-10-22 11:15 - 2013-10-22 08:16 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r01
2013-10-22 06:53 - 2013-10-22 04:38 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r00
2013-10-20 19:21 - 2013-10-20 19:21 - 00010665 _____ C:\Users\Tomstin\Documents\Teil 14.odt
2013-10-20 19:08 - 2013-10-20 18:37 - 00011414 _____ C:\Users\Tomstin\Documents\Teil 12 Schule.odt
2013-10-20 19:02 - 2013-10-20 19:02 - 00010731 _____ C:\Users\Tomstin\Documents\Teil 13 Schule.odt
2013-10-20 18:55 - 2013-10-20 18:47 - 00010612 _____ C:\Users\Tomstin\Documents\Unbenannt 1.odt
2013-10-20 18:27 - 2013-10-20 18:27 - 00011149 _____ C:\Users\Tomstin\Documents\Teil 11 Schule.odt
2013-10-20 18:19 - 2013-10-20 18:19 - 00011095 _____ C:\Users\Tomstin\Documents\Teil 10 Schule.odt
2013-10-20 18:07 - 2013-10-20 17:44 - 00012300 _____ C:\Users\Tomstin\Documents\Teil 3 Schule.odt
2013-10-20 18:07 - 2013-10-18 16:19 - 00010601 _____ C:\Users\Tomstin\Documents\Teil 1 Schule.odt
2013-10-20 18:03 - 2013-10-20 18:03 - 00010933 _____ C:\Users\Tomstin\Documents\Teil 9 Schule.odt
2013-10-20 17:52 - 2013-10-20 17:52 - 00008767 _____ C:\Users\Tomstin\Documents\Teil 8 Schule.odt
2013-10-20 17:49 - 2013-10-20 17:49 - 00008774 _____ C:\Users\Tomstin\Documents\Teil 7 Schule.odt
2013-10-20 17:47 - 2013-10-20 17:47 - 00008754 _____ C:\Users\Tomstin\Documents\Teil 6 Schule.odt
2013-10-20 17:47 - 2013-10-20 17:46 - 00008779 _____ C:\Users\Tomstin\Documents\Teil 5 Schule.odt
2013-10-20 17:47 - 2013-10-20 17:45 - 00008777 _____ C:\Users\Tomstin\Documents\Teil 4 Schulke.odt
2013-10-20 15:39 - 2013-06-12 16:25 - 00000000 ____D C:\Users\Tomstin\Desktop\Programme
2013-10-20 15:39 - 2013-03-15 23:48 - 00000000 ____D C:\Users\Tomstin\Desktop\Neuer Ordner
2013-10-20 14:50 - 2013-10-20 14:50 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Comodo
2013-10-20 14:50 - 2013-10-20 09:19 - 00000000 ____D C:\ProgramData\COMODO
2013-10-20 09:27 - 2013-10-20 09:18 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2013-10-20 09:27 - 2013-10-20 09:18 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2013-10-20 09:26 - 2013-10-20 09:18 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-10-20 09:21 - 2013-10-20 09:21 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2013-10-20 09:20 - 2013-10-20 09:19 - 00000000 ___SD C:\ProgramData\Shared Space
2013-10-20 09:19 - 2013-10-20 09:19 - 00000000 ____D C:\Program Files\COMODO
2013-10-20 09:18 - 2013-10-20 09:18 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Comodo
2013-10-20 09:18 - 2013-10-20 09:18 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-10-20 09:17 - 2013-10-20 09:08 - 214262072 _____ (COMODO) C:\Users\Tomstin\Downloads\cfw_installer63.exe
2013-10-20 09:04 - 2013-10-20 09:04 - 00504808 _____ C:\Users\Tomstin\Downloads\BySoftFreeRAM40.exe
2013-10-19 16:37 - 2013-10-19 16:37 - 00335136 _____ C:\Users\Tomstin\Downloads\Setup.exe
2013-10-19 16:33 - 2011-12-28 11:45 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Mozilla
2013-10-19 16:31 - 2013-10-19 16:31 - 00818592 _____ () C:\Users\Tomstin\Downloads\VideoPerformerSetup.exe
2013-10-18 16:23 - 2013-10-18 16:23 - 00009821 _____ C:\Users\Tomstin\Documents\Teil 2 Schule.odt
2013-10-13 08:58 - 2013-10-05 14:03 - 00000000 ____D C:\Users\Tomstin\Desktop\Spiele

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-11 20:52

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---


#FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2013 01
Ran by Tomstin at 2013-11-12 07:04:30
Running from C:\Users\Tomstin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD AVIVO64 Codecs (Version: 11.6.0.10728)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
Ashampoo Registry Cleaner v.1.0.0 (x32 Version: 1.0.0)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Castle of Illusion (x32 Version: 1)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485)
CCC Help Czech (x32 Version: 2012.1219.1520.27485)
CCC Help Danish (x32 Version: 2012.1219.1520.27485)
CCC Help Dutch (x32 Version: 2012.1219.1520.27485)
CCC Help English (x32 Version: 2012.1219.1520.27485)
CCC Help Finnish (x32 Version: 2012.1219.1520.27485)
CCC Help French (x32 Version: 2012.1219.1520.27485)
CCC Help German (x32 Version: 2012.1219.1520.27485)
CCC Help Greek (x32 Version: 2012.1219.1520.27485)
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485)
CCC Help Italian (x32 Version: 2012.1219.1520.27485)
CCC Help Japanese (x32 Version: 2012.1219.1520.27485)
CCC Help Korean (x32 Version: 2012.1219.1520.27485)
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485)
CCC Help Polish (x32 Version: 2012.1219.1520.27485)
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485)
CCC Help Russian (x32 Version: 2012.1219.1520.27485)
CCC Help Spanish (x32 Version: 2012.1219.1520.27485)
CCC Help Swedish (x32 Version: 2012.1219.1520.27485)
CCC Help Thai (x32 Version: 2012.1219.1520.27485)
CCC Help Turkish (x32 Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
CCleaner (Version: 4.02)
CleanUp! (x32)
Common Desktop Agent (Version: 1.53.0)
Comodo Dragon (x32 Version: 29.1.0.0)
COMODO Firewall (Version: 6.3.32439.2937)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6514.5001)
Deckadance (x32 Version: 2.0)
DivX-Setup (x32 Version: 2.6.1.84)
EVEREST Ultimate Edition v5.50 (x32 Version: 5.50)
Expat Shield 2.25 (x32 Version: 2.25)
Exxter Gamepad (x32)
Far Cry 3 (x32 Version: 1.04)
Far Cry 3 Blood Dragon (x32 Version: 1.00)
ffdshow v1.2.4422 [2012-04-09] (x32 Version: 1.2.4422.0)
FL Studio 10 (x32)
Foxit Reader (x32 Version: 6.0.4.719)
Free YouTube to MP3 Converter version 3.12.12.827 (x32 Version: 3.12.12.827)
Game Booster 3 (x32 Version: 3.0)
Gears of War (x32 Version: 1.00.0000)
GeekBuddy (Version: 4.9.73)
Google Chrome (x32 Version: 30.0.1599.101)
Google Update Helper (x32 Version: 1.3.21.165)
Grand Theft Auto IV (x32 Version: 1.0.0013.131)
HydraVision (x32 Version: 4.2.210.0)
ICQ Ignore Checker 1.4 (x32)
ICQ Status Checker 1.9 (x32)
ICQ7M (x32 Version: 7.8)
JavaFX 2.1.0 (x32 Version: 2.1.0)
Kantaris Media Player Lite Version 0.7.7 (x32 Version: 0.7.7)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Baseline Security Analyzer 2.2 (Version: 2.2.2170)
Microsoft Fix it Center (Version: 1.0.0100)
Microsoft PowerPoint Viewer (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual J# 2.0 Redistributable Package (x32 Version: 2.0.50727)
Microsoft Visual J# 2.0 Redistributable Package (x32)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
NVIDIA PhysX (x32 Version: 9.10.0513)
OpenOffice 4.0.1 (x32 Version: 4.01.9714)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
Postal 2 Share The Pain (x32)
Postal.3 version 1.0 (x32 Version: 1.0)
PrivaZer (x32 Version: 2.4.0.0)
PunkBuster Services (x32 Version: 0.993)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6526)
Saints Row IV Commander in Chief Edition 1.0 (x32)
Samsung Easy Printer Manager (x32 Version: 1.02.06.05)
Samsung ML-2160 Series (x32)
Samsung Printer Live Update (x32 Version: 1.01.00:04(2013-04-22))
Sleeping Dogs Game Of The Year (30 DLCs) 1.0 (x32 Version: 1.0)
Spybot - Search & Destroy (x32 Version: 2.2.25)
SRWare Iron Version SRWare Iron 18.0.1050.0 (x32 Version: SRWare Iron 18.0.1050.0)
StarCraft II (x32 Version: 1.0.0.16117)
Sun ODF Plugin for Microsoft Office 3.2 (x32 Version: 3.2.9483)
TeamViewer 8 (x32 Version: 8.0.22298)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VirtualDJ Home FREE (x32 Version: 7.0.5)
VLC media player 2.0.5 (Version: 2.0.5)
WinRAR 4.01 (64-Bit) (Version: 4.01.0)

==================== Restore Points  =========================

10-11-2013 18:00:15 Windows-Sicherung
11-11-2013 11:43:08 Removed iTunes
11-11-2013 11:50:33 Steam wird entfernt
11-11-2013 11:52:15 Removed Bonjour
11-11-2013 11:52:47 Removed Apple Application Support
11-11-2013 11:53:40 Removed Apple Mobile Device Support
11-11-2013 11:54:34 Removed Apple Software Update
11-11-2013 11:55:15 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
11-11-2013 11:55:53 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
11-11-2013 11:56:36 Removed Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-08-01 23:52 - 00000855 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0247CFE8-4EA5-4AA6-AE28-243C7F95061A} - \Scheduled Update for Ask Toolbar No Task File
Task: {0314F07C-B42A-408A-9614-DF21B5F88DE6} - System32\Tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2013-10-20] (COMODO)
Task: {0533CC7C-39D3-4880-8B56-5D58FDD12606} - System32\Tasks\{E8BBBA7E-92A5-4B32-8222-04A31A7AC795} => E:\AUTORUN.EXE
Task: {1903838B-2748-42D3-8F32-520792F9A4E3} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {22646458-1E54-4427-AC91-8AB491319F97} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-01] (Google Inc.)
Task: {268C1837-DF5E-4AC6-AF1A-B8121D26C1E5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {390271EE-E73F-41A3-B443-2CEC9B9B163B} - System32\Tasks\{CB51B593-AB6A-4F45-A196-245433B54616} => C:\Users\Tomstin\Desktop\Tetris\TETRIS.EXE
Task: {3C2DC2E4-7F3E-49B8-96BC-BE0F89C269A8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {479CBAC0-F9BA-4F82-81F2-86FB14E05C77} - System32\Tasks\{67CF892B-4A35-4316-AA41-5B00466233A9} => C:\Users\Tomstin\Documents\My Games\Skyrim\Crack\skyrimlauncher.exe
Task: {556F83EC-5BE0-4E38-9931-E039EEEE8140} - System32\Tasks\HDvid Codec V1-updater => C:\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-updater.exe
Task: {56ECA2EB-895F-451E-B22F-6E4AC5C843E3} - System32\Tasks\{B55821FA-54E0-4F77-9F36-8AF67C49F3B2} => C:\Users\Tomstin\Desktop\nomousy.exe
Task: {5BA174BF-0884-4CAD-9BD5-3AFAECCE6849} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-09-24] (COMODO)
Task: {5FBFBF80-00A0-47C6-89D1-98330DCBD75D} - System32\Tasks\{1A7010F2-2E92-4039-8C2E-492C1ED41B21} => C:\Users\Tomstin\Desktop\System\AALoader.exe
Task: {7D078CFA-F6F6-4D53-A8CF-5D802F732812} - System32\Tasks\{0E7B6248-A083-4E4D-92F3-894741C147A8} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsProgressBar
Task: {816D7E44-F37F-4860-9973-81D473431D4F} - System32\Tasks\{BEBEAD03-CC06-44BB-B855-2C8CF1301CFE} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {836072E1-12DA-4E28-8359-882A7786A7AC} - System32\Tasks\{229103BD-4019-48E8-929D-08D6B8841C82} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {8A1F4D4A-F54F-420A-8CE4-4577EC7463F0} - System32\Tasks\{D5F981D7-E3AF-4B7E-9551-6686756E2B29} => C:\Program Files (x86)\Postal.3\keygen.exe [2011-12-10] ()
Task: {8E8822AB-3483-4632-BDCC-A0F3E9CEBD2C} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {941AFE64-0F62-488F-8E78-1C6434F81F72} - System32\Tasks\{DF085E31-F253-4802-B17B-E383E11DD3AE} => C:\Program Files (x86)\Postal.3\keygen.exe [2011-12-10] ()
Task: {A0181FC9-8750-491C-B81C-D4BA3A08A4F3} - System32\Tasks\{8818B6CA-59FC-4C4F-8B05-8D8AEA38E42C} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsProgressBar
Task: {A2BF2898-F767-4447-B8E4-A35DF2092346} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-651814193-456638492-2849979887-1000Core => C:\Users\Tomstin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {AF75B5AD-2898-45B3-8EBB-734F89F0ECEA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-651814193-456638492-2849979887-1000UA => C:\Users\Tomstin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {B4FF76F0-B672-4D37-8CAA-D1BC49FE6146} - System32\Tasks\HDvid Codec V1-enabler => C:\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-enabler.exe
Task: {C4DE22B1-74C2-4A9B-B9AF-F33127BDDFAB} - System32\Tasks\{1D32DDF6-D39B-4BAF-AD72-8EBC9F9E1D88} => C:\Users\Tomstin\Desktop\C&amp;C 3 Kanes Wrath Trainer.exe
Task: {D5D55AB5-DA5C-49F0-A2B4-E07142203EE2} - System32\Tasks\{D886CE77-858A-4FBB-8777-BD3C214E6249} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsProgressBar
Task: {DE917EDF-92E3-4010-A618-7509945DEC13} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {E5B574BB-F744-414B-98AA-CE68FF8271A0} - System32\Tasks\HDvid Codec V1-codedownloader => C:\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-codedownloader.exe
Task: {EB5F22B1-6E31-4FEF-95CA-0E5058803F4F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10] (Adobe Systems Incorporated)
Task: {EBAE1DE6-45AF-45D6-BEDF-A14E9CD17168} - System32\Tasks\{85E194E3-1633-46D1-B37B-ED5E767929A3} => C:\Users\Tomstin\Desktop\XtremeMt2Client 2012\metin2client.exe
Task: {EF3E1C21-2D53-49DF-B90D-53E68235B566} - System32\Tasks\GoogleUpdateTaskMachineCore1ce8ef5a7dc11 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-01] (Google Inc.)
Task: {F29B0309-5E16-42D2-9940-4CCD950921E4} - System32\Tasks\Games\UpdateCheck_S-1-5-21-651814193-456638492-2849979887-1000
Task: {F3738071-644B-4668-86D1-0C03DD27FABD} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {FA1E64FD-337D-4A72-906C-ED35C47AD55B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {FD8C776C-BA91-4ACF-9D09-FED756039D4C} - System32\Tasks\{A4565EC7-AF95-4C0B-B644-38E81324C47B} => C:\Program Files (x86)\Postal.3\keygen.exe [2011-12-10] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce8ef5a7dc11.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HDvid Codec V1-codedownloader.job => C:\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-codedownloader.exe
Task: C:\Windows\Tasks\HDvid Codec V1-enabler.job => C:\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-enabler.exe
Task: C:\Windows\Tasks\HDvid Codec V1-updater.job => C:\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-updater.exe

==================== Loaded Modules (whitelisted) =============

2011-11-20 10:39 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2013-10-07 06:33 - 2013-10-07 06:33 - 03528759 ____C () D:\Zer!\PrivaZer\PrivaMenu1.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2013 07:01:19 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: openvpntray.exe, Version: 0.0.0.0, Zeitstempel: 0x4f15e5fe
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00039342
ID des fehlerhaften Prozesses: 0x159c
Startzeit der fehlerhaften Anwendung: 0xopenvpntray.exe0
Pfad der fehlerhaften Anwendung: openvpntray.exe1
Pfad des fehlerhaften Moduls: openvpntray.exe2
Berichtskennung: openvpntray.exe3

Error: (11/11/2013 11:05:01 PM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (11/11/2013 11:05:01 PM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (11/11/2013 11:05:01 PM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (11/11/2013 11:05:01 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (11/11/2013 11:05:00 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/11/2013 11:05:00 PM) (Source: Windows Search Service) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (11/11/2013 11:05:00 PM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/11/2013 11:05:00 PM) (Source: Windows Search Service) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/11/2013 11:05:00 PM) (Source: Windows Search Service) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.


Details:
	0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))


System errors:
=============
Error: (11/12/2013 06:04:05 AM) (Source: WMPNetworkSvc) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80004005" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.

Error: (11/12/2013 06:03:52 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
StarOpen

Error: (11/12/2013 06:03:03 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Net.Tcp-Listeneradapter" ist vom Dienst "Net.Tcp-Portfreigabedienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (11/12/2013 06:03:03 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Net.Msmq-Listeneradapter" ist von folgendem Dienst abhängig: msmq. Dieser Dienst ist eventuell nicht installiert.

Error: (11/12/2013 06:02:38 AM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (11/11/2013 11:33:40 PM) (Source: WMPNetworkSvc) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80004005" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.

Error: (11/11/2013 11:33:33 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
StarOpen

Error: (11/11/2013 11:32:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Net.Tcp-Listeneradapter" ist vom Dienst "Net.Tcp-Portfreigabedienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (11/11/2013 11:32:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Net.Msmq-Listeneradapter" ist von folgendem Dienst abhängig: msmq. Dieser Dienst ist eventuell nicht installiert.

Error: (11/11/2013 11:31:57 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.


Microsoft Office Sessions:
=========================
Error: (11/12/2013 07:01:19 AM) (Source: Application Error)(User: )
Description: openvpntray.exe0.0.0.04f15e5feole32.dll6.1.7601.175144ce7b96fc000000500039342159c01cedf649d00952bD:\Program Files (x86)\Expat Shield\bin\openvpntray.exeC:\Windows\syswow64\ole32.dlld91eada5-4b5f-11e3-9777-0019213cb04f

Error: (11/11/2013 11:05:01 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (11/11/2013 11:05:01 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (11/11/2013 11:05:01 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (11/11/2013 11:05:01 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (11/11/2013 11:05:00 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (11/11/2013 11:05:00 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (11/11/2013 11:05:00 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (11/11/2013 11:05:00 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (11/11/2013 11:05:00 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
	0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))


==================== Memory info =========================== 

Percentage of memory in use: 54%
Total physical RAM: 4095.3 MB
Available physical RAM: 1865.13 MB
Total Pagefile: 10235.49 MB
Available Pagefile: 7079.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:151.27 GB) (Free:56.72 GB) NTFS
Drive d: (Maschine) (Fixed) (Total:314.39 GB) (Free:18.23 GB) NTFS
Drive f: () (Fixed) (Total:465.75 GB) (Free:262.2 GB) NTFS
Drive g: (KARASTICK) (Removable) (Total:1.95 GB) (Free:0 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 123EFB03)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=151 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=314 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 91F72D24)
Partition 1: (Active) - (Size=2 GB) - (Type=06)

========================================================
Disk: 2 (Size: 466 GB) (Disk ID: CBAD9B0B)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---

Hallo und besten dank schonmal für deine Hilfe!
__________________

Alt 12.11.2013, 12:00   #4
schrauber
/// the machine
/// TB-Ausbilder
 

festplatte füllt sich automatisch! - Standard

festplatte füllt sich automatisch!



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.11.2013, 14:06   #5
Falkonett
 
festplatte füllt sich automatisch! - Standard

festplatte füllt sich automatisch!



