Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   fbDownloader Search (https://www.trojaner-board.de/141241-fbdownloader-search.html)

Nightmare199 09.09.2013 15:14
fbDownloader Search
 
Sehr geehrtes Trojaner-Board Team,

leider habe ich seit einiger Zeit einen "Plagegeist" auf meinem PC. Und zwar die Search-Toolbar von "fbdownloader", bis jetzt war es mir lediglich möglich das Programm ein paar mal zu löschen, allerdings hat es sich nach kürzester Zeit wieder installiert. Ich habe schon in einem anderen thread hier auf dem Board nachgelesen und auch sämtliche Programme zur Beseitigung laufen lassen (adwcleaner, malwarebytes ....) allerdings kommt diese nervige Toolbar jedes mal nach kurzer Zeit wieder. Ich wäre sehr dankbar für hilfe, da ich mich leider nicht mit den versteckten Informationen in logfiles auskenne.

Ps.: mit welchem Programm soll ich ein Logfile zum Posten generieren? (da Hijackthis glaube ich hier nicht gepostet werden soll?).

Ich bedanke mich schonmal im vorraus für die Hilfe!

Gruß
David

Ps.:
Everest home System Auswertung:

Code:
--------[ EVEREST Home Edition (c) 2003-2005 Lavalys, Inc. ]------------------------------------------------------------

    Version                                          EVEREST v2.20.405/de
    Homepage                                          hxxp://www.lavalys.com/
    Berichtsart                                      Berichts-Assistent
    Computer                                          NIGHTMARE-NB
    Ersteller                                        Nightmare
    Betriebssystem                                    Windows 7 Home Premium Home Edition 6.1.7601
    Datum                                            2013-09-09
    Zeit                                              16:05


--------[ Übersicht ]---------------------------------------------------------------------------------------------------

    Computer:
      Betriebssystem                                    Windows 7 Home Premium Home Edition
      OS Service Pack                                  -
      DirectX                                          4.09.00.0904 (DirectX 9.0c)
      Computername                                      NIGHTMARE-NB
      Benutzername                                      Nightmare

    Motherboard:
      CPU Typ                                          4x , 3400 MHz
      Motherboard Name                                  Unbekannt
      Motherboard Chipsatz                              Unbekannt
      Arbeitsspeicher                                  8173 MB
      BIOS Typ                                          Unbekannt

    Anzeige:
      Grafikkarte                                      AMD Radeon HD 6900 Series
      Grafikkarte                                      AMD Radeon HD 6900 Series
      Grafikkarte                                      AMD Radeon HD 6900 Series
      Grafikkarte                                      AMD Radeon HD 6900 Series
      Grafikkarte                                      AMD Radeon HD 6900 Series
      Grafikkarte                                      AMD Radeon HD 6900 Series
      Monitor                                          PnP-Monitor (Standard) [NoDB]  (LR90D0218575)
      Monitor                                          PnP-Monitor (Standard) [NoDB]  (190816843009)

    Multimedia:
      Soundkarte                                        AMD HDMI Output (AMD High Defin
      Soundkarte                                        Lautsprecher (Realtek High Defi
      Soundkarte                                        Realtek Digital Output (Realtek

    Datenträger:
      IDE Controller                                    Intel(R) 6 Series/C200 Series Chipset Family 6 Port SATA AHCI Controller - 1C02
      Festplatte                                        WDC WD20EARS-00MVWB0 ATA Device  (1863 GB, IDE)
      Festplatte                                        Samsung SSD 840 Series ATA Device  (111 GB, IDE)
      Festplatte                                        WD Ext HDD 1021 USB Device  (1397 GB, USB)
      Optisches Laufwerk                                HL-DT-ST DVDRAM GH22NS70 ATA Device
      S.M.A.R.T. Festplatten-Status                    OK

    Partitionen:
      C: (NTFS)                                        114470 MB (18973 MB frei)
      E: (NTFS)                                        1907627 MB (1740954 MB frei)
      K: (NTFS)                                        1430795 MB (312260 MB frei)
      Speicherkapazität                                3372.0 GB (2023.6 GB frei)

    Eingabegeräte:
      Tastatur                                          HID-Tastatur
      Tastatur                                          HID-Tastatur
      Maus                                              HID-konforme Maus

    Netzwerk:
      Netzwerkkarte                                    Realtek PCIe GBE Family Controller  (192.168.2.102)

    Peripheriegeräte:
      Drucker                                          Fax
      Drucker                                          Microsoft XPS Document Writer
      USB1 Controller                                  Renesas Electronics USB 3.0 Host Controller [NoDB]
      USB2 Controller                                  Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C26 [NoDB]
      USB2 Controller                                  Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C2D [NoDB]
      USB-Geräte                                        Generic USB Hub
      USB-Geräte                                        Generic USB Hub
      USB-Geräte                                        Generic USB Hub
      USB-Geräte                                        USB-Eingabegerät
      USB-Geräte                                        USB-Eingabegerät
      USB-Geräte                                        USB-Eingabegerät
      USB-Geräte                                        USB-Eingabegerät
      USB-Geräte                                        USB-Massenspeichergerät
      USB-Geräte                                        USB-Verbundgerät


--------[ Overclock ]---------------------------------------------------------------------------------------------------

    CPU-Eigenschaften:
      CPU Typ                                          4x
      CPUID CPU Name                                    Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
      CPUID Revision                                    000206A7h

    CPU Geschwindigkeit:
      CPU Takt                                          3388.94 MHz  (Original: 3400 MHz)

    CPU Cache:
      L2 Cache                                          256 KB  (On-Die, ATC, Full-Speed)

    BIOS Eigenschaften:
      Datum System BIOS                                Unbekannt
      Datum Video BIOS                                  Unbekannt


--------[ Energieoptionen ]---------------------------------------------------------------------------------------------

    Power Management Eigenschaften:
      Aktuelle Stromquelle                              Netzanschluss
      Akkustatus                                        Kein Akku
      Akkulaufzeit gesamt                              Unbekannt
      Verbleibende Akkulaufzeit                        Unbekannt


--------[ Sensoren ]----------------------------------------------------------------------------------------------------

    Sensor Eigenschaften:
      Sensortyp                                        HDD

    Temperaturen:
      WDC WD20EARS-00MVWB0                              27 °C  (81 °F)


--------[ CPU ]---------------------------------------------------------------------------------------------------------

    CPU-Eigenschaften:
      CPU Typ                                          4x , 3400 MHz
      Befehlssatz                                      x86, x86-64, MMX, SSE, SSE2, SSE3
      Vorgesehene Taktung                              3400 MHz
      L2 Cache                                          256 KB  (On-Die, ATC, Full-Speed)

    Multi CPU:
      CPU #0                                            Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz, 3392 MHz
      CPU #1                                            Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz, 3392 MHz
      CPU #2                                            Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz, 3392 MHz
      CPU #3                                            Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz, 3392 MHz
      CPU #4                                            Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz, 3392 MHz
      CPU #5                                            Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz, 3392 MHz
      CPU #6                                            Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz, 3392 MHz
      CPU #7                                            Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz, 3392 MHz

    CPU Auslastung:
      CPU #1 / Core #1 / HTT Unit #1                    0 %
      CPU #1 / Core #1 / HTT Unit #2                    100 %
      CPU #1 / Core #2 / HTT Unit #1                    2 %
      CPU #1 / Core #2 / HTT Unit #2                    2 %
      CPU #1 / Core #3 / HTT Unit #1                    2 %
      CPU #1 / Core #3 / HTT Unit #2                    2 %
      CPU #1 / Core #4 / HTT Unit #1                    2 %
      CPU #1 / Core #4 / HTT Unit #2                    2 %


--------[ CPUID ]-------------------------------------------------------------------------------------------------------

    CPUID Eigenschaften:
      CPUID Hersteller                                  GenuineIntel
      CPUID CPU Name                                    Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
      CPUID Revision                                    000206A7h
      IA Markenzeichen ID                              00h  (Unbekannt)
      Plattform ID                                      00h  (Unbekannt)
      IA CPU Seriennummer                              Unbekannt
      HTT / CMP Units                                  2 / 0

    Befehlssatz:
      64-bit x86-Erweiterung (AMD64, EM64T)            Unterstützt
      Alternate Instruction Set                        Nicht unterstützt
      AMD 3DNow!                                        Nicht unterstützt
      AMD 3DNow! Professional                          Nicht unterstützt
      AMD Enhanced 3DNow!                              Nicht unterstützt
      AMD Extended MMX                                  Nicht unterstützt
      Cyrix Extended MMX                                Nicht unterstützt
      IA-64                                            Nicht unterstützt
      IA MMX                                            Unterstützt
      IA SSE                                            Unterstützt
      IA SSE 2                                          Unterstützt
      IA SSE 3                                          Unterstützt
      CLFLUSH Befehl                                    Unterstützt
      CMPXCHG8B Befehl                                  Unterstützt
      CMPXCHG16B Befehl                                Unterstützt
      Conditional Move Befehl                          Unterstützt
      MONITOR / MWAIT Befehl                            Unterstützt
      RDTSCP Befehl                                    Unterstützt
      SYSCALL / SYSRET Befehl                          Nicht unterstützt
      SYSENTER / SYSEXIT Befehl                        Unterstützt
      VIA FEMMS Befehl                                  Nicht unterstützt

    Security Features:
      Advanced Cryptography Engine (ACE)                Nicht unterstützt
      Data Execution Prevention (DEP, NX, EDB)          Unterstützt
      Hardware Random Number Generator (RNG)            Nicht unterstützt
      Montgomery Multiplier & Hash Engine              Nicht unterstützt
      Processor Serial Number (PSN)                    Nicht unterstützt

    Power Management Features:
      Automatic Clock Control                          Unterstützt
      Enhanced Halt State (C1E)                        Nicht unterstützt
      Enhanced SpeedStep Technology (EIST, ESS)        Unterstützt
      Frequency ID Control                              Nicht unterstützt
      LongRun                                          Nicht unterstützt
      LongRun Table Interface                          Nicht unterstützt
      PowerSaver 1.0                                    Nicht unterstützt
      PowerSaver 2.0                                    Nicht unterstützt
      PowerSaver 3.0                                    Nicht unterstützt
      Processor Duty Cycle Control                      Unterstützt
      Software Thermal Control                          Nicht unterstützt
      Temperature Sensing Diode                        Nicht unterstützt
      Thermal Monitor 1                                Unterstützt
      Thermal Monitor 2                                Unterstützt
      Thermal Monitoring                                Nicht unterstützt
      Thermal Trip                                      Nicht unterstützt
      Voltage ID Control                                Nicht unterstützt

    CPUID Besonderheiten:
      36-bit Page Size Extension                        Unterstützt
      Address Region Registers (ARR)                    Nicht unterstützt
      CPL Qualified Debug Store                        Unterstützt
      Debug Trace Store                                Unterstützt
      Debugging Extension                              Unterstützt
      Fast Save & Restore                              Unterstützt
      Hyper-Threading Technology (HTT)                  Unterstützt, Aktiviert
      L1 Context ID                                    Nicht unterstützt
      Local APIC On Chip                                Unterstützt
      Machine Check Architecture (MCA)                  Unterstützt
      Machine Check Exception (MCE)                    Unterstützt
      Memory Configuration Registers (MCR)              Nicht unterstützt
      Memory Type Range Registers (MTRR)                Unterstützt
      Model Specific Registers (MSR)                    Unterstützt
      Page Attribute Table (PAT)                        Unterstützt
      Page Global Extension                            Unterstützt
      Page Size Extension (PSE)                        Unterstützt
      Pending Break Event                              Unterstützt
      Physical Address Extension (PAE)                  Unterstützt
      Secure Virtual Machine Extensions (Pacifica)      Nicht unterstützt
      Self-Snoop                                        Unterstützt
      Time Stamp Counter (TSC)                          Unterstützt
      Virtual Machine Extensions (Vanderpool)          Unterstützt
      Virtual Mode Extension                            Unterstützt

aharonov 09.09.2013 15:24
Hallo David,

Zitat:
mit welchem Programm soll ich ein Logfile zum Posten generieren?
Mit FRST bitte: :)


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Nightmare199 09.09.2013 15:38
Hallo Leo,

vielen Dank für die schnelle Antwort!

Hier das Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013
Ran by Nightmare (administrator) on NIGHTMARE-NB on 09-09-2013 16:35:07
Running from C:\Users\Nightmare\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
MountPoints2: {ccc2de30-abfb-11e2-8d12-f46d04ed66de} - I:\LaunchU3.exe -a
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [GDFirewallTray] - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1854928 2013-03-22] (G Data Software AG)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [G Data AntiVirus Tray] - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe [1444304 2013-03-22] (G Data Software AG)
HKLM-x32\...\Run: [G Data ASM] - C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [472016 2013-02-25] (G Data Software AG)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.fbdownloader.com/?channel=sfde206
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {5C54CC0F-5F8D-475F-855B-11CDCDF6B2DC} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {2B296690-1DB5-4923-A71A-09AE504D4D20} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default
FF DefaultSearchEngine: Search
FF SelectedSearchEngine: Search
FF Homepage: hxxp://search.fbdownloader.com/?channel=sfde206
FF Keyword.URL: hxxp://search.fbdownloader.com/search.php?channel=sfde206&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - E:\Progamme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - E:\Progamme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\searchplugins\search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Docs) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (OfferMosquito) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\0.2_0
CHR Extension: (Gmail) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1957840 2013-03-22] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [635344 2013-02-25] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2249944 2013-02-25] (G Data Software AG)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2926672 2013-03-22] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [696808 2013-02-25] (G Data Software AG)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-05-09] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)

==================== Drivers (Whitelisted) ====================

R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [60248 2013-05-26] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [133976 2013-05-26] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [62808 2013-05-26] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64856 2013-05-26] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [107128 2013-05-27] (G Data Software)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [107128 2013-05-27] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [64856 2013-05-26] (G Data Software AG)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 XENfiltv; C:\Windows\System32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-09 16:33 - 2013-09-09 16:33 - 01948948 _____ (Farbar) C:\Users\Nightmare\Desktop\FRST64.exe
2013-09-09 16:04 - 2013-09-09 16:04 - 00000655 _____ C:\Users\Nightmare\Desktop\EVEREST Home Edition.lnk
2013-09-09 15:56 - 2013-09-09 15:56 - 00002131 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2013-09-09 15:56 - 2013-09-09 15:56 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Thunderbird
2013-09-09 15:56 - 2013-09-09 15:56 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Thunderbird
2013-09-09 15:56 - 2013-09-09 15:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-09-09 15:55 - 2013-09-09 15:56 - 06259734 _____ C:\Users\Nightmare\Desktop\screenshot.bmp
2013-08-23 21:03 - 2013-08-23 21:03 - 00000000 ____D C:\Users\Nightmare\Desktop\Riot Games
2013-08-22 17:47 - 2013-08-22 17:47 - 00259782 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-08-22 17:36 - 2013-08-22 17:36 - 00000614 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-08-22 17:27 - 2013-08-23 18:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-22 17:27 - 2013-08-23 18:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-22 17:27 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-08-22 17:27 - 2012-08-23 16:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2013-08-22 17:27 - 2012-08-23 16:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-08-22 17:27 - 2012-08-23 15:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-08-22 17:27 - 2012-08-23 15:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-08-22 17:27 - 2012-08-23 15:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-08-22 17:26 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-08-22 17:26 - 2012-08-23 15:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-08-22 17:26 - 2012-08-23 15:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-08-22 17:26 - 2012-08-23 15:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-08-22 17:26 - 2012-08-23 15:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-08-22 17:26 - 2012-08-23 15:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-08-22 17:26 - 2012-08-23 15:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-08-22 17:26 - 2012-08-23 14:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-08-22 17:26 - 2012-08-23 13:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-08-22 17:26 - 2012-08-23 13:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-08-22 17:26 - 2012-08-23 13:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-08-22 17:26 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-08-22 17:26 - 2012-08-23 12:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-08-22 17:26 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-08-22 17:26 - 2012-08-23 12:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-08-22 17:26 - 2012-08-23 12:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-08-22 17:26 - 2012-08-23 11:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-22 17:26 - 2012-08-23 10:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-08-22 17:26 - 2012-08-23 10:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-08-22 17:24 - 2012-08-24 20:13 - 00154480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-08-22 17:24 - 2012-08-24 20:09 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-08-22 17:24 - 2012-08-24 20:05 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-08-22 17:24 - 2012-08-24 20:03 - 01448448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-08-22 17:24 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-08-22 17:24 - 2012-08-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-08-22 17:24 - 2012-08-24 18:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-08-22 17:24 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-08-22 17:24 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-08-22 17:14 - 2013-08-22 17:14 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Secunia PSI
2013-08-22 17:14 - 2013-08-22 17:14 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-08-22 17:13 - 2013-08-22 17:13 - 03272136 _____ (Secunia) C:\Users\Nightmare\Desktop\PSISetup711.exe
2013-08-22 17:07 - 2013-08-22 17:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-22 17:02 - 2013-09-09 15:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-22 17:02 - 2013-08-22 17:02 - 00001186 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-22 17:02 - 2013-08-22 17:02 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Mozilla
2013-08-22 16:52 - 2013-08-22 16:52 - 00014086 _____ C:\Users\Nightmare\Desktop\bookmarks-2013-08-22.json
2013-08-22 16:47 - 2013-08-22 16:47 - 00000000 ____D C:\Users\Nightmare\AppData\Local\G DATA
2013-08-22 16:36 - 2013-08-22 16:36 - 00001160 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-22 16:36 - 2013-08-22 16:36 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Malwarebytes
2013-08-22 16:36 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-22 16:36 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-22 16:36 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-22 16:35 - 2013-08-22 16:36 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Nightmare\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-21 21:52 - 2013-08-23 21:08 - 00000000 ____D C:\AdwCleaner
2013-08-21 21:51 - 2013-08-21 21:52 - 00975858 _____ C:\Users\Nightmare\Downloads\adwcleaner.exe
2013-08-19 14:56 - 2013-08-19 16:05 - 00017125 _____ C:\Users\Nightmare\Desktop\box layout.xlsx
2013-08-18 21:21 - 2013-08-18 21:21 - 00000000 ____D C:\Users\Nightmare\Desktop\Alte Firefox-Daten
2013-08-14 16:29 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 16:29 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 16:29 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 16:29 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 16:29 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 16:29 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 16:29 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 16:29 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 16:29 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 16:29 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 16:29 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 16:29 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 15:46 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 15:46 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 15:46 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 15:46 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 15:46 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 15:46 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 15:46 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 15:46 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 15:46 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 15:46 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 15:46 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 15:46 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 15:46 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 15:46 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 15:46 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 15:46 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 15:46 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 15:46 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 15:46 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 15:46 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 15:46 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 15:46 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 15:46 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 15:46 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 15:46 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 15:46 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 15:46 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-09 16:34 - 2013-09-09 16:34 - 00000000 ____D C:\FRST
2013-09-09 16:33 - 2013-09-09 16:33 - 01948948 _____ (Farbar) C:\Users\Nightmare\Desktop\FRST64.exe
2013-09-09 16:08 - 2013-03-25 16:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-09 16:04 - 2013-09-09 16:04 - 00000655 _____ C:\Users\Nightmare\Desktop\EVEREST Home Edition.lnk
2013-09-09 15:58 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-09 15:58 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-09 15:56 - 2013-09-09 15:56 - 00002131 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2013-09-09 15:56 - 2013-09-09 15:56 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Thunderbird
2013-09-09 15:56 - 2013-09-09 15:56 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Thunderbird
2013-09-09 15:56 - 2013-09-09 15:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-09-09 15:56 - 2013-09-09 15:55 - 06259734 _____ C:\Users\Nightmare\Desktop\screenshot.bmp
2013-09-09 15:56 - 2013-08-22 17:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-09 15:53 - 2013-03-25 15:43 - 01437916 _____ C:\Windows\WindowsUpdate.log
2013-09-09 15:52 - 2009-07-14 06:51 - 00085198 _____ C:\Windows\setupact.log
2013-09-09 15:48 - 2010-11-21 08:50 - 00698688 _____ C:\Windows\system32\perfh007.dat
2013-09-09 15:48 - 2010-11-21 08:50 - 00148828 _____ C:\Windows\system32\perfc007.dat
2013-09-09 15:48 - 2009-07-14 07:13 - 01618320 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-09 15:44 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-23 21:08 - 2013-08-21 21:52 - 00000000 ____D C:\AdwCleaner
2013-08-23 21:03 - 2013-08-23 21:03 - 00000000 ____D C:\Users\Nightmare\Desktop\Riot Games
2013-08-23 18:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-23 18:01 - 2013-08-22 17:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-23 18:01 - 2013-08-22 17:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-22 18:27 - 2013-05-07 17:47 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-08-22 18:27 - 2013-05-02 23:06 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-08-22 18:27 - 2013-05-02 23:06 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-08-22 17:47 - 2013-08-22 17:47 - 00259782 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-08-22 17:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-08-22 17:36 - 2013-08-22 17:36 - 00000614 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-08-22 17:17 - 2013-04-01 03:00 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-08-22 17:14 - 2013-08-22 17:14 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Secunia PSI
2013-08-22 17:14 - 2013-08-22 17:14 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-08-22 17:13 - 2013-08-22 17:13 - 03272136 _____ (Secunia) C:\Users\Nightmare\Desktop\PSISetup711.exe
2013-08-22 17:07 - 2013-08-22 17:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-22 17:02 - 2013-08-22 17:02 - 00001186 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-22 17:02 - 2013-08-22 17:02 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Mozilla
2013-08-22 16:54 - 2010-11-21 05:47 - 00335666 _____ C:\Windows\PFRO.log
2013-08-22 16:52 - 2013-08-22 16:52 - 00014086 _____ C:\Users\Nightmare\Desktop\bookmarks-2013-08-22.json
2013-08-22 16:47 - 2013-08-22 16:47 - 00000000 ____D C:\Users\Nightmare\AppData\Local\G DATA
2013-08-22 16:36 - 2013-08-22 16:36 - 00001160 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-22 16:36 - 2013-08-22 16:36 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Malwarebytes
2013-08-22 16:36 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-22 16:36 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-22 16:36 - 2013-08-22 16:35 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Nightmare\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-21 21:52 - 2013-08-21 21:51 - 00975858 _____ C:\Users\Nightmare\Downloads\adwcleaner.exe
2013-08-20 23:09 - 2013-03-25 16:39 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-20 23:08 - 2013-03-25 16:39 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 23:08 - 2013-03-25 16:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-19 16:05 - 2013-08-19 14:56 - 00017125 _____ C:\Users\Nightmare\Desktop\box layout.xlsx
2013-08-18 21:21 - 2013-08-18 21:21 - 00000000 ____D C:\Users\Nightmare\Desktop\Alte Firefox-Daten
2013-08-18 21:14 - 2013-03-25 15:46 - 00000000 ____D C:\Users\Nightmare\AppData\Local\VirtualStore
2013-08-16 18:46 - 2013-06-18 02:18 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Windows Live
2013-08-15 19:28 - 2013-06-19 17:17 - 00000000 ____D C:\Users\Nightmare\Desktop\Spiele Verknüfungen
2013-08-15 19:27 - 2013-03-25 16:34 - 00000000 ____D C:\Users\Nightmare\Desktop\Programme
2013-08-15 19:26 - 2013-07-22 16:56 - 00000000 ____D C:\Users\Nightmare\Desktop\Artur Film & Trailer
2013-08-14 16:28 - 2013-08-06 01:30 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 16:28 - 2013-04-10 19:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-14 16:27 - 2013-03-29 11:27 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\Users\Nightmare\AppData\Local\Temp\bi_cleaner.exe
C:\Users\Nightmare\AppData\Local\Temp\ose00000.exe
C:\Users\Nightmare\AppData\Local\Temp\Quarantine.exe
C:\Users\Nightmare\AppData\Local\Temp\sonarinst.exe
C:\Users\Nightmare\AppData\Local\Temp\uninst1.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-23 18:32

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

und hier noch die addition:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-09-2013
Ran by Nightmare at 2013-09-09 16:35:21
Running from C:\Users\Nightmare\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Avidemux 2.6 (32-bit) (x32 Version: 2.6.4.8696)
Battlefield 3™ (x32 Version: 1.6.0.0)
Battlelog Web Plugins (x32 Version: 2.1.7)
Bing-Desktop (x32 Version: 1.3.171.0)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485)
CCC Help Czech (x32 Version: 2012.1219.1520.27485)
CCC Help Danish (x32 Version: 2012.1219.1520.27485)
CCC Help Dutch (x32 Version: 2012.1219.1520.27485)
CCC Help English (x32 Version: 2012.1219.1520.27485)
CCC Help Finnish (x32 Version: 2012.1219.1520.27485)
CCC Help French (x32 Version: 2012.1219.1520.27485)
CCC Help German (x32 Version: 2012.1219.1520.27485)
CCC Help Greek (x32 Version: 2012.1219.1520.27485)
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485)
CCC Help Italian (x32 Version: 2012.1219.1520.27485)
CCC Help Japanese (x32 Version: 2012.1219.1520.27485)
CCC Help Korean (x32 Version: 2012.1219.1520.27485)
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485)
CCC Help Polish (x32 Version: 2012.1219.1520.27485)
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485)
CCC Help Russian (x32 Version: 2012.1219.1520.27485)
CCC Help Spanish (x32 Version: 2012.1219.1520.27485)
CCC Help Swedish (x32 Version: 2012.1219.1520.27485)
CCC Help Thai (x32 Version: 2012.1219.1520.27485)
CCC Help Turkish (x32 Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
Counter-Strike: Global Offensive (x32)
D3DX10 (x32 Version: 15.4.2368.0902)
ESN Sonar (x32 Version: 0.70.4)
EVEREST Home Edition v2.20 (x32 Version: 2.20)
Fotogalerie (x32 Version: 16.4.3508.0205)
Free Video Flip and Rotate version 2.1.8.717 (x32 Version: 2.1.8.717)
Free YouTube Download version 3.2.8.717 (x32 Version: 3.2.8.717)
Free YouTube to MP3 Converter version 3.12.8.717 (x32 Version: 3.12.8.717)
G Data InternetSecurity 2014 (x32 Version: 24.0.2.1)
iTunes (Version: 11.0.2.26)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Metro: Last Light (x32)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3508.0205)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 17.0.8)
Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Music Editor Free (x32)
neroxml (x32 Version: 1.0.0)
NVIDIA PhysX (x32 Version: 9.12.1031)
Origin (x32 Version: 9.1.13.85)
Photo Common (x32 Version: 16.4.3508.0205)
Photo Gallery (x32 Version: 16.4.3508.0205)
PunkBuster Services (x32 Version: 0.991)
RAR 4.20 (64-Bit) (Version: 4.20.0)
Realtek Ethernet Controller Driver For Windows Vista and Later (x32 Version: 1.00.0009)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6251)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0)
Secunia PSI (3.0.0.7011) (x32 Version: 3.0.0.7011)
Steam (x32 Version: 1.0.0.0)
Tomb Raider (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
VLC media player 2.0.8 (x32 Version: 2.0.8)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)

==================== Restore Points  =========================

18-08-2013 19:11:58 Removed Advanced Archive Password Recovery
20-08-2013 15:42:24 Windows Update
22-08-2013 15:17:35 Installed MSXML 4.0 SP3 Parser
22-08-2013 15:26:16 Windows Update
22-08-2013 15:46:53 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {2CCF47AD-EF12-45C8-B37C-F66843F595B6} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {3CC3B8B1-A8CC-48D8-9906-58542E3AE3B9} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {A8EB5811-A1C3-4990-9580-77C332ECB59A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-20] (Adobe Systems Incorporated)
Task: {DD794993-B0B2-48B9-A6A6-05766AF86FA8} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-03-29 17:05 - 2012-06-09 20:20 - 00196096 _____ (Alexander Roshal) E:\Progamme\WinRar\rarext.dll
2013-02-25 05:15 - 2013-02-25 05:15 - 00536016 ____N (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\ShellExt64.dll
2013-02-25 04:57 - 2013-02-25 04:57 - 00305104 ____N (G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeLDR64.dll
2012-12-19 17:16 - 2012-12-19 17:16 - 00327680 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
2012-12-19 17:16 - 2012-12-19 17:16 - 00208896 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
2012-12-19 17:19 - 2012-12-19 17:19 - 00028672 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Dashboard.dll
2013-02-25 04:12 - 2013-02-25 04:12 - 01019344 ____N (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\ObjBrwse.dll
2013-02-25 14:59 - 2013-02-25 14:59 - 01633768 _____ (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Common\AVKRes.dll
2010-11-17 03:52 - 2010-11-17 03:52 - 00096904 _____ (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.dll
2013-02-25 04:57 - 2013-02-25 04:57 - 00264144 ____N (G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeLDR.dll
2013-08-22 17:07 - 2013-08-22 17:07 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-09 15:56 - 2013-08-02 01:24 - 02244504 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2013-09-09 15:56 - 2013-08-02 01:24 - 00158104 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2013-09-09 15:56 - 2013-08-02 01:24 - 00022424 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2013-09-09 15:56 - 2013-08-02 01:24 - 00579480 _____ (sqlite.org) C:\Program Files (x86)\Mozilla Thunderbird\mozsqlite3.dll

==================== Alternate Data Streams (whitelisted) ==========



==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/09/2013 03:57:40 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Adobe Reader X (10.1.0) - Deutsch -- Setup hat eine funktionsreichere Produktversion auf Ihrem System gefunden. Setup wird jetzt beendet.

Error: (09/09/2013 03:45:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2013 10:44:30 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Adobe Reader X (10.1.0) - Deutsch -- Setup hat eine funktionsreichere Produktversion auf Ihrem System gefunden. Setup wird jetzt beendet.

Error: (08/23/2013 10:08:40 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Adobe Reader X (10.1.0) - Deutsch -- Setup hat eine funktionsreichere Produktversion auf Ihrem System gefunden. Setup wird jetzt beendet.

Error: (08/23/2013 09:44:42 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Adobe Reader X (10.1.0) - Deutsch -- Setup hat eine funktionsreichere Produktversion auf Ihrem System gefunden. Setup wird jetzt beendet.

Error: (08/23/2013 09:30:20 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Adobe Reader X (10.1.0) - Deutsch -- Setup hat eine funktionsreichere Produktversion auf Ihrem System gefunden. Setup wird jetzt beendet.

Error: (08/23/2013 08:31:51 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Adobe Reader X (10.1.0) - Deutsch -- Setup hat eine funktionsreichere Produktversion auf Ihrem System gefunden. Setup wird jetzt beendet.

Error: (08/23/2013 07:28:15 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Adobe Reader X (10.1.0) - Deutsch -- Setup hat eine funktionsreichere Produktversion auf Ihrem System gefunden. Setup wird jetzt beendet.

Error: (08/23/2013 06:40:04 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (08/23/2013 06:05:07 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Adobe Reader X (10.1.0) - Deutsch -- Setup hat eine funktionsreichere Produktversion auf Ihrem System gefunden. Setup wird jetzt beendet.


System errors:
=============
Error: (09/09/2013 04:04:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Lavalys EVEREST Kernel Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error: (09/09/2013 04:04:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Lavalys EVEREST Kernel Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error: (08/23/2013 06:17:46 PM) (Source: BROWSER) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{6F9372A6-4D9B-41DC-B488-09D8D64B6803}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.

Error: (08/17/2013 01:26:07 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (08/15/2013 01:49:11 AM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error: (08/15/2013 01:49:11 AM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error: (08/15/2013 01:49:11 AM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error: (08/15/2013 01:49:11 AM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error: (08/15/2013 01:49:11 AM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error: (08/15/2013 01:49:11 AM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-09-09 16:04:27.849
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Nightmare\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-09 16:04:27.833
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Nightmare\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-09 16:04:27.755
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Progamme\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-09 16:04:27.740
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Progamme\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 25%
Total physical RAM: 8173.21 MB
Available physical RAM: 6078.59 MB
Total Pagefile: 16344.61 MB
Available Pagefile: 13598.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Samsung SSD BOOT Device) (Fixed) (Total:111.79 GB) (Free:18.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (DATA 2 TB) (Fixed) (Total:1862.92 GB) (Free:1700.15 GB) NTFS
Drive k: (Elements) (Fixed) (Total:1397.26 GB) (Free:304.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 7BE1F435)
Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 11BB29FA)
Partition 1: (Not Active) - (Size=-198731276288) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1397 GB) (Disk ID: 000CF721)
Partition 1: (Not Active) - (Size=-698724909056) - (Type=07 NTFS)

==================== End Of Log ============================

aharonov 09.09.2013 16:01
Hi,

mach bitte diesen Fix. Wo ist danach noch etwas von vbDownloader zu sehen und was genau?


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
[HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.fbdownloader.com/?channel=sfde206
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}
FF DefaultSearchEngine: Search
FF SelectedSearchEngine: Search
FF Homepage: hxxp://search.fbdownloader.com/?channel=sfde206
FF Keyword.URL: hxxp://search.fbdownloader.com/search.php?channel=sfde206&q=
FF SearchPlugin: C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\searchplugins\search.xml
CHR Extension: (OfferMosquito) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\0.2_0

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Nightmare199 09.09.2013 16:09
Hi,

konnte keine Anzeichen des searchers mehr finden, Suchleiste in Firefox ist wieder die von Google, so wie es sein soll und wenn man ein wort in die adressleiste eingibt, wird auch automatisch auf Google danach gesucht.

Hier das Logfile:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-09-2013
Ran by Nightmare at 2013-09-09 17:04:27 Run:1
Running from C:\Users\Nightmare\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
[HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.fbdownloader.com/?channel=sfde206
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}
FF DefaultSearchEngine: Search
FF SelectedSearchEngine: Search
FF Homepage: hxxp://search.fbdownloader.com/?channel=sfde206
FF Keyword.URL: hxxp://search.fbdownloader.com/search.php?channel=sfde206&q=
FF SearchPlugin: C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\searchplugins\search.xml
CHR Extension: (OfferMosquito) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\0.2_0
       
*****************

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\searchplugins\search.xml => Moved successfully.
C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk => Moved successfully.