#Combofix Logfile:
Code:
ATTFilter
ComboFix 13-11-11.01 - Tomstin 12.11.2013  14:43:20.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.4095.2697 [GMT 1:00]
ausgeführt von:: c:\users\Tomstin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\programdata\ntuser.dat
c:\windows\iun6002.exe
c:\windows\SysWow64\FlashPlayerApp.exe
c:\windows\usgwmt
c:\windows\usgwmt\BReWErS.dll
c:\windows\wininit.ini
C:\Windupdt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-10-12 bis 2013-11-12  ))))))))))))))))))))))))))))))
.
.
2013-11-12 13:52 . 2013-11-12 13:52	--------	d-----w-	c:\users\DefaultAppPool\AppData\Local\temp
2013-11-12 13:36 . 2013-11-12 13:36	--------	dc----w-	C:\first_launch
2013-11-12 06:01 . 2013-11-12 06:01	--------	dc----w-	C:\FRST
2013-11-12 05:08 . 2013-11-12 05:08	--------	d-----w-	c:\program files (x86)\CleanUp!
2013-11-11 22:41 . 2013-11-11 22:41	--------	d-----w-	c:\program files (x86)\Ashampoo
2013-11-11 11:36 . 2013-11-11 11:36	--------	d-----w-	c:\users\Tomstin\AppData\Local\Danny_Tuppeny
2013-10-31 19:33 . 2013-10-31 19:33	--------	dc----w-	C:\dumps
2013-10-31 15:42 . 2013-10-31 15:42	--------	d-----w-	c:\program files (x86)\Alcohol Soft
2013-10-31 15:25 . 2013-06-06 06:24	20472	----a-w-	c:\windows\system32\Spool\prtprocs\x64\TeamViewer_PrintProcessor.dll
2013-10-31 15:24 . 2013-06-06 06:24	35112	----a-w-	c:\windows\system32\drivers\teamviewervpn.sys
2013-10-31 15:24 . 2013-10-31 15:24	--------	d-----w-	c:\program files (x86)\TeamViewer
2013-10-31 10:31 . 2013-11-02 11:09	--------	d-----w-	c:\users\Tomstin\AppData\Local\Diagnostics
2013-10-31 09:34 . 2013-11-02 11:14	--------	d-----w-	c:\program files (x86)\Postal.3
2013-10-29 00:29 . 2013-11-06 17:47	--------	d-----w-	c:\users\Tomstin\AppData\Local\Vidalia
2013-10-28 22:27 . 2013-10-28 22:28	--------	d-----w-	c:\users\Tomstin\AppData\Local\gtk-2.0
2013-10-28 22:05 . 2013-11-11 11:57	--------	d-----w-	c:\program files (x86)\Look@LAN
2013-10-25 17:37 . 2013-11-03 17:24	--------	d-----w-	c:\programdata\boost_interprocess
2013-10-23 08:11 . 2013-10-27 19:57	--------	d-----w-	c:\programdata\Orbit
2013-10-23 03:26 . 2013-11-12 13:32	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2013-10-23 03:26 . 2013-11-12 13:33	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2013-10-23 03:14 . 2013-10-28 20:00	--------	d-----w-	c:\program files (x86)\Vidalia Bridge Bundle
2013-10-22 19:37 . 2013-10-22 19:37	--------	dc----w-	C:\VTRoot
2013-10-22 17:32 . 2013-11-11 11:45	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-22 17:31 . 2013-10-22 17:31	--------	d-----w-	c:\users\Tomstin\AppData\Local\Apple
2013-10-22 17:17 . 2013-10-22 17:36	--------	d-----w-	c:\users\Tomstin\AppData\Roaming\Syncios
2013-10-20 13:50 . 2013-10-20 13:50	--------	d-----w-	c:\users\Tomstin\AppData\Roaming\Comodo
2013-10-20 10:36 . 2013-10-20 10:36	--------	d-----w-	c:\program files (x86)\Common Files\COMODO
2013-10-20 08:19 . 2013-10-20 08:20	--------	d-s---w-	c:\programdata\Shared Space
2013-10-20 08:19 . 2013-10-20 13:50	--------	d-----w-	c:\programdata\COMODO
2013-10-20 08:19 . 2013-10-20 08:19	--------	d-----w-	c:\program files\COMODO
2013-10-20 08:18 . 2013-10-20 08:18	--------	d-----w-	c:\users\Tomstin\AppData\Local\Comodo
2013-10-20 08:18 . 2013-11-12 13:36	57096	----a-w-	c:\windows\system32\certsentry.dll
2013-10-20 08:18 . 2013-11-12 13:36	48392	----a-w-	c:\windows\SysWow64\certsentry.dll
2013-10-20 08:18 . 2013-11-12 13:36	--------	d-----w-	c:\program files (x86)\Comodo
2013-10-20 08:18 . 2013-10-20 08:18	--------	d-----w-	c:\programdata\Comodo Downloader
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-10 18:50 . 2011-12-15 19:22	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-11-10 18:50 . 2011-12-15 17:02	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-11-07 21:19 . 2011-12-15 17:02	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-10-27 19:59 . 2011-12-15 17:02	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2013-10-10 04:14 . 2011-11-24 13:15	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-07 05:17 . 2013-10-07 05:17	14888	----a-w-	c:\windows\system32\drivers\hmd.sys
2013-10-07 05:17 . 2013-10-07 05:17	14888	----a-w-	c:\windows\inf\HMD\hmd.sys
2013-09-29 05:48 . 2012-05-12 02:45	868264	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-09-29 05:48 . 2011-12-17 19:29	790440	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-09-24 09:54 . 2013-09-24 09:54	96800	----a-w-	c:\windows\system32\drivers\inspect.sys
2013-09-24 09:54 . 2013-09-24 09:54	709144	----a-w-	c:\windows\system32\drivers\cmdguard.sys
2013-09-24 09:54 . 2013-09-24 09:54	48872	----a-w-	c:\windows\system32\drivers\cmdhlp.sys
2013-09-24 09:54 . 2013-09-24 09:54	23168	----a-w-	c:\windows\system32\drivers\cmderd.sys
2013-09-24 09:53 . 2013-09-24 09:53	43216	----a-w-	c:\windows\system32\cmdcsr.dll
2013-09-24 09:53 . 2013-09-24 09:53	444392	----a-w-	c:\windows\system32\guard64.dll
2013-09-24 09:53 . 2013-09-24 09:53	354240	----a-w-	c:\windows\SysWow64\guard32.dll
2013-09-24 09:53 . 2013-09-24 09:53	347864	----a-w-	c:\windows\system32\cmdvrt64.dll
2013-09-24 09:53 . 2013-09-24 09:53	45784	----a-w-	c:\windows\system32\cmdkbd64.dll
2013-09-24 09:53 . 2013-09-24 09:53	40664	----a-w-	c:\windows\SysWow64\cmdkbd32.dll
2013-09-24 09:53 . 2013-09-24 09:53	280792	----a-w-	c:\windows\SysWow64\cmdvrt32.dll
2013-09-18 20:08 . 2013-09-18 20:08	94208	----a-w-	c:\windows\SysWow64\dpl100.dll
2013-09-05 09:35 . 2013-09-05 09:35	68304	----a-w-	c:\windows\system32\offreg.dll
2013-09-02 13:47 . 2013-08-02 15:17	81112	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-09-02 13:47 . 2013-08-02 15:16	132088	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-09-02 13:47 . 2013-08-02 15:16	105344	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-08-20 05:02 . 2013-08-20 05:02	204568	----a-w-	c:\windows\system32\drivers\ssudmdm.sys
2013-08-20 05:02 . 2013-08-20 05:02	103576	----a-w-	c:\windows\system32\drivers\ssudbus.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
2012-01-04 23:02	233288	-c--a-w-	d:\program files (x86)\Expat Shield\HssIE\ExpatIE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-07-28 393216]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 2646128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"avgnt"="d:\avira antivirus\Avira\AntiVir Desktop\avgnt.exe" [2013-09-02 347192]
"tvncontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2013-10-11 2327248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 cpuz135;cpuz135;c:\users\Tomstin\AppData\Local\Temp\cpuz135\cpuz135_x64.sys;c:\users\Tomstin\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 ExpatTrayService;Expat Shield Tray Service;d:\program files (x86)\Expat Shield\bin\ExpatTrayService.EXE;d:\program files (x86)\Expat Shield\bin\ExpatTrayService.EXE [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 GWHid;VL807 Miniport Driver;c:\windows\system32\DRIVERS\GWHid.sys;c:\windows\SYSNATIVE\DRIVERS\GWHid.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 MatSvc;Microsoft Fix it Supportcenter;c:\program files\Microsoft Fix it Center\Matsvc.exe;c:\program files\Microsoft Fix it Center\Matsvc.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys;c:\windows\SYSNATIVE\DRIVERS\wg111v3.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 VL807;VL807 Filter;c:\windows\system32\DRIVERS\VL807.sys;c:\windows\SYSNATIVE\DRIVERS\VL807.sys [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R4 AntiVirWebService;Avira Browser-Schutz;d:\avira antivirus\Avira\AntiVir Desktop\AVWEBGRD.EXE;d:\avira antivirus\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys;c:\windows\SYSNATIVE\DRIVERS\CFRMD.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S1 GizmoDrv;Gizmo Device Driver; [x]
S1 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\DRIVERS\hmd.sys;c:\windows\SYSNATIVE\DRIVERS\hmd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;d:\avira antivirus\Avira\AntiVir Desktop\sched.exe;d:\avira antivirus\Avira\AntiVir Desktop\sched.exe [x]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [x]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
S2 ExpatShieldService;Expat Shield Service;d:\program files (x86)\Expat Shield\bin\openvpnas.exe;d:\program files (x86)\Expat Shield\bin\openvpnas.exe [x]
S2 ExpatSrv;Expat Shield Routing Service;d:\program files (x86)\Expat Shield\HssWPR\hsssrv.exe;d:\program files (x86)\Expat Shield\HssWPR\hsssrv.exe [x]
S2 ExpatWd;Expat Shield Monitoring Service;d:\program files (x86)\Expat Shield\bin\hsswd.exe;d:\program files (x86)\Expat Shield\bin\hsswd.exe [x]
S2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-15 16:38	1185744	----a-w-	c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 04:14]
.
2013-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce8ef5a7dc11.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-01 19:25]
.
2013-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-01 19:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
2012-01-04 23:02	287048	-c--a-w-	d:\program files (x86)\Expat Shield\HssIE\ExpatIE_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-10-20 1612504]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = localhost:8080
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = hxxp://www.google.com
IE: Mit Mipony herunterladen - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
LSP: d:\avira antivirus\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: facebook.com\www
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F2E7F5CF-0033-42D8-AB79-1B57E1F3C204}: NameServer = 8.8.8.8
DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} - hxxps://www.olb.de/olb_fb3_1857/plugin/AXFOAM.CAB
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{3444c3c5-6c56-4a16-a453-832b05bf6ea4} - (no file)
Toolbar-10 - (no file)
Toolbar-10 - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-651814193-456638492-2849979887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-651814193-456638492-2849979887-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:30,f1,a1,08,0c,50,b8,18,0a,45,ef,db,d5,97,6e,7e,bc,4a,d3,51,8d,1d,6d,
   e4,d9,bc,dc,38,de,9d,b9,da,2e,04,3b,a4,b2,68,12,46,94,2f,ce,73,a6,6e,4c,ee,\
"??"=hex:5a,69,9c,50,fa,9a,0d,31,01,ca,ee,78,aa,96,79,4d
.
[HKEY_USERS\S-1-5-21-651814193-456638492-2849979887-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:9b,17,ca,5e,de,d1,17,12,b2,02,a5,9b,40,1e,8a,b3,b9,2e,53,a9,66,
   c9,fb,06,e4,54,3e,9e,10,22,d6,4d,5b,47,f3,4b,fa,5c,97,27,a7,41,e9,5b,09,82,\
"rkeysecu"=hex:5f,11,6b,c1,82,22,08,b7,74,14,1a,06,3b,e4,7d,a7
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-11-12  14:57:21
ComboFix-quarantined-files.txt  2013-11-12 13:57
.
Vor Suchlauf: 19 Verzeichnis(se), 60.380.381.184 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 60.311.183.360 Bytes frei
.
- - End Of File - - 9A4185359B5CA52DFDD8132B148603E6
         
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

Combofix hat seinen Namen noch geändert, hatte es ausversehen 2mal runtergeladen! :/
Habe es auf dem Desktop gezogen und wurde dann automatisch korrigiert!

Besten Dank für deine Hilfe, ist alles so korrekt?


Alt 13.11.2013, 08:00   #6
schrauber
/// the machine
/// TB-Ausbilder
 

festplatte füllt sich automatisch! - Standard

festplatte füllt sich automatisch!



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> festplatte füllt sich automatisch!

Alt 14.11.2013, 13:07   #7
Falkonett
 
festplatte füllt sich automatisch! - Standard

festplatte füllt sich automatisch!



lwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.11.14.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Tomstin :: TOMSTIN-PC [Administrator]

14.11.2013 06:58:19
mbam-log-2013-11-14 (06-58-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 423987
Laufzeit: 1 Stunde(n), 11 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3444c3c5-6c56-4a16-a453-832b05bf6ea4} (PUP.Optional.MoviesToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\dnllcmllkjofnojidnaknldfehfhehoo (PUP.Optional.HDVidCodec.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{3444c3c5-6c56-4a16-a453-832b05bf6ea4} (PUP.Optional.MoviesToolBar.A) -> Daten: Movies Toolbar (Dist. by Somoto Ltd.) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3444c3c5-6c56-4a16-a453-832b05bf6ea4} (PUP.Optional.MoviesToolBar.A) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 7

C:\AdwCleaner\Quarantine\C\Users\Tomstin\AppData\Roaming\file scout\filescout.exe.vir (PUP.Optional.FileScout.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir (PUP.Optional.PCPerformer.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\COMODO\Cis\Quarantine\data\{7718756D-2245-481F-83CE-5D5F556E9CA1} (PUP.RemoveWGA) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tomstin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000 (PUP.Optional.OneClickDownloader.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tomstin\Downloads\ac3trainer3.zip (HackTool.GamesCheat.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tomstin\Downloads\Setup.exe (PUP.Optional.DomaIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tomstin\Downloads\VideoPerformerSetup.exe (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.


(Ende)

Beim ADW-Cleaner auch die Firewall und Antivirensystem ausschalten?

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.012 - Bericht erstellt am 14/11/2013 um 11:52:33
# Updated 11/11/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Tomstin - TOMSTIN-PC
# Gestartet von : C:\Users\Tomstin\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\Tomstin\AppData\Local\webplayer
Ordner Gelöscht : C:\Users\Tomstin\AppData\LocalLow\somotomoviestoolbar1

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gelöscht : HKLM\Software\SafetyNut
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Google Chrome v30.0.1599.101

[ Datei : C:\Users\Tomstin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2236 octets] - [03/09/2013 18:00:11]
AdwCleaner[R1].txt - [1080 octets] - [01/10/2013 07:59:39]
AdwCleaner[R2].txt - [2416 octets] - [23/10/2013 16:05:26]
AdwCleaner[R3].txt - [1546 octets] - [14/11/2013 11:46:28]
AdwCleaner[S0].txt - [2069 octets] - [03/09/2013 19:57:51]
AdwCleaner[S1].txt - [2244 octets] - [23/10/2013 19:29:42]
AdwCleaner[S2].txt - [1469 octets] - [14/11/2013 11:52:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1529 octets] ##########
         
--- --- ---JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x64
Ran by Tomstin on 14.11.2013 at 12:25:11,58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-651814193-456638492-2849979887-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21D59046-8568-4E51-BD32-79BD751DCCE6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{499B15AC-881F-4224-9373-E2AF2D95108B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C2A9ED0-361D-4678-BBB6-FA668315952D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{82FE22F6-6581-4ED3-B962-D0114CFC8F04}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A178FE10-2662-4286-93AB-0477A425A351}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3CEE6FC4-FC4F-46DF-B397-4DB063ADE259}
Successfully deleted: [Registry Key] "hkey_current_user\software\classes\typelib\{006ad7b2-968a-11de-88c9-5bde55d89593}"



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.11.2013 at 13:00:22,46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---


Super, nun bleibt Laufwerk D konstant auf 18 Gb. (´Hatte vorher I-tunes deinstalliert)
Werde nun das FRST log in angriff nehmen, würde echt gerne wissen wo sich die Daten tummeln... :/


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by Tomstin (administrator) on TOMSTIN-PC on 14-11-2013 14:04:14
Running from C:\Users\Tomstin\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) D:\Avira Antivirus\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) D:\Avira Antivirus\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\system32\CISVC.EXE
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
() D:\Program Files (x86)\Expat Shield\bin\openvpnas.exe
(AnchorFree Inc.) D:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe
() D:\Program Files (x86)\Expat Shield\bin\hsswd.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Windows\System32\tcpsvcs.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Avira Operations GmbH & Co. KG) D:\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) D:\Avira Antivirus\Avira\AntiVir Desktop\avshadow.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() D:\Program Files (x86)\Expat Shield\bin\openvpntray.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1612504 2013-10-20] (COMODO)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-07-28] (AMD)
HKCU\...\Run: [PeerBlock] - C:\Program Files\PeerBlock\peerblock.exe [2646128 2010-11-06] (PeerBlock, LLC)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - D:\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [tvncontrol] - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-10-11] (Comodo Security Solutions, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD588F4CD18A9CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {1646C8A2-445C-4F04-817C-91C43411A977} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=3932343d-b94a-4f4c-86b6-b30c5bdcd972&pid=murb&k=0
SearchScopes: HKCU - {1646C8A2-445C-4F04-817C-91C43411A977} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKCU - {2064E130-29CE-4745-8DF9-B6B94C74F1F2} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=3932343d-b94a-4f4c-86b6-b30c5bdcd972&pid=murb&mode=bounce&k=0
SearchScopes: HKCU - {69463CC3-D10E-4514-B1F3-B5C1E3715D11} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=3932343d-b94a-4f4c-86b6-b30c5bdcd972&pid=murb&mode=bounce&k=0
SearchScopes: HKCU - {C54C87CC-F39D-496E-A35A-CD475B245A92} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=3932343d-b94a-4f4c-86b6-b30c5bdcd972&pid=murb&mode=bounce&k=0
SearchScopes: HKCU - {F585DC5D-A570-453D-AE52-813BA5C0AD62} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=3932343d-b94a-4f4c-86b6-b30c5bdcd972&pid=murb&mode=bounce&k=0
SearchScopes: HKCU - {F9AA668C-A55A-4AB0-B9EE-73BC7308F49C} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=3932343d-b94a-4f4c-86b6-b30c5bdcd972&pid=murb&mode=bounce&k=0
SearchScopes: HKCU - {FC386457-C037-45E1-A989-F5E7B6FE33DF} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=3932343d-b94a-4f4c-86b6-b30c5bdcd972&pid=murb&mode=bounce&k=0
BHO: Expat Shield Class - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - D:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll (AnchorFree Inc.)
BHO-x32: Expat Shield Class - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - D:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll (AnchorFree Inc.)
DPF: HKLM-x32 {271A3CF5-5A54-447B-A08F-BE805F0DA60B} https://www.olb.de/olb_fb3_1857/plugin/AXFOAM.CAB
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Winsock: Catalog9 01 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 01 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 02 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 03 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 04 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 05 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 06 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 07 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 08 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 19 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{F2E7F5CF-0033-42D8-AB79-1B57E1F3C204}: [NameServer]8.8.8.8