==== End of Fixlog ====

aharonov 09.09.2013 16:12
Ok, dann noch eine abschliessende Kontrolle:



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Nightmare199 09.09.2013 19:37
Liste der Anhänge anzeigen (Anzahl: 1)
Hi,

so endlich nach langem warten hier das Logfile:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4714f4a1b1df334da295a5a318b08522
# engine=15064
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-09 05:38:03
# local_time=2013-09-09 07:38:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 12726 130378133 0 0
# scanned=265003
# found=0
# cleaned=0
# scan_time=7589
Noch eine Frage ich hab hier noch einen Ordner namens "Alte Firefox-Daten" auf dem Desktop liegen, Screenshot im Anhang. Kann ich den löschen? (ich nehm an dass der von einer Firefox deinstallation kommt, als ich vor ein paar Wochen schonmal den Kampf gegen den Downloader angefangen hatte :) )

Gruß David

aharonov 09.09.2013 19:52
Hallo David,

prima, auch das ist sauber.
Diesen Ordner kannst du löschen. Dort drin ist sowieso nichts mehr aktiv im Firefox und es macht keinen Unterschied, wenn der Ordner gar nicht mehr da ist.. ;)

Wir räumen auf.


Cleanup

Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
  1. Den ESET Online Scanner kannst du behalten, um ab und zu (monatlich) für eine Zweitmeinung dein System damit zu scannen. Falls du ESET deinstallieren möchtest, dann kannst du das ebenfalls über die Systemsteuerung tun.
  2. Downloade dir bitte auf jeden Fall DelFix auf deinen Desktop.
    • Schliesse alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • DelFix entfernt u.a. alle von uns verwendeten Programme und löscht sich anschliessend selbst.
  3. Wenn jetzt noch etwas übriggeblieben ist, dann kannst du es einfach manuell löschen.




>> OK <<
Wir sind durch, deine Logs sehen für mich im Moment sauber aus. :daumenhoc

Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst.

Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann.




Epilog: Tipps, Dos & Don'ts

Aktualität von System und Software

Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
  • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
  • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren

Auch die installierte Software sollte immer in der aktuellsten Version vorliegen.
Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
  • Mit diesem kleinen Plugin-Check kannst du regelmässig diese Komponenten auf deren Aktualität überprüfen.
  • Achte auch darauf, dass alte, nicht mehr verwendete Versionen deinstalliert sind.
  • Optional: Das Programm Secunia Personal Software Inspector kann dich dabei unterstützen, stets die aktuellen Versionen sämtlicher installierter Software zu nutzen.

Sicherheits-Software

Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt).
Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
  • Nutze einen Virenscanner mit Hintergrundwächter mit stets aktueller Datenbank. Welches Produkt gewählt wird, spielt keine so entscheidende Rolle. Es gibt kommerzielle Versionen, aber ein kostenloser Scanner mit den Grundfunktionen wie beispielsweise Avast! Free Antivirus sollte ausreichen. Betreibe aber keinesfalls zwei Wächter parallel, die würden sich gegenseitig behindern.
  • Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
  • Zusätzlich zum Virenscanner kannst du dein System regelmässig mit einem On-Demand Antimalwareprogramm scannen. Empfehlenswert ist die Free-Version von Malwarebytes Anti-Malware. Vor jedem Scan die Datenbank updaten.
  • Optional: Das Programm Sandboxie führt Anwendungen in einer isolierten Umgebung ("Sandkasten") aus, so dass keine Änderungen am System vorgenommen werden können. Wenn du deinen Browser darin startest, vermindert sich die Chance, dass beim Surfen eingefangene Malware sich dauerhaft im System festsetzen kann.
  • Optional: Das Addon WOT (web of trust) warnt dich vor einer als schädlich gemeldeten Website, bevor sie geladen wird. Für verschiedene Browser erhältlich.

Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt.
Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
  • NoScript verhindert standardmässig das Ausführen von aktiven Inhalten (Java, JavaScript, Flash, ..) für sämtliche Websites. Du kannst selber nach dem Prinzip einer Whitelist festlegen, welchen Seiten du vertrauen und Scripts erlauben willst, auch temporär.
  • Adblock Plus blockt die meisten Werbebanner weg. Solche Banner können nebst ihrer störenden Erscheinung auch als Infektionsherde fungieren.

(Un-)Sicheres Verhalten im Internet

Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.

Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
  • Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher (und ein beliebter) Weg, um Malware zu verbreiten.
  • Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kannst du dir nie sicher sein, ob auch wirklich drin ist, was drauf steht.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
  • Surfe mit Vorsicht und lass dich nicht von irgendwie interessant erscheinenden Elementen zu einem vorschnellen Klick verleiten. Lass dich nicht von Popups täuschen, die aussehen wie System- oder Virenmeldungen.
  • Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo deine Daten eingeben.
  • Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst du von einem deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant oder skandalös tönt, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und du solltest nicht denselben Fehler machen.
  • Lass die Dateiendungen anzeigen, so dass du dich nicht täuschen lässt, wenn eine ausführbare Datei über ein doppelte Dateiendung kaschiert wird, z.B. Nacktfoto.jpg.exe.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
  • Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
  • Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen fürs Programm irrelevanten Ergänzungen.

Allgemeine Hinweise

Abschliessend noch ein paar grundsätzliche Bemerkungen:
  • Dein Benutzerkonto für den alltäglichen Gebrauch sollte nicht über Administratorenrechte verfügen. Nutze ein Konto mit eingeschränkten Rechten (Windows XP) bzw. aktiviere die Benutzerkontensteuerung (UAC) auf der höchsten Stufe (Windows Vista / 7).
  • Erstelle regelmässig Backups deiner Daten und Dokumente auf externen Datenträgern, bei wichtigen Dateien mindestens zweifach. Nicht nur ein Malwarebefall kann schmerzhaften Datenverlust nach sich ziehen sondern auch ein gewöhnlicher Festplattendefekt.
  • Die Autorun/Autoplay-Funktion stellt ein Risiko dar, denn sie ermöglicht es, dass beispielsweise beim Einstecken eines entsprechend infizierten USB-Sticks der Befall auf den Rechner überspringt. Überlege dir, ob du diese Funktion nicht besser deaktivieren möchtest.
  • Wähle deine Passwörter gemäss den gängigen Regeln, um besser gegen Brute-Force- und Wörterbuchattacken gewappnet zu sein. Benutze jedes deiner Passwörter nur einmal und ändere sie regelmässig.
  • Der Nutzen von Registry-Cleanern zur Performancesteigerung ist umstritten. Auf jeden Fall lässt sich damit grosser Schaden anrichten, wenn man nicht weiss, was man tut. Wir empfehlen deshalb, die Finger von der Registry zu lassen. Um von Zeit zu Zeit die temporären Dateien zu löschen, genügt TFC.

Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen.
Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. ;)

Nightmare199 09.09.2013 20:52
Hi Leo,

super, vielen vielen Dank. Sieht so aus als wäre die Plage endlich weg!! Klasse auch dass es dann doch so schnell ging :). Ich hoffe nur dass er nicht wieder kommt, aber ich hab ein gutes Gefühl :)

Werde das Board auf jeden fall weiter empfehlen! :dankeschoen:

:daumenhoc
Gruß
David

aharonov 09.09.2013 21:12
Danke für die Rückmeldung.


Freut mich, dass wir helfen konnten. :abklatsch:

Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun.

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.

Nightmare199 10.09.2013 10:05
Liste der Anhänge anzeigen (Anzahl: 1)
Hi Leo,

wie schon in der PM beschrieben ist der Plagegeist wieder da, siehe Screenshot im Anhang.

Nightmare199 10.09.2013 10:12
Hier ein Malwarebytes Logfile:

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.09.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Nightmare :: NIGHTMARE-NB [Administrator]

10.09.2013 11:08:59
MBAM-log-2013-09-10 (11-11-00).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 217804
Laufzeit: 1 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 3
C:\Users\NIGHTMARE\AppData\Local\Temp\mt_ffx\Delta (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Users\NIGHTMARE\AppData\Local\Temp\mt_ffx\Delta\delta (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Users\NIGHTMARE\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.21.5 (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 1
C:\Users\NIGHTMARE\AppData\Local\Google\Chrome\USER DATA\Default\LOCAL STORAGE\CHROME-EXTENSION_EOONCJEJNPPFJJKLAPAAMHCDMJBILMDE_0.LOCALSTORAGE (PUP.Optional.BrowserDefender) -> Keine Aktion durchgeführt.

(Ende)
Ps.: mein GData ist momentan nicht auf dem aktuellsten Stand, da ich noch nicht dazu gekommen bin mir die 2014'er Version zu kaufen. Kann es vvl. daran liegen?

Gruß
David

aharonov 10.09.2013 10:41
Hallo David,

mit GData hat das nix zu tun, das hier ist nur Adware.


Schritt 1

Lade SystemLook (von jpshortstuff) herunter und speichere das Tool auf dem Desktop.
  • Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
    Vista und Win7 User: Rechtsklick und "als Administrator starten".
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    :filefind
    *fbDownloader*

    :folderfind
    *fbDownloader*

    :regfind
    fbDownloader
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen. Poste diese in deinen Thread.
  • Das Log-File wird auch auf dem Desktop als SystemLook.txt gespeichert.



Schritt 2

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Nightmare199 10.09.2013 11:02
Schritt 1 Ergebnis:

Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 11:52 on 10/09/2013 by Nightmare
Administrator - Elevation successful

========== filefind ==========

Searching for "*fbDownloader*"
No files found.

========== folderfind ==========

Searching for "*fbDownloader*"
C:\AdwCleaner\Quarantine\C\Users\Nightmare\AppData\Roaming\fbDownloader        d------        [19:53 21/08/2013]

========== regfind ==========

Searching for "fbDownloader"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://search.fbdownloader.com/?channel=sfde206"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}]
"URL"="hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}]
"FaviconURL"="hxxp://search.fbdownloader.com/search.ico"
[HKEY_CURRENT_USER\Software\Protector]
"UserSearch Internet Explorer"="search.fbdownloader.com"
[HKEY_CURRENT_USER\Software\Protector\Revert]
"FirefoxOldPrefs"="user_pref("browser.search.defaulturl", "hxxp://search.fbdownloader.com/search.php?channel=sfde206&q=");
user_pref("browser.startup.homepage_override.buildID", "20130814063812");
user_pref("browser.startup.homepage_override.mstone", "23.0.1");
"
[HKEY_CURRENT_USER\Software\Protector\Revert]
"ChromeOldPrefs"=",
"homepage": "about:home",
"homepage_is_newtabpage": true,
"homepage": "http:\/\/search.fbdownloader.com\/?channel=sfde206",
"homepage_is_newtabpage": false,
"default_search_provider": {"search_url":"http:\/\/search.fbdownloader.com\/search.php?channel=sfde206&q={searchTerms}","encodings":"UTF-8","id":"10","keyword":"Search","suggest_url":null,"name":"Search","icon_url":"http:\/\/search.fbdownloader.com\/search.ico","enabled":true,"prepopulate_id":0,"instant_url":null},
"session": {"urls_to_restore_on_startup":["http:\/\/search.fbdownloader.com\/?channel=sfde206"],"restore_on_startup_migrated":true,"restore_on_startup":4},
"_null": null"
[HKEY_CURRENT_USER\Software\Protector\Revert]
"IEStartPage"="hxxp://search.fbdownloader.com/?channel=sfde206"
[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://search.fbdownloader.com/?channel=sfde206"
[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}]
"URL"="hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}"
[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}]
"FaviconURL"="hxxp://search.fbdownloader.com/search.ico"
[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Protector]
"UserSearch Internet Explorer"="search.fbdownloader.com"
[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Protector\Revert]
"FirefoxOldPrefs"="user_pref("browser.search.defaulturl", "hxxp://search.fbdownloader.com/search.php?channel=sfde206&q=");
user_pref("browser.startup.homepage_override.buildID", "20130814063812");
user_pref("browser.startup.homepage_override.mstone", "23.0.1");
"
[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Protector\Revert]
"ChromeOldPrefs"=",
"homepage": "about:home",
"homepage_is_newtabpage": true,
"homepage": "http:\/\/search.fbdownloader.com\/?channel=sfde206",
"homepage_is_newtabpage": false,
"default_search_provider": {"search_url":"http:\/\/search.fbdownloader.com\/search.php?channel=sfde206&q={searchTerms}","encodings":"UTF-8","id":"10","keyword":"Search","suggest_url":null,"name":"Search","icon_url":"http:\/\/search.fbdownloader.com\/search.ico","enabled":true,"prepopulate_id":0,"instant_url":null},
"session": {"urls_to_restore_on_startup":["http:\/\/search.fbdownloader.com\/?channel=sfde206"],"restore_on_startup_migrated":true,"restore_on_startup":4},
"_null": null"
[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Protector\Revert]
"IEStartPage"="hxxp://search.fbdownloader.com/?channel=sfde206"

Searching for "        "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Downloads\SoftonicDownloader_fuer_iringer.exe"="Softonic Downloader                            "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{21C35C68-A6C5-4A75-8FFD-DB503CE6F67B}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{18CD34B7-7AA3-42b9-A303-5A729B2FF228}">
                <Descriptor descriptorID="{ABE23B46-7F9F-495b-B4A9-87F41743727F}"/>
                <Descriptor descriptorID="{B54162A2-F67F-46dc-9ED5-F6067520EC94}"/>
                <Descriptor descriptorID="{7E0BC004-F80B-402d-A1FC-5FCDFF04DAB1}"/>
                <Descriptor descriptorID="{BE562A5F-2A80-4c28-9752-74C696E2ABAF}"/>
            </Rating>
        </Ratings>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="            <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                <InitializationParameters>                    <Param Name="PSVersion" Value="2.0"/>                </InitializationParameters>                <Resources>                    <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                        <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                        <Capability Type="Shell"/>                    </Resource>                </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" >                        <InitializationParameters>                            <Param Name="PSVersion" Value="2.0"/>                        </InitializationParameters>                        <Resources>                            <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                               
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_#11062655000822&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_QIMONDA&REV_PMAP#07831BA00332&0#]
"DeviceDesc"="QIMONDA        "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_INTENSO&PROD_USB&REV_1100#AA04012700007567&0#]
"DeviceDesc"="USB            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MEMORY&PROD_USB2.0&REV_1.00#3551&0#]
"DeviceDesc"="USB2.0          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_#11062655000822&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_QIMONDA&REV_PMAP#07831BA00332&0#]
"DeviceDesc"="QIMONDA        "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_INTENSO&PROD_USB&REV_1100#AA04012700007567&0#]
"DeviceDesc"="USB            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MEMORY&PROD_USB2.0&REV_1.00#3551&0#]
"DeviceDesc"="USB2.0          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_#11062655000822&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_QIMONDA&REV_PMAP#07831BA00332&0#]
"DeviceDesc"="QIMONDA        "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_INTENSO&PROD_USB&REV_1100#AA04012700007567&0#]
"DeviceDesc"="USB            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MEMORY&PROD_USB2.0&REV_1.00#3551&0#]
"DeviceDesc"="USB2.0          "
[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Downloads\SoftonicDownloader_fuer_iringer.exe"="Softonic Downloader                            "
[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Downloads\SoftonicDownloader_fuer_iringer.exe"="Softonic Downloader                            "

-= EOF =-
Schritt 2 Ergebnis:

Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013 01
Ran by Nightmare (administrator) on NIGHTMARE-NB on 10-09-2013 11:55:03
Running from E:\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) E:\Progamme\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
() E:\Downloads\SystemLook_x64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
MountPoints2: {ccc2de30-abfb-11e2-8d12-f46d04ed66de} - I:\LaunchU3.exe -a
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [GDFirewallTray] - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1854928 2013-03-22] (G Data Software AG)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [G Data AntiVirus Tray] - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe [1444304 2013-03-22] (G Data Software AG)
HKLM-x32\...\Run: [G Data ASM] - C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [472016 2013-02-25] (G Data Software AG)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.fbdownloader.com/?channel=sfde206
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {5C54CC0F-5F8D-475F-855B-11CDCDF6B2DC} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {2B296690-1DB5-4923-A71A-09AE504D4D20} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default
FF DefaultSearchEngine: Search
FF SelectedSearchEngine: Search
FF Homepage: hxxp://search.fbdownloader.com/?channel=sfde206
FF Keyword.URL: hxxp://search.fbdownloader.com/search.php?channel=sfde206&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - E:\Progamme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - E:\Progamme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\searchplugins\search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Docs) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1957840 2013-03-22] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [635344 2013-02-25] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2249944 2013-02-25] (G Data Software AG)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2926672 2013-03-22] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [696808 2013-02-25] (G Data Software AG)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-05-09] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)

==================== Drivers (Whitelisted) ====================

R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [60248 2013-05-26] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [133976 2013-05-26] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [62808 2013-05-26] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64856 2013-05-26] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [107128 2013-05-27] (G Data Software)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [107128 2013-05-27] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [64856 2013-05-26] (G Data Software AG)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 XENfiltv; C:\Windows\System32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-10 10:59 - 2013-09-10 11:01 - 06256902 _____ C:\Users\Nightmare\Desktop\Neue Bitmap.bmp
2013-09-09 21:47 - 2013-09-09 21:47 - 00001322 _____ C:\DelFix.txt
2013-09-09 21:47 - 2013-09-09 21:47 - 00000000 ____D C:\Windows\ERUNT
2013-09-09 17:46 - 2013-09-09 20:38 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-09-09 17:18 - 2013-09-09 17:18 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-09 17:12 - 2013-09-09 17:13 - 06293046 _____ C:\Users\Nightmare\Desktop\Screenshot alte Firefox Daten.bmp
2013-09-09 16:04 - 2013-09-09 16:04 - 00000655 _____ C:\Users\Nightmare\Desktop\EVEREST Home Edition.lnk
2013-09-09 15:56 - 2013-09-09 15:56 - 00002131 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2013-09-09 15:56 - 2013-09-09 15:56 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Thunderbird
2013-09-09 15:56 - 2013-09-09 15:56 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Thunderbird
2013-09-09 15:56 - 2013-09-09 15:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-09-09 15:55 - 2013-09-09 15:56 - 06259734 _____ C:\Users\Nightmare\Desktop\screenshot.bmp
2013-08-23 21:03 - 2013-08-23 21:03 - 00000000 ____D C:\Users\Nightmare\Desktop\Riot Games
2013-08-22 17:47 - 2013-08-22 17:47 - 00259782 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-08-22 17:36 - 2013-08-22 17:36 - 00000614 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-08-22 17:27 - 2013-08-23 18:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-22 17:27 - 2013-08-23 18:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-22 17:27 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-08-22 17:27 - 2012-08-23 16:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2013-08-22 17:27 - 2012-08-23 16:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-08-22 17:27 - 2012-08-23 15:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-08-22 17:27 - 2012-08-23 15:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-08-22 17:27 - 2012-08-23 15:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-08-22 17:26 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-08-22 17:26 - 2012-08-23 15:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-08-22 17:26 - 2012-08-23 15:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-08-22 17:26 - 2012-08-23 15:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-08-22 17:26 - 2012-08-23 15:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-08-22 17:26 - 2012-08-23 15:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-08-22 17:26 - 2012-08-23 15:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-08-22 17:26 - 2012-08-23 14:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-08-22 17:26 - 2012-08-23 13:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-08-22 17:26 - 2012-08-23 13:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-08-22 17:26 - 2012-08-23 13:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-08-22 17:26 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-08-22 17:26 - 2012-08-23 12:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-08-22 17:26 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-08-22 17:26 - 2012-08-23 12:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-08-22 17:26 - 2012-08-23 12:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-08-22 17:26 - 2012-08-23 11:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-22 17:26 - 2012-08-23 10:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-08-22 17:26 - 2012-08-23 10:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-08-22 17:24 - 2012-08-24 20:13 - 00154480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-08-22 17:24 - 2012-08-24 20:09 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-08-22 17:24 - 2012-08-24 20:05 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-08-22 17:24 - 2012-08-24 20:03 - 01448448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-08-22 17:24 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-08-22 17:24 - 2012-08-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-08-22 17:24 - 2012-08-24 18:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-08-22 17:24 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-08-22 17:24 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-08-22 17:14 - 2013-08-22 17:14 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Secunia PSI
2013-08-22 17:14 - 2013-08-22 17:14 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-08-22 17:13 - 2013-08-22 17:13 - 03272136 _____ (Secunia) C:\Users\Nightmare\Desktop\PSISetup711.exe
2013-08-22 17:07 - 2013-08-22 17:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-22 17:02 - 2013-09-09 17:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-22 17:02 - 2013-08-22 17:02 - 00001186 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-22 17:02 - 2013-08-22 17:02 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Mozilla
2013-08-22 16:52 - 2013-08-22 16:52 - 00014086 _____ C:\Users\Nightmare\Desktop\bookmarks-2013-08-22.json
2013-08-22 16:47 - 2013-08-22 16:47 - 00000000 ____D C:\Users\Nightmare\AppData\Local\G DATA
2013-08-22 16:36 - 2013-08-22 16:36 - 00001160 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-22 16:36 - 2013-08-22 16:36 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Malwarebytes
2013-08-22 16:36 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-22 16:36 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-22 16:36 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-22 16:35 - 2013-08-22 16:36 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Nightmare\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-21 21:52 - 2013-08-23 21:08 - 00000000 ____D C:\AdwCleaner
2013-08-19 14:56 - 2013-08-19 16:05 - 00017125 _____ C:\Users\Nightmare\Desktop\box layout.xlsx
2013-08-14 16:29 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 16:29 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 16:29 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 16:29 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 16:29 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 16:29 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 16:29 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 16:29 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 16:29 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 16:29 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 16:29 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 16:29 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 15:46 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 15:46 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 15:46 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 15:46 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 15:46 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 15:46 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 15:46 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 15:46 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 15:46 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 15:46 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 15:46 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 15:46 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 15:46 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 15:46 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 15:46 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 15:46 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 15:46 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 15:46 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 15:46 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 15:46 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 15:46 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 15:46 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 15:46 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 15:46 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 15:46 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 15:46 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 15:46 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-10 11:54 - 2013-09-10 11:54 - 00000000 ____D C:\FRST
2013-09-10 11:08 - 2013-03-25 16:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-10 11:02 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-10 11:02 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-10 11:01 - 2013-09-10 10:59 - 06256902 _____ C:\Users\Nightmare\Desktop\Neue Bitmap.bmp
2013-09-10 11:01 - 2010-11-21 08:50 - 00698688 _____ C:\Windows\system32\perfh007.dat
2013-09-10 11:01 - 2010-11-21 08:50 - 00148828 _____ C:\Windows\system32\perfc007.dat
2013-09-10 11:01 - 2009-07-14 07:13 - 01618320 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-10 10:56 - 2013-03-25 15:43 - 01491691 _____ C:\Windows\WindowsUpdate.log
2013-09-10 10:55 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-10 10:55 - 2009-07-14 06:51 - 00085344 _____ C:\Windows\setupact.log
2013-09-09 21:47 - 2013-09-09 21:47 - 00001322 _____ C:\DelFix.txt
2013-09-09 21:47 - 2013-09-09 21:47 - 00000000 ____D C:\Windows\ERUNT
2013-09-09 20:38 - 2013-09-09 17:46 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-09-09 20:38 - 2013-05-07 17:47 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-09-09 20:37 - 2013-05-02 23:06 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-09-09 17:18 - 2013-09-09 17:18 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-09 17:13 - 2013-09-09 17:12 - 06293046 _____ C:\Users\Nightmare\Desktop\Screenshot alte Firefox Daten.bmp
2013-09-09 17:05 - 2013-08-22 17:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-09 16:04 - 2013-09-09 16:04 - 00000655 _____ C:\Users\Nightmare\Desktop\EVEREST Home Edition.lnk
2013-09-09 15:56 - 2013-09-09 15:56 - 00002131 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2013-09-09 15:56 - 2013-09-09 15:56 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Thunderbird
2013-09-09 15:56 - 2013-09-09 15:56 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Thunderbird
2013-09-09 15:56 - 2013-09-09 15:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-09-09 15:56 - 2013-09-09 15:55 - 06259734 _____ C:\Users\Nightmare\Desktop\screenshot.bmp
2013-08-23 21:08 - 2013-08-21 21:52 - 00000000 ____D C:\AdwCleaner
2013-08-23 21:03 - 2013-08-23 21:03 - 00000000 ____D C:\Users\Nightmare\Desktop\Riot Games
2013-08-23 18:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-23 18:01 - 2013-08-22 17:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-23 18:01 - 2013-08-22 17:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-22 17:47 - 2013-08-22 17:47 - 00259782 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-08-22 17:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-08-22 17:36 - 2013-08-22 17:36 - 00000614 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-08-22 17:17 - 2013-04-01 03:00 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-08-22 17:14 - 2013-08-22 17:14 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Secunia PSI
2013-08-22 17:14 - 2013-08-22 17:14 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-08-22 17:13 - 2013-08-22 17:13 - 03272136 _____ (Secunia) C:\Users\Nightmare\Desktop\PSISetup711.exe
2013-08-22 17:07 - 2013-08-22 17:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-22 17:02 - 2013-08-22 17:02 - 00001186 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-22 17:02 - 2013-08-22 17:02 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Mozilla
2013-08-22 16:54 - 2010-11-21 05:47 - 00335666 _____ C:\Windows\PFRO.log
2013-08-22 16:52 - 2013-08-22 16:52 - 00014086 _____ C:\Users\Nightmare\Desktop\bookmarks-2013-08-22.json
2013-08-22 16:47 - 2013-08-22 16:47 - 00000000 ____D C:\Users\Nightmare\AppData\Local\G DATA
2013-08-22 16:36 - 2013-08-22 16:36 - 00001160 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-22 16:36 - 2013-08-22 16:36 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Malwarebytes
2013-08-22 16:36 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-22 16:36 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-22 16:36 - 2013-08-22 16:35 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Nightmare\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-20 23:09 - 2013-03-25 16:39 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-20 23:08 - 2013-03-25 16:39 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 23:08 - 2013-03-25 16:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-19 16:05 - 2013-08-19 14:56 - 00017125 _____ C:\Users\Nightmare\Desktop\box layout.xlsx
2013-08-18 21:14 - 2013-03-25 15:46 - 00000000 ____D C:\Users\Nightmare\AppData\Local\VirtualStore
2013-08-16 18:46 - 2013-06-18 02:18 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Windows Live
2013-08-15 19:28 - 2013-06-19 17:17 - 00000000 ____D C:\Users\Nightmare\Desktop\Spiele Verknüfungen
2013-08-15 19:27 - 2013-03-25 16:34 - 00000000 ____D C:\Users\Nightmare\Desktop\Programme
2013-08-15 19:26 - 2013-07-22 16:56 - 00000000 ____D C:\Users\Nightmare\Desktop\Artur Film & Trailer
2013-08-14 16:28 - 2013-08-06 01:30 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 16:28 - 2013-04-10 19:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-14 16:27 - 2013-03-29 11:27 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\Users\Nightmare\AppData\Local\Temp\bi_cleaner.exe
C:\Users\Nightmare\AppData\Local\Temp\ose00000.exe
C:\Users\Nightmare\AppData\Local\Temp\Quarantine.exe
C:\Users\Nightmare\AppData\Local\Temp\sonarinst.exe
C:\Users\Nightmare\AppData\Local\Temp\uninst1.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-23 18:32

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


Addition:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-09-2013 01
Ran by Nightmare at 2013-09-10 11:55:17
Running from E:\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Avidemux 2.6 (32-bit) (x32 Version: 2.6.4.8696)
Battlefield 3™ (x32 Version: 1.6.0.0)
Battlelog Web Plugins (x32 Version: 2.1.7)
Bing-Desktop (x32 Version: 1.3.171.0)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485)
CCC Help Czech (x32 Version: 2012.1219.1520.27485)
CCC Help Danish (x32 Version: 2012.1219.1520.27485)
CCC Help Dutch (x32 Version: 2012.1219.1520.27485)
CCC Help English (x32 Version: 2012.1219.1520.27485)
CCC Help Finnish (x32 Version: 2012.1219.1520.27485)
CCC Help French (x32 Version: 2012.1219.1520.27485)
CCC Help German (x32 Version: 2012.1219.1520.27485)
CCC Help Greek (x32 Version: 2012.1219.1520.27485)
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485)
CCC Help Italian (x32 Version: 2012.1219.1520.27485)
CCC Help Japanese (x32 Version: 2012.1219.1520.27485)
CCC Help Korean (x32 Version: 2012.1219.1520.27485)
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485)
CCC Help Polish (x32 Version: 2012.1219.1520.27485)
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485)
CCC Help Russian (x32 Version: 2012.1219.1520.27485)
CCC Help Spanish (x32 Version: 2012.1219.1520.27485)
CCC Help Swedish (x32 Version: 2012.1219.1520.27485)
CCC Help Thai (x32 Version: 2012.1219.1520.27485)
CCC Help Turkish (x32 Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
Counter-Strike: Global Offensive (x32)
D3DX10 (x32 Version: 15.4.2368.0902)
ESET Online Scanner v3 (x32)
ESN Sonar (x32 Version: 0.70.4)
EVEREST Home Edition v2.20 (x32 Version: 2.20)
Fotogalerie (x32 Version: 16.4.3508.0205)
Free Video Flip and Rotate version 2.1.8.717 (x32 Version: 2.1.8.717)
Free YouTube Download version 3.2.8.717 (x32 Version: 3.2.8.717)
Free YouTube to MP3 Converter version 3.12.8.717 (x32 Version: 3.12.8.717)
G Data InternetSecurity 2014 (x32 Version: 24.0.2.1)
iTunes (Version: 11.0.2.26)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Metro: Last Light (x32)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3508.0205)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 17.0.8)
Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Music Editor Free (x32)
neroxml (x32 Version: 1.0.0)
NVIDIA PhysX (x32 Version: 9.12.1031)
Origin (x32 Version: 9.1.13.85)
Photo Common (x32 Version: 16.4.3508.0205)
Photo Gallery (x32 Version: 16.4.3508.0205)
PunkBuster Services (x32 Version: 0.991)
RAR 4.20 (64-Bit) (Version: 4.20.0)
Realtek Ethernet Controller Driver For Windows Vista and Later (x32 Version: 1.00.0009)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6251)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0)
Secunia PSI (3.0.0.7011) (x32 Version: 3.0.0.7011)
Steam (x32 Version: 1.0.0.0)
Tomb Raider (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
VLC media player 2.0.8 (x32 Version: 2.0.8)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)

==================== Restore Points  =========================

09-09-2013 19:47:36 Ende der Bereinigung

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {2CCF47AD-EF12-45C8-B37C-F66843F595B6} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {48372B38-A8B8-4974-B04E-DF276500B327} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {A8EB5811-A1C3-4990-9580-77C332ECB59A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-20] (Adobe Systems Incorporated)
Task: {DD794993-B0B2-48B9-A6A6-05766AF86FA8} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-03-29 17:05 - 2012-06-09 20:20 - 00196096 _____ (Alexander Roshal) E:\Progamme\WinRar\rarext.dll
2013-02-25 05:15 - 2013-02-25 05:15 - 00536016 ____N (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\ShellExt64.dll
2013-02-25 04:57 - 2013-02-25 04:57 - 00305104 ____N (G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeLDR64.dll
2012-12-19 17:16 - 2012-12-19 17:16 - 00327680 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
2012-12-19 17:16 - 2012-12-19 17:16 - 00208896 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
2012-12-19 17:19 - 2012-12-19 17:19 - 00028672 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Dashboard.dll
2013-02-25 04:12 - 2013-02-25 04:12 - 01019344 ____N (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\ObjBrwse.dll
2013-02-25 14:59 - 2013-02-25 14:59 - 01633768 _____ (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Common\AVKRes.dll
2010-11-17 03:52 - 2010-11-17 03:52 - 00096904 _____ (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.dll
2013-02-25 04:57 - 2013-02-25 04:57 - 00264144 ____N (G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeLDR.dll
2013-08-22 17:07 - 2013-08-22 17:07 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-02-25 04:57 - 2013-02-25 04:57 - 00266192 ____N (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\Banksafe.dll
2013-05-06 18:29 - 2013-09-06 22:55 - 00288680 _____ (Valve Corporation) E:\Progamme\Steam\crashhandler.dll
2013-03-28 14:26 - 2013-07-16 00:32 - 02895272 _____ (Valve Corporation) E:\Progamme\Steam\steam.dll
2013-04-19 13:10 - 2013-09-06 22:55 - 10659752 _____ (Valve Corporation) E:\Progamme\Steam\steamui.dll
2013-03-25 14:23 - 2013-08-22 00:18 - 00687104 _____ () E:\Progamme\Steam\SDL2.dll
2013-04-19 13:10 - 2013-09-06 22:55 - 00263080 _____ (Valve Corporation) E:\Progamme\Steam\tier0_s.dll
2013-04-19 13:10 - 2013-09-06 22:56 - 00236456 _____ (Valve Corporation) E:\Progamme\Steam\vstdlib_s.dll
2010-03-10 09:08 - 2013-06-15 01:49 - 01039192 _____ (Microsoft Corporation) E:\Progamme\Steam\DbgHelp.dll
2010-03-10 09:08 - 2013-06-15 01:49 - 00122864 _____ (Valve) E:\Progamme\Steam\CSERHelper.dll
2013-05-07 16:19 - 2013-09-06 22:55 - 00169384 _____ (Valve Corporation) E:\Progamme\Steam\bin\filesystem_stdio.DLL
2013-04-19 13:10 - 2013-09-06 22:55 - 00694696 _____ (Valve Corporation) E:\Progamme\Steam\bin\vgui2_s.DLL
2013-04-19 13:10 - 2013-09-06 22:55 - 01120680 _____ () E:\Progamme\Steam\bin\chromehtml.DLL
2013-03-26 16:16 - 2013-08-07 21:31 - 20625832 _____ () E:\Progamme\Steam\bin\libcef.dll
2012-09-07 15:37 - 2013-06-15 01:49 - 09955112 _____ (The ICU Project) E:\Progamme\Steam\bin\icudt.dll
2012-12-11 09:51 - 2013-06-15 01:49 - 01100800 _____ () E:\Progamme\Steam\bin\avcodec-53.dll
2012-12-11 09:51 - 2013-06-15 01:49 - 00124416 _____ () E:\Progamme\Steam\bin\avutil-51.dll
2012-12-11 09:51 - 2013-06-15 01:49 - 00192000 _____ () E:\Progamme\Steam\bin\avformat-53.dll
2013-04-19 13:10 - 2013-09-06 22:55 - 07751080 _____ (Valve Corporation) E:\Progamme\Steam\steamclient.dll
2013-04-19 13:10 - 2013-09-06 22:55 - 02449832 _____ (Valve Corporation) e:\progamme\steam\bin\friendsui.DLL
2013-04-19 13:10 - 2013-09-06 22:55 - 01804712 _____ (Valve Corporation) e:\progamme\steam\bin\serverbrowser.DLL
2013-08-22 16:36 - 2011-06-01 10:16 - 00496976 _____ (vbAccelerator) C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
2013-08-22 16:36 - 2012-05-22 17:05 - 00046416 _____ (vbAccelerator) C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll

==================== Alternate Data Streams (whitelisted) ==========



==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/10/2013 10:57:29 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Adobe Reader X (10.1.0) - Deutsch -- Setup hat eine funktionsreichere Produktversion auf Ihrem System gefunden. Setup wird jetzt beendet.

Error: (09/10/2013 10:57:03 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2013 10:52:21 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Adobe Reader X (10.1.0) - Deutsch -- Setup hat eine funktionsreichere Produktversion auf Ihrem System gefunden. Setup wird jetzt beendet.

Error: (09/09/2013 08:31:08 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/09/2013 07:23:44 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (09/09/2013 06:57:29 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (09/09/2013 05:18:53 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/09/2013 05:18:51 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/09/2013 05:18:50 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/09/2013 05:09:08 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Adobe Reader X (10.1.0) - Deutsch -- Setup hat eine funktionsreichere Produktversion auf Ihrem System gefunden. Setup wird jetzt beendet.


System errors:
=============
Error: (09/10/2013 11:01:30 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (09/10/2013 11:01:30 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (09/09/2013 04:04:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Lavalys EVEREST Kernel Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error: (09/09/2013 04:04:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Lavalys EVEREST Kernel Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error: (08/23/2013 06:17:46 PM) (Source: BROWSER) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{6F9372A6-4D9B-41DC-B488-09D8D64B6803}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.

Error: (08/17/2013 01:26:07 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (08/15/2013 01:49:11 AM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error: (08/15/2013 01:49:11 AM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error: (08/15/2013 01:49:11 AM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error: (08/15/2013 01:49:11 AM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-09-09 16:04:27.849
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Nightmare\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-09 16:04:27.833
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Nightmare\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-09 16:04:27.755
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Progamme\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-09 16:04:27.740
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Progamme\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 30%
Total physical RAM: 8173.21 MB
Available physical RAM: 5720 MB
Total Pagefile: 16344.61 MB
Available Pagefile: 13196.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (Samsung SSD BOOT Device) (Fixed) (Total:111.79 GB) (Free:21.39 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (DATA 2 TB) (Fixed) (Total:1862.92 GB) (Free:1701.25 GB) NTFS
Drive g: (INTENSO 32) (Removable) (Total:29.28 GB) (Free:24.72 GB) FAT32
Drive h: (DATA BASE) (Fixed) (Total:931.28 GB) (Free:360.87 GB) FAT32
Drive k: (Elements) (Fixed) (Total:1397.26 GB) (Free:304.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 7BE1F435)
Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 11BB29FA)
Partition 1: (Not Active) - (Size=-198731276288) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: F2E0AD49)
Partition 1: (Active) - (Size=932 GB) - (Type=0C)

========================================================
Disk: 3 (Size: 29 GB) (Disk ID: BB8D4FEE)
Partition 1: (Not Active) - (Size=29 GB) - (Type=0C)

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 1397 GB) (Disk ID: 000CF721)
Partition 1: (Not Active) - (Size=-698724909056) - (Type=07 NTFS)

==================== End Of Log ============================
Gruß
David

aharonov 10.09.2013 11:14
Ok, bitte so weiter:

  • Doppelklicke auf die SystemLook_x64.exe, um das Tool noch einmal zu starten.
    Vista und Win7 User: Rechtsklick und "als Administrator starten".
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    :filefind
    *protector*

    :folderfind
    *protector*

    :reg
    HKEY_CURRENT_USER\Software\Protector /sub
    HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Protector /sub

    :regfind
    protector
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen. Poste diese in deinen Thread.
  • Das Log-File wird auch auf dem Desktop als SystemLook.txt gespeichert.

Nightmare199 10.09.2013 11:22
:kaffee:

Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 12:21 on 10/09/2013 by Nightmare
Administrator - Elevation successful

========== filefind ==========

Searching for "*protector*"
No files found.

========== folderfind ==========

Searching for "*protector*"
No folders found.

========== reg ==========

[HKEY_CURRENT_USER\Software\Protector]
"IgnoreFirefox"="0"
"IgnoreChrome"="0"
"IgnoreIE"="0"
"InstallTimestamp"="1370805722"
"CheckCounter"="55"
"UserHomepage Firefox"="about:home"
"UserSearch Firefox"="www.google.com"
"UserHomepage Internet Explorer"="g.live.com"
"UserSearch Internet Explorer"="search.fbdownloader.com"

[HKEY_CURRENT_USER\Software\Protector\Revert]
"FirefoxPrefsFile"="C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\prefs.js"
"FirefoxOldPrefs"="user_pref("browser.search.defaulturl", "hxxp://search.fbdownloader.com/search.php?channel=sfde206&q=");
user_pref("browser.startup.homepage_override.buildID", "20130814063812");
user_pref("browser.startup.homepage_override.mstone", "23.0.1");
"
"FirefoxChangedPrefs"="browser.startup.homepage,browser.search.selectedEngine,browser.search.defaultenginename,browser.search.defaulturl,keyword.URL,keyword.enabled,"
"FirefoxSearchDBFile"="C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\search.sqlite"
"ChromeWebDataFile"="C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Web Data"
"ChromeSearchID"="10"
"ChromePrefsFile"="C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Preferences"
"ChromeOldPrefs"=",
"homepage": "about:home",
"homepage_is_newtabpage": true,
"homepage": "http:\/\/search.fbdownloader.com\/?channel=sfde206",
"homepage_is_newtabpage": false,
"default_search_provider": {"search_url":"http:\/\/search.fbdownloader.com\/search.php?channel=sfde206&q={searchTerms}","encodings":"UTF-8","id":"10","keyword":"Search","suggest_url":null,"name":"Search","icon_url":"http:\/\/search.fbdownloader.com\/search.ico","enabled":true,"prepopulate_id":0,"instant_url":null},
"session": {"urls_to_restore_on_startup":["http:\/\/search.fbdownloader.com\/?channel=sfde206"],"restore_on_startup_migrated":true,"restore_on_startup":4},
"_null": null"
"IEDefaultScope"="{95B7759C-8C7F-4BF1-B163-73684A933233}"
"IEStartPage"="hxxp://search.fbdownloader.com/?channel=sfde206"


[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Protector]
"IgnoreFirefox"="0"
"IgnoreChrome"="0"
"IgnoreIE"="0"
"InstallTimestamp"="1370805722"
"CheckCounter"="55"
"UserHomepage Firefox"="about:home"
"UserSearch Firefox"="www.google.com"
"UserHomepage Internet Explorer"="g.live.com"
"UserSearch Internet Explorer"="search.fbdownloader.com"

[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Protector\Revert]
"FirefoxPrefsFile"="C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\prefs.js"
"FirefoxOldPrefs"="user_pref("browser.search.defaulturl", "hxxp://search.fbdownloader.com/search.php?channel=sfde206&q=");
user_pref("browser.startup.homepage_override.buildID", "20130814063812");
user_pref("browser.startup.homepage_override.mstone", "23.0.1");
"
"FirefoxChangedPrefs"="browser.startup.homepage,browser.search.selectedEngine,browser.search.defaultenginename,browser.search.defaulturl,keyword.URL,keyword.enabled,"
"FirefoxSearchDBFile"="C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\search.sqlite"
"ChromeWebDataFile"="C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Web Data"
"ChromeSearchID"="10"
"ChromePrefsFile"="C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Preferences"
"ChromeOldPrefs"=",
"homepage": "about:home",
"homepage_is_newtabpage": true,
"homepage": "http:\/\/search.fbdownloader.com\/?channel=sfde206",
"homepage_is_newtabpage": false,
"default_search_provider": {"search_url":"http:\/\/search.fbdownloader.com\/search.php?channel=sfde206&q={searchTerms}","encodings":"UTF-8","id":"10","keyword":"Search","suggest_url":null,"name":"Search","icon_url":"http:\/\/search.fbdownloader.com\/search.ico","enabled":true,"prepopulate_id":0,"instant_url":null},
"session": {"urls_to_restore_on_startup":["http:\/\/search.fbdownloader.com\/?channel=sfde206"],"restore_on_startup_migrated":true,"restore_on_startup":4},
"_null": null"
"IEDefaultScope"="{95B7759C-8C7F-4BF1-B163-73684A933233}"
"IEStartPage"="hxxp://search.fbdownloader.com/?channel=sfde206"


========== regfind ==========

Searching for "protector"
[HKEY_CURRENT_USER\Software\Protector]
[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Protector]

-= EOF =-

aharonov 10.09.2013 11:30
So, mach bitte diesen Fix, starte den Rechner neu auf und teile mir mit, ob dieses Mistding wieder zurückgekommen ist oder nicht.


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
REG: reg delete "HKCU\Software\Protector" /f
REG: reg delete "HKU\S-1-5-21-4084385078-297486338-322519695-1001\Software\Protector" /f
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.fbdownloader.com/?channel=sfde206
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}
FF DefaultSearchEngine: Search
FF SearchPlugin: C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\searchplugins\search.xml
FF SelectedSearchEngine: Search
FF Homepage: hxxp://search.fbdownloader.com/?channel=sfde206
FF Keyword.URL: hxxp://search.fbdownloader.com/search.php?channel=sfde206&q=

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Nightmare199 10.09.2013 11:44
Hi,

also für den Moment siehts gut aus :daumenhoc

hier der Log:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-09-2013 01
Ran by Nightmare at 2013-09-10 12:40:54 Run:1
Running from E:\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
REG: reg delete "HKCU\Software\Protector" /f
REG: reg delete "HKU\S-1-5-21-4084385078-297486338-322519695-1001\Software\Protector" /f
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.fbdownloader.com/?channel=sfde206
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}
FF DefaultSearchEngine: Search
FF SearchPlugin: C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\searchplugins\search.xml
FF SelectedSearchEngine: Search
FF Homepage: hxxp://search.fbdownloader.com/?channel=sfde206
FF Keyword.URL: hxxp://search.fbdownloader.com/search.php?channel=sfde206&q=
       
*****************


========= reg delete "HKCU\Software\Protector" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKU\S-1-5-21-4084385078-297486338-322519695-1001\Software\Protector" /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
Firefox DefaultSearchEngine deleted successfully.
C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\searchplugins\search.xml => Moved successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.

==== End of Fixlog ====
Gruß
David

aharonov 10.09.2013 11:47
Ok, und sonst melde dich einfach wieder. Das kriegen wir schon klein. :aarr:


Downloade dir bitte delfix auf deinen Desktop.
  • Schliesse alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.
  • DelFix entfernt u.a. alle von uns verwendeten Programme und löscht sich anschliessend selbst.
    Sollte denoch etwas übrig bleiben, kannst du es manuell löschen.

Nightmare199 10.09.2013 11:52
Hi Leo,

also sieht immer noch gut aus, Cleanup is durch :daumenhoc

Nochmals Danke für die schnelle und fundierte Hilfe!

Hier noch das Log:

Code:
# DelFix v10.4 - Datei am 10/09/2013 um 12:49:21 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Benutzer : Nightmare - NIGHTMARE-NB
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Aktiviere die Benutzerkontensteuerung ... OK

~ Entferne die Bereinigungsprogramme ...

Gelöscht : C:\FRST
Gelöscht : C:\Users\Nightmare\Desktop\Fixlog.txt

~ Erstelle ein Backup der Registrierungsdatenbank ... OK

~ Lösche die Wiederherstellungspunkte ...

Gelöscht : RP #92 [Ende der Bereinigung | 09/09/2013 19:47:36]

Ein neuer Wiederherstellungspunkt wurde erstellt !

~ Stelle die Systemeinstellungen wieder her ... OK

########## - EOF - ##########
Falls er wieder auftaucht meld ich mich per PN! :dankeschoen:

Gruß David

aharonov 10.09.2013 11:55
Genau, PM wenn wieder etwas ist. :)


Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.

Nightmare199 10.09.2013 12:17
Liste der Anhänge anzeigen (Anzahl: 1)
und schon wieder da....

Siehe Screenshot im Anhang.

bzw. Logfile:


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013 01
Ran by Nightmare (administrator) on NIGHTMARE-NB on 10-09-2013 13:13:58
Running from E:\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) E:\Progamme\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
MountPoints2: {ccc2de30-abfb-11e2-8d12-f46d04ed66de} - I:\LaunchU3.exe -a
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [GDFirewallTray] - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1854928 2013-03-22] (G Data Software AG)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [G Data AntiVirus Tray] - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe [1444304 2013-03-22] (G Data Software AG)
HKLM-x32\...\Run: [G Data ASM] - C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [472016 2013-02-25] (G Data Software AG)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.fbdownloader.com/?channel=sfde206
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {5C54CC0F-5F8D-475F-855B-11CDCDF6B2DC} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {2B296690-1DB5-4923-A71A-09AE504D4D20} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default
FF Homepage: hxxp://search.fbdownloader.com/?channel=sfde206
FF SelectedSearchEngine: Search
FF DefaultSearchEngine: Search
FF Keyword.URL: hxxp://search.fbdownloader.com/search.php?channel=sfde206&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - E:\Progamme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - E:\Progamme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\searchplugins\search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Docs) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1957840 2013-03-22] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [635344 2013-02-25] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2249944 2013-02-25] (G Data Software AG)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2926672 2013-03-22] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [696808 2013-02-25] (G Data Software AG)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-05-09] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)

==================== Drivers (Whitelisted) ====================

R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [60248 2013-05-26] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [133976 2013-05-26] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [62808 2013-05-26] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64856 2013-05-26] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [107128 2013-05-27] (G Data Software)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [107128 2013-05-27] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [64856 2013-05-26] (G Data Software AG)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 XENfiltv; C:\Windows\System32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-10 12:40 - 2013-09-10 12:40 - 00000874 _____ C:\Users\Nightmare\Desktop\Fixlist.txt
2013-09-10 10:59 - 2013-09-10 11:01 - 06256902 _____ C:\Users\Nightmare\Desktop\Neue Bitmap.bmp
2013-09-09 21:47 - 2013-09-10 12:49 - 00000685 _____ C:\DelFix.txt
2013-09-09 21:47 - 2013-09-09 21:47 - 00000000 ____D C:\Windows\ERUNT
2013-09-09 17:46 - 2013-09-09 20:38 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-09-09 17:18 - 2013-09-09 17:18 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-09 17:12 - 2013-09-09 17:13 - 06293046 _____ C:\Users\Nightmare\Desktop\Screenshot alte Firefox Daten.bmp
2013-09-09 16:04 - 2013-09-09 16:04 - 00000655 _____ C:\Users\Nightmare\Desktop\EVEREST Home Edition.lnk
2013-09-09 15:56 - 2013-09-09 15:56 - 00002131 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2013-09-09 15:56 - 2013-09-09 15:56 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Thunderbird
2013-09-09 15:56 - 2013-09-09 15:56 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Thunderbird
2013-09-09 15:56 - 2013-09-09 15:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-09-09 15:55 - 2013-09-09 15:56 - 06259734 _____ C:\Users\Nightmare\Desktop\screenshot.bmp
2013-08-23 21:03 - 2013-08-23 21:03 - 00000000 ____D C:\Users\Nightmare\Desktop\Riot Games
2013-08-22 17:47 - 2013-08-22 17:47 - 00259782 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-08-22 17:36 - 2013-08-22 17:36 - 00000614 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-08-22 17:27 - 2013-08-23 18:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-22 17:27 - 2013-08-23 18:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-22 17:27 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-08-22 17:27 - 2012-08-23 16:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2013-08-22 17:27 - 2012-08-23 16:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-08-22 17:27 - 2012-08-23 15:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-08-22 17:27 - 2012-08-23 15:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-08-22 17:27 - 2012-08-23 15:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-08-22 17:26 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-08-22 17:26 - 2012-08-23 15:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-08-22 17:26 - 2012-08-23 15:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-08-22 17:26 - 2012-08-23 15:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-08-22 17:26 - 2012-08-23 15:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-08-22 17:26 - 2012-08-23 15:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-08-22 17:26 - 2012-08-23 15:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-08-22 17:26 - 2012-08-23 14:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-08-22 17:26 - 2012-08-23 13:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-08-22 17:26 - 2012-08-23 13:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-08-22 17:26 - 2012-08-23 13:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-08-22 17:26 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-08-22 17:26 - 2012-08-23 12:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-08-22 17:26 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-08-22 17:26 - 2012-08-23 12:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-08-22 17:26 - 2012-08-23 12:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-08-22 17:26 - 2012-08-23 11:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-22 17:26 - 2012-08-23 10:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-08-22 17:26 - 2012-08-23 10:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-08-22 17:24 - 2012-08-24 20:13 - 00154480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-08-22 17:24 - 2012-08-24 20:09 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-08-22 17:24 - 2012-08-24 20:05 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-08-22 17:24 - 2012-08-24 20:03 - 01448448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-08-22 17:24 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-08-22 17:24 - 2012-08-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-08-22 17:24 - 2012-08-24 18:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-08-22 17:24 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-08-22 17:24 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-08-22 17:14 - 2013-08-22 17:14 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Secunia PSI
2013-08-22 17:14 - 2013-08-22 17:14 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-08-22 17:13 - 2013-08-22 17:13 - 03272136 _____ (Secunia) C:\Users\Nightmare\Desktop\PSISetup711.exe
2013-08-22 17:07 - 2013-08-22 17:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-22 17:02 - 2013-09-09 17:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-22 17:02 - 2013-08-22 17:02 - 00001186 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-22 17:02 - 2013-08-22 17:02 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Mozilla
2013-08-22 16:52 - 2013-08-22 16:52 - 00014086 _____ C:\Users\Nightmare\Desktop\bookmarks-2013-08-22.json
2013-08-22 16:47 - 2013-08-22 16:47 - 00000000 ____D C:\Users\Nightmare\AppData\Local\G DATA
2013-08-22 16:36 - 2013-08-22 16:36 - 00001160 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-22 16:36 - 2013-08-22 16:36 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Malwarebytes
2013-08-22 16:36 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-22 16:36 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-22 16:36 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-22 16:35 - 2013-08-22 16:36 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Nightmare\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-21 21:52 - 2013-08-23 21:08 - 00000000 ____D C:\AdwCleaner
2013-08-19 14:56 - 2013-08-19 16:05 - 00017125 _____ C:\Users\Nightmare\Desktop\box layout.xlsx
2013-08-14 16:29 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 16:29 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 16:29 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 16:29 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 16:29 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 16:29 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 16:29 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 16:29 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 16:29 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 16:29 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 16:29 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 16:29 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 15:46 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 15:46 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 15:46 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 15:46 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 15:46 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 15:46 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 15:46 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 15:46 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 15:46 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 15:46 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 15:46 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 15:46 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 15:46 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 15:46 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 15:46 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 15:46 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 15:46 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 15:46 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 15:46 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 15:46 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 15:46 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 15:46 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 15:46 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 15:46 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 15:46 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 15:46 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 15:46 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-10 13:13 - 2013-09-10 13:13 - 00000000 ____D C:\FRST
2013-09-10 13:10 - 2013-03-25 15:43 - 01509375 _____ C:\Windows\WindowsUpdate.log
2013-09-10 13:09 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-10 13:09 - 2009-07-14 06:51 - 00085456 _____ C:\Windows\setupact.log
2013-09-10 13:08 - 2013-03-25 16:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-10 12:49 - 2013-09-09 21:47 - 00000685 _____ C:\DelFix.txt
2013-09-10 12:49 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-10 12:49 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-10 12:48 - 2010-11-21 08:50 - 00698688 _____ C:\Windows\system32\perfh007.dat
2013-09-10 12:48 - 2010-11-21 08:50 - 00148828 _____ C:\Windows\system32\perfc007.dat
2013-09-10 12:48 - 2009-07-14 07:13 - 01618320 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-10 12:40 - 2013-09-10 12:40 - 00000874 _____ C:\Users\Nightmare\Desktop\Fixlist.txt
2013-09-10 11:01 - 2013-09-10 10:59 - 06256902 _____ C:\Users\Nightmare\Desktop\Neue Bitmap.bmp
2013-09-09 21:47 - 2013-09-09 21:47 - 00000000 ____D C:\Windows\ERUNT
2013-09-09 20:38 - 2013-09-09 17:46 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-09-09 20:38 - 2013-05-07 17:47 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-09-09 20:37 - 2013-05-02 23:06 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-09-09 17:18 - 2013-09-09 17:18 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-09 17:13 - 2013-09-09 17:12 - 06293046 _____ C:\Users\Nightmare\Desktop\Screenshot alte Firefox Daten.bmp
2013-09-09 17:05 - 2013-08-22 17:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-09 16:04 - 2013-09-09 16:04 - 00000655 _____ C:\Users\Nightmare\Desktop\EVEREST Home Edition.lnk
2013-09-09 15:56 - 2013-09-09 15:56 - 00002131 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2013-09-09 15:56 - 2013-09-09 15:56 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Thunderbird
2013-09-09 15:56 - 2013-09-09 15:56 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Thunderbird
2013-09-09 15:56 - 2013-09-09 15:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-09-09 15:56 - 2013-09-09 15:55 - 06259734 _____ C:\Users\Nightmare\Desktop\screenshot.bmp
2013-08-23 21:08 - 2013-08-21 21:52 - 00000000 ____D C:\AdwCleaner
2013-08-23 21:03 - 2013-08-23 21:03 - 00000000 ____D C:\Users\Nightmare\Desktop\Riot Games
2013-08-23 18:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-23 18:01 - 2013-08-22 17:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-23 18:01 - 2013-08-22 17:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-22 17:47 - 2013-08-22 17:47 - 00259782 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-08-22 17:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-08-22 17:36 - 2013-08-22 17:36 - 00000614 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-08-22 17:17 - 2013-04-01 03:00 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-08-22 17:14 - 2013-08-22 17:14 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Secunia PSI
2013-08-22 17:14 - 2013-08-22 17:14 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-08-22 17:13 - 2013-08-22 17:13 - 03272136 _____ (Secunia) C:\Users\Nightmare\Desktop\PSISetup711.exe
2013-08-22 17:07 - 2013-08-22 17:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-22 17:02 - 2013-08-22 17:02 - 00001186 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-22 17:02 - 2013-08-22 17:02 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Mozilla
2013-08-22 16:54 - 2010-11-21 05:47 - 00335666 _____ C:\Windows\PFRO.log
2013-08-22 16:52 - 2013-08-22 16:52 - 00014086 _____ C:\Users\Nightmare\Desktop\bookmarks-2013-08-22.json
2013-08-22 16:47 - 2013-08-22 16:47 - 00000000 ____D C:\Users\Nightmare\AppData\Local\G DATA
2013-08-22 16:36 - 2013-08-22 16:36 - 00001160 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-22 16:36 - 2013-08-22 16:36 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Malwarebytes
2013-08-22 16:36 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-22 16:36 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-22 16:36 - 2013-08-22 16:35 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Nightmare\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-20 23:09 - 2013-03-25 16:39 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-20 23:08 - 2013-03-25 16:39 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 23:08 - 2013-03-25 16:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-19 16:05 - 2013-08-19 14:56 - 00017125 _____ C:\Users\Nightmare\Desktop\box layout.xlsx
2013-08-18 21:14 - 2013-03-25 15:46 - 00000000 ____D C:\Users\Nightmare\AppData\Local\VirtualStore
2013-08-16 18:46 - 2013-06-18 02:18 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Windows Live
2013-08-15 19:28 - 2013-06-19 17:17 - 00000000 ____D C:\Users\Nightmare\Desktop\Spiele Verknüfungen
2013-08-15 19:27 - 2013-03-25 16:34 - 00000000 ____D C:\Users\Nightmare\Desktop\Programme
2013-08-15 19:26 - 2013-07-22 16:56 - 00000000 ____D C:\Users\Nightmare\Desktop\Artur Film & Trailer
2013-08-14 16:28 - 2013-08-06 01:30 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 16:28 - 2013-04-10 19:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-14 16:27 - 2013-03-29 11:27 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\Users\Nightmare\AppData\Local\Temp\bi_cleaner.exe
C:\Users\Nightmare\AppData\Local\Temp\ose00000.exe
C:\Users\Nightmare\AppData\Local\Temp\Quarantine.exe
C:\Users\Nightmare\AppData\Local\Temp\sonarinst.exe
C:\Users\Nightmare\AppData\Local\Temp\uninst1.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-23 18:32

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


Addition:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-09-2013 01
Ran by Nightmare at 2013-09-10 13:14:15
Running from E:\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Avidemux 2.6 (32-bit) (x32 Version: 2.6.4.8696)
Battlefield 3™ (x32 Version: 1.6.0.0)
Battlelog Web Plugins (x32 Version: 2.1.7)
Bing-Desktop (x32 Version: 1.3.171.0)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485)
CCC Help Czech (x32 Version: 2012.1219.1520.27485)
CCC Help Danish (x32 Version: 2012.1219.1520.27485)
CCC Help Dutch (x32 Version: 2012.1219.1520.27485)
CCC Help English (x32 Version: 2012.1219.1520.27485)
CCC Help Finnish (x32 Version: 2012.1219.1520.27485)
CCC Help French (x32 Version: 2012.1219.1520.27485)
CCC Help German (x32 Version: 2012.1219.1520.27485)
CCC Help Greek (x32 Version: 2012.1219.1520.27485)
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485)
CCC Help Italian (x32 Version: 2012.1219.1520.27485)
CCC Help Japanese (x32 Version: 2012.1219.1520.27485)
CCC Help Korean (x32 Version: 2012.1219.1520.27485)
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485)
CCC Help Polish (x32 Version: 2012.1219.1520.27485)
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485)
CCC Help Russian (x32 Version: 2012.1219.1520.27485)
CCC Help Spanish (x32 Version: 2012.1219.1520.27485)
CCC Help Swedish (x32 Version: 2012.1219.1520.27485)
CCC Help Thai (x32 Version: 2012.1219.1520.27485)
CCC Help Turkish (x32 Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
Counter-Strike: Global Offensive (x32)
D3DX10 (x32 Version: 15.4.2368.0902)
ESET Online Scanner v3 (x32)
ESN Sonar (x32 Version: 0.70.4)
EVEREST Home Edition v2.20 (x32 Version: 2.20)
Fotogalerie (x32 Version: 16.4.3508.0205)
Free Video Flip and Rotate version 2.1.8.717 (x32 Version: 2.1.8.717)
Free YouTube Download version 3.2.8.717 (x32 Version: 3.2.8.717)
Free YouTube to MP3 Converter version 3.12.8.717 (x32 Version: 3.12.8.717)
G Data InternetSecurity 2014 (x32 Version: 24.0.2.1)
iTunes (Version: 11.0.2.26)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Metro: Last Light (x32)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3508.0205)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 17.0.8)
Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Music Editor Free (x32)
neroxml (x32 Version: 1.0.0)
NVIDIA PhysX (x32 Version: 9.12.1031)
Origin (x32 Version: 9.1.13.85)
Photo Common (x32 Version: 16.4.3508.0205)
Photo Gallery (x32 Version: 16.4.3508.0205)
PunkBuster Services (x32 Version: 0.991)
RAR 4.20 (64-Bit) (Version: 4.20.0)
Realtek Ethernet Controller Driver For Windows Vista and Later (x32 Version: 1.00.0009)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6251)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0)
Secunia PSI (3.0.0.7011) (x32 Version: 3.0.0.7011)
Steam (x32 Version: 1.0.0.0)
Tomb Raider (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
VLC media player 2.0.8 (x32 Version: 2.0.8)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)

==================== Restore Points  =========================

10-09-2013 10:49:23 Ende der Bereinigung

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {2CCF47AD-EF12-45C8-B37C-F66843F595B6} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {A0C52115-95CD-404B-A750-4B0D702CAD90} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {A8EB5811-A1C3-4990-9580-77C332ECB59A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-20] (Adobe Systems Incorporated)
Task: {DD794993-B0B2-48B9-A6A6-05766AF86FA8} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-03-29 17:05 - 2012-06-09 20:20 - 00196096 _____ (Alexander Roshal) E:\Progamme\WinRar\rarext.dll
2013-02-25 05:15 - 2013-02-25 05:15 - 00536016 ____N (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\ShellExt64.dll
2013-02-25 04:57 - 2013-02-25 04:57 - 00305104 ____N (G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeLDR64.dll
2012-12-19 17:16 - 2012-12-19 17:16 - 00327680 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
2012-12-19 17:16 - 2012-12-19 17:16 - 00208896 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
2012-12-19 17:19 - 2012-12-19 17:19 - 00028672 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Dashboard.dll
2013-02-25 04:12 - 2013-02-25 04:12 - 01019344 ____N (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\ObjBrwse.dll
2013-02-25 14:59 - 2013-02-25 14:59 - 01633768 _____ (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Common\AVKRes.dll
2010-11-17 03:52 - 2010-11-17 03:52 - 00096904 _____ (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.dll
2013-02-25 04:57 - 2013-02-25 04:57 - 00264144 ____N (G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeLDR.dll
2013-08-22 17:07 - 2013-08-22 17:07 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-02-25 04:57 - 2013-02-25 04:57 - 00266192 ____N (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\Banksafe.dll
2013-05-06 18:29 - 2013-09-06 22:55 - 00288680 _____ (Valve Corporation) E:\Progamme\Steam\crashhandler.dll
2013-03-28 14:26 - 2013-07-16 00:32 - 02895272 _____ (Valve Corporation) E:\Progamme\Steam\steam.dll
2013-04-19 13:10 - 2013-09-06 22:55 - 10659752 _____ (Valve Corporation) E:\Progamme\Steam\steamui.dll
2013-03-25 14:23 - 2013-08-22 00:18 - 00687104 _____ () E:\Progamme\Steam\SDL2.dll
2013-04-19 13:10 - 2013-09-06 22:55 - 00263080 _____ (Valve Corporation) E:\Progamme\Steam\tier0_s.dll
2013-04-19 13:10 - 2013-09-06 22:56 - 00236456 _____ (Valve Corporation) E:\Progamme\Steam\vstdlib_s.dll
2010-03-10 09:08 - 2013-06-15 01:49 - 01039192 _____ (Microsoft Corporation) E:\Progamme\Steam\DbgHelp.dll
2010-03-10 09:08 - 2013-06-15 01:49 - 00122864 _____ (Valve) E:\Progamme\Steam\CSERHelper.dll
2013-05-07 16:19 - 2013-09-06 22:55 - 00169384 _____ (Valve Corporation) E:\Progamme\Steam\bin\filesystem_stdio.DLL
2013-04-19 13:10 - 2013-09-06 22:55 - 00694696 _____ (Valve Corporation) E:\Progamme\Steam\bin\vgui2_s.DLL
2013-04-19 13:10 - 2013-09-06 22:55 - 01120680 _____ () E:\Progamme\Steam\bin\chromehtml.DLL
2013-03-26 16:16 - 2013-08-07 21:31 - 20625832 _____ () E:\Progamme\Steam\bin\libcef.dll
2012-09-07 15:37 - 2013-06-15 01:49 - 09955112 _____ (The ICU Project) E:\Progamme\Steam\bin\icudt.dll
2012-12-11 09:51 - 2013-06-15 01:49 - 01100800 _____ () E:\Progamme\Steam\bin\avcodec-53.dll
2012-12-11 09:51 - 2013-06-15 01:49 - 00124416 _____ () E:\Progamme\Steam\bin\avutil-51.dll
2012-12-11 09:51 - 2013-06-15 01:49 - 00192000 _____ () E:\Progamme\Steam\bin\avformat-53.dll
2013-04-19 13:10 - 2013-09-06 22:55 - 07751080 _____ (Valve Corporation) E:\Progamme\Steam\steamclient.dll
2013-04-19 13:10 - 2013-09-06 22:55 - 02449832 _____ (Valve Corporation) e:\progamme\steam\bin\friendsui.DLL
2013-04-19 13:10 - 2013-09-06 22:55 - 01804712 _____ (Valve Corporation) e:\progamme\steam\bin\serverbrowser.DLL

==================== Alternate Data Streams (whitelisted) ==========



==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/10/2013 01:13:08 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Adobe Reader X (10.1.0) - Deutsch -- Setup hat eine funktionsreichere Produktversion auf Ihrem System gefunden. Setup wird jetzt beendet.

Error: (09/10/2013 01:11:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2013 00:45:32 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Adobe Reader X (10.1.0) - Deutsch -- Setup hat eine funktionsreichere Produktversion auf Ihrem System gefunden. Setup wird jetzt beendet.

Error: (09/10/2013 00:44:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2013 00:40:38 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/10/2013 10:57:29 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Adobe Reader X (10.1.0) - Deutsch -- Setup hat eine funktionsreichere Produktversion auf Ihrem System gefunden. Setup wird jetzt beendet.