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Tomstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Tomstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Tomstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Tomstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Social Fixer for Facebook) - C:\Users\Tomstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\8.0_0
CHR Extension: (Google Wallet) - C:\Users\Tomstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Tomstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; D:\Avira Antivirus\Avira\AntiVir Desktop\sched.exe [84024 2013-09-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Avira Antivirus\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-02] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; D:\Avira Antivirus\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-02] (Avira Operations GmbH & Co. KG)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2013-10-11] (Comodo Security Solutions, Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6254152 2013-10-20] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [164056 2013-09-24] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2098880 2013-11-11] ()
R2 ExpatShieldService; D:\Program Files (x86)\Expat Shield\bin\openvpnas.exe [331608 2012-01-17] ()
R2 ExpatSrv; D:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe [363336 2012-01-05] (AnchorFree Inc.)
S3 ExpatTrayService; D:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.EXE [77520 2012-01-17] ()
R2 ExpatWd; D:\Program Files (x86)\Expat Shield\bin\hsswd.exe [329544 2012-01-05] ()
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-10-11] (Comodo Security Solutions, Inc.)
S3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-27] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2013-05-07] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-09-24] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [709144 2013-09-24] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48872 2013-09-24] (COMODO)
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2012-03-19] (Arainia Solutions LLC)
S3 GWHid; C:\Windows\System32\DRIVERS\GWHid.sys [22648 2010-06-13] (Microsoft Corporation)
R1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [14888 2013-10-07] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [96800 2013-09-24] (COMODO)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 VL807; C:\Windows\System32\DRIVERS\VL807.sys [36728 2010-06-13] ()
S3 VL807; C:\Windows\SysWow64\DRIVERS\VL807.sys [28920 2010-06-13] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz135; \??\C:\Users\Tomstin\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [x]
S3 SANDRA; \??\D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1a\WNt500x64\Sandra.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-14 13:57 - 2013-11-14 13:57 - 01957794 _____ (Farbar) C:\Users\Tomstin\Desktop\FRST64.exe
2013-11-14 13:00 - 2013-11-14 13:00 - 00002008 _____ C:\Users\Tomstin\Desktop\JRT.txt
2013-11-14 12:01 - 2013-11-14 12:01 - 00000000 ____D C:\Windows\ERUNT
2013-11-14 11:57 - 2013-11-14 11:57 - 01034531 _____ (Thisisu) C:\Users\Tomstin\Desktop\JRT.exe
2013-11-14 08:28 - 2013-11-14 08:29 - 01085542 _____ C:\Users\Tomstin\Desktop\adwcleaner.exe
2013-11-14 06:50 - 2013-11-14 06:56 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-14 06:50 - 2013-11-14 06:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-14 06:50 - 2013-11-14 06:50 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Malwarebytes
2013-11-14 06:50 - 2013-11-14 06:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-14 06:50 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-14 06:49 - 2013-11-14 06:49 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tomstin\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-12 14:57 - 2013-11-12 14:57 - 00023945 ____C C:\ComboFix.txt
2013-11-12 14:40 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-12 14:40 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-12 14:40 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-12 14:40 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-12 14:40 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-12 14:40 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-12 14:40 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-12 14:40 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-12 14:33 - 2013-11-14 08:18 - 00008686 _____ C:\Windows\PFRO.log
2013-11-12 14:30 - 2013-11-12 14:57 - 00000000 ___DC C:\Qoobox
2013-11-12 14:29 - 2013-11-12 14:53 - 00000000 ____D C:\Windows\erdnt
2013-11-12 14:23 - 2013-11-12 14:24 - 05145576 ____R (Swearware) C:\Users\Tomstin\Desktop\ComboFix.exe
2013-11-12 14:23 - 2013-11-12 14:23 - 05145576 _____ (Swearware) C:\Users\Tomstin\Downloads\ComboFix.exe
2013-11-12 07:04 - 2013-11-14 14:04 - 00014221 _____ C:\Users\Tomstin\Desktop\FRST.txt
2013-11-12 07:04 - 2013-11-12 07:04 - 00024846 _____ C:\Users\Tomstin\Desktop\Addition.txt
2013-11-12 07:01 - 2013-11-12 07:01 - 00000000 ___DC C:\FRST
2013-11-12 06:08 - 2013-11-12 06:08 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
2013-11-12 06:08 - 2013-11-12 06:08 - 00000000 ____D C:\Program Files (x86)\CleanUp!
2013-11-12 06:07 - 2013-11-12 06:08 - 00339257 _____ C:\Users\Tomstin\Downloads\CleanUp452.exe
2013-11-11 23:41 - 2013-11-11 23:41 - 00001292 _____ C:\Users\Public\Desktop\Ashampoo Registry Cleaner.lnk
2013-11-11 23:41 - 2013-11-11 23:41 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2013-11-11 23:33 - 2013-11-11 23:33 - 00064792 _____ C:\Users\Tomstin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-11 23:32 - 2013-11-14 12:20 - 00000616 _____ C:\Windows\setupact.log
2013-11-11 23:32 - 2013-11-11 23:32 - 00307040 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-11 23:32 - 2013-11-11 23:32 - 00000000 _____ C:\Windows\setuperr.log
2013-11-11 12:36 - 2013-11-11 12:36 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Danny_Tuppeny
2013-11-10 19:27 - 2013-11-10 19:27 - 00018718 _____ C:\Users\Tomstin\Documents\Einteilung der Gruppenarbeit.odt
2013-11-08 20:59 - 2013-11-08 20:59 - 00267596 _____ C:\Users\Tomstin\Downloads\afb_video_pal_001.wmv
2013-11-02 08:50 - 2012-12-18 00:04 - 00000000 ____D C:\Users\Tomstin\Desktop\Postal3-Advanced-German-Patch
2013-11-02 08:45 - 2013-11-02 08:49 - 14191339 _____ C:\Users\Tomstin\Downloads\Postal_3_Advanced_Germanpatch-RAiNER.rar
2013-11-01 22:26 - 2013-11-02 02:41 - 501561721 _____ C:\Users\Tomstin\Downloads\FreeRoaming.Files.rar
2013-11-01 00:53 - 2013-11-01 00:53 - 00001424 _____ C:\Users\Tomstin\Documents\gfjjghj+.txt
2013-11-01 00:53 - 2013-11-01 00:53 - 00000339 _____ C:\Users\Tomstin\Documents\ax_files.xml
2013-10-31 20:33 - 2013-10-31 20:33 - 00000000 ___DC C:\dumps
2013-10-31 16:42 - 2013-10-31 16:42 - 00000000 ____D C:\Program Files (x86)\Alcohol Soft
2013-10-31 16:29 - 2013-10-31 16:30 - 00000000 ____D C:\Users\Tomstin\Desktop\Alcohol 120% v2.0.2.4713
2013-10-31 16:27 - 2013-10-31 16:27 - 00002958 _____ C:\Windows\System32\Tasks\{DF085E31-F253-4802-B17B-E383E11DD3AE}
2013-10-31 16:24 - 2013-10-31 16:24 - 00001162 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-10-31 16:24 - 2013-10-31 16:24 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-10-31 16:24 - 2013-06-06 07:24 - 00035112 _____ (TeamViewer GmbH) C:\Windows\system32\Drivers\teamviewervpn.sys
2013-10-31 16:23 - 2013-10-31 16:23 - 05831344 _____ (TeamViewer GmbH) C:\Users\Tomstin\Downloads\TeamViewer_Setup_de_8.0.22298.exe
2013-10-31 11:31 - 2013-10-31 11:31 - 00002958 _____ C:\Windows\System32\Tasks\{D5F981D7-E3AF-4B7E-9551-6686756E2B29}
2013-10-31 11:31 - 2013-10-31 11:31 - 00002958 _____ C:\Windows\System32\Tasks\{A4565EC7-AF95-4C0B-B644-38E81324C47B}
2013-10-31 10:34 - 2013-11-02 12:14 - 00000000 ____D C:\Program Files (x86)\Postal.3
2013-10-29 01:29 - 2013-11-06 18:47 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Vidalia
2013-10-28 23:28 - 2013-10-28 23:28 - 00000796 _____ C:\Users\Tomstin\AppData\Local\recently-used.xbel
2013-10-28 23:27 - 2013-10-28 23:28 - 00000000 ____D C:\Users\Tomstin\AppData\Local\gtk-2.0
2013-10-28 23:08 - 2013-10-28 23:10 - 22116616 _____ (Wireshark development team) C:\Users\Tomstin\Downloads\Wireshark-win32-1.10.2.exe
2013-10-28 23:05 - 2013-11-11 12:57 - 00000000 ____D C:\Program Files (x86)\Look@LAN
2013-10-28 23:04 - 2013-10-28 23:04 - 02167447 _____ (Indigo Rose Corporation hxxp://www.indigorose.com) C:\Users\Tomstin\Downloads\lalsetup250.exe
2013-10-28 21:29 - 2013-10-28 21:48 - 00000000 ____D C:\Users\Tomstin\Downloads\Far Cry 3 PW-Thircase
2013-10-25 22:04 - 2013-10-25 22:43 - 117224776 _____ C:\Users\Tomstin\Downloads\rre.rar
2013-10-25 21:30 - 2013-10-25 21:30 - 00770638 _____ C:\Users\Tomstin\Downloads\Phillips, Susan Elizabeth - Ch - jo_741.txt
2013-10-25 04:36 - 2013-10-25 07:35 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.rar
2013-10-25 04:04 - 2013-10-25 04:34 - 177274998 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r10
2013-10-24 21:45 - 2013-10-25 03:43 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r09
2013-10-24 08:10 - 2013-10-24 11:09 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r08
2013-10-23 16:04 - 2013-10-23 16:04 - 01060070 _____ C:\Users\Tomstin\Downloads\adwcleaner-3.010.exe
2013-10-23 13:57 - 2013-10-23 17:41 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r07
2013-10-23 09:11 - 2013-10-27 20:57 - 00000000 ____D C:\ProgramData\Orbit
2013-10-23 08:21 - 2013-10-23 08:21 - 00000000 ____D C:\Users\Tomstin\Desktop\Rabiat - Ohne Kompromisse (2007)
2013-10-23 07:48 - 2013-10-23 10:47 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r06
2013-10-23 05:00 - 2013-10-23 07:16 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r05
2013-10-23 04:55 - 2013-10-23 04:55 - 00882489 _____ (Methlabs Productions                                        ) C:\Users\Tomstin\Downloads\pg2-050918-nt.exe
2013-10-23 04:27 - 2013-10-23 04:27 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-10-23 04:26 - 2013-11-12 14:33 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-10-23 04:26 - 2013-11-12 14:32 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-23 04:17 - 2013-10-23 04:19 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Tomstin\Downloads\spybot-2.2.exe
2013-10-23 04:14 - 2013-10-28 21:00 - 00000000 ____D C:\Program Files (x86)\Vidalia Bridge Bundle
2013-10-23 04:08 - 2013-10-23 04:10 - 09636506 _____ C:\Users\Tomstin\Downloads\vidalia-bridge-bundle-0.2.3.25-0.2.21.exe
2013-10-23 01:40 - 2013-10-23 04:17 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r04
2013-10-22 20:37 - 2013-10-23 19:32 - 00007310 _____ C:\Windows\system32\Drivers\fvstore.dat
2013-10-22 20:37 - 2013-10-22 20:37 - 00000000 ___DC C:\VTRoot
2013-10-22 18:42 - 2013-11-10 19:35 - 00000000 ____D C:\Users\Tomstin\Desktop\Oldenburg Klassenprojekt
2013-10-22 18:32 - 2013-11-11 12:45 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Apple
2013-10-22 18:21 - 2013-10-22 18:29 - 97206096 _____ (Apple Inc.) C:\Users\Tomstin\Downloads\iTunes64Setup.exe
2013-10-22 18:17 - 2013-10-22 18:36 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Syncios
2013-10-22 18:14 - 2013-10-22 18:15 - 15678968 _____ (Anvsoft, Inc.                                               ) C:\Users\Tomstin\Downloads\syncios.exe
2013-10-22 18:11 - 2013-10-23 00:10 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r03
2013-10-22 18:05 - 2013-10-22 18:05 - 00085282 _____ C:\Users\Tomstin\Downloads\tunesviewer_1.5.1.deb
2013-10-22 15:42 - 2013-10-22 15:49 - 21357603 _____ C:\Users\Tomstin\Downloads\10.000 Sprüche, Witze & Zitate v1.2 [Cracked by Boerse.BZ].apk
2013-10-22 12:17 - 2013-10-22 16:01 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r02
2013-10-22 08:16 - 2013-10-22 11:15 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r01
2013-10-22 04:38 - 2013-10-22 06:53 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r00
2013-10-20 19:21 - 2013-10-20 19:21 - 00010665 _____ C:\Users\Tomstin\Documents\Teil 14.odt
2013-10-20 19:02 - 2013-10-20 19:02 - 00010731 _____ C:\Users\Tomstin\Documents\Teil 13 Schule.odt
2013-10-20 18:47 - 2013-10-20 18:55 - 00010612 _____ C:\Users\Tomstin\Documents\Unbenannt 1.odt
2013-10-20 18:37 - 2013-10-20 19:08 - 00011414 _____ C:\Users\Tomstin\Documents\Teil 12 Schule.odt
2013-10-20 18:27 - 2013-10-20 18:27 - 00011149 _____ C:\Users\Tomstin\Documents\Teil 11 Schule.odt
2013-10-20 18:19 - 2013-10-20 18:19 - 00011095 _____ C:\Users\Tomstin\Documents\Teil 10 Schule.odt
2013-10-20 18:03 - 2013-10-20 18:03 - 00010933 _____ C:\Users\Tomstin\Documents\Teil 9 Schule.odt
2013-10-20 17:52 - 2013-10-20 17:52 - 00008767 _____ C:\Users\Tomstin\Documents\Teil 8 Schule.odt
2013-10-20 17:49 - 2013-10-20 17:49 - 00008774 _____ C:\Users\Tomstin\Documents\Teil 7 Schule.odt
2013-10-20 17:47 - 2013-10-20 17:47 - 00008754 _____ C:\Users\Tomstin\Documents\Teil 6 Schule.odt
2013-10-20 17:46 - 2013-10-20 17:47 - 00008779 _____ C:\Users\Tomstin\Documents\Teil 5 Schule.odt
2013-10-20 17:45 - 2013-10-20 17:47 - 00008777 _____ C:\Users\Tomstin\Documents\Teil 4 Schulke.odt
2013-10-20 17:44 - 2013-10-20 18:07 - 00012300 _____ C:\Users\Tomstin\Documents\Teil 3 Schule.odt
2013-10-20 14:50 - 2013-10-20 14:50 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Comodo
2013-10-20 09:21 - 2013-10-20 09:21 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2013-10-20 09:19 - 2013-10-20 14:50 - 00000000 ____D C:\ProgramData\COMODO
2013-10-20 09:19 - 2013-10-20 09:20 - 00000000 ___SD C:\ProgramData\Shared Space
2013-10-20 09:19 - 2013-10-20 09:19 - 00000000 ____D C:\Program Files\COMODO
2013-10-20 09:18 - 2013-11-12 14:36 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2013-10-20 09:18 - 2013-11-12 14:36 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2013-10-20 09:18 - 2013-11-12 14:36 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-10-20 09:18 - 2013-10-20 09:18 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Comodo
2013-10-20 09:18 - 2013-10-20 09:18 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-10-20 09:08 - 2013-10-20 09:17 - 214262072 _____ (COMODO) C:\Users\Tomstin\Downloads\cfw_installer63.exe
2013-10-20 09:04 - 2013-10-20 09:04 - 00504808 _____ C:\Users\Tomstin\Downloads\BySoftFreeRAM40.exe
2013-10-19 05:59 - 2013-11-11 23:04 - 00064000 ___SH C:\Users\Tomstin\Thumbs.db
2013-10-18 16:23 - 2013-10-18 16:23 - 00009821 _____ C:\Users\Tomstin\Documents\Teil 2 Schule.odt
2013-10-18 16:19 - 2013-10-20 18:07 - 00010601 _____ C:\Users\Tomstin\Documents\Teil 1 Schule.odt

==================== One Month Modified Files and Folders =======

2013-11-14 14:05 - 2013-11-12 07:04 - 00014221 _____ C:\Users\Tomstin\Desktop\FRST.txt
2013-11-14 13:57 - 2013-11-14 13:57 - 01957794 _____ (Farbar) C:\Users\Tomstin\Desktop\FRST64.exe
2013-11-14 13:37 - 2013-10-10 16:32 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-14 13:14 - 2012-04-05 06:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-14 13:00 - 2013-11-14 13:00 - 00002008 _____ C:\Users\Tomstin\Desktop\JRT.txt
2013-11-14 12:28 - 2009-07-14 18:58 - 00756430 _____ C:\Windows\system32\perfh007.dat
2013-11-14 12:28 - 2009-07-14 18:58 - 00165434 _____ C:\Windows\system32\perfc007.dat
2013-11-14 12:28 - 2009-07-14 06:13 - 01747582 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-14 12:28 - 2009-07-14 05:45 - 00020480 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-14 12:28 - 2009-07-14 05:45 - 00020480 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-14 12:21 - 2013-08-01 21:23 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce8ef5a7dc11.job
2013-11-14 12:21 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-14 12:20 - 2013-11-11 23:32 - 00000616 _____ C:\Windows\setupact.log
2013-11-14 12:20 - 2013-01-09 09:43 - 01141136 _____ C:\Windows\WindowsUpdate.log
2013-11-14 12:01 - 2013-11-14 12:01 - 00000000 ____D C:\Windows\ERUNT
2013-11-14 11:57 - 2013-11-14 11:57 - 01034531 _____ (Thisisu) C:\Users\Tomstin\Desktop\JRT.exe
2013-11-14 11:52 - 2013-09-03 18:00 - 00000000 ___DC C:\AdwCleaner
2013-11-14 08:29 - 2013-11-14 08:28 - 01085542 _____ C:\Users\Tomstin\Desktop\adwcleaner.exe
2013-11-14 08:18 - 2013-11-12 14:33 - 00008686 _____ C:\Windows\PFRO.log
2013-11-14 06:56 - 2013-11-14 06:50 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-14 06:56 - 2013-11-14 06:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-14 06:50 - 2013-11-14 06:50 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Malwarebytes
2013-11-14 06:50 - 2013-11-14 06:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-14 06:49 - 2013-11-14 06:49 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tomstin\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-12 20:46 - 2011-12-15 20:22 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-11-12 20:46 - 2011-12-15 18:02 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-11-12 14:57 - 2013-11-12 14:57 - 00023945 ____C C:\ComboFix.txt
2013-11-12 14:57 - 2013-11-12 14:30 - 00000000 ___DC C:\Qoobox
2013-11-12 14:53 - 2013-11-12 14:29 - 00000000 ____D C:\Windows\erdnt
2013-11-12 14:52 - 2009-07-14 03:34 - 00000215 ____C C:\Windows\system.ini
2013-11-12 14:36 - 2013-10-20 09:18 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2013-11-12 14:36 - 2013-10-20 09:18 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2013-11-12 14:36 - 2013-10-20 09:18 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-11-12 14:33 - 2013-10-23 04:26 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-12 14:32 - 2013-10-23 04:26 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-11-12 14:24 - 2013-11-12 14:23 - 05145576 ____R (Swearware) C:\Users\Tomstin\Desktop\ComboFix.exe
2013-11-12 14:23 - 2013-11-12 14:23 - 05145576 _____ (Swearware) C:\Users\Tomstin\Downloads\ComboFix.exe
2013-11-12 07:04 - 2013-11-12 07:04 - 00024846 _____ C:\Users\Tomstin\Desktop\Addition.txt
2013-11-12 07:02 - 2009-07-14 04:20 - 00000000 ___RD C:\Users\Default
2013-11-12 07:01 - 2013-11-12 07:01 - 00000000 ___DC C:\FRST
2013-11-12 06:08 - 2013-11-12 06:08 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
2013-11-12 06:08 - 2013-11-12 06:08 - 00000000 ____D C:\Program Files (x86)\CleanUp!
2013-11-12 06:08 - 2013-11-12 06:07 - 00339257 _____ C:\Users\Tomstin\Downloads\CleanUp452.exe
2013-11-11 23:41 - 2013-11-11 23:41 - 00001292 _____ C:\Users\Public\Desktop\Ashampoo Registry Cleaner.lnk
2013-11-11 23:41 - 2013-11-11 23:41 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2013-11-11 23:33 - 2013-11-11 23:33 - 00064792 _____ C:\Users\Tomstin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-11 23:32 - 2013-11-11 23:32 - 00307040 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-11 23:32 - 2013-11-11 23:32 - 00000000 _____ C:\Windows\setuperr.log
2013-11-11 23:20 - 2013-07-23 19:11 - 00000000 ____D C:\Users\Tomstin\Desktop\dvd
2013-11-11 23:09 - 2011-11-24 21:08 - 00000000 ____D C:\Users\Tomstin\Documents\My Games
2013-11-11 23:06 - 2011-11-20 10:13 - 00000000 ____D C:\Users\Tomstin
2013-11-11 23:04 - 2013-10-19 05:59 - 00064000 ___SH C:\Users\Tomstin\Thumbs.db
2013-11-11 19:04 - 2013-09-20 21:27 - 00000000 ____D C:\Users\Tomstin\SecurityScans
2013-11-11 19:04 - 2013-09-02 16:47 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\vlc
2013-11-11 19:04 - 2013-04-18 18:15 - 00000000 ____D C:\Program Files\PeerBlock
2013-11-11 18:53 - 2013-08-01 22:41 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Opera Software
2013-11-11 18:53 - 2013-08-01 22:41 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Opera Software
2013-11-11 18:53 - 2013-08-01 22:41 - 00000000 ____D C:\Program Files (x86)\Opera
2013-11-11 12:57 - 2013-10-28 23:05 - 00000000 ____D C:\Program Files (x86)\Look@LAN
2013-11-11 12:56 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-11-11 12:54 - 2012-09-29 05:49 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-11-11 12:45 - 2013-10-22 18:32 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-11 12:36 - 2013-11-11 12:36 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Danny_Tuppeny
2013-11-11 12:36 - 2013-08-01 03:34 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\G+ Notifier
2013-11-10 19:50 - 2011-12-15 18:02 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-11-10 19:35 - 2013-10-22 18:42 - 00000000 ____D C:\Users\Tomstin\Desktop\Oldenburg Klassenprojekt
2013-11-10 19:28 - 2013-09-19 17:21 - 00000099 _____ C:\Users\Public\LMDebug.log
2013-11-10 19:27 - 2013-11-10 19:27 - 00018718 _____ C:\Users\Tomstin\Documents\Einteilung der Gruppenarbeit.odt
2013-11-08 23:45 - 2012-04-05 16:05 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\ICQ
2013-11-08 20:59 - 2013-11-08 20:59 - 00267596 _____ C:\Users\Tomstin\Downloads\afb_video_pal_001.wmv
2013-11-06 19:51 - 2013-06-12 14:06 - 00000000 ____D C:\Windows\pss
2013-11-06 18:47 - 2013-10-29 01:29 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Vidalia
2013-11-06 12:57 - 2011-11-20 10:36 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-06 11:38 - 2013-10-07 06:32 - 00000000 ____D C:\Users\Tomstin\AppData\Local\PrivaZer
2013-11-02 12:14 - 2013-10-31 10:34 - 00000000 ____D C:\Program Files (x86)\Postal.3
2013-11-02 12:14 - 2012-07-22 13:38 - 00000000 ____D C:\Users\DefaultAppPool
2013-11-02 12:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-02 12:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-11-02 12:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-11-02 08:49 - 2013-11-02 08:45 - 14191339 _____ C:\Users\Tomstin\Downloads\Postal_3_Advanced_Germanpatch-RAiNER.rar
2013-11-02 02:41 - 2013-11-01 22:26 - 501561721 _____ C:\Users\Tomstin\Downloads\FreeRoaming.Files.rar
2013-11-01 00:53 - 2013-11-01 00:53 - 00001424 _____ C:\Users\Tomstin\Documents\gfjjghj+.txt
2013-11-01 00:53 - 2013-11-01 00:53 - 00000339 _____ C:\Users\Tomstin\Documents\ax_files.xml
2013-10-31 20:33 - 2013-10-31 20:33 - 00000000 ___DC C:\dumps
2013-10-31 16:42 - 2013-10-31 16:42 - 00000000 ____D C:\Program Files (x86)\Alcohol Soft
2013-10-31 16:30 - 2013-10-31 16:29 - 00000000 ____D C:\Users\Tomstin\Desktop\Alcohol 120% v2.0.2.4713
2013-10-31 16:27 - 2013-10-31 16:27 - 00002958 _____ C:\Windows\System32\Tasks\{DF085E31-F253-4802-B17B-E383E11DD3AE}
2013-10-31 16:24 - 2013-10-31 16:24 - 00001162 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-10-31 16:24 - 2013-10-31 16:24 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-10-31 16:23 - 2013-10-31 16:23 - 05831344 _____ (TeamViewer GmbH) C:\Users\Tomstin\Downloads\TeamViewer_Setup_de_8.0.22298.exe
2013-10-31 11:31 - 2013-10-31 11:31 - 00002958 _____ C:\Windows\System32\Tasks\{D5F981D7-E3AF-4B7E-9551-6686756E2B29}
2013-10-31 11:31 - 2013-10-31 11:31 - 00002958 _____ C:\Windows\System32\Tasks\{A4565EC7-AF95-4C0B-B644-38E81324C47B}
2013-10-28 23:28 - 2013-10-28 23:28 - 00000796 _____ C:\Users\Tomstin\AppData\Local\recently-used.xbel
2013-10-28 23:28 - 2013-10-28 23:27 - 00000000 ____D C:\Users\Tomstin\AppData\Local\gtk-2.0
2013-10-28 23:10 - 2013-10-28 23:08 - 22116616 _____ (Wireshark development team) C:\Users\Tomstin\Downloads\Wireshark-win32-1.10.2.exe
2013-10-28 23:04 - 2013-10-28 23:04 - 02167447 _____ (Indigo Rose Corporation hxxp://www.indigorose.com) C:\Users\Tomstin\Downloads\lalsetup250.exe
2013-10-28 21:48 - 2013-10-28 21:29 - 00000000 ____D C:\Users\Tomstin\Downloads\Far Cry 3 PW-Thircase
2013-10-28 21:26 - 2013-10-06 09:55 - 00000000 ____D C:\Users\Tomstin\Downloads\Macht & Ehre - Schwarzer Orden (2003) lossless
2013-10-28 21:01 - 2013-10-09 20:06 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Ubisoft Game Launcher
2013-10-28 21:01 - 2013-10-08 21:22 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-10-28 21:00 - 2013-10-23 04:14 - 00000000 ____D C:\Program Files (x86)\Vidalia Bridge Bundle
2013-10-28 17:05 - 2012-12-07 13:15 - 00000000 ____D C:\Users\Tomstin\AppData\Local\My Games
2013-10-27 20:59 - 2011-12-15 20:22 - 00000000 ____D C:\Users\Tomstin\AppData\Local\PunkBuster
2013-10-27 20:59 - 2011-12-15 18:02 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-27 20:57 - 2013-10-23 09:11 - 00000000 ____D C:\ProgramData\Orbit
2013-10-25 22:43 - 2013-10-25 22:04 - 117224776 _____ C:\Users\Tomstin\Downloads\rre.rar
2013-10-25 21:30 - 2013-10-25 21:30 - 00770638 _____ C:\Users\Tomstin\Downloads\Phillips, Susan Elizabeth - Ch - jo_741.txt
2013-10-25 07:35 - 2013-10-25 04:36 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.rar
2013-10-25 04:34 - 2013-10-25 04:04 - 177274998 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r10
2013-10-25 03:43 - 2013-10-24 21:45 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r09
2013-10-24 21:16 - 2013-09-01 22:25 - 00000000 ____D C:\Users\Tomstin\Downloads\Bilder
2013-10-24 11:09 - 2013-10-24 08:10 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r08
2013-10-23 19:32 - 2013-10-22 20:37 - 00007310 _____ C:\Windows\system32\Drivers\fvstore.dat
2013-10-23 17:41 - 2013-10-23 13:57 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r07
2013-10-23 16:04 - 2013-10-23 16:04 - 01060070 _____ C:\Users\Tomstin\Downloads\adwcleaner-3.010.exe
2013-10-23 10:47 - 2013-10-23 07:48 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r06
2013-10-23 08:21 - 2013-10-23 08:21 - 00000000 ____D C:\Users\Tomstin\Desktop\Rabiat - Ohne Kompromisse (2007)
2013-10-23 07:16 - 2013-10-23 05:00 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r05
2013-10-23 04:55 - 2013-10-23 04:55 - 00882489 _____ (Methlabs Productions                                        ) C:\Users\Tomstin\Downloads\pg2-050918-nt.exe
2013-10-23 04:27 - 2013-10-23 04:27 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-10-23 04:19 - 2013-10-23 04:17 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Tomstin\Downloads\spybot-2.2.exe
2013-10-23 04:17 - 2013-10-23 01:40 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r04
2013-10-23 04:10 - 2013-10-23 04:08 - 09636506 _____ C:\Users\Tomstin\Downloads\vidalia-bridge-bundle-0.2.3.25-0.2.21.exe
2013-10-23 00:10 - 2013-10-22 18:11 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r03
2013-10-22 20:37 - 2013-10-22 20:37 - 00000000 ___DC C:\VTRoot
2013-10-22 18:36 - 2013-10-22 18:17 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Syncios
2013-10-22 18:36 - 2012-09-29 05:51 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Apple Computer
2013-10-22 18:32 - 2012-09-29 05:51 - 00000000 ____D C:\ProgramData\Apple Computer
2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Apple
2013-10-22 18:30 - 2012-09-29 05:49 - 00000000 ____D C:\ProgramData\Apple
2013-10-22 18:29 - 2013-10-22 18:21 - 97206096 _____ (Apple Inc.) C:\Users\Tomstin\Downloads\iTunes64Setup.exe
2013-10-22 18:15 - 2013-10-22 18:14 - 15678968 _____ (Anvsoft, Inc.                                               ) C:\Users\Tomstin\Downloads\syncios.exe
2013-10-22 18:05 - 2013-10-22 18:05 - 00085282 _____ C:\Users\Tomstin\Downloads\tunesviewer_1.5.1.deb
2013-10-22 16:01 - 2013-10-22 12:17 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r02
2013-10-22 15:49 - 2013-10-22 15:42 - 21357603 _____ C:\Users\Tomstin\Downloads\10.000 Sprüche, Witze & Zitate v1.2 [Cracked by Boerse.BZ].apk
2013-10-22 11:15 - 2013-10-22 08:16 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r01
2013-10-22 06:53 - 2013-10-22 04:38 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r00
2013-10-20 19:21 - 2013-10-20 19:21 - 00010665 _____ C:\Users\Tomstin\Documents\Teil 14.odt
2013-10-20 19:08 - 2013-10-20 18:37 - 00011414 _____ C:\Users\Tomstin\Documents\Teil 12 Schule.odt
2013-10-20 19:02 - 2013-10-20 19:02 - 00010731 _____ C:\Users\Tomstin\Documents\Teil 13 Schule.odt
2013-10-20 18:55 - 2013-10-20 18:47 - 00010612 _____ C:\Users\Tomstin\Documents\Unbenannt 1.odt
2013-10-20 18:27 - 2013-10-20 18:27 - 00011149 _____ C:\Users\Tomstin\Documents\Teil 11 Schule.odt
2013-10-20 18:19 - 2013-10-20 18:19 - 00011095 _____ C:\Users\Tomstin\Documents\Teil 10 Schule.odt
2013-10-20 18:07 - 2013-10-20 17:44 - 00012300 _____ C:\Users\Tomstin\Documents\Teil 3 Schule.odt
2013-10-20 18:07 - 2013-10-18 16:19 - 00010601 _____ C:\Users\Tomstin\Documents\Teil 1 Schule.odt
2013-10-20 18:03 - 2013-10-20 18:03 - 00010933 _____ C:\Users\Tomstin\Documents\Teil 9 Schule.odt
2013-10-20 17:52 - 2013-10-20 17:52 - 00008767 _____ C:\Users\Tomstin\Documents\Teil 8 Schule.odt
2013-10-20 17:49 - 2013-10-20 17:49 - 00008774 _____ C:\Users\Tomstin\Documents\Teil 7 Schule.odt
2013-10-20 17:47 - 2013-10-20 17:47 - 00008754 _____ C:\Users\Tomstin\Documents\Teil 6 Schule.odt
2013-10-20 17:47 - 2013-10-20 17:46 - 00008779 _____ C:\Users\Tomstin\Documents\Teil 5 Schule.odt
2013-10-20 17:47 - 2013-10-20 17:45 - 00008777 _____ C:\Users\Tomstin\Documents\Teil 4 Schulke.odt
2013-10-20 15:39 - 2013-06-12 16:25 - 00000000 ____D C:\Users\Tomstin\Desktop\Programme
2013-10-20 15:39 - 2013-03-15 23:48 - 00000000 ____D C:\Users\Tomstin\Desktop\Neuer Ordner
2013-10-20 14:50 - 2013-10-20 14:50 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Comodo
2013-10-20 14:50 - 2013-10-20 09:19 - 00000000 ____D C:\ProgramData\COMODO
2013-10-20 09:21 - 2013-10-20 09:21 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2013-10-20 09:20 - 2013-10-20 09:19 - 00000000 ___SD C:\ProgramData\Shared Space
2013-10-20 09:19 - 2013-10-20 09:19 - 00000000 ____D C:\Program Files\COMODO
2013-10-20 09:18 - 2013-10-20 09:18 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Comodo
2013-10-20 09:18 - 2013-10-20 09:18 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-10-20 09:17 - 2013-10-20 09:08 - 214262072 _____ (COMODO) C:\Users\Tomstin\Downloads\cfw_installer63.exe
2013-10-20 09:04 - 2013-10-20 09:04 - 00504808 _____ C:\Users\Tomstin\Downloads\BySoftFreeRAM40.exe
2013-10-19 16:33 - 2011-12-28 11:45 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Mozilla
2013-10-18 16:23 - 2013-10-18 16:23 - 00009821 _____ C:\Users\Tomstin\Documents\Teil 2 Schule.odt

Some content of TEMP:
====================
C:\Users\Tomstin\AppData\Local\Temp\Quarantine.exe
C:\Users\Tomstin\AppData\Local\Temp\ubiF59B.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-11 20:52

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 15.11.2013, 09:29   #8
schrauber
/// the machine
/// TB-Ausbilder
 

festplatte füllt sich automatisch! - Standard

festplatte füllt sich automatisch!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.11.2013, 17:11   #9
Falkonett
 
festplatte füllt sich automatisch! - Standard

festplatte füllt sich automatisch!



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f5a20eef7ed125468f2097f6431d446f
# engine=15895
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-15 01:36:42
# local_time=2013-11-15 02:36:42 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 17881 249945892 14202 0
# compatibility_mode=3074 16777213 100 84 6816 45540478 0 0
# compatibility_mode=5893 16776574 100 85 9083845 136152452 0 0
# scanned=226005
# found=0
# cleaned=0
# scan_time=5729
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.76  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Ashampoo Registry Cleaner v.1.0.0  
 JavaFX 2.1.0    
 Java version out of Date! 
 Adobe Flash Player 11.9.900.117  
 Google Chrome 30.0.1599.101  
 Google Chrome 30.0.1599.69  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Comodo Firewall cmdagent.exe 
 Avira AntiVir Desktop sched.exe  
 Avira AntiVir Desktop avshadow.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by Tomstin (administrator) on TOMSTIN-PC on 15-11-2013 18:04:25
Running from C:\Users\Tomstin\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) D:\Avira Antivirus\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) D:\Avira Antivirus\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\system32\CISVC.EXE
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
() D:\Program Files (x86)\Expat Shield\bin\openvpnas.exe
(AnchorFree Inc.) D:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe
() D:\Program Files (x86)\Expat Shield\bin\hsswd.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Windows\System32\tcpsvcs.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Avira Operations GmbH & Co. KG) D:\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Avira Operations GmbH & Co. KG) D:\Avira Antivirus\Avira\AntiVir Desktop\avshadow.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
() D:\Program Files (x86)\Expat Shield\bin\openvpntray.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Microsoft Corporation) C:\Windows\System32\SndVol.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1612504 2013-10-20] (COMODO)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-07-28] (AMD)
HKCU\...\Run: [PeerBlock] - C:\Program Files\PeerBlock\peerblock.exe [2646128 2010-11-06] (PeerBlock, LLC)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - D:\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [tvncontrol] - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-10-11] (Comodo Security Solutions, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD588F4CD18A9CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {1646C8A2-445C-4F04-817C-91C43411A977} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=3932343d-b94a-4f4c-86b6-b30c5bdcd972&pid=murb&k=0
SearchScopes: HKCU - {1646C8A2-445C-4F04-817C-91C43411A977} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKCU - {2064E130-29CE-4745-8DF9-B6B94C74F1F2} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=3932343d-b94a-4f4c-86b6-b30c5bdcd972&pid=murb&mode=bounce&k=0
SearchScopes: HKCU - {69463CC3-D10E-4514-B1F3-B5C1E3715D11} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=3932343d-b94a-4f4c-86b6-b30c5bdcd972&pid=murb&mode=bounce&k=0
SearchScopes: HKCU - {C54C87CC-F39D-496E-A35A-CD475B245A92} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=3932343d-b94a-4f4c-86b6-b30c5bdcd972&pid=murb&mode=bounce&k=0
SearchScopes: HKCU - {F585DC5D-A570-453D-AE52-813BA5C0AD62} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=3932343d-b94a-4f4c-86b6-b30c5bdcd972&pid=murb&mode=bounce&k=0
SearchScopes: HKCU - {F9AA668C-A55A-4AB0-B9EE-73BC7308F49C} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=3932343d-b94a-4f4c-86b6-b30c5bdcd972&pid=murb&mode=bounce&k=0
SearchScopes: HKCU - {FC386457-C037-45E1-A989-F5E7B6FE33DF} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=3932343d-b94a-4f4c-86b6-b30c5bdcd972&pid=murb&mode=bounce&k=0
BHO: Expat Shield Class - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - D:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll (AnchorFree Inc.)
BHO-x32: Expat Shield Class - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - D:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll (AnchorFree Inc.)
DPF: HKLM-x32 {271A3CF5-5A54-447B-A08F-BE805F0DA60B} https://www.olb.de/olb_fb3_1857/plugin/AXFOAM.CAB
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Winsock: Catalog9 01 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 01 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 02 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 03 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 04 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 05 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 06 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 07 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 08 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 19 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{F2E7F5CF-0033-42D8-AB79-1B57E1F3C204}: [NameServer]8.8.8.8

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Tomstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Tomstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Tomstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Tomstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Social Fixer for Facebook) - C:\Users\Tomstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\8.0_0
CHR Extension: (Google Wallet) - C:\Users\Tomstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Tomstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; D:\Avira Antivirus\Avira\AntiVir Desktop\sched.exe [84024 2013-09-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Avira Antivirus\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-02] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; D:\Avira Antivirus\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-02] (Avira Operations GmbH & Co. KG)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2013-10-11] (Comodo Security Solutions, Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6254152 2013-10-20] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [164056 2013-09-24] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2098880 2013-11-11] ()
R2 ExpatShieldService; D:\Program Files (x86)\Expat Shield\bin\openvpnas.exe [331608 2012-01-17] ()
R2 ExpatSrv; D:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe [363336 2012-01-05] (AnchorFree Inc.)
S3 ExpatTrayService; D:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.EXE [77520 2012-01-17] ()
R2 ExpatWd; D:\Program Files (x86)\Expat Shield\bin\hsswd.exe [329544 2012-01-05] ()
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-10-11] (Comodo Security Solutions, Inc.)
S3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-27] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2013-05-07] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-09-24] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [709144 2013-09-24] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48872 2013-09-24] (COMODO)
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2012-03-19] (Arainia Solutions LLC)
S3 GWHid; C:\Windows\System32\DRIVERS\GWHid.sys [22648 2010-06-13] (Microsoft Corporation)
R1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [14888 2013-10-07] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [96800 2013-09-24] (COMODO)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 VL807; C:\Windows\System32\DRIVERS\VL807.sys [36728 2010-06-13] ()
S3 VL807; C:\Windows\SysWow64\DRIVERS\VL807.sys [28920 2010-06-13] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz135; \??\C:\Users\Tomstin\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [x]
S3 SANDRA; \??\D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1a\WNt500x64\Sandra.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-15 16:26 - 2013-11-15 16:26 - 00891184 _____ C:\Users\Tomstin\Desktop\SecurityCheck.exe
2013-11-15 12:59 - 2013-11-15 12:59 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-15 12:57 - 2013-11-15 12:57 - 02347384 _____ (ESET) C:\Users\Tomstin\Downloads\esetsmartinstaller_enu.exe
2013-11-14 13:57 - 2013-11-14 13:57 - 01957794 _____ (Farbar) C:\Users\Tomstin\Desktop\FRST64.exe
2013-11-14 13:00 - 2013-11-14 13:00 - 00002008 _____ C:\Users\Tomstin\Desktop\JRT.txt
2013-11-14 12:01 - 2013-11-14 12:01 - 00000000 ____D C:\Windows\ERUNT
2013-11-14 11:57 - 2013-11-14 11:57 - 01034531 _____ (Thisisu) C:\Users\Tomstin\Desktop\JRT.exe
2013-11-14 08:28 - 2013-11-14 08:29 - 01085542 _____ C:\Users\Tomstin\Desktop\adwcleaner.exe
2013-11-14 06:50 - 2013-11-14 06:56 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-14 06:50 - 2013-11-14 06:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-14 06:50 - 2013-11-14 06:50 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Malwarebytes
2013-11-14 06:50 - 2013-11-14 06:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-14 06:50 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-14 06:49 - 2013-11-14 06:49 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tomstin\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-12 14:57 - 2013-11-12 14:57 - 00023945 ____C C:\ComboFix.txt
2013-11-12 14:40 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-12 14:40 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-12 14:40 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-12 14:40 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-12 14:40 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-12 14:40 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-12 14:40 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-12 14:40 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-12 14:33 - 2013-11-14 08:18 - 00008686 _____ C:\Windows\PFRO.log
2013-11-12 14:30 - 2013-11-12 14:57 - 00000000 ___DC C:\Qoobox
2013-11-12 14:29 - 2013-11-12 14:53 - 00000000 ____D C:\Windows\erdnt
2013-11-12 14:23 - 2013-11-12 14:24 - 05145576 ____R (Swearware) C:\Users\Tomstin\Desktop\ComboFix.exe
2013-11-12 14:23 - 2013-11-12 14:23 - 05145576 _____ (Swearware) C:\Users\Tomstin\Downloads\ComboFix.exe
2013-11-12 07:04 - 2013-11-15 18:04 - 00014976 _____ C:\Users\Tomstin\Desktop\FRST.txt
2013-11-12 07:04 - 2013-11-12 07:04 - 00024846 _____ C:\Users\Tomstin\Desktop\Addition.txt
2013-11-12 07:01 - 2013-11-12 07:01 - 00000000 ___DC C:\FRST
2013-11-12 06:08 - 2013-11-12 06:08 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
2013-11-12 06:08 - 2013-11-12 06:08 - 00000000 ____D C:\Program Files (x86)\CleanUp!
2013-11-12 06:07 - 2013-11-12 06:08 - 00339257 _____ C:\Users\Tomstin\Downloads\CleanUp452.exe
2013-11-11 23:41 - 2013-11-11 23:41 - 00001292 _____ C:\Users\Public\Desktop\Ashampoo Registry Cleaner.lnk
2013-11-11 23:41 - 2013-11-11 23:41 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2013-11-11 23:33 - 2013-11-11 23:33 - 00064792 _____ C:\Users\Tomstin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-11 23:32 - 2013-11-15 12:40 - 00000728 _____ C:\Windows\setupact.log
2013-11-11 23:32 - 2013-11-11 23:32 - 00307040 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-11 23:32 - 2013-11-11 23:32 - 00000000 _____ C:\Windows\setuperr.log
2013-11-11 12:36 - 2013-11-11 12:36 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Danny_Tuppeny
2013-11-10 19:27 - 2013-11-10 19:27 - 00018718 _____ C:\Users\Tomstin\Documents\Einteilung der Gruppenarbeit.odt
2013-11-08 20:59 - 2013-11-08 20:59 - 00267596 _____ C:\Users\Tomstin\Downloads\afb_video_pal_001.wmv
2013-11-02 08:50 - 2012-12-18 00:04 - 00000000 ____D C:\Users\Tomstin\Desktop\Postal3-Advanced-German-Patch
2013-11-02 08:45 - 2013-11-02 08:49 - 14191339 _____ C:\Users\Tomstin\Downloads\Postal_3_Advanced_Germanpatch-RAiNER.rar
2013-11-01 22:26 - 2013-11-02 02:41 - 501561721 _____ C:\Users\Tomstin\Downloads\FreeRoaming.Files.rar
2013-11-01 00:53 - 2013-11-01 00:53 - 00001424 _____ C:\Users\Tomstin\Documents\gfjjghj+.txt
2013-11-01 00:53 - 2013-11-01 00:53 - 00000339 _____ C:\Users\Tomstin\Documents\ax_files.xml
2013-10-31 20:33 - 2013-10-31 20:33 - 00000000 ___DC C:\dumps
2013-10-31 16:42 - 2013-10-31 16:42 - 00000000 ____D C:\Program Files (x86)\Alcohol Soft
2013-10-31 16:29 - 2013-10-31 16:30 - 00000000 ____D C:\Users\Tomstin\Desktop\Alcohol 120% v2.0.2.4713
2013-10-31 16:27 - 2013-10-31 16:27 - 00002958 _____ C:\Windows\System32\Tasks\{DF085E31-F253-4802-B17B-E383E11DD3AE}
2013-10-31 16:24 - 2013-10-31 16:24 - 00001162 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-10-31 16:24 - 2013-10-31 16:24 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-10-31 16:24 - 2013-06-06 07:24 - 00035112 _____ (TeamViewer GmbH) C:\Windows\system32\Drivers\teamviewervpn.sys
2013-10-31 16:23 - 2013-10-31 16:23 - 05831344 _____ (TeamViewer GmbH) C:\Users\Tomstin\Downloads\TeamViewer_Setup_de_8.0.22298.exe
2013-10-31 11:31 - 2013-10-31 11:31 - 00002958 _____ C:\Windows\System32\Tasks\{D5F981D7-E3AF-4B7E-9551-6686756E2B29}
2013-10-31 11:31 - 2013-10-31 11:31 - 00002958 _____ C:\Windows\System32\Tasks\{A4565EC7-AF95-4C0B-B644-38E81324C47B}
2013-10-31 10:34 - 2013-11-02 12:14 - 00000000 ____D C:\Program Files (x86)\Postal.3
2013-10-29 01:29 - 2013-11-06 18:47 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Vidalia
2013-10-28 23:28 - 2013-10-28 23:28 - 00000796 _____ C:\Users\Tomstin\AppData\Local\recently-used.xbel
2013-10-28 23:27 - 2013-10-28 23:28 - 00000000 ____D C:\Users\Tomstin\AppData\Local\gtk-2.0
2013-10-28 23:08 - 2013-10-28 23:10 - 22116616 _____ (Wireshark development team) C:\Users\Tomstin\Downloads\Wireshark-win32-1.10.2.exe
2013-10-28 23:05 - 2013-11-11 12:57 - 00000000 ____D C:\Program Files (x86)\Look@LAN
2013-10-28 23:04 - 2013-10-28 23:04 - 02167447 _____ (Indigo Rose Corporation hxxp://www.indigorose.com) C:\Users\Tomstin\Downloads\lalsetup250.exe
2013-10-28 21:29 - 2013-10-28 21:48 - 00000000 ____D C:\Users\Tomstin\Downloads\Far Cry 3 PW-Thircase
2013-10-25 22:04 - 2013-10-25 22:43 - 117224776 _____ C:\Users\Tomstin\Downloads\rre.rar
2013-10-25 21:30 - 2013-10-25 21:30 - 00770638 _____ C:\Users\Tomstin\Downloads\Phillips, Susan Elizabeth - Ch - jo_741.txt
2013-10-25 04:36 - 2013-10-25 07:35 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.rar
2013-10-25 04:04 - 2013-10-25 04:34 - 177274998 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r10
2013-10-24 21:45 - 2013-10-25 03:43 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r09
2013-10-24 08:10 - 2013-10-24 11:09 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r08
2013-10-23 16:04 - 2013-10-23 16:04 - 01060070 _____ C:\Users\Tomstin\Downloads\adwcleaner-3.010.exe
2013-10-23 13:57 - 2013-10-23 17:41 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r07
2013-10-23 09:11 - 2013-10-27 20:57 - 00000000 ____D C:\ProgramData\Orbit
2013-10-23 08:21 - 2013-10-23 08:21 - 00000000 ____D C:\Users\Tomstin\Desktop\Rabiat - Ohne Kompromisse (2007)
2013-10-23 07:48 - 2013-10-23 10:47 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r06
2013-10-23 05:00 - 2013-10-23 07:16 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r05
2013-10-23 04:55 - 2013-10-23 04:55 - 00882489 _____ (Methlabs Productions                                        ) C:\Users\Tomstin\Downloads\pg2-050918-nt.exe
2013-10-23 04:27 - 2013-10-23 04:27 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-10-23 04:26 - 2013-11-12 14:33 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-10-23 04:26 - 2013-11-12 14:32 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-23 04:17 - 2013-10-23 04:19 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Tomstin\Downloads\spybot-2.2.exe
2013-10-23 04:14 - 2013-10-28 21:00 - 00000000 ____D C:\Program Files (x86)\Vidalia Bridge Bundle
2013-10-23 04:08 - 2013-10-23 04:10 - 09636506 _____ C:\Users\Tomstin\Downloads\vidalia-bridge-bundle-0.2.3.25-0.2.21.exe
2013-10-23 01:40 - 2013-10-23 04:17 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r04
2013-10-22 20:37 - 2013-10-23 19:32 - 00007310 _____ C:\Windows\system32\Drivers\fvstore.dat
2013-10-22 20:37 - 2013-10-22 20:37 - 00000000 ___DC C:\VTRoot
2013-10-22 18:42 - 2013-11-10 19:35 - 00000000 ____D C:\Users\Tomstin\Desktop\Oldenburg Klassenprojekt
2013-10-22 18:32 - 2013-11-11 12:45 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Apple
2013-10-22 18:21 - 2013-10-22 18:29 - 97206096 _____ (Apple Inc.) C:\Users\Tomstin\Downloads\iTunes64Setup.exe
2013-10-22 18:17 - 2013-10-22 18:36 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Syncios
2013-10-22 18:14 - 2013-10-22 18:15 - 15678968 _____ (Anvsoft, Inc.                                               ) C:\Users\Tomstin\Downloads\syncios.exe
2013-10-22 18:11 - 2013-10-23 00:10 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r03
2013-10-22 18:05 - 2013-10-22 18:05 - 00085282 _____ C:\Users\Tomstin\Downloads\tunesviewer_1.5.1.deb
2013-10-22 15:42 - 2013-10-22 15:49 - 21357603 _____ C:\Users\Tomstin\Downloads\10.000 Sprüche, Witze & Zitate v1.2 [Cracked by Boerse.BZ].apk
2013-10-22 12:17 - 2013-10-22 16:01 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r02
2013-10-22 08:16 - 2013-10-22 11:15 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r01
2013-10-22 04:38 - 2013-10-22 06:53 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r00
2013-10-20 19:21 - 2013-10-20 19:21 - 00010665 _____ C:\Users\Tomstin\Documents\Teil 14.odt
2013-10-20 19:02 - 2013-10-20 19:02 - 00010731 _____ C:\Users\Tomstin\Documents\Teil 13 Schule.odt
2013-10-20 18:47 - 2013-10-20 18:55 - 00010612 _____ C:\Users\Tomstin\Documents\Unbenannt 1.odt
2013-10-20 18:37 - 2013-10-20 19:08 - 00011414 _____ C:\Users\Tomstin\Documents\Teil 12 Schule.odt
2013-10-20 18:27 - 2013-10-20 18:27 - 00011149 _____ C:\Users\Tomstin\Documents\Teil 11 Schule.odt
2013-10-20 18:19 - 2013-10-20 18:19 - 00011095 _____ C:\Users\Tomstin\Documents\Teil 10 Schule.odt
2013-10-20 18:03 - 2013-10-20 18:03 - 00010933 _____ C:\Users\Tomstin\Documents\Teil 9 Schule.odt
2013-10-20 17:52 - 2013-10-20 17:52 - 00008767 _____ C:\Users\Tomstin\Documents\Teil 8 Schule.odt
2013-10-20 17:49 - 2013-10-20 17:49 - 00008774 _____ C:\Users\Tomstin\Documents\Teil 7 Schule.odt
2013-10-20 17:47 - 2013-10-20 17:47 - 00008754 _____ C:\Users\Tomstin\Documents\Teil 6 Schule.odt
2013-10-20 17:46 - 2013-10-20 17:47 - 00008779 _____ C:\Users\Tomstin\Documents\Teil 5 Schule.odt
2013-10-20 17:45 - 2013-10-20 17:47 - 00008777 _____ C:\Users\Tomstin\Documents\Teil 4 Schulke.odt
2013-10-20 17:44 - 2013-10-20 18:07 - 00012300 _____ C:\Users\Tomstin\Documents\Teil 3 Schule.odt
2013-10-20 14:50 - 2013-10-20 14:50 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Comodo
2013-10-20 09:21 - 2013-10-20 09:21 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2013-10-20 09:19 - 2013-10-20 14:50 - 00000000 ____D C:\ProgramData\COMODO
2013-10-20 09:19 - 2013-10-20 09:20 - 00000000 ___SD C:\ProgramData\Shared Space
2013-10-20 09:19 - 2013-10-20 09:19 - 00000000 ____D C:\Program Files\COMODO
2013-10-20 09:18 - 2013-11-12 14:36 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2013-10-20 09:18 - 2013-11-12 14:36 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2013-10-20 09:18 - 2013-11-12 14:36 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-10-20 09:18 - 2013-10-20 09:18 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Comodo
2013-10-20 09:18 - 2013-10-20 09:18 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-10-20 09:08 - 2013-10-20 09:17 - 214262072 _____ (COMODO) C:\Users\Tomstin\Downloads\cfw_installer63.exe
2013-10-20 09:04 - 2013-10-20 09:04 - 00504808 _____ C:\Users\Tomstin\Downloads\BySoftFreeRAM40.exe
2013-10-19 05:59 - 2013-11-11 23:04 - 00064000 ___SH C:\Users\Tomstin\Thumbs.db
2013-10-18 16:23 - 2013-10-18 16:23 - 00009821 _____ C:\Users\Tomstin\Documents\Teil 2 Schule.odt
2013-10-18 16:19 - 2013-10-20 18:07 - 00010601 _____ C:\Users\Tomstin\Documents\Teil 1 Schule.odt