Error: (09/10/2013 10:57:03 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2013 10:52:21 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Adobe Reader X (10.1.0) - Deutsch -- Setup hat eine funktionsreichere Produktversion auf Ihrem System gefunden. Setup wird jetzt beendet.

Error: (09/09/2013 08:31:08 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/09/2013 07:23:44 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005


System errors:
=============
Error: (09/10/2013 11:01:30 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (09/10/2013 11:01:30 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (09/09/2013 04:04:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Lavalys EVEREST Kernel Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error: (09/09/2013 04:04:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Lavalys EVEREST Kernel Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error: (08/23/2013 06:17:46 PM) (Source: BROWSER) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{6F9372A6-4D9B-41DC-B488-09D8D64B6803}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.

Error: (08/17/2013 01:26:07 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (08/15/2013 01:49:11 AM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error: (08/15/2013 01:49:11 AM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error: (08/15/2013 01:49:11 AM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error: (08/15/2013 01:49:11 AM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-09-09 16:04:27.849
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Nightmare\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-09 16:04:27.833
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Nightmare\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-09 16:04:27.755
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Progamme\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-09 16:04:27.740
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Progamme\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 31%
Total physical RAM: 8173.21 MB
Available physical RAM: 5559.2 MB
Total Pagefile: 16344.61 MB
Available Pagefile: 13270.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Samsung SSD BOOT Device) (Fixed) (Total:111.79 GB) (Free:21.28 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (DATA 2 TB) (Fixed) (Total:1862.92 GB) (Free:1701.25 GB) NTFS
Drive g: (INTENSO 32) (Removable) (Total:29.28 GB) (Free:24.72 GB) FAT32
Drive h: (DATA BASE) (Fixed) (Total:931.28 GB) (Free:360.87 GB) FAT32
Drive k: (Elements) (Fixed) (Total:1397.26 GB) (Free:304.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 7BE1F435)
Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 11BB29FA)
Partition 1: (Not Active) - (Size=-198731276288) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: F2E0AD49)
Partition 1: (Active) - (Size=932 GB) - (Type=0C)

========================================================
Disk: 3 (Size: 29 GB) (Disk ID: BB8D4FEE)
Partition 1: (Not Active) - (Size=29 GB) - (Type=0C)

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 1397 GB) (Disk ID: 000CF721)
Partition 1: (Not Active) - (Size=-698724909056) - (Type=07 NTFS)

==================== End Of Log ============================
:headbang:
Gruß
David

aharonov 10.09.2013 13:51
Das ist doch zum :killpc:

Ich bin dem offenbar noch nicht auf die Schliche gekommen, der das immer wiederherstellt.


Lade SystemLook (von jpshortstuff) herunter und speichere das Tool auf dem Desktop.
  • Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
    Vista und Win7 User: Rechtsklick und "als Administrator starten".
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    :filefind
    *protector*
    *fbdownloader*

    :folderfind
    *protector*
    *fbdownloader*

    :reg
    HKEY_CURRENT_USER\Software\Protector /sub
    HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Protector /sub

    :regfind
    protector
    fbdownloader
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen. Poste diese in deinen Thread.
  • Das Log-File wird auch auf dem Desktop als SystemLook.txt gespeichert.

Nightmare199 10.09.2013 13:59
:plol: :snyper:

Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 14:54 on 10/09/2013 by Nightmare
Administrator - Elevation successful

========== filefind ==========

Searching for "*protector*"
No files found.

Searching for "*fbdownloader*"
No files found.

========== folderfind ==========

Searching for "*protector*"
No folders found.

Searching for "*fbdownloader*"
C:\AdwCleaner\Quarantine\C\Users\Nightmare\AppData\Roaming\fbDownloader        d------        [19:53 21/08/2013]

========== reg ==========

[HKEY_CURRENT_USER\Software\Protector]
"InstallTimestamp"="1378809886"

[HKEY_CURRENT_USER\Software\Protector\Revert]
"FirefoxPrefsFile"="C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\prefs.js"
"FirefoxOldPrefs"="user_pref("browser.search.defaulturl", "hxxp://search.fbdownloader.com/search.php?channel=sfde206&q=");
user_pref("browser.startup.homepage_override.buildID", "20130814063812");
user_pref("browser.startup.homepage_override.mstone", "23.0.1");
"
"FirefoxChangedPrefs"="browser.startup.homepage,browser.search.selectedEngine,browser.search.defaultenginename,browser.search.defaulturl,keyword.URL,keyword.enabled,"
"FirefoxSearchDBFile"="C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\search.sqlite"
"IEDefaultScope"="{95B7759C-8C7F-4BF1-B163-73684A933233}"
"IEStartPage"="hxxp://search.fbdownloader.com/?channel=sfde206"


[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Protector]
"InstallTimestamp"="1378809886"

[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Protector\Revert]
"FirefoxPrefsFile"="C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\prefs.js"
"FirefoxOldPrefs"="user_pref("browser.search.defaulturl", "hxxp://search.fbdownloader.com/search.php?channel=sfde206&q=");
user_pref("browser.startup.homepage_override.buildID", "20130814063812");
user_pref("browser.startup.homepage_override.mstone", "23.0.1");
"
"FirefoxChangedPrefs"="browser.startup.homepage,browser.search.selectedEngine,browser.search.defaultenginename,browser.search.defaulturl,keyword.URL,keyword.enabled,"
"FirefoxSearchDBFile"="C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\search.sqlite"
"IEDefaultScope"="{95B7759C-8C7F-4BF1-B163-73684A933233}"
"IEStartPage"="hxxp://search.fbdownloader.com/?channel=sfde206"


========== regfind ==========

Searching for "protector"
[HKEY_CURRENT_USER\Software\Protector]
[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Protector]

Searching for "fbdownloader"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://search.fbdownloader.com/?channel=sfde206"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}]
"URL"="hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}]
"FaviconURL"="hxxp://search.fbdownloader.com/search.ico"
[HKEY_CURRENT_USER\Software\Protector\Revert]
"FirefoxOldPrefs"="user_pref("browser.search.defaulturl", "hxxp://search.fbdownloader.com/search.php?channel=sfde206&q=");
user_pref("browser.startup.homepage_override.buildID", "20130814063812");
user_pref("browser.startup.homepage_override.mstone", "23.0.1");
"
[HKEY_CURRENT_USER\Software\Protector\Revert]
"IEStartPage"="hxxp://search.fbdownloader.com/?channel=sfde206"
[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://search.fbdownloader.com/?channel=sfde206"
[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}]
"URL"="hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}"
[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}]
"FaviconURL"="hxxp://search.fbdownloader.com/search.ico"
[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Protector\Revert]
"FirefoxOldPrefs"="user_pref("browser.search.defaulturl", "hxxp://search.fbdownloader.com/search.php?channel=sfde206&q=");
user_pref("browser.startup.homepage_override.buildID", "20130814063812");
user_pref("browser.startup.homepage_override.mstone", "23.0.1");
"
[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Protector\Revert]
"IEStartPage"="hxxp://search.fbdownloader.com/?channel=sfde206"

Searching for "        "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Downloads\SoftonicDownloader_fuer_iringer.exe"="Softonic Downloader                            "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{21C35C68-A6C5-4A75-8FFD-DB503CE6F67B}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{18CD34B7-7AA3-42b9-A303-5A729B2FF228}">
                <Descriptor descriptorID="{ABE23B46-7F9F-495b-B4A9-87F41743727F}"/>
                <Descriptor descriptorID="{B54162A2-F67F-46dc-9ED5-F6067520EC94}"/>
                <Descriptor descriptorID="{7E0BC004-F80B-402d-A1FC-5FCDFF04DAB1}"/>
                <Descriptor descriptorID="{BE562A5F-2A80-4c28-9752-74C696E2ABAF}"/>
            </Rating>
        </Ratings>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="            <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                <InitializationParameters>                    <Param Name="PSVersion" Value="2.0"/>                </InitializationParameters>                <Resources>                    <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                        <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                        <Capability Type="Shell"/>                    </Resource>                </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" >                        <InitializationParameters>                            <Param Name="PSVersion" Value="2.0"/>                        </InitializationParameters>                        <Resources>                            <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                               
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_#11062655000822&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_QIMONDA&REV_PMAP#07831BA00332&0#]
"DeviceDesc"="QIMONDA        "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_INTENSO&PROD_USB&REV_1100#AA04012700007567&0#]
"DeviceDesc"="USB            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MEMORY&PROD_USB2.0&REV_1.00#3551&0#]
"DeviceDesc"="USB2.0          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_#11062655000822&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_QIMONDA&REV_PMAP#07831BA00332&0#]
"DeviceDesc"="QIMONDA        "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_INTENSO&PROD_USB&REV_1100#AA04012700007567&0#]
"DeviceDesc"="USB            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MEMORY&PROD_USB2.0&REV_1.00#3551&0#]
"DeviceDesc"="USB2.0          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_#11062655000822&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_QIMONDA&REV_PMAP#07831BA00332&0#]
"DeviceDesc"="QIMONDA        "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_INTENSO&PROD_USB&REV_1100#AA04012700007567&0#]
"DeviceDesc"="USB            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MEMORY&PROD_USB2.0&REV_1.00#3551&0#]
"DeviceDesc"="USB2.0          "
[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Downloads\SoftonicDownloader_fuer_iringer.exe"="Softonic Downloader                            "
[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Downloads\SoftonicDownloader_fuer_iringer.exe"="Softonic Downloader                            "

-= EOF =-
Da liegt noch ein exemplar im quarantäne Ordner von adwcleaner, soll/kann man das manuell rauslöschen?

Sláinte
David

aharonov 10.09.2013 14:20
Ok. Dann bitte nochmals folgenden Fix durchführen. Danach unbedingt den Rechner neustarten und den vorherigen Scan mit SystemLook genau so nochmals wiederholen


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
REG: reg delete "HKCU\Software\Protector" /f
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.fbdownloader.com/?channel=sfde206
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}
FF Homepage: hxxp://search.fbdownloader.com/?channel=sfde206
FF SelectedSearchEngine: Search
FF DefaultSearchEngine: Search
FF Keyword.URL: hxxp://search.fbdownloader.com/search.php?channel=sfde206&q=
FF SearchPlugin: C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\searchplugins\search.xml
REG: reg query "HKCU\Software\Protector" /s

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Nightmare199 10.09.2013 14:44
Ok habe den Fix laufen lassen

Ergebnis:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-09-2013 01
Ran by Nightmare at 2013-09-10 15:38:55 Run:1
Running from C:\Users\Nightmare\Desktop\trojaner-board
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
REG: reg delete "HKCU\Software\Protector" /f
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.fbdownloader.com/?channel=sfde206
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}
FF Homepage: hxxp://search.fbdownloader.com/?channel=sfde206
FF SelectedSearchEngine: Search
FF DefaultSearchEngine: Search
FF Keyword.URL: hxxp://search.fbdownloader.com/search.php?channel=sfde206&q=
FF SearchPlugin: C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\searchplugins\search.xml
REG: reg query "HKCU\Software\Protector" /s
       
*****************


========= reg delete "HKCU\Software\Protector" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
Firefox homepage deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\searchplugins\search.xml => Moved successfully.

========= reg query "HKCU\Software\Protector" /s =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


==== End of Fixlog ====
Jetzt starte ich den PC neu und lasse Systemlook laufen!

Gruß

David

Ergebnis des SystemLook:

Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 15:42 on 10/09/2013 by Nightmare
Administrator - Elevation successful

========== filefind ==========

Searching for "*protector*"
No files found.

Searching for "*fbdownloader*"
No files found.

========== folderfind ==========

Searching for "*protector*"
No folders found.

Searching for "*fbdownloader*"
C:\AdwCleaner\Quarantine\C\Users\Nightmare\AppData\Roaming\fbDownloader        d------        [19:53 21/08/2013]

========== reg ==========

[HKEY_CURRENT_USER\Software\Protector]
(Unable to open key - key not found)

[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Protector]
(Unable to open key - key not found)

========== regfind ==========

Searching for "protector"
No data found.

Searching for "fbdownloader"
[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://search.fbdownloader.com/?channel=sfde206"
[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}]
"URL"="hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}"
[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}]
"FaviconURL"="hxxp://search.fbdownloader.com/search.ico"
[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Protector\Revert]
"FirefoxOldPrefs"="user_pref("browser.search.defaulturl", "hxxp://search.fbdownloader.com/search.php?channel=sfde206&q=");
user_pref("browser.startup.homepage_override.buildID", "20130814063812");
user_pref("browser.startup.homepage_override.mstone", "23.0.1");
"

-= EOF =-

aharonov 10.09.2013 14:50
Behalt es mal im Auge, ob es wieder kommt.

Nightmare199 10.09.2013 14:58
Sieht auf den ersten Blick clean aus:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013 01
Ran by Nightmare (administrator) on NIGHTMARE-NB on 10-09-2013 15:55:34
Running from C:\Users\Nightmare\Desktop\trojaner-board
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
MountPoints2: {ccc2de30-abfb-11e2-8d12-f46d04ed66de} - I:\LaunchU3.exe -a
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [GDFirewallTray] - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1854928 2013-03-22] (G Data Software AG)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [G Data AntiVirus Tray] - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe [1444304 2013-03-22] (G Data Software AG)
HKLM-x32\...\Run: [G Data ASM] - C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [472016 2013-02-25] (G Data Software AG)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.fbdownloader.com/?channel=sfde206
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {5C54CC0F-5F8D-475F-855B-11CDCDF6B2DC} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {2B296690-1DB5-4923-A71A-09AE504D4D20} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - E:\Progamme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - E:\Progamme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\searchplugins\search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Docs) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1957840 2013-03-22] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [635344 2013-02-25] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2249944 2013-02-25] (G Data Software AG)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2926672 2013-03-22] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [696808 2013-02-25] (G Data Software AG)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-05-09] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)

==================== Drivers (Whitelisted) ====================

R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [60248 2013-05-26] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [133976 2013-05-26] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [62808 2013-05-26] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64856 2013-05-26] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [107128 2013-05-27] (G Data Software)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [107128 2013-05-27] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [64856 2013-05-26] (G Data Software AG)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 XENfiltv; C:\Windows\System32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-10 13:28 - 2013-09-10 15:55 - 00000000 ____D C:\Users\Nightmare\Desktop\trojaner-board
2013-09-10 13:13 - 2013-09-10 13:13 - 00000000 ____D C:\FRST
2013-09-09 21:47 - 2013-09-10 12:49 - 00000685 _____ C:\DelFix.txt
2013-09-09 21:47 - 2013-09-09 21:47 - 00000000 ____D C:\Windows\ERUNT
2013-09-09 17:46 - 2013-09-10 15:04 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-09-09 17:18 - 2013-09-09 17:18 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-09 15:56 - 2013-09-09 15:56 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Thunderbird
2013-09-09 15:56 - 2013-09-09 15:56 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Thunderbird
2013-09-09 15:56 - 2013-09-09 15:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-23 21:03 - 2013-08-23 21:03 - 00000000 ____D C:\Users\Nightmare\Desktop\Riot Games
2013-08-22 17:47 - 2013-08-22 17:47 - 00259782 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-08-22 17:27 - 2013-08-23 18:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-22 17:27 - 2013-08-23 18:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-22 17:27 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-08-22 17:27 - 2012-08-23 16:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2013-08-22 17:27 - 2012-08-23 16:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-08-22 17:27 - 2012-08-23 15:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-08-22 17:27 - 2012-08-23 15:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-08-22 17:27 - 2012-08-23 15:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-08-22 17:26 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-08-22 17:26 - 2012-08-23 15:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-08-22 17:26 - 2012-08-23 15:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-08-22 17:26 - 2012-08-23 15:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-08-22 17:26 - 2012-08-23 15:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-08-22 17:26 - 2012-08-23 15:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-08-22 17:26 - 2012-08-23 15:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-08-22 17:26 - 2012-08-23 14:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-08-22 17:26 - 2012-08-23 13:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-08-22 17:26 - 2012-08-23 13:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-08-22 17:26 - 2012-08-23 13:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-08-22 17:26 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-08-22 17:26 - 2012-08-23 12:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-08-22 17:26 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-08-22 17:26 - 2012-08-23 12:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-08-22 17:26 - 2012-08-23 12:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-08-22 17:26 - 2012-08-23 11:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-22 17:26 - 2012-08-23 10:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-08-22 17:26 - 2012-08-23 10:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-08-22 17:24 - 2012-08-24 20:13 - 00154480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-08-22 17:24 - 2012-08-24 20:09 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-08-22 17:24 - 2012-08-24 20:05 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-08-22 17:24 - 2012-08-24 20:03 - 01448448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-08-22 17:24 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-08-22 17:24 - 2012-08-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-08-22 17:24 - 2012-08-24 18:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-08-22 17:24 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-08-22 17:24 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-08-22 17:14 - 2013-08-22 17:14 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Secunia PSI
2013-08-22 17:14 - 2013-08-22 17:14 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-08-22 17:07 - 2013-08-22 17:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-22 17:02 - 2013-09-09 17:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-22 17:02 - 2013-08-22 17:02 - 00001186 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-22 17:02 - 2013-08-22 17:02 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Mozilla
2013-08-22 16:52 - 2013-08-22 16:52 - 00014086 _____ C:\Users\Nightmare\Desktop\bookmarks-2013-08-22.json
2013-08-22 16:47 - 2013-08-22 16:47 - 00000000 ____D C:\Users\Nightmare\AppData\Local\G DATA
2013-08-22 16:36 - 2013-08-22 16:36 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Malwarebytes
2013-08-22 16:36 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-22 16:36 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-22 16:36 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-22 16:35 - 2013-08-22 16:36 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Nightmare\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-21 21:52 - 2013-08-23 21:08 - 00000000 ____D C:\AdwCleaner
2013-08-19 14:56 - 2013-08-19 16:05 - 00017125 _____ C:\Users\Nightmare\Desktop\box layout.xlsx
2013-08-14 16:29 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 16:29 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 16:29 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 16:29 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 16:29 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 16:29 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 16:29 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 16:29 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 16:29 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 16:29 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 16:29 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 16:29 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 16:29 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 16:29 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 15:46 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 15:46 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 15:46 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 15:46 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 15:46 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 15:46 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 15:46 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 15:46 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 15:46 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 15:46 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 15:46 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 15:46 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 15:46 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 15:46 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 15:46 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 15:46 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 15:46 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 15:46 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 15:46 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 15:46 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 15:46 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 15:46 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 15:46 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 15:46 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 15:46 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 15:46 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 15:46 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-10 15:54 - 2013-03-25 15:43 - 01535953 _____ C:\Windows\WindowsUpdate.log
2013-09-10 15:53 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-10 15:53 - 2009-07-14 06:51 - 00085736 _____ C:\Windows\setupact.log
2013-09-10 15:48 - 2010-11-21 08:50 - 00698688 _____ C:\Windows\system32\perfh007.dat
2013-09-10 15:48 - 2010-11-21 08:50 - 00148828 _____ C:\Windows\system32\perfc007.dat
2013-09-10 15:48 - 2009-07-14 07:13 - 01618320 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-10 15:48 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-10 15:48 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-10 15:08 - 2013-03-25 16:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-10 15:04 - 2013-09-09 17:46 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-09-10 15:04 - 2013-05-07 17:47 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-09-10 15:04 - 2013-05-02 23:06 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-09-10 14:48 - 2013-03-25 16:34 - 00000000 ____D C:\Users\Nightmare\Desktop\Programme
2013-09-10 13:13 - 2013-09-10 13:13 - 00000000 ____D C:\FRST
2013-09-10 12:49 - 2013-09-09 21:47 - 00000685 _____ C:\DelFix.txt
2013-09-09 21:47 - 2013-09-09 21:47 - 00000000 ____D C:\Windows\ERUNT
2013-09-09 17:18 - 2013-09-09 17:18 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-09 17:05 - 2013-08-22 17:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-09 15:56 - 2013-09-09 15:56 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Thunderbird
2013-09-09 15:56 - 2013-09-09 15:56 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Thunderbird
2013-09-09 15:56 - 2013-09-09 15:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-23 21:08 - 2013-08-21 21:52 - 00000000 ____D C:\AdwCleaner
2013-08-23 21:03 - 2013-08-23 21:03 - 00000000 ____D C:\Users\Nightmare\Desktop\Riot Games
2013-08-23 18:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-23 18:01 - 2013-08-22 17:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-23 18:01 - 2013-08-22 17:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-22 17:47 - 2013-08-22 17:47 - 00259782 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-08-22 17:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-08-22 17:17 - 2013-04-01 03:00 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-08-22 17:14 - 2013-08-22 17:14 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Secunia PSI
2013-08-22 17:14 - 2013-08-22 17:14 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-08-22 17:07 - 2013-08-22 17:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-22 17:02 - 2013-08-22 17:02 - 00001186 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-22 17:02 - 2013-08-22 17:02 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Mozilla
2013-08-22 16:54 - 2010-11-21 05:47 - 00335666 _____ C:\Windows\PFRO.log
2013-08-22 16:52 - 2013-08-22 16:52 - 00014086 _____ C:\Users\Nightmare\Desktop\bookmarks-2013-08-22.json
2013-08-22 16:47 - 2013-08-22 16:47 - 00000000 ____D C:\Users\Nightmare\AppData\Local\G DATA
2013-08-22 16:36 - 2013-08-22 16:36 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Malwarebytes
2013-08-22 16:36 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-22 16:36 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-22 16:36 - 2013-08-22 16:35 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Nightmare\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-20 23:09 - 2013-03-25 16:39 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-20 23:08 - 2013-03-25 16:39 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 23:08 - 2013-03-25 16:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-19 16:05 - 2013-08-19 14:56 - 00017125 _____ C:\Users\Nightmare\Desktop\box layout.xlsx
2013-08-18 21:14 - 2013-03-25 15:46 - 00000000 ____D C:\Users\Nightmare\AppData\Local\VirtualStore
2013-08-16 18:46 - 2013-06-18 02:18 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Windows Live
2013-08-15 19:28 - 2013-06-19 17:17 - 00000000 ____D C:\Users\Nightmare\Desktop\Spiele Verknüfungen
2013-08-15 19:26 - 2013-07-22 16:56 - 00000000 ____D C:\Users\Nightmare\Desktop\Artur Film & Trailer
2013-08-14 16:28 - 2013-08-06 01:30 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 16:28 - 2013-04-10 19:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-14 16:27 - 2013-03-29 11:27 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\Users\Nightmare\AppData\Local\Temp\bi_cleaner.exe
C:\Users\Nightmare\AppData\Local\Temp\ose00000.exe
C:\Users\Nightmare\AppData\Local\Temp\Quarantine.exe
C:\Users\Nightmare\AppData\Local\Temp\sonarinst.exe
C:\Users\Nightmare\AppData\Local\Temp\uninst1.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-23 18:32

==================== End Of Log ============================
--- --- ---


addition:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-09-2013 01
Ran by Nightmare at 2013-09-10 15:55:47
Running from C:\Users\Nightmare\Desktop\trojaner-board
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Avidemux 2.6 (32-bit) (x32 Version: 2.6.4.8696)
Battlefield 3™ (x32 Version: 1.6.0.0)
Battlelog Web Plugins (x32 Version: 2.1.7)
Bing-Desktop (x32 Version: 1.3.171.0)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485)
CCC Help Czech (x32 Version: 2012.1219.1520.27485)
CCC Help Danish (x32 Version: 2012.1219.1520.27485)
CCC Help Dutch (x32 Version: 2012.1219.1520.27485)
CCC Help English (x32 Version: 2012.1219.1520.27485)
CCC Help Finnish (x32 Version: 2012.1219.1520.27485)
CCC Help French (x32 Version: 2012.1219.1520.27485)
CCC Help German (x32 Version: 2012.1219.1520.27485)
CCC Help Greek (x32 Version: 2012.1219.1520.27485)
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485)
CCC Help Italian (x32 Version: 2012.1219.1520.27485)
CCC Help Japanese (x32 Version: 2012.1219.1520.27485)
CCC Help Korean (x32 Version: 2012.1219.1520.27485)
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485)
CCC Help Polish (x32 Version: 2012.1219.1520.27485)
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485)
CCC Help Russian (x32 Version: 2012.1219.1520.27485)
CCC Help Spanish (x32 Version: 2012.1219.1520.27485)
CCC Help Swedish (x32 Version: 2012.1219.1520.27485)
CCC Help Thai (x32 Version: 2012.1219.1520.27485)
CCC Help Turkish (x32 Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
Counter-Strike: Global Offensive (x32)
D3DX10 (x32 Version: 15.4.2368.0902)
ESET Online Scanner v3 (x32)
ESN Sonar (x32 Version: 0.70.4)
EVEREST Home Edition v2.20 (x32 Version: 2.20)
Fotogalerie (x32 Version: 16.4.3508.0205)
Free Video Flip and Rotate version 2.1.8.717 (x32 Version: 2.1.8.717)
Free YouTube Download version 3.2.8.717 (x32 Version: 3.2.8.717)
Free YouTube to MP3 Converter version 3.12.8.717 (x32 Version: 3.12.8.717)
G Data InternetSecurity 2014 (x32 Version: 24.0.2.1)
iTunes (Version: 11.0.2.26)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Metro: Last Light (x32)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3508.0205)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 17.0.8)
Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Music Editor Free (x32)
neroxml (x32 Version: 1.0.0)
NVIDIA PhysX (x32 Version: 9.12.1031)
Origin (x32 Version: 9.1.13.85)
Photo Common (x32 Version: 16.4.3508.0205)
Photo Gallery (x32 Version: 16.4.3508.0205)
PunkBuster Services (x32 Version: 0.991)
RAR 4.20 (64-Bit) (Version: 4.20.0)
Realtek Ethernet Controller Driver For Windows Vista and Later (x32 Version: 1.00.0009)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6251)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0)
Secunia PSI (3.0.0.7011) (x32 Version: 3.0.0.7011)
Steam (x32 Version: 1.0.0.0)
Tomb Raider (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
VLC media player 2.0.8 (x32 Version: 2.0.8)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)

==================== Restore Points  =========================

10-09-2013 10:49:23 Ende der Bereinigung

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {2CCF47AD-EF12-45C8-B37C-F66843F595B6} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {A8EB5811-A1C3-4990-9580-77C332ECB59A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-20] (Adobe Systems Incorporated)
Task: {DD794993-B0B2-48B9-A6A6-05766AF86FA8} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {E81B5D33-5669-4E61-AFC9-A0D929429AE5} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-02-25 04:57 - 2013-02-25 04:57 - 00305104 ____N (G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeLDR64.dll
2012-12-19 17:16 - 2012-12-19 17:16 - 00327680 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
2012-12-19 17:16 - 2012-12-19 17:16 - 00208896 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
2012-12-19 17:19 - 2012-12-19 17:19 - 00028672 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Dashboard.dll
2013-02-25 04:12 - 2013-02-25 04:12 - 01019344 ____N (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\ObjBrwse.dll
2013-02-25 14:59 - 2013-02-25 14:59 - 01633768 _____ (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Common\AVKRes.dll
2010-11-17 03:52 - 2010-11-17 03:52 - 00096904 _____ (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.dll
2013-02-25 04:57 - 2013-02-25 04:57 - 00264144 ____N (G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeLDR.dll
2013-08-22 17:07 - 2013-08-22 17:07 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-02-25 04:57 - 2013-02-25 04:57 - 00266192 ____N (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\Banksafe.dll
2013-05-06 18:29 - 2013-09-06 22:55 - 00288680 _____ (Valve Corporation) E:\Progamme\Steam\crashhandler.dll
2013-03-28 14:26 - 2013-07-16 00:32 - 02895272 _____ (Valve Corporation) E:\Progamme\Steam\steam.dll
2013-04-19 13:10 - 2013-09-06 22:55 - 10659752 _____ (Valve Corporation) E:\Progamme\Steam\steamui.dll
2013-03-25 14:23 - 2013-08-22 00:18 - 00687104 _____ () E:\Progamme\Steam\SDL2.dll
2013-04-19 13:10 - 2013-09-06 22:55 - 00263080 _____ (Valve Corporation) E:\Progamme\Steam\tier0_s.dll
2013-04-19 13:10 - 2013-09-06 22:56 - 00236456 _____ (Valve Corporation) E:\Progamme\Steam\vstdlib_s.dll
2010-03-10 09:08 - 2013-06-15 01:49 - 01039192 _____ (Microsoft Corporation) E:\Progamme\Steam\DbgHelp.dll
2010-03-10 09:08 - 2013-06-15 01:49 - 00122864 _____ (Valve) E:\Progamme\Steam\CSERHelper.dll
2013-05-07 16:19 - 2013-09-06 22:55 - 00169384 _____ (Valve Corporation) E:\Progamme\Steam\bin\filesystem_stdio.DLL
2013-04-19 13:10 - 2013-09-06 22:55 - 00694696 _____ (Valve Corporation) E:\Progamme\Steam\bin\vgui2_s.DLL
2013-04-19 13:10 - 2013-09-06 22:55 - 01120680 _____ () E:\Progamme\Steam\bin\chromehtml.DLL
2013-03-26 16:16 - 2013-08-07 21:31 - 20625832 _____ () E:\Progamme\Steam\bin\libcef.dll
2012-09-07 15:37 - 2013-06-15 01:49 - 09955112 _____ (The ICU Project) E:\Progamme\Steam\bin\icudt.dll
2012-12-11 09:51 - 2013-06-15 01:49 - 01100800 _____ () E:\Progamme\Steam\bin\avcodec-53.dll
2012-12-11 09:51 - 2013-06-15 01:49 - 00124416 _____ () E:\Progamme\Steam\bin\avutil-51.dll
2012-12-11 09:51 - 2013-06-15 01:49 - 00192000 _____ () E:\Progamme\Steam\bin\avformat-53.dll
2013-04-19 13:10 - 2013-09-06 22:55 - 07751080 _____ (Valve Corporation) E:\Progamme\Steam\steamclient.dll

==================== Alternate Data Streams (whitelisted) ==========



==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/10/2013 03:54:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2013 03:43:49 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Adobe Reader X (10.1.0) - Deutsch -- Setup hat eine funktionsreichere Produktversion auf Ihrem System gefunden. Setup wird jetzt beendet.

Error: (09/10/2013 03:43:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2013 02:52:33 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Adobe Reader X (10.1.0) - Deutsch -- Setup hat eine funktionsreichere Produktversion auf Ihrem System gefunden. Setup wird jetzt beendet.

Error: (09/10/2013 02:52:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2013 01:29:35 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/10/2013 01:13:08 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Adobe Reader X (10.1.0) - Deutsch -- Setup hat eine funktionsreichere Produktversion auf Ihrem System gefunden. Setup wird jetzt beendet.

Error: (09/10/2013 01:11:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2013 00:45:32 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Adobe Reader X (10.1.0) - Deutsch -- Setup hat eine funktionsreichere Produktversion auf Ihrem System gefunden. Setup wird jetzt beendet.

Error: (09/10/2013 00:44:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/10/2013 11:01:30 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (09/10/2013 11:01:30 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (09/09/2013 04:04:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Lavalys EVEREST Kernel Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error: (09/09/2013 04:04:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Lavalys EVEREST Kernel Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error: (08/23/2013 06:17:46 PM) (Source: BROWSER) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{6F9372A6-4D9B-41DC-B488-09D8D64B6803}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.

Error: (08/17/2013 01:26:07 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (08/15/2013 01:49:11 AM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error: (08/15/2013 01:49:11 AM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error: (08/15/2013 01:49:11 AM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error: (08/15/2013 01:49:11 AM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-09-09 16:04:27.849
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Nightmare\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-09 16:04:27.833
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Nightmare\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-09 16:04:27.755
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Progamme\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-09 16:04:27.740
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Progamme\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 8173.21 MB
Available physical RAM: 5554.21 MB
Total Pagefile: 16344.61 MB
Available Pagefile: 13351.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Samsung SSD BOOT Device) (Fixed) (Total:111.79 GB) (Free:21.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (DATA 2 TB) (Fixed) (Total:1862.92 GB) (Free:1701.26 GB) NTFS
Drive g: (INTENSO 32) (Removable) (Total:29.28 GB) (Free:24.72 GB) FAT32
Drive h: (DATA BASE) (Fixed) (Total:931.28 GB) (Free:360.87 GB) FAT32
Drive k: (Elements) (Fixed) (Total:1397.26 GB) (Free:304.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 7BE1F435)
Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 11BB29FA)
Partition 1: (Not Active) - (Size=-198731276288) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: F2E0AD49)
Partition 1: (Active) - (Size=932 GB) - (Type=0C)

========================================================
Disk: 3 (Size: 29 GB) (Disk ID: BB8D4FEE)
Partition 1: (Not Active) - (Size=29 GB) - (Type=0C)

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 1397 GB) (Disk ID: 000CF721)
Partition 1: (Not Active) - (Size=-698724909056) - (Type=07 NTFS)

==================== End Of Log ============================
allerdings wird "search" immer noch bei den Suchmaschinen angezeigt, ist zwar nicht die ausgewählte .. das ist google, aber es wird in der Liste angezeigt. Ich hab den Eintrag jetzt mal manuell über Firefox entfernt.

aharonov 10.09.2013 15:00
Es hat sich bereits wiederhergestellt. :headbang:
Ich muss mal nachdenken, wie man das ganz loswird, und melde mich dann wieder.
(Es ist auf jeden Fall nicht "schädlich", sondern nur nervig. Also kein Problem, den Rechner so zu nutzen.)

Nightmare199 10.09.2013 15:03
Ok Leo,

:dankeschoen: nochmal für deinen tollen Einsatz.

Hier nochmal ein SystemLook Logfile:

Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 15:58 on 10/09/2013 by Nightmare
Administrator - Elevation successful

========== filefind ==========

Searching for "*protector*"
No files found.

Searching for "*fbdownloader*"
No files found.

========== folderfind ==========

Searching for "*protector*"
No folders found.