==================== One Month Modified Files and Folders =======

2013-11-15 18:06 - 2013-11-12 07:04 - 00014976 _____ C:\Users\Tomstin\Desktop\FRST.txt
2013-11-15 17:37 - 2013-10-10 16:32 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-15 17:37 - 2013-08-01 21:23 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce8ef5a7dc11.job
2013-11-15 17:16 - 2013-09-01 22:25 - 00000000 ____D C:\Users\Tomstin\Downloads\Bilder
2013-11-15 17:14 - 2012-04-05 06:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-15 16:26 - 2013-11-15 16:26 - 00891184 _____ C:\Users\Tomstin\Desktop\SecurityCheck.exe
2013-11-15 13:57 - 2013-01-09 09:43 - 01148761 _____ C:\Windows\WindowsUpdate.log
2013-11-15 12:59 - 2013-11-15 12:59 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-15 12:57 - 2013-11-15 12:57 - 02347384 _____ (ESET) C:\Users\Tomstin\Downloads\esetsmartinstaller_enu.exe
2013-11-15 12:48 - 2009-07-14 05:45 - 00020480 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-15 12:48 - 2009-07-14 05:45 - 00020480 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-15 12:44 - 2009-07-14 18:58 - 00756430 _____ C:\Windows\system32\perfh007.dat
2013-11-15 12:44 - 2009-07-14 18:58 - 00165434 _____ C:\Windows\system32\perfc007.dat
2013-11-15 12:44 - 2009-07-14 06:13 - 01747582 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-15 12:40 - 2013-11-11 23:32 - 00000728 _____ C:\Windows\setupact.log
2013-11-15 12:40 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-14 21:14 - 2011-12-15 20:22 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-11-14 21:14 - 2011-12-15 18:02 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-11-14 16:37 - 2011-12-15 18:02 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-11-14 13:57 - 2013-11-14 13:57 - 01957794 _____ (Farbar) C:\Users\Tomstin\Desktop\FRST64.exe
2013-11-14 13:00 - 2013-11-14 13:00 - 00002008 _____ C:\Users\Tomstin\Desktop\JRT.txt
2013-11-14 12:01 - 2013-11-14 12:01 - 00000000 ____D C:\Windows\ERUNT
2013-11-14 11:57 - 2013-11-14 11:57 - 01034531 _____ (Thisisu) C:\Users\Tomstin\Desktop\JRT.exe
2013-11-14 11:52 - 2013-09-03 18:00 - 00000000 ___DC C:\AdwCleaner
2013-11-14 08:29 - 2013-11-14 08:28 - 01085542 _____ C:\Users\Tomstin\Desktop\adwcleaner.exe
2013-11-14 08:18 - 2013-11-12 14:33 - 00008686 _____ C:\Windows\PFRO.log
2013-11-14 06:56 - 2013-11-14 06:50 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-14 06:56 - 2013-11-14 06:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-14 06:50 - 2013-11-14 06:50 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Malwarebytes
2013-11-14 06:50 - 2013-11-14 06:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-14 06:49 - 2013-11-14 06:49 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tomstin\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-12 14:57 - 2013-11-12 14:57 - 00023945 ____C C:\ComboFix.txt
2013-11-12 14:57 - 2013-11-12 14:30 - 00000000 ___DC C:\Qoobox
2013-11-12 14:53 - 2013-11-12 14:29 - 00000000 ____D C:\Windows\erdnt
2013-11-12 14:52 - 2009-07-14 03:34 - 00000215 ____C C:\Windows\system.ini
2013-11-12 14:36 - 2013-10-20 09:18 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2013-11-12 14:36 - 2013-10-20 09:18 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2013-11-12 14:36 - 2013-10-20 09:18 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-11-12 14:33 - 2013-10-23 04:26 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-12 14:32 - 2013-10-23 04:26 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-11-12 14:24 - 2013-11-12 14:23 - 05145576 ____R (Swearware) C:\Users\Tomstin\Desktop\ComboFix.exe
2013-11-12 14:23 - 2013-11-12 14:23 - 05145576 _____ (Swearware) C:\Users\Tomstin\Downloads\ComboFix.exe
2013-11-12 07:04 - 2013-11-12 07:04 - 00024846 _____ C:\Users\Tomstin\Desktop\Addition.txt
2013-11-12 07:02 - 2009-07-14 04:20 - 00000000 ___RD C:\Users\Default
2013-11-12 07:01 - 2013-11-12 07:01 - 00000000 ___DC C:\FRST
2013-11-12 06:08 - 2013-11-12 06:08 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
2013-11-12 06:08 - 2013-11-12 06:08 - 00000000 ____D C:\Program Files (x86)\CleanUp!
2013-11-12 06:08 - 2013-11-12 06:07 - 00339257 _____ C:\Users\Tomstin\Downloads\CleanUp452.exe
2013-11-11 23:41 - 2013-11-11 23:41 - 00001292 _____ C:\Users\Public\Desktop\Ashampoo Registry Cleaner.lnk
2013-11-11 23:41 - 2013-11-11 23:41 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2013-11-11 23:33 - 2013-11-11 23:33 - 00064792 _____ C:\Users\Tomstin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-11 23:32 - 2013-11-11 23:32 - 00307040 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-11 23:32 - 2013-11-11 23:32 - 00000000 _____ C:\Windows\setuperr.log
2013-11-11 23:20 - 2013-07-23 19:11 - 00000000 ____D C:\Users\Tomstin\Desktop\dvd
2013-11-11 23:09 - 2011-11-24 21:08 - 00000000 ____D C:\Users\Tomstin\Documents\My Games
2013-11-11 23:06 - 2011-11-20 10:13 - 00000000 ____D C:\Users\Tomstin
2013-11-11 23:04 - 2013-10-19 05:59 - 00064000 ___SH C:\Users\Tomstin\Thumbs.db
2013-11-11 19:04 - 2013-09-20 21:27 - 00000000 ____D C:\Users\Tomstin\SecurityScans
2013-11-11 19:04 - 2013-09-02 16:47 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\vlc
2013-11-11 19:04 - 2013-04-18 18:15 - 00000000 ____D C:\Program Files\PeerBlock
2013-11-11 18:53 - 2013-08-01 22:41 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Opera Software
2013-11-11 18:53 - 2013-08-01 22:41 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Opera Software
2013-11-11 18:53 - 2013-08-01 22:41 - 00000000 ____D C:\Program Files (x86)\Opera
2013-11-11 12:57 - 2013-10-28 23:05 - 00000000 ____D C:\Program Files (x86)\Look@LAN
2013-11-11 12:56 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-11-11 12:54 - 2012-09-29 05:49 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-11-11 12:45 - 2013-10-22 18:32 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-11 12:36 - 2013-11-11 12:36 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Danny_Tuppeny
2013-11-11 12:36 - 2013-08-01 03:34 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\G+ Notifier
2013-11-10 19:35 - 2013-10-22 18:42 - 00000000 ____D C:\Users\Tomstin\Desktop\Oldenburg Klassenprojekt
2013-11-10 19:28 - 2013-09-19 17:21 - 00000099 _____ C:\Users\Public\LMDebug.log
2013-11-10 19:27 - 2013-11-10 19:27 - 00018718 _____ C:\Users\Tomstin\Documents\Einteilung der Gruppenarbeit.odt
2013-11-08 23:45 - 2012-04-05 16:05 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\ICQ
2013-11-08 20:59 - 2013-11-08 20:59 - 00267596 _____ C:\Users\Tomstin\Downloads\afb_video_pal_001.wmv
2013-11-06 19:51 - 2013-06-12 14:06 - 00000000 ____D C:\Windows\pss
2013-11-06 18:47 - 2013-10-29 01:29 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Vidalia
2013-11-06 12:57 - 2011-11-20 10:36 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-06 11:38 - 2013-10-07 06:32 - 00000000 ____D C:\Users\Tomstin\AppData\Local\PrivaZer
2013-11-02 12:14 - 2013-10-31 10:34 - 00000000 ____D C:\Program Files (x86)\Postal.3
2013-11-02 12:14 - 2012-07-22 13:38 - 00000000 ____D C:\Users\DefaultAppPool
2013-11-02 12:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-02 12:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-11-02 12:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-11-02 08:49 - 2013-11-02 08:45 - 14191339 _____ C:\Users\Tomstin\Downloads\Postal_3_Advanced_Germanpatch-RAiNER.rar
2013-11-02 02:41 - 2013-11-01 22:26 - 501561721 _____ C:\Users\Tomstin\Downloads\FreeRoaming.Files.rar
2013-11-01 00:53 - 2013-11-01 00:53 - 00001424 _____ C:\Users\Tomstin\Documents\gfjjghj+.txt
2013-11-01 00:53 - 2013-11-01 00:53 - 00000339 _____ C:\Users\Tomstin\Documents\ax_files.xml
2013-10-31 20:33 - 2013-10-31 20:33 - 00000000 ___DC C:\dumps
2013-10-31 16:42 - 2013-10-31 16:42 - 00000000 ____D C:\Program Files (x86)\Alcohol Soft
2013-10-31 16:30 - 2013-10-31 16:29 - 00000000 ____D C:\Users\Tomstin\Desktop\Alcohol 120% v2.0.2.4713
2013-10-31 16:27 - 2013-10-31 16:27 - 00002958 _____ C:\Windows\System32\Tasks\{DF085E31-F253-4802-B17B-E383E11DD3AE}
2013-10-31 16:24 - 2013-10-31 16:24 - 00001162 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-10-31 16:24 - 2013-10-31 16:24 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-10-31 16:23 - 2013-10-31 16:23 - 05831344 _____ (TeamViewer GmbH) C:\Users\Tomstin\Downloads\TeamViewer_Setup_de_8.0.22298.exe
2013-10-31 11:31 - 2013-10-31 11:31 - 00002958 _____ C:\Windows\System32\Tasks\{D5F981D7-E3AF-4B7E-9551-6686756E2B29}
2013-10-31 11:31 - 2013-10-31 11:31 - 00002958 _____ C:\Windows\System32\Tasks\{A4565EC7-AF95-4C0B-B644-38E81324C47B}
2013-10-28 23:28 - 2013-10-28 23:28 - 00000796 _____ C:\Users\Tomstin\AppData\Local\recently-used.xbel
2013-10-28 23:28 - 2013-10-28 23:27 - 00000000 ____D C:\Users\Tomstin\AppData\Local\gtk-2.0
2013-10-28 23:10 - 2013-10-28 23:08 - 22116616 _____ (Wireshark development team) C:\Users\Tomstin\Downloads\Wireshark-win32-1.10.2.exe
2013-10-28 23:04 - 2013-10-28 23:04 - 02167447 _____ (Indigo Rose Corporation hxxp://www.indigorose.com) C:\Users\Tomstin\Downloads\lalsetup250.exe
2013-10-28 21:48 - 2013-10-28 21:29 - 00000000 ____D C:\Users\Tomstin\Downloads\Far Cry 3 PW-Thircase
2013-10-28 21:26 - 2013-10-06 09:55 - 00000000 ____D C:\Users\Tomstin\Downloads\Macht & Ehre - Schwarzer Orden (2003) lossless
2013-10-28 21:01 - 2013-10-09 20:06 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Ubisoft Game Launcher
2013-10-28 21:01 - 2013-10-08 21:22 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-10-28 21:00 - 2013-10-23 04:14 - 00000000 ____D C:\Program Files (x86)\Vidalia Bridge Bundle
2013-10-28 17:05 - 2012-12-07 13:15 - 00000000 ____D C:\Users\Tomstin\AppData\Local\My Games
2013-10-27 20:59 - 2011-12-15 20:22 - 00000000 ____D C:\Users\Tomstin\AppData\Local\PunkBuster
2013-10-27 20:59 - 2011-12-15 18:02 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-27 20:57 - 2013-10-23 09:11 - 00000000 ____D C:\ProgramData\Orbit
2013-10-25 22:43 - 2013-10-25 22:04 - 117224776 _____ C:\Users\Tomstin\Downloads\rre.rar
2013-10-25 21:30 - 2013-10-25 21:30 - 00770638 _____ C:\Users\Tomstin\Downloads\Phillips, Susan Elizabeth - Ch - jo_741.txt
2013-10-25 07:35 - 2013-10-25 04:36 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.rar
2013-10-25 04:34 - 2013-10-25 04:04 - 177274998 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r10
2013-10-25 03:43 - 2013-10-24 21:45 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r09
2013-10-24 11:09 - 2013-10-24 08:10 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r08
2013-10-23 19:32 - 2013-10-22 20:37 - 00007310 _____ C:\Windows\system32\Drivers\fvstore.dat
2013-10-23 17:41 - 2013-10-23 13:57 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r07
2013-10-23 16:04 - 2013-10-23 16:04 - 01060070 _____ C:\Users\Tomstin\Downloads\adwcleaner-3.010.exe
2013-10-23 10:47 - 2013-10-23 07:48 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r06
2013-10-23 08:21 - 2013-10-23 08:21 - 00000000 ____D C:\Users\Tomstin\Desktop\Rabiat - Ohne Kompromisse (2007)
2013-10-23 07:16 - 2013-10-23 05:00 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r05
2013-10-23 04:55 - 2013-10-23 04:55 - 00882489 _____ (Methlabs Productions                                        ) C:\Users\Tomstin\Downloads\pg2-050918-nt.exe
2013-10-23 04:27 - 2013-10-23 04:27 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-10-23 04:19 - 2013-10-23 04:17 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Tomstin\Downloads\spybot-2.2.exe
2013-10-23 04:17 - 2013-10-23 01:40 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r04
2013-10-23 04:10 - 2013-10-23 04:08 - 09636506 _____ C:\Users\Tomstin\Downloads\vidalia-bridge-bundle-0.2.3.25-0.2.21.exe
2013-10-23 00:10 - 2013-10-22 18:11 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r03
2013-10-22 20:37 - 2013-10-22 20:37 - 00000000 ___DC C:\VTRoot
2013-10-22 18:36 - 2013-10-22 18:17 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Syncios
2013-10-22 18:36 - 2012-09-29 05:51 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Apple Computer
2013-10-22 18:32 - 2012-09-29 05:51 - 00000000 ____D C:\ProgramData\Apple Computer
2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Apple
2013-10-22 18:30 - 2012-09-29 05:49 - 00000000 ____D C:\ProgramData\Apple
2013-10-22 18:29 - 2013-10-22 18:21 - 97206096 _____ (Apple Inc.) C:\Users\Tomstin\Downloads\iTunes64Setup.exe
2013-10-22 18:15 - 2013-10-22 18:14 - 15678968 _____ (Anvsoft, Inc.                                               ) C:\Users\Tomstin\Downloads\syncios.exe
2013-10-22 18:05 - 2013-10-22 18:05 - 00085282 _____ C:\Users\Tomstin\Downloads\tunesviewer_1.5.1.deb
2013-10-22 16:01 - 2013-10-22 12:17 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r02
2013-10-22 15:49 - 2013-10-22 15:42 - 21357603 _____ C:\Users\Tomstin\Downloads\10.000 Sprüche, Witze & Zitate v1.2 [Cracked by Boerse.BZ].apk
2013-10-22 11:15 - 2013-10-22 08:16 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r01
2013-10-22 06:53 - 2013-10-22 04:38 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r00
2013-10-20 19:21 - 2013-10-20 19:21 - 00010665 _____ C:\Users\Tomstin\Documents\Teil 14.odt
2013-10-20 19:08 - 2013-10-20 18:37 - 00011414 _____ C:\Users\Tomstin\Documents\Teil 12 Schule.odt
2013-10-20 19:02 - 2013-10-20 19:02 - 00010731 _____ C:\Users\Tomstin\Documents\Teil 13 Schule.odt
2013-10-20 18:55 - 2013-10-20 18:47 - 00010612 _____ C:\Users\Tomstin\Documents\Unbenannt 1.odt
2013-10-20 18:27 - 2013-10-20 18:27 - 00011149 _____ C:\Users\Tomstin\Documents\Teil 11 Schule.odt
2013-10-20 18:19 - 2013-10-20 18:19 - 00011095 _____ C:\Users\Tomstin\Documents\Teil 10 Schule.odt
2013-10-20 18:07 - 2013-10-20 17:44 - 00012300 _____ C:\Users\Tomstin\Documents\Teil 3 Schule.odt
2013-10-20 18:07 - 2013-10-18 16:19 - 00010601 _____ C:\Users\Tomstin\Documents\Teil 1 Schule.odt
2013-10-20 18:03 - 2013-10-20 18:03 - 00010933 _____ C:\Users\Tomstin\Documents\Teil 9 Schule.odt
2013-10-20 17:52 - 2013-10-20 17:52 - 00008767 _____ C:\Users\Tomstin\Documents\Teil 8 Schule.odt
2013-10-20 17:49 - 2013-10-20 17:49 - 00008774 _____ C:\Users\Tomstin\Documents\Teil 7 Schule.odt
2013-10-20 17:47 - 2013-10-20 17:47 - 00008754 _____ C:\Users\Tomstin\Documents\Teil 6 Schule.odt
2013-10-20 17:47 - 2013-10-20 17:46 - 00008779 _____ C:\Users\Tomstin\Documents\Teil 5 Schule.odt
2013-10-20 17:47 - 2013-10-20 17:45 - 00008777 _____ C:\Users\Tomstin\Documents\Teil 4 Schulke.odt
2013-10-20 15:39 - 2013-06-12 16:25 - 00000000 ____D C:\Users\Tomstin\Desktop\Programme
2013-10-20 15:39 - 2013-03-15 23:48 - 00000000 ____D C:\Users\Tomstin\Desktop\Neuer Ordner
2013-10-20 14:50 - 2013-10-20 14:50 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Comodo
2013-10-20 14:50 - 2013-10-20 09:19 - 00000000 ____D C:\ProgramData\COMODO
2013-10-20 09:21 - 2013-10-20 09:21 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2013-10-20 09:20 - 2013-10-20 09:19 - 00000000 ___SD C:\ProgramData\Shared Space
2013-10-20 09:19 - 2013-10-20 09:19 - 00000000 ____D C:\Program Files\COMODO
2013-10-20 09:18 - 2013-10-20 09:18 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Comodo
2013-10-20 09:18 - 2013-10-20 09:18 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-10-20 09:17 - 2013-10-20 09:08 - 214262072 _____ (COMODO) C:\Users\Tomstin\Downloads\cfw_installer63.exe
2013-10-20 09:04 - 2013-10-20 09:04 - 00504808 _____ C:\Users\Tomstin\Downloads\BySoftFreeRAM40.exe
2013-10-19 16:33 - 2011-12-28 11:45 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Mozilla
2013-10-18 16:23 - 2013-10-18 16:23 - 00009821 _____ C:\Users\Tomstin\Documents\Teil 2 Schule.odt

Some content of TEMP:
====================
C:\Users\Tomstin\AppData\Local\Temp\Quarantine.exe
C:\Users\Tomstin\AppData\Local\Temp\ubiF59B.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-11 20:52

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Ich würde gerne herausfinden, wo der andere Speicherplatz ist!

Alt 16.11.2013, 11:22   #10
schrauber
/// the machine
/// TB-Ausbilder
 

festplatte füllt sich automatisch! - Standard

festplatte füllt sich automatisch!



Java updaten. Um wieviel Platz geht es? Öffne bitte FRST und setz nen Haken bei Additional, scanne und poste beide Logfiles.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.11.2013, 20:13   #11
Falkonett
 
festplatte füllt sich automatisch! - Standard

festplatte füllt sich automatisch!



272 Gb... Wenn ich alle Ordner in Laufwerk D kopiere kommen nur 42 Gb heraus... Das Volumen des Laufwerks ist aber 314! ._.


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by Tomstin (administrator) on TOMSTIN-PC on 16-11-2013 21:08:13
Running from C:\Users\Tomstin\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) D:\Avira Antivirus\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) D:\Avira Antivirus\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\system32\CISVC.EXE
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
() D:\Program Files (x86)\Expat Shield\bin\openvpnas.exe
(AnchorFree Inc.) D:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe
() D:\Program Files (x86)\Expat Shield\bin\hsswd.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Windows\System32\tcpsvcs.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Avira Operations GmbH & Co. KG) D:\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(AdTrustMedia) C:\Program Files (x86)\AdTrustMedia\PrivDog\1.7.0.12\trustedadssvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Avira Operations GmbH & Co. KG) D:\Avira Antivirus\Avira\AntiVir Desktop\avshadow.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
() D:\Program Files (x86)\Expat Shield\bin\openvpntray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Alcohol Soft Development Team) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Alcohol.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
() D:\Program Files (x86)\Expat Shield\bin\openvpn.exe
() D:\Program Files (x86)\Expat Shield\bin\fbw.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1612504 2013-11-11] (COMODO)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-07-28] (AMD)
HKCU\...\Run: [PeerBlock] - C:\Program Files\PeerBlock\peerblock.exe [2646128 2010-11-06] (PeerBlock, LLC)
HKCU\...\Run: [AlcoholAutomount] - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - D:\Avira Antivirus\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [tvncontrol] - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-10-11] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [ComodoFSChrome] - "C:\Program Files (x86)\AdTrustMedia\PrivDog\FinalizeSetup.exe" /c
HKLM-x32\...\Run: [PrivDogService] - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.7.0.12\trustedadssvc.exe [515240 2013-10-21] (AdTrustMedia)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD588F4CD18A9CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {1646C8A2-445C-4F04-817C-91C43411A977} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=3932343d-b94a-4f4c-86b6-b30c5bdcd972&pid=murb&k=0
SearchScopes: HKCU - {1646C8A2-445C-4F04-817C-91C43411A977} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKCU - {2064E130-29CE-4745-8DF9-B6B94C74F1F2} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=3932343d-b94a-4f4c-86b6-b30c5bdcd972&pid=murb&mode=bounce&k=0
SearchScopes: HKCU - {69463CC3-D10E-4514-B1F3-B5C1E3715D11} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=3932343d-b94a-4f4c-86b6-b30c5bdcd972&pid=murb&mode=bounce&k=0
SearchScopes: HKCU - {C54C87CC-F39D-496E-A35A-CD475B245A92} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=3932343d-b94a-4f4c-86b6-b30c5bdcd972&pid=murb&mode=bounce&k=0
SearchScopes: HKCU - {F585DC5D-A570-453D-AE52-813BA5C0AD62} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=3932343d-b94a-4f4c-86b6-b30c5bdcd972&pid=murb&mode=bounce&k=0
SearchScopes: HKCU - {F9AA668C-A55A-4AB0-B9EE-73BC7308F49C} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=3932343d-b94a-4f4c-86b6-b30c5bdcd972&pid=murb&mode=bounce&k=0
SearchScopes: HKCU - {FC386457-C037-45E1-A989-F5E7B6FE33DF} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=3932343d-b94a-4f4c-86b6-b30c5bdcd972&pid=murb&mode=bounce&k=0
BHO: Expat Shield Class - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - D:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll (AnchorFree Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: PrivDog Extension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files\AdTrustMedia\PrivDog\1.7.0.12\trustedads.dll (AdTrustMedia)
BHO-x32: Expat Shield Class - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - D:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll (AnchorFree Inc.)
BHO-x32: PrivDog Extension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.7.0.12\trustedads.dll (AdTrustMedia)
DPF: HKLM-x32 {271A3CF5-5A54-447B-A08F-BE805F0DA60B} https://www.olb.de/olb_fb3_1857/plugin/AXFOAM.CAB
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Winsock: Catalog9 01 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 01 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 02 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 03 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 04 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 05 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 06 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 07 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 08 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 19 D:\Avira Antivirus\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{F2E7F5CF-0033-42D8-AB79-1B57E1F3C204}: [NameServer]8.8.8.8

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Tomstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Tomstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Tomstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (PrivDog) - C:\Users\Tomstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.7.0.12_0
CHR Extension: (Google Search) - C:\Users\Tomstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Social Fixer for Facebook) - C:\Users\Tomstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\8.0_0
CHR Extension: (Google Wallet) - C:\Users\Tomstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Tomstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [cmaiofennmphjldldcpphcechfnnohja] - C:\Program Files (x86)\AdTrustMedia\PrivDog\PrivDog_chrome.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; D:\Avira Antivirus\Avira\AntiVir Desktop\sched.exe [84024 2013-09-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Avira Antivirus\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-02] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; D:\Avira Antivirus\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-02] (Avira Operations GmbH & Co. KG)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2013-10-11] (Comodo Security Solutions, Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6254152 2013-10-20] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [164056 2013-09-24] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2098880 2013-11-11] ()
R2 ExpatShieldService; D:\Program Files (x86)\Expat Shield\bin\openvpnas.exe [331608 2012-01-17] ()
R2 ExpatSrv; D:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe [363336 2012-01-05] (AnchorFree Inc.)
S3 ExpatTrayService; D:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.EXE [77520 2012-01-17] ()
R2 ExpatWd; D:\Program Files (x86)\Expat Shield\bin\hsswd.exe [329544 2012-01-05] ()
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-10-11] (Comodo Security Solutions, Inc.)
S3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-27] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2013-05-07] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-09-24] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [709144 2013-11-14] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48872 2013-09-24] (COMODO)
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2012-03-19] (Arainia Solutions LLC)
S3 GWHid; C:\Windows\System32\DRIVERS\GWHid.sys [22648 2010-06-13] (Microsoft Corporation)
R1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [14888 2013-10-07] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [96800 2013-09-24] (COMODO)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-11-16] (Duplex Secure Ltd.)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 VL807; C:\Windows\System32\DRIVERS\VL807.sys [36728 2010-06-13] ()
S3 VL807; C:\Windows\SysWow64\DRIVERS\VL807.sys [28920 2010-06-13] ()
U3 aghlwtyf; C:\Windows\System32\Drivers\aghlwtyf.sys [0 ] (Advanced Micro Devices)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz135; \??\C:\Users\Tomstin\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [x]
S3 SANDRA; \??\D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1a\WNt500x64\Sandra.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-16 21:03 - 2013-11-16 21:02 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-16 21:02 - 2013-11-16 21:02 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-16 21:02 - 2013-11-16 21:02 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-16 21:02 - 2013-11-16 21:02 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-11-16 21:02 - 2013-11-16 21:02 - 00000000 ____D C:\Program Files\Java
2013-11-16 21:00 - 2013-11-16 21:01 - 30694824 _____ (Oracle Corporation) C:\Users\Tomstin\Downloads\jre-7u45-windows-x64.exe
2013-11-16 20:19 - 2013-11-16 20:19 - 157693685 _____ C:\Users\Tomstin\Downloads\DieSmpssHtanRniND.part1.rar.crdownload
2013-11-16 19:46 - 2013-11-16 19:46 - 00002528 _____ C:\Users\Public\Desktop\SpongeBob Schwammkopf - Schlacht um Bikini Bottom.lnk
2013-11-16 19:46 - 2013-11-16 19:46 - 00000000 ____D C:\Program Files (x86)\THQ
2013-11-16 13:54 - 2013-11-16 13:54 - 00000000 ____D C:\Users\Tomstin\Documents\Alcohol 120%
2013-11-16 13:50 - 2013-11-16 13:50 - 00001180 _____ C:\Users\Public\Desktop\Alcohol 120%.lnk
2013-11-16 13:46 - 2013-11-16 13:46 - 00564824 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2013-11-16 13:45 - 2013-11-16 13:45 - 00000000 ____D C:\ProgramData\Adtrustmedia
2013-11-16 13:45 - 2013-11-16 13:45 - 00000000 ____D C:\Program Files\AdTrustMedia
2013-11-16 13:45 - 2013-11-16 13:45 - 00000000 ____D C:\Program Files (x86)\AdTrustMedia
2013-11-16 13:10 - 2013-02-19 15:51 - 00000000 ____D C:\Users\Tomstin\Downloads\Spongebob.Schlacht.Um.Bikini.Bottom.GERMAN-Souldrinker
2013-11-16 06:36 - 2013-11-16 06:50 - 81705554 _____ C:\Users\Tomstin\Downloads\S129PoeCe.part5.rar
2013-11-16 05:57 - 2013-11-16 06:29 - 190000000 _____ C:\Users\Tomstin\Downloads\S129PoeCe.part4.rar
2013-11-16 05:26 - 2013-11-16 06:28 - 190000000 _____ C:\Users\Tomstin\Downloads\S129PoeCe.part3.rar
2013-11-16 05:24 - 2013-11-16 05:56 - 190000000 _____ C:\Users\Tomstin\Downloads\S129PoeCe.part2.rar
2013-11-15 23:12 - 2013-11-16 00:14 - 190000000 _____ C:\Users\Tomstin\Downloads\S129PoeCe.part1.rev
2013-11-15 22:24 - 2013-11-15 23:28 - 190000000 _____ C:\Users\Tomstin\Downloads\S129PoeCe.part1.rar
2013-11-15 16:26 - 2013-11-15 16:26 - 00891184 _____ C:\Users\Tomstin\Desktop\SecurityCheck.exe
2013-11-15 12:57 - 2013-11-15 12:57 - 02347384 _____ (ESET) C:\Users\Tomstin\Downloads\esetsmartinstaller_enu.exe
2013-11-14 13:57 - 2013-11-14 13:57 - 01957794 _____ (Farbar) C:\Users\Tomstin\Desktop\FRST64.exe
2013-11-14 13:00 - 2013-11-14 13:00 - 00002008 _____ C:\Users\Tomstin\Desktop\JRT.txt
2013-11-14 12:01 - 2013-11-14 12:01 - 00000000 ____D C:\Windows\ERUNT
2013-11-14 11:57 - 2013-11-14 11:57 - 01034531 _____ (Thisisu) C:\Users\Tomstin\Desktop\JRT.exe
2013-11-14 08:28 - 2013-11-14 08:29 - 01085542 _____ C:\Users\Tomstin\Desktop\adwcleaner.exe
2013-11-14 06:50 - 2013-11-14 06:56 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-14 06:50 - 2013-11-14 06:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-14 06:50 - 2013-11-14 06:50 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Malwarebytes
2013-11-14 06:50 - 2013-11-14 06:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-14 06:50 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-14 06:49 - 2013-11-14 06:49 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tomstin\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-12 14:57 - 2013-11-12 14:57 - 00023945 ____C C:\ComboFix.txt
2013-11-12 14:40 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-12 14:40 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-12 14:40 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-12 14:40 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-12 14:40 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-12 14:40 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-12 14:40 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-12 14:40 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-12 14:33 - 2013-11-14 08:18 - 00008686 _____ C:\Windows\PFRO.log
2013-11-12 14:30 - 2013-11-12 14:57 - 00000000 ___DC C:\Qoobox
2013-11-12 14:29 - 2013-11-12 14:53 - 00000000 ____D C:\Windows\erdnt
2013-11-12 14:23 - 2013-11-12 14:24 - 05145576 ____R (Swearware) C:\Users\Tomstin\Desktop\ComboFix.exe
2013-11-12 14:23 - 2013-11-12 14:23 - 05145576 _____ (Swearware) C:\Users\Tomstin\Downloads\ComboFix.exe
2013-11-12 07:04 - 2013-11-16 21:10 - 00017086 _____ C:\Users\Tomstin\Desktop\FRST.txt
2013-11-12 07:04 - 2013-11-12 07:04 - 00024846 _____ C:\Users\Tomstin\Desktop\Addition.txt
2013-11-12 07:01 - 2013-11-12 07:01 - 00000000 ___DC C:\FRST
2013-11-12 06:08 - 2013-11-12 06:08 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
2013-11-12 06:08 - 2013-11-12 06:08 - 00000000 ____D C:\Program Files (x86)\CleanUp!
2013-11-12 06:07 - 2013-11-12 06:08 - 00339257 _____ C:\Users\Tomstin\Downloads\CleanUp452.exe
2013-11-11 23:41 - 2013-11-11 23:41 - 00001292 _____ C:\Users\Public\Desktop\Ashampoo Registry Cleaner.lnk
2013-11-11 23:41 - 2013-11-11 23:41 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2013-11-11 23:33 - 2013-11-11 23:33 - 00064792 _____ C:\Users\Tomstin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-11 23:32 - 2013-11-16 15:49 - 00000896 _____ C:\Windows\setupact.log
2013-11-11 23:32 - 2013-11-11 23:32 - 00307040 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-11 23:32 - 2013-11-11 23:32 - 00000000 _____ C:\Windows\setuperr.log
2013-11-11 12:36 - 2013-11-11 12:36 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Danny_Tuppeny
2013-11-10 19:27 - 2013-11-10 19:27 - 00018718 _____ C:\Users\Tomstin\Documents\Einteilung der Gruppenarbeit.odt
2013-11-08 20:59 - 2013-11-08 20:59 - 00267596 _____ C:\Users\Tomstin\Downloads\afb_video_pal_001.wmv
2013-11-02 08:50 - 2012-12-18 00:04 - 00000000 ____D C:\Users\Tomstin\Desktop\Postal3-Advanced-German-Patch
2013-11-02 08:45 - 2013-11-02 08:49 - 14191339 _____ C:\Users\Tomstin\Downloads\Postal_3_Advanced_Germanpatch-RAiNER.rar
2013-11-01 22:26 - 2013-11-02 02:41 - 501561721 _____ C:\Users\Tomstin\Downloads\FreeRoaming.Files.rar
2013-11-01 00:53 - 2013-11-16 14:00 - 00000339 _____ C:\Users\Tomstin\Documents\ax_files.xml
2013-11-01 00:53 - 2013-11-01 00:53 - 00001424 _____ C:\Users\Tomstin\Documents\gfjjghj+.txt
2013-10-31 20:33 - 2013-10-31 20:33 - 00000000 ___DC C:\dumps
2013-10-31 16:42 - 2013-10-31 16:42 - 00000000 ____D C:\Program Files (x86)\Alcohol Soft
2013-10-31 16:29 - 2013-10-31 16:30 - 00000000 ____D C:\Users\Tomstin\Desktop\Alcohol 120% v2.0.2.4713
2013-10-31 16:27 - 2013-10-31 16:27 - 00002958 _____ C:\Windows\System32\Tasks\{DF085E31-F253-4802-B17B-E383E11DD3AE}
2013-10-31 16:24 - 2013-10-31 16:24 - 00001162 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-10-31 16:24 - 2013-10-31 16:24 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-10-31 16:24 - 2013-06-06 07:24 - 00035112 _____ (TeamViewer GmbH) C:\Windows\system32\Drivers\teamviewervpn.sys
2013-10-31 16:23 - 2013-10-31 16:23 - 05831344 _____ (TeamViewer GmbH) C:\Users\Tomstin\Downloads\TeamViewer_Setup_de_8.0.22298.exe
2013-10-31 11:31 - 2013-10-31 11:31 - 00002958 _____ C:\Windows\System32\Tasks\{D5F981D7-E3AF-4B7E-9551-6686756E2B29}
2013-10-31 11:31 - 2013-10-31 11:31 - 00002958 _____ C:\Windows\System32\Tasks\{A4565EC7-AF95-4C0B-B644-38E81324C47B}
2013-10-31 10:34 - 2013-11-02 12:14 - 00000000 ____D C:\Program Files (x86)\Postal.3
2013-10-29 01:29 - 2013-11-06 18:47 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Vidalia
2013-10-28 23:28 - 2013-10-28 23:28 - 00000796 _____ C:\Users\Tomstin\AppData\Local\recently-used.xbel
2013-10-28 23:27 - 2013-10-28 23:28 - 00000000 ____D C:\Users\Tomstin\AppData\Local\gtk-2.0
2013-10-28 23:08 - 2013-10-28 23:10 - 22116616 _____ (Wireshark development team) C:\Users\Tomstin\Downloads\Wireshark-win32-1.10.2.exe
2013-10-28 23:05 - 2013-11-11 12:57 - 00000000 ____D C:\Program Files (x86)\Look@LAN
2013-10-28 23:04 - 2013-10-28 23:04 - 02167447 _____ (Indigo Rose Corporation hxxp://www.indigorose.com) C:\Users\Tomstin\Downloads\lalsetup250.exe
2013-10-28 21:29 - 2013-10-28 21:48 - 00000000 ____D C:\Users\Tomstin\Downloads\Far Cry 3 PW-Thircase
2013-10-25 22:04 - 2013-10-25 22:43 - 117224776 _____ C:\Users\Tomstin\Downloads\rre.rar
2013-10-25 21:30 - 2013-10-25 21:30 - 00770638 _____ C:\Users\Tomstin\Downloads\Phillips, Susan Elizabeth - Ch - jo_741.txt
2013-10-25 04:36 - 2013-10-25 07:35 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.rar
2013-10-25 04:04 - 2013-10-25 04:34 - 177274998 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r10
2013-10-24 21:45 - 2013-10-25 03:43 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r09
2013-10-24 08:10 - 2013-10-24 11:09 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r08
2013-10-23 16:04 - 2013-10-23 16:04 - 01060070 _____ C:\Users\Tomstin\Downloads\adwcleaner-3.010.exe
2013-10-23 13:57 - 2013-10-23 17:41 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r07
2013-10-23 09:11 - 2013-10-27 20:57 - 00000000 ____D C:\ProgramData\Orbit
2013-10-23 08:21 - 2013-10-23 08:21 - 00000000 ____D C:\Users\Tomstin\Desktop\Rabiat - Ohne Kompromisse (2007)
2013-10-23 07:48 - 2013-10-23 10:47 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r06
2013-10-23 05:00 - 2013-10-23 07:16 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r05
2013-10-23 04:55 - 2013-10-23 04:55 - 00882489 _____ (Methlabs Productions                                        ) C:\Users\Tomstin\Downloads\pg2-050918-nt.exe
2013-10-23 04:27 - 2013-10-23 04:27 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-10-23 04:26 - 2013-11-12 14:33 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-10-23 04:26 - 2013-11-12 14:32 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-23 04:17 - 2013-10-23 04:19 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Tomstin\Downloads\spybot-2.2.exe
2013-10-23 04:14 - 2013-10-28 21:00 - 00000000 ____D C:\Program Files (x86)\Vidalia Bridge Bundle
2013-10-23 04:08 - 2013-10-23 04:10 - 09636506 _____ C:\Users\Tomstin\Downloads\vidalia-bridge-bundle-0.2.3.25-0.2.21.exe
2013-10-23 01:40 - 2013-10-23 04:17 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r04
2013-10-22 20:37 - 2013-10-23 19:32 - 00007310 _____ C:\Windows\system32\Drivers\fvstore.dat
2013-10-22 20:37 - 2013-10-22 20:37 - 00000000 ___DC C:\VTRoot
2013-10-22 18:42 - 2013-11-10 19:35 - 00000000 ____D C:\Users\Tomstin\Desktop\Oldenburg Klassenprojekt
2013-10-22 18:32 - 2013-11-11 12:45 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Apple
2013-10-22 18:21 - 2013-10-22 18:29 - 97206096 _____ (Apple Inc.) C:\Users\Tomstin\Downloads\iTunes64Setup.exe
2013-10-22 18:17 - 2013-10-22 18:36 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Syncios
2013-10-22 18:14 - 2013-10-22 18:15 - 15678968 _____ (Anvsoft, Inc.                                               ) C:\Users\Tomstin\Downloads\syncios.exe
2013-10-22 18:11 - 2013-10-23 00:10 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r03
2013-10-22 18:05 - 2013-10-22 18:05 - 00085282 _____ C:\Users\Tomstin\Downloads\tunesviewer_1.5.1.deb
2013-10-22 15:42 - 2013-10-22 15:49 - 21357603 _____ C:\Users\Tomstin\Downloads\10.000 Sprüche, Witze & Zitate v1.2 [Cracked by Boerse.BZ].apk
2013-10-22 12:17 - 2013-10-22 16:01 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r02
2013-10-22 08:16 - 2013-10-22 11:15 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r01
2013-10-22 04:38 - 2013-10-22 06:53 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r00
2013-10-20 19:21 - 2013-10-20 19:21 - 00010665 _____ C:\Users\Tomstin\Documents\Teil 14.odt
2013-10-20 19:02 - 2013-10-20 19:02 - 00010731 _____ C:\Users\Tomstin\Documents\Teil 13 Schule.odt
2013-10-20 18:47 - 2013-10-20 18:55 - 00010612 _____ C:\Users\Tomstin\Documents\Unbenannt 1.odt
2013-10-20 18:37 - 2013-10-20 19:08 - 00011414 _____ C:\Users\Tomstin\Documents\Teil 12 Schule.odt
2013-10-20 18:27 - 2013-10-20 18:27 - 00011149 _____ C:\Users\Tomstin\Documents\Teil 11 Schule.odt
2013-10-20 18:19 - 2013-10-20 18:19 - 00011095 _____ C:\Users\Tomstin\Documents\Teil 10 Schule.odt
2013-10-20 18:03 - 2013-10-20 18:03 - 00010933 _____ C:\Users\Tomstin\Documents\Teil 9 Schule.odt
2013-10-20 17:52 - 2013-10-20 17:52 - 00008767 _____ C:\Users\Tomstin\Documents\Teil 8 Schule.odt
2013-10-20 17:49 - 2013-10-20 17:49 - 00008774 _____ C:\Users\Tomstin\Documents\Teil 7 Schule.odt
2013-10-20 17:47 - 2013-10-20 17:47 - 00008754 _____ C:\Users\Tomstin\Documents\Teil 6 Schule.odt
2013-10-20 17:46 - 2013-10-20 17:47 - 00008779 _____ C:\Users\Tomstin\Documents\Teil 5 Schule.odt
2013-10-20 17:45 - 2013-10-20 17:47 - 00008777 _____ C:\Users\Tomstin\Documents\Teil 4 Schulke.odt
2013-10-20 17:44 - 2013-10-20 18:07 - 00012300 _____ C:\Users\Tomstin\Documents\Teil 3 Schule.odt
2013-10-20 14:50 - 2013-10-20 14:50 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Comodo
2013-10-20 09:21 - 2013-10-20 09:21 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2013-10-20 09:19 - 2013-10-20 14:50 - 00000000 ____D C:\ProgramData\COMODO
2013-10-20 09:19 - 2013-10-20 09:20 - 00000000 ___SD C:\ProgramData\Shared Space
2013-10-20 09:19 - 2013-10-20 09:19 - 00000000 ____D C:\Program Files\COMODO
2013-10-20 09:18 - 2013-11-12 14:36 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2013-10-20 09:18 - 2013-11-12 14:36 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2013-10-20 09:18 - 2013-11-12 14:36 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-10-20 09:18 - 2013-10-20 09:18 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Comodo
2013-10-20 09:18 - 2013-10-20 09:18 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-10-20 09:08 - 2013-10-20 09:17 - 214262072 _____ (COMODO) C:\Users\Tomstin\Downloads\cfw_installer63.exe
2013-10-20 09:04 - 2013-10-20 09:04 - 00504808 _____ C:\Users\Tomstin\Downloads\BySoftFreeRAM40.exe
2013-10-19 05:59 - 2013-11-11 23:04 - 00064000 ___SH C:\Users\Tomstin\Thumbs.db
2013-10-18 16:23 - 2013-10-18 16:23 - 00009821 _____ C:\Users\Tomstin\Documents\Teil 2 Schule.odt
2013-10-18 16:19 - 2013-10-20 18:07 - 00010601 _____ C:\Users\Tomstin\Documents\Teil 1 Schule.odt