Searching for "*fbdownloader*"
C:\AdwCleaner\Quarantine\C\Users\Nightmare\AppData\Roaming\fbDownloader        d------        [19:53 21/08/2013]

========== reg ==========

[HKEY_CURRENT_USER\Software\Protector]
"InstallTimestamp"="1378820635"

[HKEY_CURRENT_USER\Software\Protector\Revert]
"FirefoxPrefsFile"="C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\prefs.js"
"FirefoxOldPrefs"="user_pref("browser.search.defaulturl", "hxxp://search.fbdownloader.com/search.php?channel=sfde206&q=");
user_pref("browser.startup.homepage_override.buildID", "20130814063812");
user_pref("browser.startup.homepage_override.mstone", "23.0.1");
"
"FirefoxChangedPrefs"="browser.startup.homepage,browser.search.selectedEngine,browser.search.defaultenginename,browser.search.defaulturl,keyword.URL,keyword.enabled,"
"FirefoxSearchDBFile"="C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\search.sqlite"
"IEDefaultScope"="{95B7759C-8C7F-4BF1-B163-73684A933233}"
"IEStartPage"="hxxp://search.fbdownloader.com/?channel=sfde206"


[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Protector]
"InstallTimestamp"="1378820635"

[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Protector\Revert]
"FirefoxPrefsFile"="C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\prefs.js"
"FirefoxOldPrefs"="user_pref("browser.search.defaulturl", "hxxp://search.fbdownloader.com/search.php?channel=sfde206&q=");
user_pref("browser.startup.homepage_override.buildID", "20130814063812");
user_pref("browser.startup.homepage_override.mstone", "23.0.1");
"
"FirefoxChangedPrefs"="browser.startup.homepage,browser.search.selectedEngine,browser.search.defaultenginename,browser.search.defaulturl,keyword.URL,keyword.enabled,"
"FirefoxSearchDBFile"="C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\search.sqlite"
"IEDefaultScope"="{95B7759C-8C7F-4BF1-B163-73684A933233}"
"IEStartPage"="hxxp://search.fbdownloader.com/?channel=sfde206"


========== regfind ==========

Searching for "protector"
[HKEY_CURRENT_USER\Software\Protector]
[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Protector]

Searching for "fbdownloader"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://search.fbdownloader.com/?channel=sfde206"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}]
"URL"="hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}]
"FaviconURL"="hxxp://search.fbdownloader.com/search.ico"
[HKEY_CURRENT_USER\Software\Protector\Revert]
"FirefoxOldPrefs"="user_pref("browser.search.defaulturl", "hxxp://search.fbdownloader.com/search.php?channel=sfde206&q=");
user_pref("browser.startup.homepage_override.buildID", "20130814063812");
user_pref("browser.startup.homepage_override.mstone", "23.0.1");
"
[HKEY_CURRENT_USER\Software\Protector\Revert]
"IEStartPage"="hxxp://search.fbdownloader.com/?channel=sfde206"
[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://search.fbdownloader.com/?channel=sfde206"
[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}]
"URL"="hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}"
[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}]
"FaviconURL"="hxxp://search.fbdownloader.com/search.ico"
[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Protector\Revert]
"FirefoxOldPrefs"="user_pref("browser.search.defaulturl", "hxxp://search.fbdownloader.com/search.php?channel=sfde206&q=");
user_pref("browser.startup.homepage_override.buildID", "20130814063812");
user_pref("browser.startup.homepage_override.mstone", "23.0.1");
"
[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Protector\Revert]
"IEStartPage"="hxxp://search.fbdownloader.com/?channel=sfde206"

Searching for "        "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Downloads\SoftonicDownloader_fuer_iringer.exe"="Softonic Downloader                            "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{21C35C68-A6C5-4A75-8FFD-DB503CE6F67B}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{18CD34B7-7AA3-42b9-A303-5A729B2FF228}">
                <Descriptor descriptorID="{ABE23B46-7F9F-495b-B4A9-87F41743727F}"/>
                <Descriptor descriptorID="{B54162A2-F67F-46dc-9ED5-F6067520EC94}"/>
                <Descriptor descriptorID="{7E0BC004-F80B-402d-A1FC-5FCDFF04DAB1}"/>
                <Descriptor descriptorID="{BE562A5F-2A80-4c28-9752-74C696E2ABAF}"/>
            </Rating>
        </Ratings>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="            <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                <InitializationParameters>                    <Param Name="PSVersion" Value="2.0"/>                </InitializationParameters>                <Resources>                    <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                        <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                        <Capability Type="Shell"/>                    </Resource>                </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" >                        <InitializationParameters>                            <Param Name="PSVersion" Value="2.0"/>                        </InitializationParameters>                        <Resources>                            <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                               
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_#11062655000822&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_QIMONDA&REV_PMAP#07831BA00332&0#]
"DeviceDesc"="QIMONDA        "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_INTENSO&PROD_USB&REV_1100#AA04012700007567&0#]
"DeviceDesc"="USB            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MEMORY&PROD_USB2.0&REV_1.00#3551&0#]
"DeviceDesc"="USB2.0          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_#11062655000822&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_QIMONDA&REV_PMAP#07831BA00332&0#]
"DeviceDesc"="QIMONDA        "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_INTENSO&PROD_USB&REV_1100#AA04012700007567&0#]
"DeviceDesc"="USB            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MEMORY&PROD_USB2.0&REV_1.00#3551&0#]
"DeviceDesc"="USB2.0          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_#11062655000822&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_QIMONDA&REV_PMAP#07831BA00332&0#]
"DeviceDesc"="QIMONDA        "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_INTENSO&PROD_USB&REV_1100#AA04012700007567&0#]
"DeviceDesc"="USB            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MEMORY&PROD_USB2.0&REV_1.00#3551&0#]
"DeviceDesc"="USB2.0          "
[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Downloads\SoftonicDownloader_fuer_iringer.exe"="Softonic Downloader                            "
[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Downloads\SoftonicDownloader_fuer_iringer.exe"="Softonic Downloader                            "

-= EOF =-
ja ich würde den PC gern einfach platt machen und neu aufziehen aber ich hab die nächsten 2 Wochen Prüfungen und deshalb keine Zeit dafür :pfui:

Ich warte dann mal auf weitere Instruktionen.

Danke!
David

aharonov 12.09.2013 21:50
Hallo David,

kannst du bitte mal noch mit einem anderen Programm scannen:


Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
  • Doppelklick auf die OTL.exe.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Setze den Haken bei Scan all Users.
  • Klicke nun auf Run Scan.
  • Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
  • Poste den Inhalt dieser Logfiles hier in den Thread.

Nightmare199 13.09.2013 15:12
Hi Leo,

OTL.TXT:
Code:
OTL logfile created on: 13.09.2013 16:03:15 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = E:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,16 Gb Available Physical Memory | 64,71% Memory free
15,96 Gb Paging File | 12,75 Gb Available in Paging File | 79,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 18,43 Gb Free Space | 16,48% Space Free | Partition Type: NTFS
Drive E: | 1862,92 Gb Total Space | 1692,22 Gb Free Space | 90,84% Space Free | Partition Type: NTFS
Drive H: | 931,28 Gb Total Space | 358,80 Gb Free Space | 38,53% Space Free | Partition Type: FAT32
Drive K: | 1397,26 Gb Total Space | 304,94 Gb Free Space | 21,82% Space Free | Partition Type: NTFS
 
Computer Name: NIGHTMARE-NB | User Name: Nightmare | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.09.13 16:02:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Downloads\OTL.exe
PRC - [2013.09.11 15:45:52 | 001,862,024 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
PRC - [2013.09.06 22:55:40 | 000,565,672 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013.09.06 22:55:38 | 001,811,368 | ---- | M] (Valve Corporation) -- E:\Progamme\Steam\Steam.exe
PRC - [2013.08.22 17:07:19 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.07.03 10:32:44 | 001,228,504 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2013.07.03 10:32:42 | 000,563,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.09 15:52:52 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.03.22 11:13:36 | 001,957,840 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2013.03.22 05:04:17 | 001,444,304 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2013.03.22 04:55:34 | 001,854,928 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2013.02.25 14:59:46 | 000,696,808 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2013.02.25 04:15:25 | 000,635,344 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
PRC - [2012.07.09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2010.11.17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.09.11 15:45:52 | 016,177,544 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2013.09.06 22:55:40 | 001,120,680 | ---- | M] () -- E:\Progamme\Steam\bin\chromehtml.dll
MOD - [2013.08.22 17:07:18 | 003,551,640 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.08.22 00:18:28 | 000,687,104 | ---- | M] () -- E:\Progamme\Steam\SDL2.dll
MOD - [2013.08.07 21:31:06 | 020,625,832 | ---- | M] () -- E:\Progamme\Steam\bin\libcef.dll
MOD - [2013.06.15 01:49:12 | 001,100,800 | ---- | M] () -- E:\Progamme\Steam\bin\avcodec-53.dll
MOD - [2013.06.15 01:49:12 | 000,192,000 | ---- | M] () -- E:\Progamme\Steam\bin\avformat-53.dll
MOD - [2013.06.15 01:49:12 | 000,124,416 | ---- | M] () -- E:\Progamme\Steam\bin\avutil-51.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.09.11 15:45:52 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.09.06 22:55:40 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.08.22 17:07:19 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.07.03 10:32:44 | 001,228,504 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2013.07.03 10:32:44 | 000,660,184 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.09 15:52:52 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.03.22 11:13:36 | 001,957,840 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2013.03.22 04:51:02 | 002,926,672 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2013.02.25 14:59:46 | 000,696,808 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2013.02.25 04:41:37 | 002,249,944 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2013.02.25 04:15:25 | 000,635,344 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.09.10 20:18:55 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2013.07.03 10:32:42 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys -- (PSI)
DRV:64bit: - [2013.05.27 20:22:09 | 000,107,128 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2013.05.26 18:01:16 | 000,062,808 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2013.05.26 18:01:13 | 000,133,976 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2013.05.26 18:01:13 | 000,064,856 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2013.05.26 18:01:13 | 000,064,856 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2013.05.26 18:01:13 | 000,060,248 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.10 07:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.12.10 07:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.10.20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.07.31 04:40:32 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\XENfiltv.sys -- (XENfiltv)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{5C54CC0F-5F8D-475F-855B-11CDCDF6B2DC}: "URL" = hxxp://www.bing.com/?cc=de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{2B296690-1DB5-4923-A71A-09AE504D4D20}: "URL" = hxxp://www.bing.com/?cc=de
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-4084385078-297486338-322519695-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.fbdownloader.com/?channel=sfde206
IE - HKU\S-1-5-21-4084385078-297486338-322519695-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4084385078-297486338-322519695-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4084385078-297486338-322519695-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C 8D E9 8C 63 29 CE 01  [binary data]
IE - HKU\S-1-5-21-4084385078-297486338-322519695-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-4084385078-297486338-322519695-1001\..\SearchScopes\{2F5B2D94-CEC3-43F8-B248-EFECF276A3FE}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-4084385078-297486338-322519695-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}
IE - HKU\S-1-5-21-4084385078-297486338-322519695-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4084385078-297486338-322519695-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..browser.startup.homepage: "hxxp://search.fbdownloader.com/?channel=sfde206"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.fbdownloader.com/search.php?channel=sfde206&q="
FF - prefs.js..keyword.URL: "hxxp://search.fbdownloader.com/search.php?channel=sfde206&q="
FF - prefs.js..keyword.enabled: true
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Progamme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.4: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: E:\Progamme\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.09.09 15:56:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.08.22 17:02:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nightmare\AppData\Roaming\mozilla\Extensions
[2013.08.22 17:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nightmare\AppData\Roaming\mozilla\Firefox\Profiles\b7k5xtih.default\extensions
[2013.08.22 17:22:43 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Nightmare\AppData\Roaming\mozilla\firefox\profiles\b7k5xtih.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.09.13 16:01:22 | 000,000,904 | ---- | M] () -- C:\Users\Nightmare\AppData\Roaming\mozilla\firefox\profiles\b7k5xtih.default\searchplugins\search.xml
[2013.08.22 17:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.08.22 17:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.08.22 17:07:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [G Data AntiVirus Tray] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [G Data ASM] C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A1D3159-2237-4922-9945-ED838EB92B2A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F9372A6-4D9B-41DC-B488-09D8D64B6803}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ccc2de30-abfb-11e2-8d12-f46d04ed66de}\Shell - "" = AutoRun
O33 - MountPoints2\{ccc2de30-abfb-11e2-8d12-f46d04ed66de}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.09.12 23:24:19 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.09.12 23:24:19 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.09.12 23:24:18 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.09.12 23:24:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.09.12 23:24:18 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.09.12 23:24:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.09.12 23:24:18 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.09.12 23:24:18 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.09.12 23:24:18 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.09.12 23:24:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.09.12 23:24:18 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.09.12 23:24:17 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.09.12 23:24:17 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.09.12 23:24:17 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.09.12 23:24:17 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.09.12 21:40:08 | 000,000,000 | ---D | C] -- C:\Users\Nightmare\Desktop\Classic Rock Mix
[2013.09.12 13:01:03 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013.09.12 13:01:02 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.09.12 13:01:01 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.09.12 13:01:01 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.09.12 13:01:01 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013.09.12 13:01:01 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.09.12 13:01:01 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.09.12 13:01:01 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.09.12 13:01:01 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.09.12 13:01:01 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.09.12 13:01:01 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.09.12 13:01:01 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.09.12 13:01:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.09.12 13:01:01 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.09.12 13:01:01 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.09.12 13:01:01 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.09.12 13:01:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.09.12 13:01:01 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.09.12 13:01:01 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.09.12 13:01:01 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2013.09.12 13:01:01 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.09.12 13:01:01 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.09.12 13:01:01 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.09.12 13:01:01 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.09.12 13:01:01 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.09.12 13:01:01 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.09.12 13:01:01 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.09.12 13:01:01 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.09.12 13:01:01 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.09.12 13:01:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.09.12 13:01:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.09.12 13:01:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.09.12 13:01:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.09.12 13:01:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.09.12 13:01:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.09.12 13:01:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.09.12 13:01:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.09.12 13:01:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.09.12 13:01:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.09.12 13:01:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.09.12 13:00:48 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.09.10 20:20:00 | 000,000,000 | ---D | C] -- C:\Users\Nightmare\AppData\Roaming\TrueCrypt
[2013.09.10 20:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2013.09.10 20:18:55 | 000,231,376 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2013.09.10 13:28:47 | 000,000,000 | ---D | C] -- C:\Users\Nightmare\Desktop\trojaner-board
[2013.09.10 13:13:55 | 000,000,000 | ---D | C] -- C:\FRST
[2013.09.09 21:47:25 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.09.09 17:18:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.09.09 16:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2013.09.09 15:56:42 | 000,000,000 | ---D | C] -- C:\Users\Nightmare\AppData\Roaming\Thunderbird
[2013.09.09 15:56:42 | 000,000,000 | ---D | C] -- C:\Users\Nightmare\AppData\Local\Thunderbird
[2013.09.09 15:56:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.08.23 21:03:58 | 000,000,000 | ---D | C] -- C:\Users\Nightmare\Desktop\Riot Games
[2013.08.22 17:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.08.22 17:27:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.08.22 17:27:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.08.22 17:27:01 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013.08.22 17:27:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013.08.22 17:27:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013.08.22 17:27:00 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013.08.22 17:27:00 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2013.08.22 17:27:00 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013.08.22 17:26:59 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.08.22 17:26:59 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013.08.22 17:26:59 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013.08.22 17:26:59 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013.08.22 17:26:59 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013.08.22 17:26:59 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.08.22 17:26:59 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.08.22 17:26:59 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013.08.22 17:26:59 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013.08.22 17:26:59 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013.08.22 17:26:59 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013.08.22 17:26:59 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013.08.22 17:26:59 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013.08.22 17:26:59 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.08.22 17:26:59 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013.08.22 17:26:59 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.08.22 17:26:59 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013.08.22 17:26:59 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013.08.22 17:26:58 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.08.22 17:24:56 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013.08.22 17:24:47 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013.08.22 17:24:47 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013.08.22 17:14:28 | 000,000,000 | ---D | C] -- C:\Users\Nightmare\AppData\Local\Secunia PSI
[2013.08.22 17:14:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2013.08.22 17:07:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.08.22 17:02:38 | 000,000,000 | ---D | C] -- C:\Users\Nightmare\AppData\Roaming\Mozilla
[2013.08.22 17:02:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.08.22 16:47:11 | 000,000,000 | ---D | C] -- C:\Users\Nightmare\AppData\Local\G DATA
[2013.08.22 16:36:33 | 000,000,000 | ---D | C] -- C:\Users\Nightmare\AppData\Roaming\Malwarebytes
[2013.08.22 16:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.08.22 16:36:24 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.08.22 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.08.22 16:36:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.08.22 16:36:11 | 000,000,000 | ---D | C] -- C:\Users\Nightmare\AppData\Local\Programs
[2013.08.21 21:52:16 | 000,000,000 | ---D | C] -- C:\AdwCleaner
 
========== Files - Modified Within 30 Days ==========
 
[2013.09.13 16:00:45 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.09.13 16:00:45 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.09.13 15:57:50 | 001,618,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.09.13 15:57:50 | 000,698,688 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.09.13 15:57:50 | 000,653,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.09.13 15:57:50 | 000,148,828 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.09.13 15:57:50 | 000,121,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.09.13 15:53:36 | 000,312,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.09.13 15:53:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.09.13 15:53:31 | 2132,709,375 | -HS- | M] () -- C:\hiberfil.sys
[2013.09.12 23:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.09.12 16:24:48 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.09.12 16:24:48 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.09.12 16:24:39 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.09.11 21:30:13 | 000,124,110 | ---- | M] () -- C:\Users\Nightmare\Desktop\Blue Hole, Espiritu Santo, Vanuatu, Fiji.jpg
[2013.09.11 21:18:41 | 000,102,719 | ---- | M] () -- C:\Users\Nightmare\Desktop\Batu Caves, Selangor, Malaysia.jpg
[2013.09.11 15:45:52 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.09.11 15:45:52 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.09.10 20:18:56 | 000,000,637 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2013.09.10 20:18:55 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2013.09.10 18:12:03 | 000,007,585 | ---- | M] () -- C:\Users\Nightmare\AppData\Local\Resmon.ResmonCfg
[2013.08.22 17:14:23 | 000,001,139 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.08.22 17:02:35 | 000,001,186 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.08.22 16:52:36 | 000,014,086 | ---- | M] () -- C:\Users\Nightmare\Desktop\bookmarks-2013-08-22.json
[2013.08.19 15:46:12 | 000,389,576 | ---- | M] () -- C:\Users\Nightmare\Desktop\Kabel Diagramm Box.jpg
 
========== Files Created - No Company Name ==========
 
[2013.09.11 21:30:13 | 000,124,110 | ---- | C] () -- C:\Users\Nightmare\Desktop\Blue Hole, Espiritu Santo, Vanuatu, Fiji.jpg
[2013.09.11 21:18:41 | 000,102,719 | ---- | C] () -- C:\Users\Nightmare\Desktop\Batu Caves, Selangor, Malaysia.jpg
[2013.09.10 20:18:56 | 000,000,637 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2013.09.10 18:12:03 | 000,007,585 | ---- | C] () -- C:\Users\Nightmare\AppData\Local\Resmon.ResmonCfg
[2013.09.09 17:46:29 | 000,290,184 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.09.09 15:56:41 | 000,002,143 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2013.08.22 17:14:23 | 000,001,139 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.08.22 17:14:23 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013.08.22 17:02:35 | 000,001,198 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.08.22 17:02:35 | 000,001,186 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.08.22 16:52:23 | 000,014,086 | ---- | C] () -- C:\Users\Nightmare\Desktop\bookmarks-2013-08-22.json
[2013.08.19 15:46:12 | 000,389,576 | ---- | C] () -- C:\Users\Nightmare\Desktop\Kabel Diagramm Box.jpg
[2013.05.02 23:06:54 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.03.25 22:36:59 | 001,591,896 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.03.25 20:49:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.03.25 20:45:31 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013.03.25 20:45:31 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013.03.25 20:45:31 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2013.03.25 17:37:15 | 001,086,132 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2013.03.25 16:08:38 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013.03.25 16:08:29 | 000,025,648 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.05.02 15:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
EXTRAS.TXT:
Code:
OTL Extras logfile created on: 13.09.2013 16:03:15 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = E:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,16 Gb Available Physical Memory | 64,71% Memory free
15,96 Gb Paging File | 12,75 Gb Available in Paging File | 79,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 18,43 Gb Free Space | 16,48% Space Free | Partition Type: NTFS
Drive E: | 1862,92 Gb Total Space | 1692,22 Gb Free Space | 90,84% Space Free | Partition Type: NTFS
Drive H: | 931,28 Gb Total Space | 358,80 Gb Free Space | 38,53% Space Free | Partition Type: FAT32
Drive K: | 1397,26 Gb Total Space | 304,94 Gb Free Space | 21,82% Space Free | Partition Type: NTFS
 
Computer Name: NIGHTMARE-NB | User Name: Nightmare | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4084385078-297486338-322519695-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Progamme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Progamme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Progamme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Progamme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{092512C8-7597-405A-B0C8-F20D3C0EBCFB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0DBA0FAC-D1DA-4660-9C5B-CDD1A54951D2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{142D7B23-3B45-49DE-A39C-B539D14BCAD3}" = lport=138 | protocol=17 | dir=in | app=system |
"{2BC1AE02-731D-47A2-9321-58FC1BF59EB0}" = rport=139 | protocol=6 | dir=out | app=system |
"{38384F6E-9131-454F-B3B3-EBF3CDFAA0E1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B6265B8-89B2-44D4-BD46-EF890C41720D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{56185EDC-393F-4103-A467-0DA3C86A08B6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5688A8F1-1DC0-4397-827A-D21D2445ABA8}" = rport=445 | protocol=6 | dir=out | app=system |
"{5BDDB3D8-74D8-4F46-BF7D-FC36CFE2293E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6297CEF3-64B8-4CA8-95BA-E32DA1ED8A71}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6F79E3B9-30A8-48A0-85C7-135F21E4967A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{83983378-455E-4F3A-BC45-A76C3EF39EFE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{84154E98-B353-4BBD-9F4C-9F78E53EF027}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8DBD6B6A-B51F-4A91-B195-6DCBB31D1416}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8DF89DE2-44C8-4C54-87CD-7FD1DE3AE563}" = lport=139 | protocol=6 | dir=in | app=system |
"{9D4DD13F-1C1E-443A-A652-028C9CB7C59C}" = lport=445 | protocol=6 | dir=in | app=system |
"{A1A3F719-3D91-42EF-BB67-430403516406}" = lport=137 | protocol=17 | dir=in | app=system |
"{AB434AA5-1CA3-4498-B852-CD9C50F14034}" = rport=137 | protocol=17 | dir=out | app=system |
"{BFFDDE46-446F-4322-A7FF-5B715E14CC30}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C4342769-E165-4EB9-9DAF-8111EE87C11B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CE399CED-8815-4F0C-96C1-C196BF5F89AC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CFFC1362-B563-453B-9CF1-5D94F7C9D20D}" = rport=138 | protocol=17 | dir=out | app=system |
"{E8CDD00D-DFAC-4431-8DA7-EA33E3CC38C2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0067CBF4-30BF-49A8-AD92-76480B303E03}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{09AFED21-11FB-473A-AB16-25B59BE204A6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{13070E00-7846-4C2A-8B40-D847C70AE779}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{14ADD90A-D57E-4E9B-B347-B0B58413F629}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{194F5248-6A27-4560-8F31-56F5B4D9E3B6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{214510DE-1C1E-4995-B143-C66F6E82E53F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{30900C88-44E8-4B83-BABF-A2D25EB6DB58}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{349E1C14-91FB-4365-8BF6-857AE0FB06C1}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{370494CE-2D6D-4068-9511-4D0A450DFE6F}" = protocol=6 | dir=in | app=e:\progamme\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{3801E198-6615-4B8B-B773-883AF272A6A7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{46E152A7-1E7B-4C8D-965C-EE0717676C9D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{4B278CED-FA6C-424F-AB8B-D61E9E0D61EE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4D097435-6F49-48A3-84DA-531504F22261}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{509B4949-49CA-4AAA-8532-EA69B94942CE}" = protocol=17 | dir=in | app=e:\progamme\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{62C074A2-43E2-4991-9BBF-0B01D2433FED}" = dir=in | app=e:\progamme\itunes\itunes.exe |
"{6579D0B0-900B-42D8-8811-427FEDE2645F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{6F70EB9B-E4E0-48DC-A0F0-D47861DA5381}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{704758EB-DDA7-4D83-84F8-E9D9DBA906EE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{70A52AE1-AD5C-4A70-94D5-1DD8E2164606}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{72B0F2AF-5A2E-4C12-87B9-A13CBF2B3A42}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{738EE11C-C38B-4419-B48B-A6B94FDAC98C}" = protocol=6 | dir=out | app=system |
"{73F8660F-E76B-4158-A3D5-07D11FAB79F9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7BF2FE84-F22E-43CF-B3BB-A00B68660BE3}" = protocol=17 | dir=in | app=e:\progamme\steam\steamapps\common\tomb raider\tombraider.exe |
"{8329AE9B-AE28-465E-8A0C-E72994486ED5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9D66D7AA-ECD0-4246-B32F-AB8D861A4776}" = protocol=17 | dir=in | app=e:\progamme\steam\steamapps\common\metro last light\metroll.exe |
"{AC7EB389-DEBC-4011-AB13-76042998CFA2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B584EBA3-1BFE-49F7-B159-6AF59E57C88C}" = protocol=6 | dir=in | app=e:\progamme\steam\steamapps\common\metro last light\metroll.exe |
"{BB22B9D6-AC9E-48EA-8845-C4AF51D2A054}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BE4C3B86-42C1-4ECF-BE8C-8255C0511A8D}" = protocol=6 | dir=in | app=e:\progamme\steam\steam.exe |
"{C11F8FC2-16BB-4DC9-9C6D-34C934F7EE0C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C405DD03-B723-461B-89CE-73E720BE4323}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C6E93343-FE8B-47FD-B5A7-C858D41C9755}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C6EC9AF4-A0D0-4A4F-8D68-97240F8DBF9A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CC6AC37C-9757-4637-A5E6-FC2DC4EE7D7A}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{CE732CCF-10A1-4AAF-BFCB-AFC0D51A1447}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CEA3C03C-3689-42E7-ABF1-7B845D991C5C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{CED1A94B-58DB-4A28-9ED0-DF682B622051}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DA3BD20B-1E57-4390-B608-1C991453DF00}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DEC3AABF-C864-46E6-8C3F-2B0E375F1324}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E4B055B8-C789-4A6E-A01C-A861C10E9BC8}" = protocol=17 | dir=in | app=e:\progamme\steam\steam.exe |
"{F02911F0-890B-4DA7-8D84-A7A17EF8A79E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F402B98F-4A25-4621-9096-714824753F70}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F5A374E1-0F9F-4C8E-9988-BBFCA3701512}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F792EB6B-77FF-4CFE-B916-58CFFC93DC59}" = protocol=6 | dir=in | app=e:\progamme\steam\steamapps\common\tomb raider\tombraider.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{1701BD02-09B9-B25B-8290-C7D6A33C5A75}" = AMD Catalyst Install Manager
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2394E621-62FE-72DF-057F-F51EB4BD2077}" = AMD Accelerated Video Transcoding
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5B97A291-F6D0-C734-922E-765BF8AF3106}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7C8B4C37-0C40-2BEA-C6F3-56EAD395BC56}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A44E3BC0-77C3-3F36-2034-4F8F578B7D1B}" = AMD Media Foundation Decoders
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FD66C6F-4023-4C74-AF8E-9B8B2053868E}" = Fotogalerie
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{10621ADB-04B8-94B5-0520-E799FBCFE366}" = CCC Help German
"{15E63A3E-5FEC-FC64-C09D-757F2753DA10}" = CCC Help Italian
"{16F3A269-C49C-3EA8-76B6-3006007CE201}" = CCC Help Portuguese
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1A44135B-3127-9AEE-5686-F64DA4F262CA}" = Catalyst Control Center Graphics Previews Common
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B93929-FAD4-40E5-96C6-0E977BB87204}" = Windows Live Essentials
"{29EF24BB-EF96-0D83-4142-2488827609B1}" = CCC Help Dutch
"{2F2AE1BD-90B2-F4C0-3D32-4653B5B65AB1}" = Catalyst Control Center InstallProxy
"{2F56F921-7281-17D7-C628-EDC320DB1AF3}" = CCC Help French
"{33126DA3-B1C3-A57F-B8DD-8D10B00698DC}" = Catalyst Control Center
"{41501415-D0BC-4692-88C6-D401DDFEAA0E}" = Adobe Flash Player 11 ActiveX
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{49DC9658-D26A-4AAB-A83A-2655B8033056}" = Photo Common
"{5070FEB6-D861-648C-95EA-D08B15139677}" = CCC Help Turkish
"{507A4C55-8DAF-1607-0B3B-36F975039B2D}" = CCC Help Korean
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56BB049F-DAD3-4D9E-BC83-E4D778EAE0BD}" = CCC Help Norwegian
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DE28421-7661-5A77-F667-5FDC46170AD8}" = CCC Help Swedish
"{5EA47F98-C7D2-2C53-0316-CF59E197116D}" = CCC Help Finnish
"{6066D3FE-3692-4449-A3C8-D1EAA2C0E9E7}" = Movie Maker
"{6A7DF5D8-2DDA-56C0-CC4A-667EC297787D}" = CCC Help Thai
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7765322A-8601-47D3-AC60-B66677450D7B}" = G Data InternetSecurity 2014
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A8A86CF-71B4-4517-919F-43E493547346}" = CCC Help Danish
"{7D5BFB15-8BC7-2170-144F-7F585FE9FDF1}" = CCC Help Japanese
"{7E77E37C-1806-ADFD-C98B-5F1465781D8F}" = CCC Help Chinese Traditional
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8A0B485A-639F-751F-7CA9-744F15BC54F8}" = CCC Help Czech
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8BFFC140-7C6F-CCB0-B85B-2AE63922C919}" = CCC Help Hungarian
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E4F1F84-B054-5875-ABF4-1246B3CFD48E}" = CCC Help Russian
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{93DE6349-A17B-8CA8-181F-6DB7A2E1F1C7}" = Catalyst Control Center Localization All
"{97E21DF5-574A-67C2-6ECC-0AC11F0ABF3C}" = CCC Help Polish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2497A20-8029-4AB9-B4A5-9DAAB3DBF177}" = Adobe Flash Player 11 Plugin
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.04) - Deutsch
"{B051D1F8-8A3D-096B-1BC5-15F111F4EE2D}" = CCC Help Greek
"{B56BA529-977E-4276-0325-A94BF57E1B65}" = CCC Help Spanish
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{CCC7C18E-1BEA-409F-B7A9-6C9740B99119}" = Windows Live UX Platform Language Pack
"{E04810F9-4BAC-C803-82F1-241041A44897}" = CCC Help English
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{ED2A4AA9-11F8-8338-0B18-CD9C543E876E}" = CCC Help Chinese Standard
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"Battlelog Web Plugins" = Battlelog Web Plugins
"ESET Online Scanner" = ESET Online Scanner v3
"ESN Sonar-0.70.4" = ESN Sonar
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 2.1.8.717
"Free YouTube Download_is1" = Free YouTube Download version 3.2.8.717
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.8.717
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 23.0.1 (x86 de)" = Mozilla Firefox 23.0.1 (x86 de)
"Mozilla Thunderbird 17.0.8 (x86 de)" = Mozilla Thunderbird 17.0.8 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Secunia PSI" = Secunia PSI (3.0.0.7011)
"Steam App 203160" = Tomb Raider
"Steam App 43160" = Metro: Last Light
"Steam App 730" = Counter-Strike: Global Offensive
"VLC media player" = VLC media player 2.0.8
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.09.2013 12:39:53 | Computer Name = Nightmare-NB | Source = MsiInstaller | ID = 1013
Description =
 
Error - 10.09.2013 13:31:21 | Computer Name = Nightmare-NB | Source = MsiInstaller | ID = 1013
Description =
 
Error - 10.09.2013 18:36:00 | Computer Name = Nightmare-NB | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 11.09.2013 09:42:04 | Computer Name = Nightmare-NB | Source = WinMgmt | ID = 10
Description =
 
Error - 11.09.2013 09:50:51 | Computer Name = Nightmare-NB | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 12.09.2013 06:53:21 | Computer Name = Nightmare-NB | Source = WinMgmt | ID = 10
Description =
 
Error - 12.09.2013 07:09:23 | Computer Name = Nightmare-NB | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 12.09.2013 07:44:25 | Computer Name = Nightmare-NB | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 12.09.2013 16:13:05 | Computer Name = Nightmare-NB | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 13.09.2013 09:55:26 | Computer Name = Nightmare-NB | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 14.08.2013 19:49:11 | Computer Name = Nightmare-NB | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
 
Error - 14.08.2013 19:49:11 | Computer Name = Nightmare-NB | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
 
Error - 17.08.2013 07:26:07 | Computer Name = Nightmare-NB | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 23.08.2013 12:17:46 | Computer Name = Nightmare-NB | Source = BROWSER | ID = 8032
Description =
 
Error - 09.09.2013 10:04:27 | Computer Name = Nightmare-NB | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Lavalys EVEREST Kernel Driver" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%577
 
Error - 09.09.2013 10:04:27 | Computer Name = Nightmare-NB | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Lavalys EVEREST Kernel Driver" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%577
 
Error - 10.09.2013 05:01:30 | Computer Name = Nightmare-NB | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 10.09.2013 05:01:30 | Computer Name = Nightmare-NB | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 10.09.2013 14:40:50 | Computer Name = Nightmare-NB | Source = Ntfs | ID = 262281
Description = Auf dem Volume "Q:" konnte der Transaktionsressourcen-Manager aufgrund
 eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
 den Daten enthalten.
 