==================== One Month Modified Files and Folders =======

2013-11-16 21:10 - 2013-11-12 07:04 - 00017086 _____ C:\Users\Tomstin\Desktop\FRST.txt
2013-11-16 21:03 - 2013-09-29 06:49 - 00000000 ____D C:\ProgramData\Oracle
2013-11-16 21:02 - 2013-11-16 21:03 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-16 21:02 - 2013-11-16 21:02 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-16 21:02 - 2013-11-16 21:02 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-16 21:02 - 2013-11-16 21:02 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-11-16 21:02 - 2013-11-16 21:02 - 00000000 ____D C:\Program Files\Java
2013-11-16 21:01 - 2013-11-16 21:00 - 30694824 _____ (Oracle Corporation) C:\Users\Tomstin\Downloads\jre-7u45-windows-x64.exe
2013-11-16 20:37 - 2013-10-10 16:32 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-16 20:19 - 2013-11-16 20:19 - 157693685 _____ C:\Users\Tomstin\Downloads\DieSmpssHtanRniND.part1.rar.crdownload
2013-11-16 20:14 - 2012-04-05 06:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-16 19:47 - 2012-03-15 21:00 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-11-16 19:46 - 2013-11-16 19:46 - 00002528 _____ C:\Users\Public\Desktop\SpongeBob Schwammkopf - Schlacht um Bikini Bottom.lnk
2013-11-16 19:46 - 2013-11-16 19:46 - 00000000 ____D C:\Program Files (x86)\THQ
2013-11-16 19:46 - 2011-11-20 10:36 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-16 17:37 - 2013-08-01 21:23 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce8ef5a7dc11.job
2013-11-16 16:39 - 2013-09-01 22:25 - 00000000 ____D C:\Users\Tomstin\Downloads\Bilder
2013-11-16 15:57 - 2009-07-14 05:45 - 00020480 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-16 15:57 - 2009-07-14 05:45 - 00020480 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-16 15:54 - 2009-07-14 18:58 - 00756430 _____ C:\Windows\system32\perfh007.dat
2013-11-16 15:54 - 2009-07-14 18:58 - 00165434 _____ C:\Windows\system32\perfc007.dat
2013-11-16 15:54 - 2009-07-14 06:13 - 01747582 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-16 15:49 - 2013-11-11 23:32 - 00000896 _____ C:\Windows\setupact.log
2013-11-16 15:49 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-16 15:01 - 2013-01-09 09:43 - 01160030 _____ C:\Windows\WindowsUpdate.log
2013-11-16 14:00 - 2013-11-01 00:53 - 00000339 _____ C:\Users\Tomstin\Documents\ax_files.xml
2013-11-16 13:54 - 2013-11-16 13:54 - 00000000 ____D C:\Users\Tomstin\Documents\Alcohol 120%
2013-11-16 13:50 - 2013-11-16 13:50 - 00001180 _____ C:\Users\Public\Desktop\Alcohol 120%.lnk
2013-11-16 13:46 - 2013-11-16 13:46 - 00564824 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2013-11-16 13:45 - 2013-11-16 13:45 - 00000000 ____D C:\ProgramData\Adtrustmedia
2013-11-16 13:45 - 2013-11-16 13:45 - 00000000 ____D C:\Program Files\AdTrustMedia
2013-11-16 13:45 - 2013-11-16 13:45 - 00000000 ____D C:\Program Files (x86)\AdTrustMedia
2013-11-16 07:09 - 2013-04-18 18:15 - 00000000 ____D C:\Program Files\PeerBlock
2013-11-16 06:50 - 2013-11-16 06:36 - 81705554 _____ C:\Users\Tomstin\Downloads\S129PoeCe.part5.rar
2013-11-16 06:29 - 2013-11-16 05:57 - 190000000 _____ C:\Users\Tomstin\Downloads\S129PoeCe.part4.rar
2013-11-16 06:28 - 2013-11-16 05:26 - 190000000 _____ C:\Users\Tomstin\Downloads\S129PoeCe.part3.rar
2013-11-16 05:56 - 2013-11-16 05:24 - 190000000 _____ C:\Users\Tomstin\Downloads\S129PoeCe.part2.rar
2013-11-16 00:14 - 2013-11-15 23:12 - 190000000 _____ C:\Users\Tomstin\Downloads\S129PoeCe.part1.rev
2013-11-15 23:28 - 2013-11-15 22:24 - 190000000 _____ C:\Users\Tomstin\Downloads\S129PoeCe.part1.rar
2013-11-15 16:26 - 2013-11-15 16:26 - 00891184 _____ C:\Users\Tomstin\Desktop\SecurityCheck.exe
2013-11-15 12:57 - 2013-11-15 12:57 - 02347384 _____ (ESET) C:\Users\Tomstin\Downloads\esetsmartinstaller_enu.exe
2013-11-14 21:14 - 2011-12-15 20:22 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-11-14 21:14 - 2011-12-15 18:02 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-11-14 16:37 - 2011-12-15 18:02 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-11-14 13:57 - 2013-11-14 13:57 - 01957794 _____ (Farbar) C:\Users\Tomstin\Desktop\FRST64.exe
2013-11-14 13:00 - 2013-11-14 13:00 - 00002008 _____ C:\Users\Tomstin\Desktop\JRT.txt
2013-11-14 12:38 - 2013-09-24 10:54 - 00709144 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2013-11-14 12:38 - 2013-09-24 10:53 - 00043216 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2013-11-14 12:01 - 2013-11-14 12:01 - 00000000 ____D C:\Windows\ERUNT
2013-11-14 11:57 - 2013-11-14 11:57 - 01034531 _____ (Thisisu) C:\Users\Tomstin\Desktop\JRT.exe
2013-11-14 11:52 - 2013-09-03 18:00 - 00000000 ___DC C:\AdwCleaner
2013-11-14 08:29 - 2013-11-14 08:28 - 01085542 _____ C:\Users\Tomstin\Desktop\adwcleaner.exe
2013-11-14 08:18 - 2013-11-12 14:33 - 00008686 _____ C:\Windows\PFRO.log
2013-11-14 06:56 - 2013-11-14 06:50 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-14 06:56 - 2013-11-14 06:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-14 06:50 - 2013-11-14 06:50 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Malwarebytes
2013-11-14 06:50 - 2013-11-14 06:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-14 06:49 - 2013-11-14 06:49 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tomstin\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-12 14:57 - 2013-11-12 14:57 - 00023945 ____C C:\ComboFix.txt
2013-11-12 14:57 - 2013-11-12 14:30 - 00000000 ___DC C:\Qoobox
2013-11-12 14:53 - 2013-11-12 14:29 - 00000000 ____D C:\Windows\erdnt
2013-11-12 14:52 - 2009-07-14 03:34 - 00000215 ____C C:\Windows\system.ini
2013-11-12 14:36 - 2013-10-20 09:18 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2013-11-12 14:36 - 2013-10-20 09:18 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2013-11-12 14:36 - 2013-10-20 09:18 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-11-12 14:33 - 2013-10-23 04:26 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-12 14:32 - 2013-10-23 04:26 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-11-12 14:24 - 2013-11-12 14:23 - 05145576 ____R (Swearware) C:\Users\Tomstin\Desktop\ComboFix.exe
2013-11-12 14:23 - 2013-11-12 14:23 - 05145576 _____ (Swearware) C:\Users\Tomstin\Downloads\ComboFix.exe
2013-11-12 07:04 - 2013-11-12 07:04 - 00024846 _____ C:\Users\Tomstin\Desktop\Addition.txt
2013-11-12 07:02 - 2009-07-14 04:20 - 00000000 ___RD C:\Users\Default
2013-11-12 07:01 - 2013-11-12 07:01 - 00000000 ___DC C:\FRST
2013-11-12 06:08 - 2013-11-12 06:08 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
2013-11-12 06:08 - 2013-11-12 06:08 - 00000000 ____D C:\Program Files (x86)\CleanUp!
2013-11-12 06:08 - 2013-11-12 06:07 - 00339257 _____ C:\Users\Tomstin\Downloads\CleanUp452.exe
2013-11-11 23:41 - 2013-11-11 23:41 - 00001292 _____ C:\Users\Public\Desktop\Ashampoo Registry Cleaner.lnk
2013-11-11 23:41 - 2013-11-11 23:41 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2013-11-11 23:33 - 2013-11-11 23:33 - 00064792 _____ C:\Users\Tomstin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-11 23:32 - 2013-11-11 23:32 - 00307040 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-11 23:32 - 2013-11-11 23:32 - 00000000 _____ C:\Windows\setuperr.log
2013-11-11 23:20 - 2013-07-23 19:11 - 00000000 ____D C:\Users\Tomstin\Desktop\dvd
2013-11-11 23:09 - 2011-11-24 21:08 - 00000000 ____D C:\Users\Tomstin\Documents\My Games
2013-11-11 23:06 - 2011-11-20 10:13 - 00000000 ____D C:\Users\Tomstin
2013-11-11 23:04 - 2013-10-19 05:59 - 00064000 ___SH C:\Users\Tomstin\Thumbs.db
2013-11-11 19:04 - 2013-09-20 21:27 - 00000000 ____D C:\Users\Tomstin\SecurityScans
2013-11-11 19:04 - 2013-09-02 16:47 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\vlc
2013-11-11 18:53 - 2013-08-01 22:41 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Opera Software
2013-11-11 18:53 - 2013-08-01 22:41 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Opera Software
2013-11-11 18:53 - 2013-08-01 22:41 - 00000000 ____D C:\Program Files (x86)\Opera
2013-11-11 12:57 - 2013-10-28 23:05 - 00000000 ____D C:\Program Files (x86)\Look@LAN
2013-11-11 12:56 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-11-11 12:54 - 2012-09-29 05:49 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-11-11 12:45 - 2013-10-22 18:32 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-11 12:36 - 2013-11-11 12:36 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Danny_Tuppeny
2013-11-11 12:36 - 2013-08-01 03:34 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\G+ Notifier
2013-11-10 19:35 - 2013-10-22 18:42 - 00000000 ____D C:\Users\Tomstin\Desktop\Oldenburg Klassenprojekt
2013-11-10 19:28 - 2013-09-19 17:21 - 00000099 _____ C:\Users\Public\LMDebug.log
2013-11-10 19:27 - 2013-11-10 19:27 - 00018718 _____ C:\Users\Tomstin\Documents\Einteilung der Gruppenarbeit.odt
2013-11-08 23:45 - 2012-04-05 16:05 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\ICQ
2013-11-08 20:59 - 2013-11-08 20:59 - 00267596 _____ C:\Users\Tomstin\Downloads\afb_video_pal_001.wmv
2013-11-06 19:51 - 2013-06-12 14:06 - 00000000 ____D C:\Windows\pss
2013-11-06 18:47 - 2013-10-29 01:29 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Vidalia
2013-11-06 11:38 - 2013-10-07 06:32 - 00000000 ____D C:\Users\Tomstin\AppData\Local\PrivaZer
2013-11-02 12:14 - 2013-10-31 10:34 - 00000000 ____D C:\Program Files (x86)\Postal.3
2013-11-02 12:14 - 2012-07-22 13:38 - 00000000 ____D C:\Users\DefaultAppPool
2013-11-02 12:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-02 12:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-11-02 12:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-11-02 08:49 - 2013-11-02 08:45 - 14191339 _____ C:\Users\Tomstin\Downloads\Postal_3_Advanced_Germanpatch-RAiNER.rar
2013-11-02 02:41 - 2013-11-01 22:26 - 501561721 _____ C:\Users\Tomstin\Downloads\FreeRoaming.Files.rar
2013-11-01 00:53 - 2013-11-01 00:53 - 00001424 _____ C:\Users\Tomstin\Documents\gfjjghj+.txt
2013-10-31 20:33 - 2013-10-31 20:33 - 00000000 ___DC C:\dumps
2013-10-31 16:42 - 2013-10-31 16:42 - 00000000 ____D C:\Program Files (x86)\Alcohol Soft
2013-10-31 16:30 - 2013-10-31 16:29 - 00000000 ____D C:\Users\Tomstin\Desktop\Alcohol 120% v2.0.2.4713
2013-10-31 16:27 - 2013-10-31 16:27 - 00002958 _____ C:\Windows\System32\Tasks\{DF085E31-F253-4802-B17B-E383E11DD3AE}
2013-10-31 16:24 - 2013-10-31 16:24 - 00001162 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-10-31 16:24 - 2013-10-31 16:24 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-10-31 16:23 - 2013-10-31 16:23 - 05831344 _____ (TeamViewer GmbH) C:\Users\Tomstin\Downloads\TeamViewer_Setup_de_8.0.22298.exe
2013-10-31 11:31 - 2013-10-31 11:31 - 00002958 _____ C:\Windows\System32\Tasks\{D5F981D7-E3AF-4B7E-9551-6686756E2B29}
2013-10-31 11:31 - 2013-10-31 11:31 - 00002958 _____ C:\Windows\System32\Tasks\{A4565EC7-AF95-4C0B-B644-38E81324C47B}
2013-10-28 23:28 - 2013-10-28 23:28 - 00000796 _____ C:\Users\Tomstin\AppData\Local\recently-used.xbel
2013-10-28 23:28 - 2013-10-28 23:27 - 00000000 ____D C:\Users\Tomstin\AppData\Local\gtk-2.0
2013-10-28 23:10 - 2013-10-28 23:08 - 22116616 _____ (Wireshark development team) C:\Users\Tomstin\Downloads\Wireshark-win32-1.10.2.exe
2013-10-28 23:04 - 2013-10-28 23:04 - 02167447 _____ (Indigo Rose Corporation hxxp://www.indigorose.com) C:\Users\Tomstin\Downloads\lalsetup250.exe
2013-10-28 21:48 - 2013-10-28 21:29 - 00000000 ____D C:\Users\Tomstin\Downloads\Far Cry 3 PW-Thircase
2013-10-28 21:26 - 2013-10-06 09:55 - 00000000 ____D C:\Users\Tomstin\Downloads\Macht & Ehre - Schwarzer Orden (2003) lossless
2013-10-28 21:01 - 2013-10-09 20:06 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Ubisoft Game Launcher
2013-10-28 21:01 - 2013-10-08 21:22 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-10-28 21:00 - 2013-10-23 04:14 - 00000000 ____D C:\Program Files (x86)\Vidalia Bridge Bundle
2013-10-28 17:05 - 2012-12-07 13:15 - 00000000 ____D C:\Users\Tomstin\AppData\Local\My Games
2013-10-27 20:59 - 2011-12-15 20:22 - 00000000 ____D C:\Users\Tomstin\AppData\Local\PunkBuster
2013-10-27 20:59 - 2011-12-15 18:02 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-27 20:57 - 2013-10-23 09:11 - 00000000 ____D C:\ProgramData\Orbit
2013-10-25 22:43 - 2013-10-25 22:04 - 117224776 _____ C:\Users\Tomstin\Downloads\rre.rar
2013-10-25 21:30 - 2013-10-25 21:30 - 00770638 _____ C:\Users\Tomstin\Downloads\Phillips, Susan Elizabeth - Ch - jo_741.txt
2013-10-25 07:35 - 2013-10-25 04:36 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.rar
2013-10-25 04:34 - 2013-10-25 04:04 - 177274998 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r10
2013-10-25 03:43 - 2013-10-24 21:45 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r09
2013-10-24 11:09 - 2013-10-24 08:10 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r08
2013-10-23 19:32 - 2013-10-22 20:37 - 00007310 _____ C:\Windows\system32\Drivers\fvstore.dat
2013-10-23 17:41 - 2013-10-23 13:57 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r07
2013-10-23 16:04 - 2013-10-23 16:04 - 01060070 _____ C:\Users\Tomstin\Downloads\adwcleaner-3.010.exe
2013-10-23 10:47 - 2013-10-23 07:48 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r06
2013-10-23 08:21 - 2013-10-23 08:21 - 00000000 ____D C:\Users\Tomstin\Desktop\Rabiat - Ohne Kompromisse (2007)
2013-10-23 07:16 - 2013-10-23 05:00 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r05
2013-10-23 04:55 - 2013-10-23 04:55 - 00882489 _____ (Methlabs Productions                                        ) C:\Users\Tomstin\Downloads\pg2-050918-nt.exe
2013-10-23 04:27 - 2013-10-23 04:27 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-10-23 04:19 - 2013-10-23 04:17 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Tomstin\Downloads\spybot-2.2.exe
2013-10-23 04:17 - 2013-10-23 01:40 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r04
2013-10-23 04:10 - 2013-10-23 04:08 - 09636506 _____ C:\Users\Tomstin\Downloads\vidalia-bridge-bundle-0.2.3.25-0.2.21.exe
2013-10-23 00:10 - 2013-10-22 18:11 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r03
2013-10-22 20:37 - 2013-10-22 20:37 - 00000000 ___DC C:\VTRoot
2013-10-22 18:36 - 2013-10-22 18:17 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Syncios
2013-10-22 18:36 - 2012-09-29 05:51 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Apple Computer
2013-10-22 18:32 - 2012-09-29 05:51 - 00000000 ____D C:\ProgramData\Apple Computer
2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Apple
2013-10-22 18:30 - 2012-09-29 05:49 - 00000000 ____D C:\ProgramData\Apple
2013-10-22 18:29 - 2013-10-22 18:21 - 97206096 _____ (Apple Inc.) C:\Users\Tomstin\Downloads\iTunes64Setup.exe
2013-10-22 18:15 - 2013-10-22 18:14 - 15678968 _____ (Anvsoft, Inc.                                               ) C:\Users\Tomstin\Downloads\syncios.exe
2013-10-22 18:05 - 2013-10-22 18:05 - 00085282 _____ C:\Users\Tomstin\Downloads\tunesviewer_1.5.1.deb
2013-10-22 16:01 - 2013-10-22 12:17 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r02
2013-10-22 15:49 - 2013-10-22 15:42 - 21357603 _____ C:\Users\Tomstin\Downloads\10.000 Sprüche, Witze & Zitate v1.2 [Cracked by Boerse.BZ].apk
2013-10-22 11:15 - 2013-10-22 08:16 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r01
2013-10-22 06:53 - 2013-10-22 04:38 - 1073741824 _____ C:\Users\Tomstin\Downloads\3fcp-thir.r00
2013-10-20 19:21 - 2013-10-20 19:21 - 00010665 _____ C:\Users\Tomstin\Documents\Teil 14.odt
2013-10-20 19:08 - 2013-10-20 18:37 - 00011414 _____ C:\Users\Tomstin\Documents\Teil 12 Schule.odt
2013-10-20 19:02 - 2013-10-20 19:02 - 00010731 _____ C:\Users\Tomstin\Documents\Teil 13 Schule.odt
2013-10-20 18:55 - 2013-10-20 18:47 - 00010612 _____ C:\Users\Tomstin\Documents\Unbenannt 1.odt
2013-10-20 18:27 - 2013-10-20 18:27 - 00011149 _____ C:\Users\Tomstin\Documents\Teil 11 Schule.odt
2013-10-20 18:19 - 2013-10-20 18:19 - 00011095 _____ C:\Users\Tomstin\Documents\Teil 10 Schule.odt
2013-10-20 18:07 - 2013-10-20 17:44 - 00012300 _____ C:\Users\Tomstin\Documents\Teil 3 Schule.odt
2013-10-20 18:07 - 2013-10-18 16:19 - 00010601 _____ C:\Users\Tomstin\Documents\Teil 1 Schule.odt
2013-10-20 18:03 - 2013-10-20 18:03 - 00010933 _____ C:\Users\Tomstin\Documents\Teil 9 Schule.odt
2013-10-20 17:52 - 2013-10-20 17:52 - 00008767 _____ C:\Users\Tomstin\Documents\Teil 8 Schule.odt
2013-10-20 17:49 - 2013-10-20 17:49 - 00008774 _____ C:\Users\Tomstin\Documents\Teil 7 Schule.odt
2013-10-20 17:47 - 2013-10-20 17:47 - 00008754 _____ C:\Users\Tomstin\Documents\Teil 6 Schule.odt
2013-10-20 17:47 - 2013-10-20 17:46 - 00008779 _____ C:\Users\Tomstin\Documents\Teil 5 Schule.odt
2013-10-20 17:47 - 2013-10-20 17:45 - 00008777 _____ C:\Users\Tomstin\Documents\Teil 4 Schulke.odt
2013-10-20 15:39 - 2013-06-12 16:25 - 00000000 ____D C:\Users\Tomstin\Desktop\Programme
2013-10-20 15:39 - 2013-03-15 23:48 - 00000000 ____D C:\Users\Tomstin\Desktop\Neuer Ordner
2013-10-20 14:50 - 2013-10-20 14:50 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Comodo
2013-10-20 14:50 - 2013-10-20 09:19 - 00000000 ____D C:\ProgramData\COMODO
2013-10-20 09:21 - 2013-10-20 09:21 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2013-10-20 09:20 - 2013-10-20 09:19 - 00000000 ___SD C:\ProgramData\Shared Space
2013-10-20 09:19 - 2013-10-20 09:19 - 00000000 ____D C:\Program Files\COMODO
2013-10-20 09:18 - 2013-10-20 09:18 - 00000000 ____D C:\Users\Tomstin\AppData\Local\Comodo
2013-10-20 09:18 - 2013-10-20 09:18 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-10-20 09:17 - 2013-10-20 09:08 - 214262072 _____ (COMODO) C:\Users\Tomstin\Downloads\cfw_installer63.exe
2013-10-20 09:04 - 2013-10-20 09:04 - 00504808 _____ C:\Users\Tomstin\Downloads\BySoftFreeRAM40.exe
2013-10-19 16:33 - 2011-12-28 11:45 - 00000000 ____D C:\Users\Tomstin\AppData\Roaming\Mozilla
2013-10-18 16:23 - 2013-10-18 16:23 - 00009821 _____ C:\Users\Tomstin\Documents\Teil 2 Schule.odt

Some content of TEMP:
====================
C:\Users\Tomstin\AppData\Local\Temp\Quarantine.exe
C:\Users\Tomstin\AppData\Local\Temp\ubiF59B.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-11 20:52

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2013
Ran by Tomstin at 2013-11-16 21:11:18
Running from C:\Users\Tomstin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD AVIVO64 Codecs (Version: 11.6.0.10728)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
Ashampoo Registry Cleaner v.1.0.0 (x32 Version: 1.0.0)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Castle of Illusion (x32 Version: 1)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485)
CCC Help Czech (x32 Version: 2012.1219.1520.27485)
CCC Help Danish (x32 Version: 2012.1219.1520.27485)
CCC Help Dutch (x32 Version: 2012.1219.1520.27485)
CCC Help English (x32 Version: 2012.1219.1520.27485)
CCC Help Finnish (x32 Version: 2012.1219.1520.27485)
CCC Help French (x32 Version: 2012.1219.1520.27485)
CCC Help German (x32 Version: 2012.1219.1520.27485)
CCC Help Greek (x32 Version: 2012.1219.1520.27485)
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485)
CCC Help Italian (x32 Version: 2012.1219.1520.27485)
CCC Help Japanese (x32 Version: 2012.1219.1520.27485)
CCC Help Korean (x32 Version: 2012.1219.1520.27485)
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485)
CCC Help Polish (x32 Version: 2012.1219.1520.27485)
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485)
CCC Help Russian (x32 Version: 2012.1219.1520.27485)
CCC Help Spanish (x32 Version: 2012.1219.1520.27485)
CCC Help Swedish (x32 Version: 2012.1219.1520.27485)
CCC Help Thai (x32 Version: 2012.1219.1520.27485)
CCC Help Turkish (x32 Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
CCleaner (Version: 4.02)
CleanUp! (x32)
Common Desktop Agent (Version: 1.53.0)
Comodo Dragon (x32 Version: 30.0.0.0)
COMODO Firewall (Version: 6.3.32439.2937)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6514.5001)
Deckadance (x32 Version: 2.0)
DivX-Setup (x32 Version: 2.6.1.84)
EVEREST Ultimate Edition v5.50 (x32 Version: 5.50)
Expat Shield 2.25 (x32 Version: 2.25)
Exxter Gamepad (x32)
Far Cry 3 (x32 Version: 1.04)
Far Cry 3 Blood Dragon (x32 Version: 1.00)
ffdshow v1.2.4422 [2012-04-09] (x32 Version: 1.2.4422.0)
FL Studio 10 (x32)
Foxit Reader (x32 Version: 6.0.4.719)
Free YouTube to MP3 Converter version 3.12.12.827 (x32 Version: 3.12.12.827)
Game Booster 3 (x32 Version: 3.0)
Gears of War (x32 Version: 1.00.0000)
GeekBuddy (Version: 4.9.73)
Google Chrome (x32 Version: 30.0.1599.101)
Google Update Helper (x32 Version: 1.3.21.165)
Grand Theft Auto IV (x32 Version: 1.0.0013.131)
HydraVision (x32 Version: 4.2.210.0)
ICQ Ignore Checker 1.4 (x32)
ICQ Status Checker 1.9 (x32)
ICQ7M (x32 Version: 7.8)
Java 7 Update 45 (64-bit) (Version: 7.0.450)
JavaFX 2.1.0 (x32 Version: 2.1.0)
Kantaris Media Player Lite Version 0.7.7 (x32 Version: 0.7.7)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Baseline Security Analyzer 2.2 (Version: 2.2.2170)
Microsoft Fix it Center (Version: 1.0.0100)
Microsoft PowerPoint Viewer (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual J# 2.0 Redistributable Package (x32 Version: 2.0.50727)
Microsoft Visual J# 2.0 Redistributable Package (x32)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
NVIDIA PhysX (x32 Version: 9.10.0513)
OpenOffice 4.0.1 (x32 Version: 4.01.9714)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
Postal 2 Share The Pain (x32)
Postal.3 version 1.0 (x32 Version: 1.0)
PrivaZer (x32 Version: 2.4.0.0)
PrivDog (x32 Version: 1.7.0.12)
PunkBuster Services (x32 Version: 0.993)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6526)
Saints Row IV Commander in Chief Edition 1.0 (x32)
Samsung Easy Printer Manager (x32 Version: 1.02.06.05)
Samsung ML-2160 Series (x32)
Samsung Printer Live Update (x32 Version: 1.01.00:04(2013-04-22))
Sleeping Dogs Game Of The Year (30 DLCs) 1.0 (x32 Version: 1.0)
SpongeBob Schwammkopf - Schlacht um Bikini Bottom (x32 Version: 1.00.000)
SRWare Iron Version SRWare Iron 18.0.1050.0 (x32 Version: SRWare Iron 18.0.1050.0)
StarCraft II (x32 Version: 1.0.0.16117)
Sun ODF Plugin for Microsoft Office 3.2 (x32 Version: 3.2.9483)
TeamViewer 8 (x32 Version: 8.0.22298)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VirtualDJ Home FREE (x32 Version: 7.0.5)
VLC media player 2.0.5 (Version: 2.0.5)
WinRAR 4.01 (64-Bit) (Version: 4.01.0)

==================== Restore Points  =========================

16-11-2013 12:45:43 SPTD setup V1.83
16-11-2013 20:01:34 Installed Java 7 Update 45 (64-bit)

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-11-12 14:52 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0247CFE8-4EA5-4AA6-AE28-243C7F95061A} - \Scheduled Update for Ask Toolbar No Task File
Task: {0314F07C-B42A-408A-9614-DF21B5F88DE6} - System32\Tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2013-11-14] (COMODO)
Task: {0533CC7C-39D3-4880-8B56-5D58FDD12606} - System32\Tasks\{E8BBBA7E-92A5-4B32-8222-04A31A7AC795} => E:\AUTORUN.EXE
Task: {1903838B-2748-42D3-8F32-520792F9A4E3} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {22646458-1E54-4427-AC91-8AB491319F97} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-01] (Google Inc.)
Task: {390271EE-E73F-41A3-B443-2CEC9B9B163B} - System32\Tasks\{CB51B593-AB6A-4F45-A196-245433B54616} => C:\Users\Tomstin\Desktop\Tetris\TETRIS.EXE
Task: {3C2DC2E4-7F3E-49B8-96BC-BE0F89C269A8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {479CBAC0-F9BA-4F82-81F2-86FB14E05C77} - System32\Tasks\{67CF892B-4A35-4316-AA41-5B00466233A9} => C:\Users\Tomstin\Documents\My Games\Skyrim\Crack\skyrimlauncher.exe
Task: {56ECA2EB-895F-451E-B22F-6E4AC5C843E3} - System32\Tasks\{B55821FA-54E0-4F77-9F36-8AF67C49F3B2} => C:\Users\Tomstin\Desktop\nomousy.exe
Task: {5BA174BF-0884-4CAD-9BD5-3AFAECCE6849} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-11-11] (COMODO)
Task: {5FBFBF80-00A0-47C6-89D1-98330DCBD75D} - System32\Tasks\{1A7010F2-2E92-4039-8C2E-492C1ED41B21} => C:\Users\Tomstin\Desktop\System\AALoader.exe
Task: {7D078CFA-F6F6-4D53-A8CF-5D802F732812} - System32\Tasks\{0E7B6248-A083-4E4D-92F3-894741C147A8} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsProgressBar
Task: {816D7E44-F37F-4860-9973-81D473431D4F} - System32\Tasks\{BEBEAD03-CC06-44BB-B855-2C8CF1301CFE} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {836072E1-12DA-4E28-8359-882A7786A7AC} - System32\Tasks\{229103BD-4019-48E8-929D-08D6B8841C82} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {8A1F4D4A-F54F-420A-8CE4-4577EC7463F0} - System32\Tasks\{D5F981D7-E3AF-4B7E-9551-6686756E2B29} => C:\Program Files (x86)\Postal.3\keygen.exe [2011-12-10] ()
Task: {8E8822AB-3483-4632-BDCC-A0F3E9CEBD2C} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {941AFE64-0F62-488F-8E78-1C6434F81F72} - System32\Tasks\{DF085E31-F253-4802-B17B-E383E11DD3AE} => C:\Program Files (x86)\Postal.3\keygen.exe [2011-12-10] ()
Task: {A0181FC9-8750-491C-B81C-D4BA3A08A4F3} - System32\Tasks\{8818B6CA-59FC-4C4F-8B05-8D8AEA38E42C} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsProgressBar
Task: {A2BF2898-F767-4447-B8E4-A35DF2092346} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-651814193-456638492-2849979887-1000Core => C:\Users\Tomstin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {AF75B5AD-2898-45B3-8EBB-734F89F0ECEA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-651814193-456638492-2849979887-1000UA => C:\Users\Tomstin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {C4DE22B1-74C2-4A9B-B9AF-F33127BDDFAB} - System32\Tasks\{1D32DDF6-D39B-4BAF-AD72-8EBC9F9E1D88} => C:\Users\Tomstin\Desktop\C&amp;C 3 Kanes Wrath Trainer.exe
Task: {D5D55AB5-DA5C-49F0-A2B4-E07142203EE2} - System32\Tasks\{D886CE77-858A-4FBB-8777-BD3C214E6249} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsProgressBar
Task: {EB5F22B1-6E31-4FEF-95CA-0E5058803F4F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10] (Adobe Systems Incorporated)
Task: {EBAE1DE6-45AF-45D6-BEDF-A14E9CD17168} - System32\Tasks\{85E194E3-1633-46D1-B37B-ED5E767929A3} => C:\Users\Tomstin\Desktop\XtremeMt2Client 2012\metin2client.exe
Task: {EF3E1C21-2D53-49DF-B90D-53E68235B566} - System32\Tasks\GoogleUpdateTaskMachineCore1ce8ef5a7dc11 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-01] (Google Inc.)
Task: {F29B0309-5E16-42D2-9940-4CCD950921E4} - System32\Tasks\Games\UpdateCheck_S-1-5-21-651814193-456638492-2849979887-1000
Task: {F3738071-644B-4668-86D1-0C03DD27FABD} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {FD8C776C-BA91-4ACF-9D09-FED756039D4C} - System32\Tasks\{A4565EC7-AF95-4C0B-B644-38E81324C47B} => C:\Program Files (x86)\Postal.3\keygen.exe [2011-12-10] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce8ef5a7dc11.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-11-20 10:39 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2013-10-07 06:33 - 2013-10-07 06:33 - 03528759 ____C () D:\Zer!\PrivaZer\PrivaMenu1.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/16/2013 09:07:36 PM) (Source: Application Hang) (User: )
Description: Programm farcry3_d3d11.exe, Version 0.1.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1338

Startzeit: 01cee307762c4cd8

Endzeit: 14

Anwendungspfad: C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe

Berichts-ID: b8fd5ad9-4efa-11e3-ae2c-0019213cb04f

Error: (11/16/2013 09:01:35 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {43101887-9f7d-4de2-bb15-fa1dc438da1e}

Error: (11/16/2013 01:45:43 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {aa93bb54-68c3-4fc7-9e12-e53dc21f35f9}

Error: (11/16/2013 01:45:43 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {aa93bb54-68c3-4fc7-9e12-e53dc21f35f9}

Error: (11/16/2013 01:45:43 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {76afcb17-e137-4956-8666-fd62e6b09173}

Error: (11/16/2013 06:34:39 AM) (Source: Microsoft-Windows-User Profiles Service) (User: IIS APPPOOL)
Description: Sie konnten nicht angemeldet werden, da das lokal gespeicherte Profil nicht geladen werden konnte. Überprüfen Sie, ob eine Netzwerkverbindung besteht und das Netzwerk ordnungsgemäß funktioniert. 

 Details - Nur ein Teil der ReadProcessMemory- oder WriteProcessMemory-Anforderung wurde abgeschlossen.

Error: (11/16/2013 06:34:39 AM) (Source: Microsoft-Windows-User Profiles Service) (User: IIS APPPOOL)
Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren.

Error: (11/16/2013 06:34:39 AM) (Source: Microsoft-Windows-User Profiles Service) (User: IIS APPPOOL)
Description: Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden.

Error: (11/16/2013 06:34:39 AM) (Source: Microsoft-Windows-User Profiles Service) (User: IIS APPPOOL)
Description: Das lokal gespeicherte Profil kann nicht geladen werden. Mögliche Fehlerursachen sind nicht ausreichende Sicherheitsrechte oder ein beschädigtes lokales Profil. 

 Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (11/16/2013 06:34:39 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT-AUTORITÄT)
Description: Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht. 

 Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
 for C:\Users\DefaultAppPool\ntuser.dat


System errors:
=============
Error: (11/16/2013 03:50:39 PM) (Source: WMPNetworkSvc) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80004005" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.

Error: (11/16/2013 03:50:21 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
StarOpen

Error: (11/16/2013 03:50:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Net.Pipe-Listeneradapter" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/16/2013 03:50:02 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Net.Pipe-Listeneradapter erreicht.

Error: (11/16/2013 03:49:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Net.Tcp-Listeneradapter" ist vom Dienst "Net.Tcp-Portfreigabedienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (11/16/2013 03:49:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Net.Msmq-Listeneradapter" ist von folgendem Dienst abhängig: msmq. Dieser Dienst ist eventuell nicht installiert.

Error: (11/16/2013 03:48:57 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (11/16/2013 01:48:08 PM) (Source: WMPNetworkSvc) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80004005" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.

Error: (11/16/2013 01:48:07 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
StarOpen

Error: (11/16/2013 01:47:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Net.Tcp-Listeneradapter" ist vom Dienst "Net.Tcp-Portfreigabedienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058


Microsoft Office Sessions:
=========================
Error: (11/16/2013 09:07:36 PM) (Source: Application Hang)(User: )
Description: farcry3_d3d11.exe0.1.0.1133801cee307762c4cd814C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3_d3d11.exeb8fd5ad9-4efa-11e3-ae2c-0019213cb04f

Error: (11/16/2013 09:01:35 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {43101887-9f7d-4de2-bb15-fa1dc438da1e}

Error: (11/16/2013 01:45:43 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {aa93bb54-68c3-4fc7-9e12-e53dc21f35f9}

Error: (11/16/2013 01:45:43 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {aa93bb54-68c3-4fc7-9e12-e53dc21f35f9}

Error: (11/16/2013 01:45:43 PM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {76afcb17-e137-4956-8666-fd62e6b09173}

Error: (11/16/2013 06:34:39 AM) (Source: Microsoft-Windows-User Profiles Service)(User: IIS APPPOOL)
Description: Nur ein Teil der ReadProcessMemory- oder WriteProcessMemory-Anforderung wurde abgeschlossen.

Error: (11/16/2013 06:34:39 AM) (Source: Microsoft-Windows-User Profiles Service)(User: IIS APPPOOL)
Description: 

Error: (11/16/2013 06:34:39 AM) (Source: Microsoft-Windows-User Profiles Service)(User: IIS APPPOOL)
Description: 

Error: (11/16/2013 06:34:39 AM) (Source: Microsoft-Windows-User Profiles Service)(User: IIS APPPOOL)
Description: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (11/16/2013 06:34:39 AM) (Source: Microsoft-Windows-User Profiles Service)(User: NT-AUTORITÄT)
Description: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
C:\Users\DefaultAppPool\ntuser.dat


CodeIntegrity Errors:
===================================
  Date: 2013-11-12 14:51:21.678
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-12 14:51:21.616
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 78%
Total physical RAM: 4095.3 MB
Available physical RAM: 862.8 MB
Total Pagefile: 10235.49 MB
Available Pagefile: 5493.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:151.27 GB) (Free:54.08 GB) NTFS
Drive d: (Maschine) (Fixed) (Total:314.39 GB) (Free:17.23 GB) NTFS
Drive f: () (Fixed) (Total:465.75 GB) (Free:262.22 GB) NTFS
Drive g: (KARASTICK) (Removable) (Total:1.95 GB) (Free:0 GB) FAT
Drive h: (SBSK_SUBB) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 123EFB03)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=151 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=314 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 91F72D24)
Partition 1: (Active) - (Size=2 GB) - (Type=06)

========================================================
Disk: 2 (Size: 466 GB) (Disk ID: CBAD9B0B)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 17.11.2013, 06:36   #12
schrauber
/// the machine
/// TB-Ausbilder
 

festplatte füllt sich automatisch! - Standard

festplatte füllt sich automatisch!



Zitat:
272 Gb... Wenn ich alle Ordner in Laufwerk D kopiere kommen nur 42 Gb heraus... Das Volumen des Laufwerks ist aber 314! ._.
Ich sitz nicht vorm Rechner, also nochmal:

Laut FRST hat die Platte auch 314, also ist die Partition ansich schon mal in Ordnung. Es werden 17 als frei angezeigt, du meinst aber es müsste mehr frei sein? Versteckte Ordner lässt du anzeigen? Wichtige Systemdateien auch?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.11.2013, 07:59   #13
Falkonett
 
festplatte füllt sich automatisch! - Standard

festplatte füllt sich automatisch!



Habe mir TreeSize Free runtergeladen... Waren alles Backup Dateien!
Aber besten dank für deine Hilfe, soll ich dir die Logs Trotzdem senden (falls verdacht auf einer Infektion besteht) ?

Alt 18.11.2013, 12:16   #14
schrauber
/// the machine
/// TB-Ausbilder
 

festplatte füllt sich automatisch! - Standard

festplatte füllt sich automatisch!





Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.11.2013, 21:04   #15
Falkonett
 
festplatte füllt sich automatisch! - Standard

festplatte füllt sich automatisch!



MVPs hosts file... Kann leider kein englisch, gibts da ein Idiotencrashkurs?

Antwort

Themen zu festplatte füllt sich automatisch!
adware.installbrain, anzeige, anzeigen, automatisch, datenvolumen, deinstalliert, eigenschaften, festplatte, hacktool.gamescheat.gen, laufwerk, ordner, pup.optional.domaiq, pup.optional.filescout.a, pup.optional.hdvidcodec.a, pup.optional.moviestoolbar.a, pup.optional.oneclickdownloader.a, pup.optional.pcperformer.a, pup.removewga, sich automatisch, speicherfresser, volume, volumen



Ähnliche Themen: festplatte füllt sich automatisch!


  1. Festplatte füllt sich automatisch
    Plagegeister aller Art und deren Bekämpfung - 07.01.2016 (8)
  2. Festplatte füllt sich von allein
    Plagegeister aller Art und deren Bekämpfung - 08.08.2015 (7)
  3. Festplatte füllt und leert sich selbstständig
    Plagegeister aller Art und deren Bekämpfung - 28.07.2015 (12)
  4. Festplatte füllt sich selbstständig nach dem Hochfahren, Speicherplatz grundlos auf allen Partitionen immer wieder voll
    Plagegeister aller Art und deren Bekämpfung - 19.07.2015 (8)
  5. Festplatte füllt sich im Minuten Takt
    Plagegeister aller Art und deren Bekämpfung - 22.06.2015 (6)
  6. C-Laufwerk füllt sich von selbst
    Log-Analyse und Auswertung - 16.04.2015 (15)
  7. Vollbild schließt automatisch, spiel minimiert sich automatisch
    Log-Analyse und Auswertung - 05.03.2014 (5)
  8. Windows 7: Festplatte füllt sich von selbst
    Log-Analyse und Auswertung - 10.02.2014 (30)
  9. Speicherort C: füllt sich von alleine!
    Plagegeister aller Art und deren Bekämpfung - 19.01.2014 (3)
  10. DealPly / Infiziert durch Bundle-Software / Über 1000 Einträge in der Hosts Datei / Arbeitsspeicher füllt sich
    Log-Analyse und Auswertung - 24.12.2013 (14)
  11. Festplatte C füllt sich unaufhaltsam
    Plagegeister aller Art und deren Bekämpfung - 13.07.2013 (105)
  12. Festplatte füllt sich täglich von alleine! Virus?
    Plagegeister aller Art und deren Bekämpfung - 29.04.2013 (16)
  13. Norton schaltet sich automatisch ab und lässt sich nicht wieder neu starten!
    Log-Analyse und Auswertung - 06.03.2012 (1)
  14. Temporary Internet Files (Cache) füllt sich, ohne das ich im Internet etwas mache
    Log-Analyse und Auswertung - 06.07.2010 (21)
  15. Festplatte Füllt sich von allein?
    Alles rund um Windows - 08.02.2009 (3)
  16. Viren automatisch vom Datenträger auf die Festplatte
    Plagegeister aller Art und deren Bekämpfung - 13.05.2008 (2)
  17. Hilfe, Festplatte füllt sich von alleine.
    Alles rund um Windows - 04.01.2007 (6)

Zum Thema festplatte füllt sich automatisch! - Laufwerk (D füllt sich automatisch, wenn ich das Laufwerk anklicke und dann alle Ordner markiere, auf Eigenschaften mir das Datenvolumen dann anzeigen lasse berechnet der dann ungefähr 40 Gb... Dabei - festplatte füllt sich automatisch!...
Archiv
Du betrachtest: festplatte füllt sich automatisch! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.