Error - 13.09.2013 09:52:43 | Computer Name = Nightmare-NB | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description = Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b
 
 
< End of report >
Gruß
David

aharonov 16.09.2013 12:15
ok.


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Nightmare199 17.09.2013 14:01
Liste der Anhänge anzeigen (Anzahl: 1)
Hi Leo,

ich habe Combofix einmal ausgeführt, G-Data hat danach lauter Programme als potentiell gefählich eingestuft (siehe rechts unten im Screenshot). Textdatei habe ich keine gefunden, habe es dann nochmal gestartet, jetzt kommt die Fehlermeldung aus dem Screenshot. Hilfe!^^

Ps: ich hatte vorher den G-Data Wächter deaktiviert, die Warnungen kommen trotzdem

Nightmare199 17.09.2013 15:49
Update: die Fehlermeldungen kommen nur weil ich den GData Autopiloten ausgeschalten habe.

Also ich kann kein Logfile finden.

aharonov 18.09.2013 09:49
Kannst du GData mal komplett deaktiveren und Combofix nochmals ausführen?
(Bestehende combofix.exe löschen und neu herunterladen.)

Nightmare199 18.09.2013 15:37
Jetzt hats endlich geklappt hier das logfile:

Code:
ComboFix 13-09-17.01 - Nightmare 18.09.2013  16:23:12.2.8 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8173.6206 [GMT 2:00]
ausgeführt von:: c:\users\Nightmare\Desktop\ComboFix.exe
AV: G Data InternetSecurity 2014 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2014 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
c:\users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\searchplugins\search.xml
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-08-18 bis 2013-09-18  ))))))))))))))))))))))))))))))
.
.
2013-09-18 14:25 . 2013-09-18 14:25        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-09-17 11:39 . 2013-09-17 11:39        --------        d-----w-        c:\users\Nightmare\AppData\Local\Stardock
2013-09-17 08:12 . 2013-09-05 05:32        9694160        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{D279B202-BD5F-49C9-9D7F-89F2223AB910}\mpengine.dll
2013-09-13 16:08 . 2013-09-13 16:08        4751752        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-09-12 11:01 . 2013-08-05 02:25        155584        ----a-w-        c:\windows\system32\drivers\ataport.sys
2013-09-12 11:00 . 2013-08-08 01:20        3155456        ----a-w-        c:\windows\system32\win32k.sys
2013-09-12 11:00 . 2013-07-26 02:24        14172672        ----a-w-        c:\windows\system32\shell32.dll
2013-09-12 11:00 . 2013-07-26 02:24        197120        ----a-w-        c:\windows\system32\shdocvw.dll
2013-09-10 18:20 . 2013-09-10 18:37        --------        d-----w-        c:\users\Nightmare\AppData\Roaming\TrueCrypt
2013-09-10 18:18 . 2013-09-10 18:18        231376        ----a-w-        c:\windows\system32\drivers\truecrypt.sys
2013-09-10 11:13 . 2013-09-10 11:13        --------        d-----w-        C:\FRST
2013-09-09 19:47 . 2013-09-09 19:47        --------        d-----w-        c:\windows\ERUNT
2013-09-09 15:46 . 2013-09-18 13:35        290184        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2013-09-09 15:18 . 2013-09-09 15:18        --------        d-----w-        c:\program files (x86)\ESET
2013-09-09 13:56 . 2013-09-09 13:56        --------        d-----w-        c:\users\Nightmare\AppData\Roaming\Thunderbird
2013-09-09 13:56 . 2013-09-09 13:56        --------        d-----w-        c:\users\Nightmare\AppData\Local\Thunderbird
2013-09-09 13:56 . 2013-09-09 13:56        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird
2013-08-22 15:27 . 2013-08-23 16:01        --------        d-----w-        c:\program files\Microsoft Silverlight
2013-08-22 15:27 . 2013-08-23 16:01        --------        d-----w-        c:\program files (x86)\Microsoft Silverlight
2013-08-22 15:27 . 2012-08-23 15:09        3584        ----a-w-        c:\windows\system32\drivers\de-DE\tsusbflt.sys.mui
2013-08-22 15:27 . 2012-08-23 13:41        13312        ----a-w-        c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-08-22 15:27 . 2012-08-23 13:40        13312        ----a-w-        c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-08-22 15:27 . 2012-08-23 13:24        15360        ----a-w-        c:\windows\system32\RdpGroupPolicyExtension.dll
2013-08-22 15:27 . 2012-08-23 14:10        19456        ----a-w-        c:\windows\system32\drivers\rdpvideominiport.sys
2013-08-22 15:27 . 2012-08-23 14:08        30208        ----a-w-        c:\windows\system32\drivers\TsUsbGD.sys
2013-08-22 15:27 . 2012-08-23 14:07        57856        ----a-w-        c:\windows\system32\drivers\TsUsbFlt.sys
2013-08-22 15:24 . 2012-08-24 18:13        154480        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2013-08-22 15:24 . 2012-08-24 18:09        458712        ----a-w-        c:\windows\system32\drivers\cng.sys
2013-08-22 15:24 . 2012-08-24 18:05        340992        ----a-w-        c:\windows\system32\schannel.dll
2013-08-22 15:24 . 2012-08-24 18:03        1448448        ----a-w-        c:\windows\system32\lsasrv.dll
2013-08-22 15:24 . 2012-08-24 16:57        247808        ----a-w-        c:\windows\SysWow64\schannel.dll
2013-08-22 15:24 . 2012-08-24 16:57        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2013-08-22 15:24 . 2012-08-24 16:53        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
2013-08-22 15:24 . 2012-05-04 11:00        366592        ----a-w-        c:\windows\system32\qdvd.dll
2013-08-22 15:24 . 2012-05-04 09:59        514560        ----a-w-        c:\windows\SysWow64\qdvd.dll
2013-08-22 15:14 . 2013-08-22 15:14        --------        d-----w-        c:\users\Nightmare\AppData\Local\Secunia PSI
2013-08-22 15:14 . 2013-08-22 15:14        --------        d-----w-        c:\program files (x86)\Secunia
2013-08-22 15:02 . 2013-09-09 15:05        --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service
2013-08-22 14:47 . 2013-08-22 14:47        --------        d-----w-        c:\users\Nightmare\AppData\Local\G DATA
2013-08-22 14:36 . 2013-08-22 14:36        --------        d-----w-        c:\users\Nightmare\AppData\Roaming\Malwarebytes
2013-08-22 14:36 . 2013-08-22 14:36        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-22 14:36 . 2013-08-22 14:36        --------        d-----w-        c:\programdata\Malwarebytes
2013-08-22 14:36 . 2013-04-04 12:50        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-08-22 14:36 . 2013-08-22 14:36        --------        d-----w-        c:\users\Nightmare\AppData\Local\Programs
2013-08-21 19:52 . 2013-08-23 19:08        --------        d-----w-        C:\AdwCleaner
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-18 13:35 . 2013-05-07 15:47        290184        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2013-09-18 13:35 . 2013-05-02 21:06        280904        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2013-09-13 16:09 . 2013-03-25 14:39        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-13 16:09 . 2013-03-25 14:39        692616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-12 21:23 . 2013-03-29 09:27        79143768        ----a-w-        c:\windows\system32\MRT.exe
2013-08-07 02:22 . 2010-11-21 03:27        278800        ------w-        c:\windows\system32\MpSigStub.exe
2013-08-02 01:48 . 2013-09-12 11:01        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-14 13:46        1888768        ----a-w-        c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 13:46        1620992        ----a-w-        c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-14 13:46        2048        ----a-w-        c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-14 13:46        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-14 13:46        224256        ----a-w-        c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-14 13:46        1217024        ----a-w-        c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-14 13:46        184320        ----a-w-        c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-14 13:46        1472512        ----a-w-        c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-14 13:46        139776        ----a-w-        c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-14 13:46        663552        ----a-w-        c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-14 13:46        175104        ----a-w-        c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-14 13:46        140288        ----a-w-        c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-14 13:46        1166848        ----a-w-        c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-14 13:46        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-14 13:46        1910208        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-07-03 08:32 . 2013-07-03 08:32        18456        ----a-w-        c:\windows\system32\drivers\psi_mf_amd64.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2013-03-22 1854928]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"G Data AntiVirus Tray"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2013-03-22 1444304]
"G Data ASM"="c:\program files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe" [2013-02-25 472016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-7-3 563416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 XENfiltv;XENfiltv;c:\windows\system32\drivers\XENfiltv.sys;c:\windows\SYSNATIVE\drivers\XENfiltv.sys [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys;c:\windows\SYSNATIVE\drivers\GDBehave.sys [x]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys;c:\windows\SYSNATIVE\drivers\MiniIcpt.sys [x]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys;c:\windows\SYSNATIVE\drivers\gdwfpcd64.sys [x]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys;c:\windows\SYSNATIVE\drivers\GRD.sys [x]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys;c:\windows\SYSNATIVE\drivers\HookCentre.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [x]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [x]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [x]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys;c:\windows\SYSNATIVE\drivers\PktIcpt.sys [x]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-25 16:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.fbdownloader.com/?channel=sfde206
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\program files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.fbdownloader.com/search.php?channel=sfde206&q=
FF - prefs.js: browser.startup.homepage - bing.com
FF - prefs.js: keyword.URL - hxxp://search.fbdownloader.com/search.php?channel=sfde206&q=
FF - ExtSQL: 2013-08-22 17:22; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-09-18  16:27:16
ComboFix-quarantined-files.txt  2013-09-18 14:27
.
Vor Suchlauf: 10 Verzeichnis(se), 22.778.548.224 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 22.401.429.504 Bytes frei
.
- - End Of File - - C59ABDC8F802A899D59A8662EEA00D0A
A36C5E4F47E84449FF07ED3517B43A31

aharonov 20.09.2013 10:20
Nutzt du mehrere Benutzerkonten an diesem Rechner oder nur eines?
Falls mehrere: Kannst du dann mal FRST-Logs posten, die in den anderen Konten erstellt wurden.

Nightmare199 20.09.2013 15:47
Hi Leo,

nein ich habe nur ein Profil! :kaffee:

Gruß David

ich wollte noch eben Bescheid geben, ich bin ab Morgen Nacht für eine Woche im Urlaub außer Lande :applaus:, kann deshalb auch nicht auf diesen PC hier zugreifen, ich würde mich dann melden wenn ich wieder da bin!

Nightmare199 01.10.2013 13:13
Hi Leo,

bin wieder da, gibt es schon was neues?

Gruß
David

aharonov 01.10.2013 13:38
Hallo David,

lad bitte eine neue Version von FRST runter und scanne damit:


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Nightmare199 10.10.2013 11:15
Hi Leo,

Sorry für die lange Wartezeit hier das Log:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Nightmare (administrator) on NIGHTMARE-NB on 10-10-2013 12:12:31
Running from E:\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Valve Corporation) E:\Progamme\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Blizzard Entertainment) E:\Spiele\World of Warcraft\WoW-64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [GDFirewallTray] - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1854928 2013-03-22] (G Data Software AG)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [G Data AntiVirus Tray] - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe [1444304 2013-03-22] (G Data Software AG)
HKLM-x32\...\Run: [G Data ASM] - C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [472016 2013-02-25] (G Data Software AG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9C8DE98C6329CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.fbdownloader.com/?channel=sfde206
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {5C54CC0F-5F8D-475F-855B-11CDCDF6B2DC} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {2B296690-1DB5-4923-A71A-09AE504D4D20} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Gruß David :dankeschoen:

Addition:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Nightmare at 2013-10-10 12:14:21
Running from E:\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: G Data InternetSecurity 2014 (Enabled - Up to date) {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
AS: G Data InternetSecurity 2014 (Enabled - Up to date) {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall (Enabled) {018C0191-29AD-04E8-101F-264FDF37B3ED}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Battlefield 3™ (x32 Version: 1.6.0.0)
Battlelog Web Plugins (x32 Version: 2.3.0)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485)
CCC Help Czech (x32 Version: 2012.1219.1520.27485)
CCC Help Danish (x32 Version: 2012.1219.1520.27485)
CCC Help Dutch (x32 Version: 2012.1219.1520.27485)
CCC Help English (x32 Version: 2012.1219.1520.27485)
CCC Help Finnish (x32 Version: 2012.1219.1520.27485)
CCC Help French (x32 Version: 2012.1219.1520.27485)
CCC Help German (x32 Version: 2012.1219.1520.27485)
CCC Help Greek (x32 Version: 2012.1219.1520.27485)
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485)
CCC Help Italian (x32 Version: 2012.1219.1520.27485)
CCC Help Japanese (x32 Version: 2012.1219.1520.27485)
CCC Help Korean (x32 Version: 2012.1219.1520.27485)
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485)
CCC Help Polish (x32 Version: 2012.1219.1520.27485)
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485)
CCC Help Russian (x32 Version: 2012.1219.1520.27485)
CCC Help Spanish (x32 Version: 2012.1219.1520.27485)
CCC Help Swedish (x32 Version: 2012.1219.1520.27485)
CCC Help Thai (x32 Version: 2012.1219.1520.27485)
CCC Help Turkish (x32 Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
Counter-Strike: Global Offensive (x32)
D3DX10 (x32 Version: 15.4.2368.0902)
ESET Online Scanner v3 (x32)
ESN Sonar (x32 Version: 0.70.4)
EVEREST Home Edition v2.20 (x32 Version: 2.20)
Fotogalerie (x32 Version: 16.4.3508.0205)
Free Video Flip and Rotate version 2.1.8.717 (x32 Version: 2.1.8.717)
Free YouTube Download version 3.2.8.717 (x32 Version: 3.2.8.717)
Free YouTube to MP3 Converter version 3.12.8.717 (x32 Version: 3.12.8.717)
G Data InternetSecurity 2014 (x32 Version: 24.0.2.1)
iTunes (Version: 11.0.2.26)
Left 4 Dead (x32)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Metro: Last Light (x32)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3508.0205)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
Mozilla Thunderbird 24.0 (x86 de) (x32 Version: 24.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
neroxml (x32 Version: 1.0.0)
NVIDIA PhysX (x32 Version: 9.12.1031)
Origin (x32 Version: 9.1.13.85)
Photo Common (x32 Version: 16.4.3508.0205)
Photo Gallery (x32 Version: 16.4.3508.0205)
PunkBuster Services (x32 Version: 0.991)
Realtek Ethernet Controller Driver For Windows Vista and Later (x32 Version: 1.00.0009)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6251)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0)
Secunia PSI (3.0.0.7011) (x32 Version: 3.0.0.7011)
Steam (x32 Version: 1.0.0.0)
TeamSpeak 3 Client (Version: 3.0.13)
Tomb Raider (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
VLC media player 2.1.0 (x32 Version: 2.1.0)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
World of Warcraft (x32 Version: 4.0.0.12911)

==================== Restore Points  =========================

08-10-2013 10:08:51 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-09-18 16:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {A8EB5811-A1C3-4990-9580-77C332ECB59A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {DD794993-B0B2-48B9-A6A6-05766AF86FA8} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-02-25 04:47 - 2013-02-25 04:47 - 00334288 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2013-09-30 23:25 - 2013-09-30 23:25 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-03-25 14:23 - 2013-08-22 00:18 - 00687104 _____ () E:\Progamme\Steam\SDL2.dll
2013-04-19 13:10 - 2013-10-09 04:19 - 01121704 _____ () E:\Progamme\Steam\bin\chromehtml.DLL
2013-03-26 16:16 - 2013-09-11 00:20 - 20625832 _____ () E:\Progamme\Steam\bin\libcef.dll
2012-12-11 09:51 - 2013-06-15 01:49 - 01100800 _____ () E:\Progamme\Steam\bin\avcodec-53.dll
2012-12-11 09:51 - 2013-06-15 01:49 - 00124416 _____ () E:\Progamme\Steam\bin\avutil-51.dll
2012-12-11 09:51 - 2013-06-15 01:49 - 00192000 _____ () E:\Progamme\Steam\bin\avformat-53.dll
2013-10-09 20:09 - 2013-10-09 20:09 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
2013-10-05 15:38 - 2013-10-03 08:33 - 23950848 _____ () E:\Spiele\World of Warcraft\Utils\libcef.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/10/2013 00:06:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/10/2013 00:30:12 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/09/2013 09:16:18 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (10/09/2013 08:05:08 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (10/09/2013 11:02:00 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2013 02:34:59 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (10/09/2013 01:36:19 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (10/09/2013 00:30:12 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/08/2013 11:16:25 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (10/08/2013 10:55:14 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/10/2013 00:11:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (10/10/2013 00:11:42 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (10/08/2013 10:58:40 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (10/08/2013 10:58:40 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (10/01/2013 11:55:36 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (10/01/2013 11:55:36 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (09/18/2013 05:08:51 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (09/18/2013 04:25:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (09/18/2013 04:25:40 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (09/18/2013 04:24:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-09-18 16:25:40.436
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-18 16:25:40.420
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-09 16:04:27.849
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Nightmare\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-09 16:04:27.833
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Nightmare\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-09 16:04:27.755
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Progamme\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-09 16:04:27.740
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Progamme\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 8173.21 MB
Available physical RAM: 4934.23 MB
Total Pagefile: 16344.61 MB
Available Pagefile: 12259.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Samsung SSD BOOT Device) (Fixed) (Total:111.79 GB) (Free:7.41 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Laufwerk_F) (Fixed) (Total:298.09 GB) (Free:50.76 GB) NTFS
Drive e: (DATA 2 TB) (Fixed) (Total:1862.92 GB) (Free:1697.27 GB) NTFS
Drive h: (DATA BASE) (Fixed) (Total:931.28 GB) (Free:410.44 GB) FAT32
Drive k: (Elements) (Fixed) (Total:1397.26 GB) (Free:393.49 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 7BE1F435)
Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 11BB29FA)
Partition 1: (Not Active) - (Size=-198731276288) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: F2E0AD49)
Partition 1: (Active) - (Size=932 GB) - (Type=0C)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1397 GB) (Disk ID: 000CF721)
Partition 1: (Not Active) - (Size=-698724909056) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 298 GB) (Disk ID: CACFB0E3)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

aharonov 10.10.2013 11:18
Hi,

das erste Log (FRST.txt) ist unvollständig gepostet, das ist nur der oberste Teil.
Kannst du das bitte nochmals komplett nachreichen?

Nightmare199 10.10.2013 12:07
oh sorry


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Nightmare (administrator) on NIGHTMARE-NB on 10-10-2013 12:14:08
Running from E:\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Valve Corporation) E:\Progamme\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Blizzard Entertainment) E:\Spiele\World of Warcraft\WoW-64.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Blizzard Entertainment) E:\Spiele\World of Warcraft\Utils\WowBrowserProxy.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [GDFirewallTray] - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1854928 2013-03-22] (G Data Software AG)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [G Data AntiVirus Tray] - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe [1444304 2013-03-22] (G Data Software AG)
HKLM-x32\...\Run: [G Data ASM] - C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [472016 2013-02-25] (G Data Software AG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9C8DE98C6329CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.fbdownloader.com/?channel=sfde206
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {5C54CC0F-5F8D-475F-855B-11CDCDF6B2DC} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {2B296690-1DB5-4923-A71A-09AE504D4D20} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default
FF Homepage: hxxp://search.fbdownloader.com/?channel=sfde206
FF SelectedSearchEngine: Search
FF DefaultSearchEngine: Search
FF Keyword.URL: hxxp://search.fbdownloader.com/search.php?channel=sfde206&q=
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - E:\Progamme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - E:\Progamme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - E:\Progamme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\searchplugins\search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Docs) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1957840 2013-03-22] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [635344 2013-02-25] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2249944 2013-02-25] (G Data Software AG)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2926672 2013-03-22] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [696808 2013-02-25] (G Data Software AG)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-05-09] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)

==================== Drivers (Whitelisted) ====================

R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [60248 2013-05-26] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [133976 2013-05-26] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [62808 2013-05-26] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64856 2013-05-26] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [107128 2013-05-27] (G Data Software)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [107128 2013-05-27] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [64856 2013-05-26] (G Data Software AG)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 XENfiltv; C:\Windows\System32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-09 11:05 - 2013-10-09 11:05 - 00000878 _____ C:\Users\Nightmare\Desktop\World of Warcraft - Verknüpfung.lnk
2013-10-07 11:08 - 2013-10-07 11:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-07 11:04 - 2013-10-07 11:04 - 00000614 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-10-07 11:03 - 2013-10-09 11:04 - 00000253 _____ C:\Users\Nightmare\Desktop\WoW.mfil
2013-10-07 11:03 - 2013-10-09 11:04 - 00000000 ____D C:\Users\Nightmare\Desktop\Data
2013-10-07 11:03 - 2013-10-07 11:07 - 00000000 ____D C:\Users\Nightmare\Desktop\WTF
2013-10-06 01:21 - 2013-10-06 01:21 - 00000752 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2013-10-04 09:25 - 2013-10-04 09:25 - 00000000 ____D C:\Users\Nightmare\Desktop\Bewerbungen
2013-10-03 13:59 - 2013-10-03 13:59 - 00000000 ____D C:\Users\Public\Documents\Blizzard Entertainment
2013-10-03 13:57 - 2013-10-03 13:57 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-10-03 12:05 - 2013-10-03 12:08 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-10-03 11:54 - 2013-10-03 11:54 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Blizzard Entertainment
2013-10-03 11:32 - 2013-10-03 11:32 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2013-10-03 11:06 - 2013-10-03 11:07 - 00000000 ____D C:\ProgramData\Battle.net
2013-09-30 23:25 - 2013-09-30 23:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-21 23:08 - 2013-09-21 23:08 - 00000000 ____D C:\Users\Nightmare\Desktop\Sicherheitskopie Intenso
2013-09-21 22:39 - 2013-09-21 22:41 - 00000000 ____D C:\Users\Nightmare\Desktop\Handy Mix
2013-09-18 21:34 - 2013-09-18 21:34 - 00000208 _____ C:\Users\Nightmare\Desktop\Left 4 Dead.url
2013-09-18 17:26 - 2013-09-18 17:53 - 00000196 _____ C:\Users\Nightmare\Desktop\Horror Filme.txt
2013-09-18 16:27 - 2013-09-18 16:27 - 00019430 _____ C:\ComboFix.txt
2013-09-17 16:53 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-17 16:53 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-17 16:53 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-17 16:53 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-17 16:53 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-17 16:53 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-17 16:53 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-17 16:53 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-17 15:04 - 2013-09-18 16:27 - 00000000 ____D C:\Qoobox
2013-09-17 14:59 - 2013-09-17 14:59 - 00000000 _____ C:\Users\Nightmare\Desktop\Neue Bitmap.bmp
2013-09-17 14:56 - 2013-09-18 16:26 - 00000000 ____D C:\Windows\erdnt
2013-09-17 14:55 - 2013-09-17 14:56 - 05128653 ____R (Swearware) C:\Users\Nightmare\Desktop\ComboFix.exe
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Stardock
2013-09-17 13:23 - 2013-09-17 13:23 - 00000555 _____ C:\Users\Nightmare\Desktop\Musik - Verknüpfung (H) Data Base.lnk
2013-09-16 15:57 - 2013-09-16 15:57 - 00000000 ____D C:\Users\Nightmare\Desktop\Places to go
2013-09-16 15:12 - 2013-09-16 15:12 - 00000000 ____D C:\Users\Nightmare\Desktop\Def Leppard - Adrenalize
2013-09-12 23:24 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 23:24 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 23:24 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 23:24 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 23:24 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 23:24 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 23:24 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 23:24 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 23:24 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 23:24 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 23:24 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 23:24 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 23:24 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 23:24 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 23:24 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 23:24 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 23:24 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 23:24 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 23:24 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 23:24 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 23:24 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 23:24 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 23:24 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 23:24 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 23:24 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 23:24 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 23:24 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 23:24 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 23:24 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 23:24 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 23:24 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 13:01 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 13:01 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 13:01 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 13:01 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 13:01 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 13:01 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 13:01 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 13:01 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 13:01 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 13:01 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 13:01 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 13:01 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 13:01 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 13:01 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 13:01 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 13:01 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 13:01 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 13:01 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 13:01 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 13:01 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 13:01 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 13:01 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 13:01 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 13:01 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 13:01 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 13:01 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 13:01 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 13:00 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 13:00 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 13:00 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 13:00 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 13:00 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-10 20:20 - 2013-09-10 20:37 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\TrueCrypt
2013-09-10 20:18 - 2013-09-10 20:18 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2013-09-10 18:12 - 2013-09-10 18:12 - 00007585 _____ C:\Users\Nightmare\AppData\Local\Resmon.ResmonCfg
2013-09-10 13:28 - 2013-09-10 15:56 - 00000000 ____D C:\Users\Nightmare\Desktop\trojaner-board
2013-09-10 13:13 - 2013-09-10 13:13 - 00000000 ____D C:\FRST

==================== One Month Modified Files and Folders =======

2013-10-10 12:11 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-10 12:11 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-10 12:08 - 2013-03-25 16:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-10 12:08 - 2013-03-25 15:43 - 01382492 _____ C:\Windows\WindowsUpdate.log
2013-10-10 12:08 - 2010-11-21 08:50 - 00698688 _____ C:\Windows\system32\perfh007.dat
2013-10-10 12:08 - 2010-11-21 08:50 - 00148828 _____ C:\Windows\system32\perfc007.dat
2013-10-10 12:08 - 2009-07-14 07:13 - 01618320 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-10 12:04 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-10 12:04 - 2009-07-14 06:51 - 00093869 _____ C:\Windows\setupact.log
2013-10-09 20:09 - 2013-03-25 16:39 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 20:09 - 2013-03-25 16:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 20:09 - 2013-03-25 16:39 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 11:05 - 2013-10-09 11:05 - 00000878 _____ C:\Users\Nightmare\Desktop\World of Warcraft - Verknüpfung.lnk
2013-10-09 11:04 - 2013-10-07 11:03 - 00000253 _____ C:\Users\Nightmare\Desktop\WoW.mfil
2013-10-09 11:04 - 2013-10-07 11:03 - 00000000 ____D C:\Users\Nightmare\Desktop\Data
2013-10-08 10:53 - 2013-08-22 17:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-07 11:08 - 2013-10-07 11:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-07 11:07 - 2013-10-07 11:03 - 00000000 ____D C:\Users\Nightmare\Desktop\WTF
2013-10-07 11:05 - 2013-09-09 15:56 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Thunderbird
2013-10-07 11:04 - 2013-10-07 11:04 - 00000614 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-10-06 01:21 - 2013-10-06 01:21 - 00000752 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2013-10-05 13:52 - 2013-05-07 17:46 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-10-05 13:52 - 2010-11-21 05:47 - 00342256 _____ C:\Windows\PFRO.log
2013-10-04 09:25 - 2013-10-04 09:25 - 00000000 ____D C:\Users\Nightmare\Desktop\Bewerbungen
2013-10-04 09:07 - 2013-03-25 21:03 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\vlc
2013-10-03 13:59 - 2013-10-03 13:59 - 00000000 ____D C:\Users\Public\Documents\Blizzard Entertainment
2013-10-03 13:57 - 2013-10-03 13:57 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-10-03 12:08 - 2013-10-03 12:05 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-10-03 11:54 - 2013-10-03 11:54 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Blizzard Entertainment
2013-10-03 11:32 - 2013-10-03 11:32 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2013-10-03 11:07 - 2013-10-03 11:06 - 00000000 ____D C:\ProgramData\Battle.net
2013-10-01 14:12 - 2013-03-25 16:31 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Mozilla
2013-09-30 23:25 - 2013-09-30 23:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-21 23:08 - 2013-09-21 23:08 - 00000000 ____D C:\Users\Nightmare\Desktop\Sicherheitskopie Intenso
2013-09-21 22:41 - 2013-09-21 22:39 - 00000000 ____D C:\Users\Nightmare\Desktop\Handy Mix
2013-09-19 16:52 - 2013-09-09 17:46 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-09-19 16:52 - 2013-05-07 17:47 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-09-19 16:51 - 2013-05-02 23:06 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-09-18 21:34 - 2013-09-18 21:34 - 00000208 _____ C:\Users\Nightmare\Desktop\Left 4 Dead.url
2013-09-18 21:34 - 2013-05-06 18:38 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-09-18 17:53 - 2013-09-18 17:26 - 00000196 _____ C:\Users\Nightmare\Desktop\Horror Filme.txt
2013-09-18 16:27 - 2013-09-18 16:27 - 00019430 _____ C:\ComboFix.txt
2013-09-18 16:27 - 2013-09-17 15:04 - 00000000 ____D C:\Qoobox
2013-09-18 16:27 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-18 16:26 - 2013-09-17 14:56 - 00000000 ____D C:\Windows\erdnt
2013-09-18 16:25 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-17 14:59 - 2013-09-17 14:59 - 00000000 _____ C:\Users\Nightmare\Desktop\Neue Bitmap.bmp
2013-09-17 14:56 - 2013-09-17 14:55 - 05128653 ____R (Swearware) C:\Users\Nightmare\Desktop\ComboFix.exe
2013-09-17 13:44 - 2013-03-25 15:47 - 00000000 ___RD C:\Users\Nightmare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Stardock
2013-09-17 13:30 - 2010-11-21 09:00 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-17 13:23 - 2013-09-17 13:23 - 00000555 _____ C:\Users\Nightmare\Desktop\Musik - Verknüpfung (H) Data Base.lnk
2013-09-16 19:08 - 2013-05-08 10:22 - 00017691 _____ C:\Users\Nightmare\Documents\TombRaider.log
2013-09-16 15:57 - 2013-09-16 15:57 - 00000000 ____D C:\Users\Nightmare\Desktop\Places to go
2013-09-16 15:12 - 2013-09-16 15:12 - 00000000 ____D C:\Users\Nightmare\Desktop\Def Leppard - Adrenalize
2013-09-14 03:00 - 2013-04-10 19:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 18:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-13 15:59 - 2013-03-25 15:47 - 00000000 ___RD C:\Users\Nightmare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-13 15:53 - 2009-07-14 06:45 - 00312496 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 23:24 - 2013-08-06 01:30 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 23:23 - 2013-03-29 11:27 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-10 20:37 - 2013-09-10 20:20 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\TrueCrypt
2013-09-10 20:18 - 2013-09-10 20:18 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2013-09-10 18:12 - 2013-09-10 18:12 - 00007585 _____ C:\Users\Nightmare\AppData\Local\Resmon.ResmonCfg
2013-09-10 15:56 - 2013-09-10 13:28 - 00000000 ____D C:\Users\Nightmare\Desktop\trojaner-board
2013-09-10 14:48 - 2013-03-25 16:34 - 00000000 ____D C:\Users\Nightmare\Desktop\Programme
2013-09-10 13:13 - 2013-09-10 13:13 - 00000000 ____D C:\FRST
2013-09-10 12:49 - 2013-09-09 21:47 - 00000685 _____ C:\DelFix.txt

Some content of TEMP:
====================
C:\Users\Nightmare\AppData\Local\Temp\sonarinst.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-01 00:45

==================== End Of Log ============================
--- --- ---

Nightmare199 13.10.2013 13:30
Hier jetzt nochmal beide, zur Sicherheit:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Nightmare (administrator) on NIGHTMARE-NB on 13-10-2013 14:27:31
Running from E:\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Curse) C:\Users\Nightmare\AppData\Local\Apps\2.0\MPGPWVQ2.N2Z\OAENOJ5Y.28J\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Valve Corporation) E:\Progamme\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Blizzard Entertainment) E:\Spiele\World of Warcraft\Wow-64.exe
(Blizzard Entertainment) E:\Spiele\World of Warcraft\Utils\WowBrowserProxy.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVK.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKCU\...\Run: [SCheck] - C:\Users\Nightmare\AppData\Roaming\SCheck\SCheck.exe [36864 2013-04-10] ()
HKCU\...\Run: [Snoozer] - C:\Users\Nightmare\AppData\Roaming\Snz\Snz.exe [1226844 2013-10-11] ()
HKCU\...\Run: [Intermediate] - C:\Users\Nightmare\AppData\Roaming\Intermediate\Intermediate.exe [36864 2013-04-10] ()
HKCU\...\Run: [OMESupervisor] - C:\Users\Nightmare\AppData\Local\omesuperv.exe [2220366 2013-10-11] ()
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [GDFirewallTray] - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1854928 2013-03-22] (G Data Software AG)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [G Data AntiVirus Tray] - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe [1444304 2013-03-22] (G Data Software AG)
HKLM-x32\...\Run: [G Data ASM] - C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [472016 2013-02-25] (G Data Software AG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
Startup: C:\Users\Nightmare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9C8DE98C6329CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.fbdownloader.com/?channel=sfde206
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {5C54CC0F-5F8D-475F-855B-11CDCDF6B2DC} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {2B296690-1DB5-4923-A71A-09AE504D4D20} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: WebEnhance - {814664b0-d93b-4da6-9216-722c56179397} - C:\Program Files (x86)\WebEnhance\webenhance.dll (WebEnhance)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - Free PDF Perfect - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - E:\Progamme\Free PDF Perfect\ieagent64.dll (soft Xpansion)
Toolbar: HKLM-x32 - Free PDF Perfect - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - E:\Progamme\Free PDF Perfect\ieagent32.dll (soft Xpansion)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default
FF DefaultSearchEngine: Search
FF SelectedSearchEngine: Search
FF Homepage: hxxp://search.fbdownloader.com/?channel=sfde206
FF Keyword.URL: hxxp://search.fbdownloader.com/search.php?channel=sfde206&q=
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - E:\Progamme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @soft-xpansion/npsxpdf - C:\Program Files (x86)\Common Files\Freemium\np-sxpdf.dll (soft-Xpansion)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - E:\Progamme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - E:\Progamme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\searchplugins\search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: om - C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\Extensions\om@offermosquito.com.xpi
FF Extension: No Name - C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{38e9e285-5266-4fe2-b5b5-c14c29b0cd45}] - C:\Program Files (x86)\WebEnhance\webenhance.xpi
FF Extension: No Name - C:\Program Files (x86)\WebEnhance\webenhance.xpi
FF HKLM-x32\...\Firefox\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF Extension: Free PDF Perfect - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF HKLM-x32\...\Thunderbird\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF Extension: Free PDF Perfect - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb

Chrome:
=======
CHR HomePage: http:\/\/search.fbdownloader.com\/?channel=sfde206
CHR RestoreOnStartup:                "urls_to_restore_on_startup": [
CHR Extension: (Docs) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (OfferMosquito) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\0.8_0
CHR Extension: (Gmail) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [mbegnhpbhfjiaelealfpieodkembdgbj] - C:\Program Files (x86)\WebEnhance\webenhance.crx

==================== Services (Whitelisted) =================

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1957840 2013-03-22] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [635344 2013-02-25] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2249944 2013-02-25] (G Data Software AG)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2926672 2013-03-22] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [696808 2013-02-25] (G Data Software AG)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-05-09] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-10-11] (soft Xpansion)

==================== Drivers (Whitelisted) ====================

R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [60248 2013-05-26] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [133976 2013-05-26] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [62808 2013-05-26] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64856 2013-05-26] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [107128 2013-05-27] (G Data Software)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [107128 2013-05-27] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [64856 2013-05-26] (G Data Software AG)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 XENfiltv; C:\Windows\System32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-13 13:28 - 2013-10-13 13:28 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Snz
2013-10-13 13:28 - 2013-10-13 13:28 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\FBDownloader
2013-10-12 14:47 - 2013-10-12 14:47 - 00008079 _____ C:\Users\Nightmare\Desktop\Microsoft Office Excel-Arbeitsblatt (neu).xlsx
2013-10-12 12:03 - 2013-09-04 14:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-12 12:03 - 2013-09-04 14:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-12 12:03 - 2013-09-04 14:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-12 12:03 - 2013-09-04 14:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-12 12:03 - 2013-09-04 14:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-12 12:03 - 2013-09-04 14:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-12 12:03 - 2013-09-04 14:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-11 17:05 - 2013-10-11 17:05 - 00010464 _____ C:\Windows\SysWOW64\sx_p2d.tlb
2013-10-11 17:05 - 2013-10-11 17:05 - 00000830 _____ C:\Users\Nightmare\Desktop\Free PDF Perfect.lnk
2013-10-11 17:05 - 2013-10-11 17:05 - 00000000 ____D C:\ProgramData\Freemium
2013-10-11 17:04 - 2013-10-11 17:04 - 00000000 ____D C:\Program Files (x86)\WebEnhance
2013-10-11 17:04 - 2013-10-11 17:04 - 00000000 ____D C:\Program Files (x86)\Covus Freemium
2013-10-11 17:03 - 2013-10-11 17:04 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-11 16:21 - 2013-10-11 16:23 - 00000000 ____D C:\Users\Nightmare\AppData\Local\DownloadGuide
2013-10-11 10:04 - 2013-10-11 10:04 - 02220366 _____ C:\Users\Nightmare\AppData\Local\omesuperv.exe
2013-10-11 02:54 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 02:54 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 02:54 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 02:54 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 02:54 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 02:54 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 02:54 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 02:54 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 02:54 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 02:54 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 02:54 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-11 02:54 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 02:54 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-11 02:54 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 02:54 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 02:54 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 02:54 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 02:54 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 02:54 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 02:54 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 02:54 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 02:54 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 02:54 - 2013-09-23 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 02:54 - 2013-09-23 00:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 02:54 - 2013-09-23 00:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 02:54 - 2013-09-23 00:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 02:54 - 2013-09-23 00:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 02:54 - 2013-09-21 05:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 02:54 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 02:54 - 2013-09-21 04:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-11 02:54 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-11 00:11 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-11 00:11 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-11 00:11 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-11 00:11 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-11 00:11 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-11 00:11 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-11 00:11 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-11 00:11 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-11 00:11 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-11 00:11 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-11 00:11 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-11 00:11 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-11 00:11 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-11 00:11 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-11 00:11 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-11 00:11 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-11 00:11 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-11 00:11 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-11 00:11 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-11 00:11 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-11 00:11 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-11 00:11 - 2013-07-12 12:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-11 00:11 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-11 00:11 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-11 00:11 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-11 00:11 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-11 00:11 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-11 00:11 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-11 00:11 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-11 00:11 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-11 00:11 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-11 00:11 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-11 00:11 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-11 00:11 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-11 00:11 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-11 00:11 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-11 00:11 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-11 00:11 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-11 00:11 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-11 00:11 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-11 00:11 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-11 00:11 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-11 00:10 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-11 00:10 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-11 00:10 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 00:10 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 13:11 - 2013-10-10 13:16 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Curse Advertising
2013-10-10 13:11 - 2013-10-10 13:11 - 00000318 _____ C:\Users\Nightmare\Desktop\Curse Client.appref-ms
2013-10-10 13:11 - 2013-10-10 13:11 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2013-10-09 11:05 - 2013-10-09 11:05 - 00000878 _____ C:\Users\Nightmare\Desktop\World of Warcraft - Verknüpfung.lnk
2013-10-07 11:08 - 2013-10-07 11:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-07 11:04 - 2013-10-07 11:04 - 00000614 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-10-07 11:03 - 2013-10-09 11:04 - 00000253 _____ C:\Users\Nightmare\Desktop\WoW.mfil
2013-10-07 11:03 - 2013-10-09 11:04 - 00000000 ____D C:\Users\Nightmare\Desktop\Data
2013-10-07 11:03 - 2013-10-07 11:07 - 00000000 ____D C:\Users\Nightmare\Desktop\WTF
2013-10-06 01:21 - 2013-10-06 01:21 - 00000752 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2013-10-04 09:25 - 2013-10-10 15:59 - 00000000 ____D C:\Users\Nightmare\Desktop\Bewerbungen
2013-10-03 13:59 - 2013-10-03 13:59 - 00000000 ____D C:\Users\Public\Documents\Blizzard Entertainment
2013-10-03 13:57 - 2013-10-03 13:57 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-10-03 12:05 - 2013-10-03 12:08 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-10-03 11:54 - 2013-10-03 11:54 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Blizzard Entertainment
2013-10-03 11:32 - 2013-10-03 11:32 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2013-10-03 11:06 - 2013-10-03 11:07 - 00000000 ____D C:\ProgramData\Battle.net
2013-09-30 23:25 - 2013-09-30 23:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-21 23:08 - 2013-09-21 23:08 - 00000000 ____D C:\Users\Nightmare\Desktop\Sicherheitskopie Intenso
2013-09-21 22:39 - 2013-09-21 22:41 - 00000000 ____D C:\Users\Nightmare\Desktop\Handy Mix
2013-09-18 21:34 - 2013-09-18 21:34 - 00000208 _____ C:\Users\Nightmare\Desktop\Left 4 Dead.url
2013-09-18 17:26 - 2013-09-18 17:53 - 00000196 _____ C:\Users\Nightmare\Desktop\Horror Filme.txt
2013-09-18 16:27 - 2013-09-18 16:27 - 00019430 _____ C:\ComboFix.txt
2013-09-17 16:53 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-17 16:53 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-17 16:53 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-17 16:53 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-17 16:53 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-17 16:53 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-17 16:53 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-17 16:53 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-17 15:04 - 2013-09-18 16:27 - 00000000 ____D C:\Qoobox
2013-09-17 14:59 - 2013-09-17 14:59 - 00000000 _____ C:\Users\Nightmare\Desktop\Neue Bitmap.bmp
2013-09-17 14:56 - 2013-09-18 16:26 - 00000000 ____D C:\Windows\erdnt
2013-09-17 14:55 - 2013-09-17 14:56 - 05128653 ____R (Swearware) C:\Users\Nightmare\Desktop\ComboFix.exe
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Stardock
2013-09-17 13:23 - 2013-09-17 13:23 - 00000555 _____ C:\Users\Nightmare\Desktop\Musik - Verknüpfung (H) Data Base.lnk
2013-09-16 15:57 - 2013-09-16 15:57 - 00000000 ____D C:\Users\Nightmare\Desktop\Places to go
2013-09-16 15:12 - 2013-09-16 15:12 - 00000000 ____D C:\Users\Nightmare\Desktop\Def Leppard - Adrenalize

==================== One Month Modified Files and Folders =======

2013-10-13 14:25 - 2013-03-25 16:18 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Deployment
2013-10-13 14:08 - 2013-03-25 16:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-13 13:28 - 2013-10-13 13:28 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Snz
2013-10-13 13:28 - 2013-10-13 13:28 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\FBDownloader
2013-10-13 13:28 - 2013-06-09 21:22 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\SCheck
2013-10-13 13:28 - 2013-06-09 21:22 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Intermediate
2013-10-13 13:27 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-13 13:27 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-13 13:24 - 2010-11-21 08:50 - 00699030 _____ C:\Windows\system32\perfh007.dat
2013-10-13 13:24 - 2010-11-21 08:50 - 00149170 _____ C:\Windows\system32\perfc007.dat
2013-10-13 13:24 - 2009-07-14 07:13 - 01619024 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-13 13:20 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-13 13:20 - 2009-07-14 06:51 - 00095002 _____ C:\Windows\setupact.log
2013-10-13 04:06 - 2013-03-25 15:43 - 01581526 _____ C:\Windows\WindowsUpdate.log
2013-10-12 14:47 - 2013-10-12 14:47 - 00008079 _____ C:\Users\Nightmare\Desktop\Microsoft Office Excel-Arbeitsblatt (neu).xlsx
2013-10-11 17:06 - 2010-11-21 05:47 - 00343760 _____ C:\Windows\PFRO.log
2013-10-11 17:05 - 2013-10-11 17:05 - 00010464 _____ C:\Windows\SysWOW64\sx_p2d.tlb
2013-10-11 17:05 - 2013-10-11 17:05 - 00000830 _____ C:\Users\Nightmare\Desktop\Free PDF Perfect.lnk
2013-10-11 17:05 - 2013-10-11 17:05 - 00000000 ____D C:\ProgramData\Freemium
2013-10-11 17:04 - 2013-10-11 17:04 - 00000000 ____D C:\Program Files (x86)\WebEnhance
2013-10-11 17:04 - 2013-10-11 17:04 - 00000000 ____D C:\Program Files (x86)\Covus Freemium
2013-10-11 17:04 - 2013-10-11 17:03 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-11 16:23 - 2013-10-11 16:21 - 00000000 ____D C:\Users\Nightmare\AppData\Local\DownloadGuide
2013-10-11 11:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-10-11 11:31 - 2009-07-14 06:45 - 00312496 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 10:04 - 2013-10-11 10:04 - 02220366 _____ C:\Users\Nightmare\AppData\Local\omesuperv.exe
2013-10-11 02:56 - 2013-03-25 22:36 - 01591896 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-11 02:55 - 2013-04-10 19:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-11 02:54 - 2013-08-22 17:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 02:54 - 2013-08-22 17:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 02:53 - 2013-08-06 01:30 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 02:52 - 2013-03-29 11:27 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 15:59 - 2013-10-04 09:25 - 00000000 ____D C:\Users\Nightmare\Desktop\Bewerbungen
2013-10-10 13:16 - 2013-10-10 13:11 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Curse Advertising
2013-10-10 13:11 - 2013-10-10 13:11 - 00000318 _____ C:\Users\Nightmare\Desktop\Curse Client.appref-ms
2013-10-10 13:11 - 2013-10-10 13:11 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2013-10-10 13:11 - 2013-03-25 15:47 - 00000000 ___RD C:\Users\Nightmare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-10 13:08 - 2013-03-25 16:18 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Apps\2.0
2013-10-09 20:09 - 2013-03-25 16:39 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 20:09 - 2013-03-25 16:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 20:09 - 2013-03-25 16:39 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 11:05 - 2013-10-09 11:05 - 00000878 _____ C:\Users\Nightmare\Desktop\World of Warcraft - Verknüpfung.lnk
2013-10-09 11:04 - 2013-10-07 11:03 - 00000253 _____ C:\Users\Nightmare\Desktop\WoW.mfil
2013-10-09 11:04 - 2013-10-07 11:03 - 00000000 ____D C:\Users\Nightmare\Desktop\Data
2013-10-08 10:53 - 2013-08-22 17:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-07 11:08 - 2013-10-07 11:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-07 11:07 - 2013-10-07 11:03 - 00000000 ____D C:\Users\Nightmare\Desktop\WTF
2013-10-07 11:05 - 2013-09-09 15:56 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Thunderbird
2013-10-07 11:04 - 2013-10-07 11:04 - 00000614 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-10-06 01:21 - 2013-10-06 01:21 - 00000752 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2013-10-05 13:52 - 2013-05-07 17:46 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-10-04 09:07 - 2013-03-25 21:03 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\vlc
2013-10-03 13:59 - 2013-10-03 13:59 - 00000000 ____D C:\Users\Public\Documents\Blizzard Entertainment
2013-10-03 13:57 - 2013-10-03 13:57 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-10-03 12:08 - 2013-10-03 12:05 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-10-03 11:54 - 2013-10-03 11:54 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Blizzard Entertainment
2013-10-03 11:32 - 2013-10-03 11:32 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2013-10-03 11:07 - 2013-10-03 11:06 - 00000000 ____D C:\ProgramData\Battle.net
2013-10-01 14:12 - 2013-03-25 16:31 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Mozilla
2013-09-30 23:25 - 2013-09-30 23:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-23 01:28 - 2013-10-11 02:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-23 01:28 - 2013-10-11 02:54 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-23 01:27 - 2013-10-11 02:54 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-23 01:27 - 2013-10-11 02:54 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-23 01:27 - 2013-10-11 02:54 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-23 01:27 - 2013-10-11 02:54 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-23 01:27 - 2013-10-11 02:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-23 01:27 - 2013-10-11 02:54 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-23 01:27 - 2013-10-11 02:54 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-23 01:27 - 2013-10-11 02:54 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-23 01:27 - 2013-10-11 02:54 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-23 01:27 - 2013-10-11 02:54 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-23 01:27 - 2013-10-11 02:54 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-23 00:55 - 2013-10-11 02:54 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 00:55 - 2013-10-11 02:54 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 00:55 - 2013-10-11 02:54 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 00:54 - 2013-10-11 02:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 00:54 - 2013-10-11 02:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 00:54 - 2013-10-11 02:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 00:54 - 2013-10-11 02:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 00:54 - 2013-10-11 02:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 00:54 - 2013-10-11 02:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 00:54 - 2013-10-11 02:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 00:54 - 2013-10-11 02:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 00:54 - 2013-10-11 02:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 00:54 - 2013-10-11 02:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 00:54 - 2013-10-11 02:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-21 23:08 - 2013-09-21 23:08 - 00000000 ____D C:\Users\Nightmare\Desktop\Sicherheitskopie Intenso
2013-09-21 22:41 - 2013-09-21 22:39 - 00000000 ____D C:\Users\Nightmare\Desktop\Handy Mix
2013-09-21 05:38 - 2013-10-11 02:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-21 05:30 - 2013-10-11 02:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-21 04:48 - 2013-10-11 02:54 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-21 04:39 - 2013-10-11 02:54 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-19 16:52 - 2013-09-09 17:46 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-09-19 16:52 - 2013-05-07 17:47 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-09-19 16:51 - 2013-05-02 23:06 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-09-18 21:34 - 2013-09-18 21:34 - 00000208 _____ C:\Users\Nightmare\Desktop\Left 4 Dead.url
2013-09-18 21:34 - 2013-05-06 18:38 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-09-18 17:53 - 2013-09-18 17:26 - 00000196 _____ C:\Users\Nightmare\Desktop\Horror Filme.txt
2013-09-18 16:27 - 2013-09-18 16:27 - 00019430 _____ C:\ComboFix.txt
2013-09-18 16:27 - 2013-09-17 15:04 - 00000000 ____D C:\Qoobox
2013-09-18 16:27 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-18 16:26 - 2013-09-17 14:56 - 00000000 ____D C:\Windows\erdnt
2013-09-18 16:25 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-17 14:59 - 2013-09-17 14:59 - 00000000 _____ C:\Users\Nightmare\Desktop\Neue Bitmap.bmp
2013-09-17 14:56 - 2013-09-17 14:55 - 05128653 ____R (Swearware) C:\Users\Nightmare\Desktop\ComboFix.exe
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Stardock
2013-09-17 13:30 - 2010-11-21 09:00 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-17 13:23 - 2013-09-17 13:23 - 00000555 _____ C:\Users\Nightmare\Desktop\Musik - Verknüpfung (H) Data Base.lnk
2013-09-16 19:08 - 2013-05-08 10:22 - 00017691 _____ C:\Users\Nightmare\Documents\TombRaider.log
2013-09-16 15:57 - 2013-09-16 15:57 - 00000000 ____D C:\Users\Nightmare\Desktop\Places to go
2013-09-16 15:12 - 2013-09-16 15:12 - 00000000 ____D C:\Users\Nightmare\Desktop\Def Leppard - Adrenalize
2013-09-14 03:10 - 2013-10-11 00:11 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-09-13 15:59 - 2013-03-25 15:47 - 00000000 ___RD C:\Users\Nightmare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

Some content of TEMP:
====================
C:\Users\Nightmare\AppData\Local\Temp\sonarinst.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-11 00:51

==================== End Of Log ============================
--- --- ---


Code:
2Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Nightmare at 2013-10-13 14:27:47
Running from E:\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: G Data InternetSecurity 2014 (Enabled - Up to date) {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
AS: G Data InternetSecurity 2014 (Enabled - Up to date) {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall (Enabled) {018C0191-29AD-04E8-101F-264FDF37B3ED}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Battlefield 3™ (x32 Version: 1.6.0.0)
Battlelog Web Plugins (x32 Version: 2.3.0)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485)
CCC Help Czech (x32 Version: 2012.1219.1520.27485)
CCC Help Danish (x32 Version: 2012.1219.1520.27485)
CCC Help Dutch (x32 Version: 2012.1219.1520.27485)
CCC Help English (x32 Version: 2012.1219.1520.27485)
CCC Help Finnish (x32 Version: 2012.1219.1520.27485)
CCC Help French (x32 Version: 2012.1219.1520.27485)
CCC Help German (x32 Version: 2012.1219.1520.27485)
CCC Help Greek (x32 Version: 2012.1219.1520.27485)
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485)
CCC Help Italian (x32 Version: 2012.1219.1520.27485)
CCC Help Japanese (x32 Version: 2012.1219.1520.27485)
CCC Help Korean (x32 Version: 2012.1219.1520.27485)
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485)
CCC Help Polish (x32 Version: 2012.1219.1520.27485)
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485)
CCC Help Russian (x32 Version: 2012.1219.1520.27485)
CCC Help Spanish (x32 Version: 2012.1219.1520.27485)
CCC Help Swedish (x32 Version: 2012.1219.1520.27485)
CCC Help Thai (x32 Version: 2012.1219.1520.27485)
CCC Help Turkish (x32 Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
Counter-Strike: Global Offensive (x32)
Curse Client (HKCU Version: 5.1.1.792)
D3DX10 (x32 Version: 15.4.2368.0902)
ESET Online Scanner v3 (x32)
ESN Sonar (x32 Version: 0.70.4)
EVEREST Home Edition v2.20 (x32 Version: 2.20)
Fotogalerie (x32 Version: 16.4.3508.0205)
Free Pdf Perfect Prereq (x32 Version: 1.0.0.0)
Free Video Flip and Rotate version 2.1.8.717 (x32 Version: 2.1.8.717)
Free YouTube Download version 3.2.8.717 (x32 Version: 3.2.8.717)
Free YouTube to MP3 Converter version 3.12.8.717 (x32 Version: 3.12.8.717)
Freemium Free PDF Perfect (x32 Version: 1.0)
G Data InternetSecurity 2014 (x32 Version: 24.0.2.1)
iTunes (Version: 11.0.2.26)
Left 4 Dead (x32)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Metro: Last Light (x32)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3508.0205)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
Mozilla Thunderbird 24.0 (x86 de) (x32 Version: 24.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
neroxml (x32 Version: 1.0.0)
NVIDIA PhysX (x32 Version: 9.12.1031)
Origin (x32 Version: 9.1.13.85)
Photo Common (x32 Version: 16.4.3508.0205)
Photo Gallery (x32 Version: 16.4.3508.0205)
PunkBuster Services (x32 Version: 0.991)
Realtek Ethernet Controller Driver For Windows Vista and Later (x32 Version: 1.00.0009)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6251)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0)
Secunia PSI (3.0.0.7011) (x32 Version: 3.0.0.7011)
Steam (x32 Version: 1.0.0.0)
TeamSpeak 3 Client (Version: 3.0.13)
Tomb Raider (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
VLC media player 2.1.0 (x32 Version: 2.1.0)
WebEnhance (x32)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
World of Warcraft (x32 Version: 4.0.0.12911)

==================== Restore Points  =========================

11-10-2013 15:03:43 Free Pdf Perfect Prereq
13-10-2013 01:00:10 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-09-18 16:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {A8EB5811-A1C3-4990-9580-77C332ECB59A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {DD794993-B0B2-48B9-A6A6-05766AF86FA8} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-10-10 13:11 - 2013-10-10 13:10 - 00014848 _____ () C:\Users\Nightmare\AppData\Local\Apps\2.0\MPGPWVQ2.N2Z\OAENOJ5Y.28J\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\Curse.CurseClient.WowDb.dll
2013-10-10 13:11 - 2013-10-10 13:10 - 00035840 _____ () C:\Users\Nightmare\AppData\Local\Apps\2.0\MPGPWVQ2.N2Z\OAENOJ5Y.28J\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\Curse.Advertising.dll
2013-10-10 13:11 - 2013-10-10 13:10 - 00099840 _____ () C:\Users\Nightmare\AppData\Local\Apps\2.0\MPGPWVQ2.N2Z\OAENOJ5Y.28J\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\Curse.CurseClient.CMOD2.dll
2013-03-25 14:23 - 2013-08-22 00:18 - 00687104 _____ () E:\Progamme\Steam\SDL2.dll
2013-04-19 13:10 - 2013-10-09 04:19 - 01121704 _____ () E:\Progamme\Steam\bin\chromehtml.DLL
2013-03-26 16:16 - 2013-09-11 00:20 - 20625832 _____ () E:\Progamme\Steam\bin\libcef.dll
2012-12-11 09:51 - 2013-06-15 01:49 - 01100800 _____ () E:\Progamme\Steam\bin\avcodec-53.dll
2012-12-11 09:51 - 2013-06-15 01:49 - 00124416 _____ () E:\Progamme\Steam\bin\avutil-51.dll
2012-12-11 09:51 - 2013-06-15 01:49 - 00192000 _____ () E:\Progamme\Steam\bin\avformat-53.dll
2013-10-05 15:38 - 2013-10-03 08:33 - 23950848 _____ () E:\Spiele\World of Warcraft\Utils\libcef.dll
2013-09-30 23:25 - 2013-09-30 23:25 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-10-09 20:09 - 2013-10-09 20:09 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/13/2013 01:28:35 PM) (Source: MsiInstaller) (User: Nightmare-NB)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable -- Error 1925.Sie besitzen keine ausreichenden Berechtigungen, um diese Installation für alle Benutzer dieses Computers auszuführen. Melden Sie sich als Administrator an, und wiederholen Sie diese Installation.

Error: (10/13/2013 01:28:34 PM) (Source: MsiInstaller) (User: Nightmare-NB)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable -- Error 1925.Sie besitzen keine ausreichenden Berechtigungen, um diese Installation für alle Benutzer dieses Computers auszuführen. Melden Sie sich als Administrator an, und wiederholen Sie diese Installation.

Error: (10/13/2013 01:22:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/13/2013 03:18:10 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/13/2013 01:56:53 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (10/13/2013 00:47:00 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (10/13/2013 00:30:13 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/12/2013 11:41:39 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2013 00:30:13 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/11/2013 05:07:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/13/2013 04:06:19 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR7 gefunden.

Error: (10/13/2013 04:06:19 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (10/11/2013 02:12:02 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (10/11/2013 01:56:50 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.

Error: (10/11/2013 11:31:06 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b

Error: (10/10/2013 04:39:01 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht vergrößert werden kann.

Error: (10/10/2013 00:11:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (10/10/2013 00:11:42 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (10/08/2013 10:58:40 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (10/08/2013 10:58:40 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-09-18 16:25:40.436
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-18 16:25:40.420
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-09 16:04:27.849
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Nightmare\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-09 16:04:27.833
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Nightmare\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-09 16:04:27.755
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Progamme\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-09 16:04:27.740
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Progamme\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 8173.21 MB
Available physical RAM: 4191.12 MB
Total Pagefile: 16344.61 MB
Available Pagefile: 10897.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Samsung SSD BOOT Device) (Fixed) (Total:111.79 GB) (Free:6.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Laufwerk_F) (Fixed) (Total:298.09 GB) (Free:50.76 GB) NTFS
Drive e: (DATA 2 TB) (Fixed) (Total:1862.92 GB) (Free:1697.14 GB) NTFS
Drive h: (DATA BASE) (Fixed) (Total:931.28 GB) (Free:410.44 GB) FAT32
Drive k: (Elements) (Fixed) (Total:1397.26 GB) (Free:393.49 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 7BE1F435)
Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 11BB29FA)
Partition 1: (Not Active) - (Size=-198731276288) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: F2E0AD49)
Partition 1: (Active) - (Size=932 GB) - (Type=0C)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1397 GB) (Disk ID: 000CF721)
Partition 1: (Not Active) - (Size=-698724909056) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 298 GB) (Disk ID: CACFB0E3)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================

aharonov 13.10.2013 13:34
Ok, versuchen wir die neue Version des AdwCleaners (alte allfällig noch vorhandene Version löschen und neu herunterladen).
Nach dem AdwCleaner-Durchlauf den Rechner zusätzlich nochmals neu starten.


Schritt 1
  • Gehe zu Start --> Systemsteuerung und öffne Programme und Funktionen.
  • Suche und deinstalliere dort der Reihe nach folgende Einträge:
    WebEnhance
  • Schliesse das Fenster wieder und führe einen Neustart durch, wenn das gefordert wurde.



Schritt 2

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 3

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von AdwCleaner
  • Log von FRST

Nightmare199 13.10.2013 14:55
AdwCleaner:

AdwCleaner Logfile:
Code:
# AdwCleaner v3.000 - Report created 21/08/2013 at 21:53:47
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Nightmare - NIGHTMARE-NB
# Running from : C:\Users\Nightmare\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\Nightmare\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Nightmare\AppData\Roaming\DataMgr
Folder Deleted : C:\Users\Nightmare\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Nightmare\AppData\Roaming\fbDownloader
Folder Deleted : C:\Users\Nightmare\AppData\Roaming\OpenCandy
File Deleted : C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\u68iruyb.default-1376853676517\searchplugins\search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\e578fd1b46de941
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v23.0.1 (de)

[ File : C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\u68iruyb.default-1376853676517\prefs.js ]

Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.fbdownloader.com/search.php?channel=sfde206&q=");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.fbdownloader.com/?channel=sfde206");
Line Deleted : user_pref("keyword.URL", "hxxp://search.fbdownloader.com/search.php?channel=sfde206&q=");

-\\ Google Chrome v

[ File : C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : icon_url

*************************

AdwCleaner[R0].txt - [4181 octets] - [21/08/2013 21:52:25]
AdwCleaner[S0].txt - [3466 octets] - [21/08/2013 21:53:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3526 octets] ##########
--- --- ---
AdwCleaner Logfile:
Code:
# AdwCleaner v3.007 - Bericht erstellt am 13/10/2013 um 15:51:27
# Updated 09/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Nightmare - NIGHTMARE-NB
# Gestartet von : E:\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Nightmare\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\Nightmare\AppData\Roaming\Common\LuaRT
Ordner Gelöscht : C:\Users\Nightmare\AppData\Roaming\fbDownloader
Ordner Gelöscht : C:\Users\Nightmare\AppData\Roaming\Intermediate
Ordner Gelöscht : C:\Users\Nightmare\AppData\Roaming\SCheck
Ordner Gelöscht : C:\Users\Nightmare\AppData\Roaming\SSync
Ordner Gelöscht : C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk
Datei Gelöscht : C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\Extensions\om@offermosquito.com.xpi
Datei Gelöscht : C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\searchplugins\search.xml

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Intermediate]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [scheck]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16720

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v24.0 (de)

[ Datei : C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.fbdownloader.com/search.php?channel=sfde206&q=");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://search.fbdownloader.com/?channel=sfde206");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.fbdownloader.com/search.php?channel=sfde206&q=");
Zeile gelöscht : user_pref("om.config", "{\"active\":true,\"name\":\"twde\",\"id\":25,\"dispId\":\"CH-25\",\"aboutLink\":\"\",\"trackingGeneral\":true,\"gaAccount\":\"UA-39484183-1\",\"gaDomain\":\"offermosquito.com\"[...]

-\\ Google Chrome v

[ Datei : C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage
Gelöscht : icon_url
Gelöscht : search_url
Gelöscht : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [8583 octets] - [21/08/2013 21:52:25]
AdwCleaner[R1].txt - [1727 octets] - [22/08/2013 16:36:59]
AdwCleaner[R2].txt - [1040 octets] - [22/08/2013 16:43:44]
AdwCleaner[R3].txt - [1357 octets] - [22/08/2013 16:55:24]
AdwCleaner[R4].txt - [1267 octets] - [22/08/2013 17:07:04]
AdwCleaner[R5].txt - [1327 octets] - [22/08/2013 17:28:07]
AdwCleaner[R6].txt - [2237 octets] - [23/08/2013 21:08:17]
AdwCleaner[S0].txt - [7454 octets] - [21/08/2013 21:53:47]
AdwCleaner[S1].txt - [1638 octets] - [22/08/2013 16:40:56]
AdwCleaner[S2].txt - [1435 octets] - [22/08/2013 16:48:16]
AdwCleaner[S3].txt - [1260 octets] - [22/08/2013 16:57:35]
AdwCleaner[S4].txt - [1389 octets] - [22/08/2013 17:38:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7754 octets] ##########
--- --- ---


FRST:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Nightmare (administrator) on NIGHTMARE-NB on 13-10-2013 15:53:10
Running from E:\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Curse) C:\Users\Nightmare\AppData\Local\Apps\2.0\MPGPWVQ2.N2Z\OAENOJ5Y.28J\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Reader_sl.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKCU\...\Run: [Snoozer] - C:\Users\Nightmare\AppData\Roaming\Snz\Snz.exe [1226844 2013-10-11] ()
HKCU\...\Run: [OMESupervisor] - C:\Users\Nightmare\AppData\Local\omesuperv.exe [2220366 2013-10-11] ()
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [GDFirewallTray] - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1854928 2013-03-22] (G Data Software AG)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [G Data AntiVirus Tray] - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe [1444304 2013-03-22] (G Data Software AG)
HKLM-x32\...\Run: [G Data ASM] - C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [472016 2013-02-25] (G Data Software AG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
Startup: C:\Users\Nightmare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9C8DE98C6329CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://wisersearch.com/?channel=de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {5C54CC0F-5F8D-475F-855B-11CDCDF6B2DC} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKLM-x32 - {2B296690-1DB5-4923-A71A-09AE504D4D20} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://wisersearch.com/search.php?channel=de&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://wisersearch.com/search.php?channel=de&q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - Free PDF Perfect - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - E:\Progamme\Free PDF Perfect\ieagent64.dll (soft Xpansion)
Toolbar: HKLM-x32 - Free PDF Perfect - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - E:\Progamme\Free PDF Perfect\ieagent32.dll (soft Xpansion)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default
FF DefaultSearchEngine: Search
FF SelectedSearchEngine: Search
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - E:\Progamme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @soft-xpansion/npsxpdf - C:\Program Files (x86)\Common Files\Freemium\np-sxpdf.dll (soft-Xpansion)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - E:\Progamme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - E:\Progamme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF Extension: Free PDF Perfect - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF HKLM-x32\...\Thunderbird\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF Extension: Free PDF Perfect - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb

Chrome:
=======
CHR HomePage: http:\/\/wisersearch.com\/?channel=de
CHR RestoreOnStartup: "http:\/\/wisersearch.com\/?channel=de"],"restore_on_startup_migrated":true,"restore_on_startup":4},"default_search_provider":{"enabled":true,"encodings":"UTF-8","id":"10","keyword":"Search","suggest_url":null,"name":"Search","icon_url":"http:\/\/wisersearch.com\/search.ico","search_url":"http:\/\/wisersearch.com\/search.php?channel=de&q={searchTerms}","prepopulate_id":0,"instant_url"
CHR Extension: (Docs) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1957840 2013-03-22] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [635344 2013-02-25] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2249944 2013-02-25] (G Data Software AG)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2926672 2013-03-22] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [696808 2013-02-25] (G Data Software AG)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-05-09] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-10-11] (soft Xpansion)

==================== Drivers (Whitelisted) ====================

R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [60248 2013-05-26] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [133976 2013-05-26] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [62808 2013-05-26] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64856 2013-05-26] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [107128 2013-05-27] (G Data Software)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [107128 2013-05-27] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [64856 2013-05-26] (G Data Software AG)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 XENfiltv; C:\Windows\System32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-13 13:28 - 2013-10-13 13:28 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Snz
2013-10-12 14:47 - 2013-10-12 14:47 - 00008079 _____ C:\Users\Nightmare\Desktop\Microsoft Office Excel-Arbeitsblatt (neu).xlsx
2013-10-12 12:03 - 2013-09-04 14:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-12 12:03 - 2013-09-04 14:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-12 12:03 - 2013-09-04 14:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-12 12:03 - 2013-09-04 14:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-12 12:03 - 2013-09-04 14:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-12 12:03 - 2013-09-04 14:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-12 12:03 - 2013-09-04 14:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-11 17:05 - 2013-10-11 17:05 - 00010464 _____ C:\Windows\SysWOW64\sx_p2d.tlb
2013-10-11 17:05 - 2013-10-11 17:05 - 00000830 _____ C:\Users\Nightmare\Desktop\Free PDF Perfect.lnk
2013-10-11 17:05 - 2013-10-11 17:05 - 00000000 ____D C:\ProgramData\Freemium
2013-10-11 17:04 - 2013-10-13 14:52 - 00000000 ____D C:\Program Files (x86)\WebEnhance
2013-10-11 17:04 - 2013-10-11 17:04 - 00000000 ____D C:\Program Files (x86)\Covus Freemium
2013-10-11 17:03 - 2013-10-11 17:04 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-11 10:04 - 2013-10-11 10:04 - 02220366 _____ C:\Users\Nightmare\AppData\Local\omesuperv.exe
2013-10-11 02:54 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 02:54 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 02:54 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 02:54 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 02:54 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 02:54 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 02:54 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 02:54 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 02:54 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 02:54 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 02:54 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-11 02:54 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 02:54 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-11 02:54 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 02:54 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 02:54 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 02:54 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 02:54 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 02:54 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 02:54 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 02:54 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 02:54 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 02:54 - 2013-09-23 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 02:54 - 2013-09-23 00:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 02:54 - 2013-09-23 00:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 02:54 - 2013-09-23 00:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 02:54 - 2013-09-23 00:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 02:54 - 2013-09-21 05:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 02:54 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 02:54 - 2013-09-21 04:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-11 02:54 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-11 00:11 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-11 00:11 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-11 00:11 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-11 00:11 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-11 00:11 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-11 00:11 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-11 00:11 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-11 00:11 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-11 00:11 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-11 00:11 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-11 00:11 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-11 00:11 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-11 00:11 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-11 00:11 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-11 00:11 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-11 00:11 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-11 00:11 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-11 00:11 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-11 00:11 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-11 00:11 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-11 00:11 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-11 00:11 - 2013-07-12 12:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-11 00:11 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-11 00:11 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-11 00:11 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-11 00:11 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-11 00:11 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-11 00:11 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-11 00:11 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-11 00:11 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-11 00:11 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-11 00:11 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-11 00:11 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-11 00:11 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-11 00:11 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-11 00:11 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-11 00:11 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-11 00:11 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-11 00:11 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-11 00:11 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-11 00:11 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-11 00:11 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-11 00:10 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-11 00:10 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-11 00:10 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 00:10 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 13:11 - 2013-10-10 13:16 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Curse Advertising
2013-10-10 13:11 - 2013-10-10 13:11 - 00000318 _____ C:\Users\Nightmare\Desktop\Curse Client.appref-ms
2013-10-10 13:11 - 2013-10-10 13:11 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2013-10-09 11:05 - 2013-10-09 11:05 - 00000878 _____ C:\Users\Nightmare\Desktop\World of Warcraft - Verknüpfung.lnk
2013-10-07 11:08 - 2013-10-07 11:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-07 11:04 - 2013-10-07 11:04 - 00000614 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-10-07 11:03 - 2013-10-09 11:04 - 00000253 _____ C:\Users\Nightmare\Desktop\WoW.mfil
2013-10-07 11:03 - 2013-10-09 11:04 - 00000000 ____D C:\Users\Nightmare\Desktop\Data
2013-10-07 11:03 - 2013-10-07 11:07 - 00000000 ____D C:\Users\Nightmare\Desktop\WTF
2013-10-06 01:21 - 2013-10-06 01:21 - 00000752 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2013-10-04 09:25 - 2013-10-10 15:59 - 00000000 ____D C:\Users\Nightmare\Desktop\Bewerbungen
2013-10-03 13:59 - 2013-10-03 13:59 - 00000000 ____D C:\Users\Public\Documents\Blizzard Entertainment
2013-10-03 13:57 - 2013-10-03 13:57 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-10-03 12:05 - 2013-10-03 12:08 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-10-03 11:54 - 2013-10-03 11:54 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Blizzard Entertainment
2013-10-03 11:32 - 2013-10-03 11:32 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2013-10-03 11:06 - 2013-10-03 11:07 - 00000000 ____D C:\ProgramData\Battle.net
2013-09-30 23:25 - 2013-09-30 23:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-21 23:08 - 2013-09-21 23:08 - 00000000 ____D C:\Users\Nightmare\Desktop\Sicherheitskopie Intenso
2013-09-21 22:39 - 2013-09-21 22:41 - 00000000 ____D C:\Users\Nightmare\Desktop\Handy Mix
2013-09-18 21:34 - 2013-09-18 21:34 - 00000208 _____ C:\Users\Nightmare\Desktop\Left 4 Dead.url
2013-09-18 17:26 - 2013-09-18 17:53 - 00000196 _____ C:\Users\Nightmare\Desktop\Horror Filme.txt
2013-09-18 16:27 - 2013-09-18 16:27 - 00019430 _____ C:\ComboFix.txt
2013-09-17 16:53 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-17 16:53 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-17 16:53 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-17 16:53 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-17 16:53 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-17 16:53 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-17 16:53 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-17 16:53 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-17 15:04 - 2013-09-18 16:27 - 00000000 ____D C:\Qoobox
2013-09-17 14:59 - 2013-09-17 14:59 - 00000000 _____ C:\Users\Nightmare\Desktop\Neue Bitmap.bmp
2013-09-17 14:56 - 2013-09-18 16:26 - 00000000 ____D C:\Windows\erdnt
2013-09-17 14:55 - 2013-09-17 14:56 - 05128653 ____R (Swearware) C:\Users\Nightmare\Desktop\ComboFix.exe
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Stardock
2013-09-17 13:23 - 2013-09-17 13:23 - 00000555 _____ C:\Users\Nightmare\Desktop\Musik - Verknüpfung (H) Data Base.lnk
2013-09-16 15:57 - 2013-09-16 15:57 - 00000000 ____D C:\Users\Nightmare\Desktop\Places to go
2013-09-16 15:12 - 2013-09-16 15:12 - 00000000 ____D C:\Users\Nightmare\Desktop\Def Leppard - Adrenalize

==================== One Month Modified Files and Folders =======

2013-10-13 15:52 - 2013-03-25 16:18 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Deployment
2013-10-13 15:52 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-13 15:52 - 2009-07-14 06:51 - 00095058 _____ C:\Windows\setupact.log
2013-10-13 15:51 - 2013-08-21 21:52 - 00000000 ____D C:\AdwCleaner
2013-10-13 15:51 - 2013-06-09 21:22 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Common
2013-10-13 15:51 - 2013-03-25 15:43 - 01589382 _____ C:\Windows\WindowsUpdate.log
2013-10-13 15:08 - 2013-03-25 16:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-13 14:52 - 2013-10-11 17:04 - 00000000 ____D C:\Program Files (x86)\WebEnhance
2013-10-13 13:28 - 2013-10-13 13:28 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Snz
2013-10-13 13:27 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-13 13:27 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-13 13:24 - 2010-11-21 08:50 - 00699030 _____ C:\Windows\system32\perfh007.dat
2013-10-13 13:24 - 2010-11-21 08:50 - 00149170 _____ C:\Windows\system32\perfc007.dat
2013-10-13 13:24 - 2009-07-14 07:13 - 01619024 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-12 14:47 - 2013-10-12 14:47 - 00008079 _____ C:\Users\Nightmare\Desktop\Microsoft Office Excel-Arbeitsblatt (neu).xlsx
2013-10-11 17:06 - 2010-11-21 05:47 - 00343760 _____ C:\Windows\PFRO.log
2013-10-11 17:05 - 2013-10-11 17:05 - 00010464 _____ C:\Windows\SysWOW64\sx_p2d.tlb
2013-10-11 17:05 - 2013-10-11 17:05 - 00000830 _____ C:\Users\Nightmare\Desktop\Free PDF Perfect.lnk
2013-10-11 17:05 - 2013-10-11 17:05 - 00000000 ____D C:\ProgramData\Freemium
2013-10-11 17:04 - 2013-10-11 17:04 - 00000000 ____D C:\Program Files (x86)\Covus Freemium
2013-10-11 17:04 - 2013-10-11 17:03 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-11 11:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-10-11 11:31 - 2009-07-14 06:45 - 00312496 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 10:04 - 2013-10-11 10:04 - 02220366 _____ C:\Users\Nightmare\AppData\Local\omesuperv.exe
2013-10-11 02:56 - 2013-03-25 22:36 - 01591896 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-11 02:55 - 2013-04-10 19:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-11 02:54 - 2013-08-22 17:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 02:54 - 2013-08-22 17:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 02:53 - 2013-08-06 01:30 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 02:52 - 2013-03-29 11:27 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 15:59 - 2013-10-04 09:25 - 00000000 ____D C:\Users\Nightmare\Desktop\Bewerbungen
2013-10-10 13:16 - 2013-10-10 13:11 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Curse Advertising
2013-10-10 13:11 - 2013-10-10 13:11 - 00000318 _____ C:\Users\Nightmare\Desktop\Curse Client.appref-ms
2013-10-10 13:11 - 2013-10-10 13:11 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2013-10-10 13:11 - 2013-03-25 15:47 - 00000000 ___RD C:\Users\Nightmare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-10 13:08 - 2013-03-25 16:18 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Apps\2.0
2013-10-09 20:09 - 2013-03-25 16:39 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 20:09 - 2013-03-25 16:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 20:09 - 2013-03-25 16:39 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 11:05 - 2013-10-09 11:05 - 00000878 _____ C:\Users\Nightmare\Desktop\World of Warcraft - Verknüpfung.lnk
2013-10-09 11:04 - 2013-10-07 11:03 - 00000253 _____ C:\Users\Nightmare\Desktop\WoW.mfil
2013-10-09 11:04 - 2013-10-07 11:03 - 00000000 ____D C:\Users\Nightmare\Desktop\Data
2013-10-08 10:53 - 2013-08-22 17:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-07 11:08 - 2013-10-07 11:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-07 11:07 - 2013-10-07 11:03 - 00000000 ____D C:\Users\Nightmare\Desktop\WTF
2013-10-07 11:05 - 2013-09-09 15:56 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Thunderbird
2013-10-07 11:04 - 2013-10-07 11:04 - 00000614 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-10-06 01:21 - 2013-10-06 01:21 - 00000752 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2013-10-05 13:52 - 2013-05-07 17:46 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-10-04 09:07 - 2013-03-25 21:03 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\vlc
2013-10-03 13:59 - 2013-10-03 13:59 - 00000000 ____D C:\Users\Public\Documents\Blizzard Entertainment
2013-10-03 13:57 - 2013-10-03 13:57 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-10-03 12:08 - 2013-10-03 12:05 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-10-03 11:54 - 2013-10-03 11:54 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Blizzard Entertainment
2013-10-03 11:32 - 2013-10-03 11:32 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2013-10-03 11:07 - 2013-10-03 11:06 - 00000000 ____D C:\ProgramData\Battle.net
2013-10-01 14:12 - 2013-03-25 16:31 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Mozilla
2013-09-30 23:25 - 2013-09-30 23:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-23 01:28 - 2013-10-11 02:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-23 01:28 - 2013-10-11 02:54 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-23 01:27 - 2013-10-11 02:54 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-23 01:27 - 2013-10-11 02:54 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-23 01:27 - 2013-10-11 02:54 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-23 01:27 - 2013-10-11 02:54 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-23 01:27 - 2013-10-11 02:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-23 01:27 - 2013-10-11 02:54 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-23 01:27 - 2013-10-11 02:54 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-23 01:27 - 2013-10-11 02:54 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-23 01:27 - 2013-10-11 02:54 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-23 01:27 - 2013-10-11 02:54 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-23 01:27 - 2013-10-11 02:54 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-23 00:55 - 2013-10-11 02:54 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 00:55 - 2013-10-11 02:54 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 00:55 - 2013-10-11 02:54 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 00:54 - 2013-10-11 02:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 00:54 - 2013-10-11 02:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 00:54 - 2013-10-11 02:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 00:54 - 2013-10-11 02:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 00:54 - 2013-10-11 02:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 00:54 - 2013-10-11 02:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 00:54 - 2013-10-11 02:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 00:54 - 2013-10-11 02:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 00:54 - 2013-10-11 02:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 00:54 - 2013-10-11 02:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 00:54 - 2013-10-11 02:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-21 23:08 - 2013-09-21 23:08 - 00000000 ____D C:\Users\Nightmare\Desktop\Sicherheitskopie Intenso
2013-09-21 22:41 - 2013-09-21 22:39 - 00000000 ____D C:\Users\Nightmare\Desktop\Handy Mix
2013-09-21 05:38 - 2013-10-11 02:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-21 05:30 - 2013-10-11 02:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-21 04:48 - 2013-10-11 02:54 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-21 04:39 - 2013-10-11 02:54 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-19 16:52 - 2013-09-09 17:46 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-09-19 16:52 - 2013-05-07 17:47 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-09-19 16:51 - 2013-05-02 23:06 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-09-18 21:34 - 2013-09-18 21:34 - 00000208 _____ C:\Users\Nightmare\Desktop\Left 4 Dead.url
2013-09-18 21:34 - 2013-05-06 18:38 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-09-18 17:53 - 2013-09-18 17:26 - 00000196 _____ C:\Users\Nightmare\Desktop\Horror Filme.txt
2013-09-18 16:27 - 2013-09-18 16:27 - 00019430 _____ C:\ComboFix.txt
2013-09-18 16:27 - 2013-09-17 15:04 - 00000000 ____D C:\Qoobox
2013-09-18 16:27 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-18 16:26 - 2013-09-17 14:56 - 00000000 ____D C:\Windows\erdnt
2013-09-18 16:25 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-17 14:59 - 2013-09-17 14:59 - 00000000 _____ C:\Users\Nightmare\Desktop\Neue Bitmap.bmp
2013-09-17 14:56 - 2013-09-17 14:55 - 05128653 ____R (Swearware) C:\Users\Nightmare\Desktop\ComboFix.exe
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Stardock
2013-09-17 13:30 - 2010-11-21 09:00 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-17 13:23 - 2013-09-17 13:23 - 00000555 _____ C:\Users\Nightmare\Desktop\Musik - Verknüpfung (H) Data Base.lnk
2013-09-16 19:08 - 2013-05-08 10:22 - 00017691 _____ C:\Users\Nightmare\Documents\TombRaider.log
2013-09-16 15:57 - 2013-09-16 15:57 - 00000000 ____D C:\Users\Nightmare\Desktop\Places to go
2013-09-16 15:12 - 2013-09-16 15:12 - 00000000 ____D C:\Users\Nightmare\Desktop\Def Leppard - Adrenalize
2013-09-14 03:10 - 2013-10-11 00:11 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-09-13 15:59 - 2013-03-25 15:47 - 00000000 ___RD C:\Users\Nightmare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

Some content of TEMP:
====================
C:\Users\Nightmare\AppData\Local\Temp\Quarantine.exe
C:\Users\Nightmare\AppData\Local\Temp\sonarinst.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-11 00:51

==================== End Of Log ============================
--- --- ---


Addition:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Nightmare at 2013-10-13 15:53:25
Running from E:\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: G Data InternetSecurity 2014 (Enabled - Up to date) {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
AS: G Data InternetSecurity 2014 (Enabled - Up to date) {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall (Enabled) {018C0191-29AD-04E8-101F-264FDF37B3ED}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Battlefield 3™ (x32 Version: 1.6.0.0)
Battlelog Web Plugins (x32 Version: 2.3.0)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485)
CCC Help Czech (x32 Version: 2012.1219.1520.27485)
CCC Help Danish (x32 Version: 2012.1219.1520.27485)
CCC Help Dutch (x32 Version: 2012.1219.1520.27485)
CCC Help English (x32 Version: 2012.1219.1520.27485)
CCC Help Finnish (x32 Version: 2012.1219.1520.27485)
CCC Help French (x32 Version: 2012.1219.1520.27485)
CCC Help German (x32 Version: 2012.1219.1520.27485)
CCC Help Greek (x32 Version: 2012.1219.1520.27485)
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485)
CCC Help Italian (x32 Version: 2012.1219.1520.27485)
CCC Help Japanese (x32 Version: 2012.1219.1520.27485)
CCC Help Korean (x32 Version: 2012.1219.1520.27485)
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485)
CCC Help Polish (x32 Version: 2012.1219.1520.27485)
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485)
CCC Help Russian (x32 Version: 2012.1219.1520.27485)
CCC Help Spanish (x32 Version: 2012.1219.1520.27485)
CCC Help Swedish (x32 Version: 2012.1219.1520.27485)
CCC Help Thai (x32 Version: 2012.1219.1520.27485)
CCC Help Turkish (x32 Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
Counter-Strike: Global Offensive (x32)
Curse Client (HKCU Version: 5.1.1.792)
D3DX10 (x32 Version: 15.4.2368.0902)
ESET Online Scanner v3 (x32)
ESN Sonar (x32 Version: 0.70.4)
EVEREST Home Edition v2.20 (x32 Version: 2.20)
Fotogalerie (x32 Version: 16.4.3508.0205)
Free Pdf Perfect Prereq (x32 Version: 1.0.0.0)
Free Video Flip and Rotate version 2.1.8.717 (x32 Version: 2.1.8.717)
Free YouTube Download version 3.2.8.717 (x32 Version: 3.2.8.717)
Free YouTube to MP3 Converter version 3.12.8.717 (x32 Version: 3.12.8.717)
Freemium Free PDF Perfect (x32 Version: 1.0)
G Data InternetSecurity 2014 (x32 Version: 24.0.2.1)
iTunes (Version: 11.0.2.26)
Left 4 Dead (x32)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Metro: Last Light (x32)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3508.0205)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
Mozilla Thunderbird 24.0 (x86 de) (x32 Version: 24.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
neroxml (x32 Version: 1.0.0)
NVIDIA PhysX (x32 Version: 9.12.1031)
Origin (x32 Version: 9.1.13.85)
Photo Common (x32 Version: 16.4.3508.0205)
Photo Gallery (x32 Version: 16.4.3508.0205)
PunkBuster Services (x32 Version: 0.991)
Realtek Ethernet Controller Driver For Windows Vista and Later (x32 Version: 1.00.0009)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6251)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0)
Secunia PSI (3.0.0.7011) (x32 Version: 3.0.0.7011)
Steam (x32 Version: 1.0.0.0)
TeamSpeak 3 Client (Version: 3.0.13)
Tomb Raider (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
VLC media player 2.1.0 (x32 Version: 2.1.0)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
World of Warcraft (x32 Version: 4.0.0.12911)

==================== Restore Points  =========================

11-10-2013 15:03:43 Free Pdf Perfect Prereq
13-10-2013 01:00:10 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-09-18 16:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {A8EB5811-A1C3-4990-9580-77C332ECB59A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {DD794993-B0B2-48B9-A6A6-05766AF86FA8} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-10-10 13:11 - 2013-10-10 13:10 - 00014848 _____ () C:\Users\Nightmare\AppData\Local\Apps\2.0\MPGPWVQ2.N2Z\OAENOJ5Y.28J\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\Curse.CurseClient.WowDb.dll
2013-10-10 13:11 - 2013-10-10 13:10 - 00035840 _____ () C:\Users\Nightmare\AppData\Local\Apps\2.0\MPGPWVQ2.N2Z\OAENOJ5Y.28J\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\Curse.Advertising.dll
2013-10-10 13:11 - 2013-10-10 13:10 - 00099840 _____ () C:\Users\Nightmare\AppData\Local\Apps\2.0\MPGPWVQ2.N2Z\OAENOJ5Y.28J\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\Curse.CurseClient.CMOD2.dll
2013-09-30 23:25 - 2013-09-30 23:25 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/13/2013 01:28:35 PM) (Source: MsiInstaller) (User: Nightmare-NB)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable -- Error 1925.Sie besitzen keine ausreichenden Berechtigungen, um diese Installation für alle Benutzer dieses Computers auszuführen. Melden Sie sich als Administrator an, und wiederholen Sie diese Installation.

Error: (10/13/2013 01:28:34 PM) (Source: MsiInstaller) (User: Nightmare-NB)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable -- Error 1925.Sie besitzen keine ausreichenden Berechtigungen, um diese Installation für alle Benutzer dieses Computers auszuführen. Melden Sie sich als Administrator an, und wiederholen Sie diese Installation.

Error: (10/13/2013 01:22:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/13/2013 03:18:10 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/13/2013 01:56:53 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (10/13/2013 00:47:00 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (10/13/2013 00:30:13 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/12/2013 11:41:39 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2013 00:30:13 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/11/2013 05:07:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/13/2013 04:06:19 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR7 gefunden.

Error: (10/13/2013 04:06:19 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (10/11/2013 02:12:02 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (10/11/2013 01:56:50 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.

Error: (10/11/2013 11:31:06 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b

Error: (10/10/2013 04:39:01 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht vergrößert werden kann.

Error: (10/10/2013 00:11:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (10/10/2013 00:11:42 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (10/08/2013 10:58:40 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (10/08/2013 10:58:40 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-09-18 16:25:40.436
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-18 16:25:40.420
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-09 16:04:27.849
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Nightmare\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-09 16:04:27.833
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Nightmare\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-09 16:04:27.755
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Progamme\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-09 16:04:27.740
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Progamme\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 33%
Total physical RAM: 8173.21 MB
Available physical RAM: 5429.89 MB
Total Pagefile: 16344.61 MB
Available Pagefile: 13341.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Samsung SSD BOOT Device) (Fixed) (Total:111.79 GB) (Free:6.91 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Laufwerk_F) (Fixed) (Total:298.09 GB) (Free:50.76 GB) NTFS
Drive e: (DATA 2 TB) (Fixed) (Total:1862.92 GB) (Free:1697.13 GB) NTFS
Drive h: (DATA BASE) (Fixed) (Total:931.28 GB) (Free:410.44 GB) FAT32
Drive k: (Elements) (Fixed) (Total:1397.26 GB) (Free:393.49 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 7BE1F435)
Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 11BB29FA)
Partition 1: (Not Active) - (Size=-198731276288) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: F2E0AD49)
Partition 1: (Active) - (Size=932 GB) - (Type=0C)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1397 GB) (Disk ID: 000CF721)
Partition 1: (Not Active) - (Size=-698724909056) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 298 GB) (Disk ID: CACFB0E3)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================

aharonov 13.10.2013 20:11
Ok.


Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKCU\...\Run: [Snoozer] - C:\Users\Nightmare\AppData\Roaming\Snz\Snz.exe [1226844 2013-10-11] ()
HKCU\...\Run: [OMESupervisor] - C:\Users\Nightmare\AppData\Local\omesuperv.exe [2220366 2013-10-11] ()
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://wisersearch.com/search.php?channel=de&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://wisersearch.com/search.php?channel=de&q={searchTerms}
FF DefaultSearchEngine: Search
FF SelectedSearchEngine: Search
CHR HomePage: http:\/\/wisersearch.com\/?channel=de
CHR RestoreOnStartup: "http:\/\/wisersearch.com\/?channel=de"],"restore_on_startup_migrated":true,"restore_on_startup":4},"default_search_provider":{"enabled":true,"encodings":"UTF-8","id":"10","keyword":"Search","suggest_url":null,"name":"Search","icon_url":"http:\/\/wisersearch.com\/search.ico","search_url":"http:\/\/wisersearch.com\/search.php?channel=de&q={searchTerms}","prepopulate_id":0,"instant_url"
2013-10-13 13:28 - 2013-10-13 13:28 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Snz
2013-10-11 17:04 - 2013-10-13 14:52 - 00000000 ____D C:\Program Files (x86)\WebEnhance
2013-10-11 10:04 - 2013-10-11 10:04 - 02220366 _____ C:\Users\Nightmare\AppData\Local\omesuperv.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Schritt 2

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Nightmare199 27.10.2013 13:09
Hi Leo,

sorry für die lange Wartezeit ...

hier das Fixlog.txt:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-10-2013 01
Ran by Nightmare at 2013-10-27 13:05:46 Run:2
Running from E:\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\...\Run: [Snoozer] - C:\Users\Nightmare\AppData\Roaming\Snz\Snz.exe [1226844 2013-10-11] ()
HKCU\...\Run: [OMESupervisor] - C:\Users\Nightmare\AppData\Local\omesuperv.exe [2220366 2013-10-11] ()
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://wisersearch.com/search.php?channel=de&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://wisersearch.com/search.php?channel=de&q={searchTerms}
FF DefaultSearchEngine: Search
FF SelectedSearchEngine: Search
CHR HomePage: http:\/\/wisersearch.com\/?channel=de
CHR RestoreOnStartup: "http:\/\/wisersearch.com\/?channel=de"],"restore_on_startup_migrated":true,"restore_on_startup":4},"default_search_provider":{"enabled":true,"encodings":"UTF-8","id":"10","keyword":"Search","suggest_url":null,"name":"Search","icon_url":"http:\/\/wisersearch.com\/search.ico","search_url":"http:\/\/wisersearch.com\/search.php?channel=de&q={searchTerms}","prepopulate_id":0,"instant_url"
2013-10-13 13:28 - 2013-10-13 13:28 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Snz
2013-10-11 17:04 - 2013-10-13 14:52 - 00000000 ____D C:\Program Files (x86)\WebEnhance
2013-10-11 10:04 - 2013-10-11 10:04 - 02220366 _____ C:\Users\Nightmare\AppData\Local\omesuperv.exe

*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Snoozer => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\OMESupervisor => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
CHR HomePage: http:\/\/wisersearch.com\/?channel=de ==> The Chrome "Settings" can be used to fix the entry.
CHR RestoreOnStartup: "http:\/\/wisersearch.com\/?channel=de"],"restore_on_startup_migrated":true,"restore_on_startup":4},"default_search_provider":{"enabled":true,"encodings":"UTF-8","id":"10","keyword":"Search","suggest_url":null,"name":"Search","icon_url":"http:\/\/wisersearch.com\/search.ico","search_url":"http:\/\/wisersearch.com\/search.php?channel=de&q={searchTerms}","prepopulate_id":0,"instant_url" ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\Nightmare\AppData\Roaming\Snz => Moved successfully.
C:\Program Files (x86)\WebEnhance => Moved successfully.
C:\Users\Nightmare\AppData\Local\omesuperv.exe => Moved successfully.

==== End of Fixlog ====
FRST nach Fix: Logfile


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2013 01
Ran by Nightmare (administrator) on NIGHTMARE-NB on 27-10-2013 13:07:39
Running from E:\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Curse) C:\Users\Nightmare\AppData\Local\Apps\2.0\MPGPWVQ2.N2Z\OAENOJ5Y.28J\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Blizzard Entertainment) E:\Spiele\World of Warcraft\Wow-64.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\GUI\GDSC.exe
(G Data Software AG) C:\program files (x86)\g data\internetsecurity\avk\avk.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Blizzard Entertainment) E:\Spiele\World of Warcraft\Utils\WowBrowserProxy.exe
(Farbar) E:\Downloads\FRST64(1).exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe
HKCU\...\Run: [Steam] - E:\Progamme\Steam\Steam.exe [1813928 2013-10-09] (Valve Corporation)
HKCU\...\Run: [SCheck] - "C:\Users\Nightmare\AppData\Roaming\SCheck\SCheck.exe" check
HKCU\...\Run: [SSync] - "C:\Users\Nightmare\AppData\Roaming\SSync\SSync.exe"
HKCU\...\Run: [Intermediate] - "C:\Users\Nightmare\AppData\Roaming\Intermediate\Intermediate.exe"
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [G Data ASM] - C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [472016 2013-02-25] (G Data Software AG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [G Data AntiVirus Tray] - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe [1444472 2013-08-21] (G Data Software AG)
HKLM-x32\...\Run: [GDFirewallTray] - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1854928 2013-03-22] (G Data Software AG)
Startup: C:\Users\Nightmare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9C8DE98C6329CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://wisersearch.com/?channel=de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {5C54CC0F-5F8D-475F-855B-11CDCDF6B2DC} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKLM-x32 - {2B296690-1DB5-4923-A71A-09AE504D4D20} URL = hxxp://www.bing.com/?cc=de
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - Free PDF Perfect - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - E:\Progamme\Free PDF Perfect\ieagent64.dll (soft Xpansion)
Toolbar: HKLM-x32 - Free PDF Perfect - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - E:\Progamme\Free PDF Perfect\ieagent32.dll (soft Xpansion)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default
FF Homepage: www.bing.com
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - E:\Progamme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @soft-xpansion/npsxpdf - C:\Program Files (x86)\Common Files\Freemium\np-sxpdf.dll (soft-Xpansion)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - E:\Progamme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - E:\Progamme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: om - C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\Extensions\om@offermosquito.com.xpi
FF Extension: Adblock Plus - C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF Extension: Free PDF Perfect - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF HKLM-x32\...\Thunderbird\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF Extension: Free PDF Perfect - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb

Chrome:
=======
CHR HomePage: http:\/\/wisersearch.com\/?channel=de
CHR RestoreOnStartup: "http:\/\/wisersearch.com\/?channel=de"],"restore_on_startup_migrated":true,"restore_on_startup":4},"default_search_provider":{"enabled":true,"encodings":"UTF-8","id":"10","keyword":"Search","suggest_url":null,"name":"Search","icon_url":"http:\/\/wisersearch.com\/search.ico","search_url":"http:\/\/wisersearch.com\/search.php?channel=de&q={searchTerms}","prepopulate_id":0,"instant_url"
CHR Extension: (Docs) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1970296 2013-08-26] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [635000 2013-08-21] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2562208 2013-10-15] (G Data Software AG)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2942808 2013-10-17] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [695416 2013-08-22] (G Data Software AG)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-05-09] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-10-11] (soft Xpansion)

==================== Drivers (Whitelisted) ====================

R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [60248 2013-10-24] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [130392 2013-10-24] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [63320 2013-10-24] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64856 2013-10-24] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2013-10-27] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65368 2013-10-24] (G Data Software AG)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 XENfiltv; C:\Windows\System32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-27 13:05 - 2013-10-27 13:05 - 00001282 _____ C:\Users\Nightmare\Desktop\Fixlist.txt
2013-10-27 12:59 - 2013-10-27 12:59 - 00106272 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2013-10-27 12:58 - 2013-10-27 12:58 - 00003119 _____ C:\Users\Nightmare\Desktop\GPU Observer - Gadget Dump.txt
2013-10-24 09:39 - 2013-10-24 09:39 - 609794099 _____ C:\Windows\MEMORY.DMP
2013-10-24 09:39 - 2013-10-24 09:39 - 00976952 _____ C:\Windows\Minidump\102413-5319-01.dmp
2013-10-23 16:57 - 2013-10-24 00:35 - 00063320 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2013-10-23 16:57 - 2013-10-24 00:35 - 00002011 _____ C:\Users\Public\Desktop\G Data InternetSecurity 2014.lnk
2013-10-23 16:56 - 2013-10-24 00:35 - 00130392 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2013-10-23 16:56 - 2013-10-24 00:35 - 00065368 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2013-10-23 16:56 - 2013-10-24 00:35 - 00064856 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2013-10-23 16:56 - 2013-10-24 00:35 - 00060248 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2013-10-21 16:05 - 2013-10-21 16:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-12 13:47 - 2013-10-12 13:47 - 00008079 _____ C:\Users\Nightmare\Desktop\Microsoft Office Excel-Arbeitsblatt (neu).xlsx
2013-10-12 11:03 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-12 11:03 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-12 11:03 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-12 11:03 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-12 11:03 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-12 11:03 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-12 11:03 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-11 16:05 - 2013-10-11 16:05 - 00010464 _____ C:\Windows\SysWOW64\sx_p2d.tlb
2013-10-11 16:05 - 2013-10-11 16:05 - 00000830 _____ C:\Users\Nightmare\Desktop\Free PDF Perfect.lnk
2013-10-11 16:05 - 2013-10-11 16:05 - 00000000 ____D C:\ProgramData\Freemium
2013-10-11 16:04 - 2013-10-11 16:04 - 00000000 ____D C:\Program Files (x86)\Covus Freemium
2013-10-11 16:03 - 2013-10-11 16:04 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-11 01:54 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 01:54 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 01:54 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 01:54 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 01:54 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 01:54 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 01:54 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 01:54 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 01:54 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 01:54 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 01:54 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-11 01:54 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 01:54 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-11 01:54 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 01:54 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 01:54 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 01:54 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 01:54 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 01:54 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 01:54 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 01:54 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 01:54 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 01:54 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 01:54 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 01:54 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 01:54 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 01:54 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 01:54 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 01:54 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 01:54 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-11 01:54 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-10 23:11 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 23:11 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 23:11 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 23:11 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 23:11 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 23:11 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 23:11 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 23:11 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-10 23:11 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 23:11 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 23:11 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 23:11 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-10 23:11 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-10 23:11 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-10 23:11 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-10 23:11 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-10 23:11 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 23:11 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-10 23:11 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-10 23:11 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 23:11 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 23:11 - 2013-07-12 11:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-10 23:11 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 23:11 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 23:11 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 23:11 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 23:11 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 23:11 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 23:11 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-10 23:11 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 23:11 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 23:11 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 23:11 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 23:11 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 23:11 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 23:11 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 23:11 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 23:11 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 23:11 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 23:11 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 23:11 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 23:11 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-10 23:10 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 23:10 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 23:10 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 23:10 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 12:11 - 2013-10-10 12:16 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Curse Advertising
2013-10-10 12:11 - 2013-10-10 12:11 - 00000318 _____ C:\Users\Nightmare\Desktop\Curse Client.appref-ms
2013-10-10 12:11 - 2013-10-10 12:11 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2013-10-09 10:05 - 2013-10-09 10:05 - 00000878 _____ C:\Users\Nightmare\Desktop\World of Warcraft - Verknüpfung.lnk
2013-10-07 10:04 - 2013-10-07 10:04 - 00000614 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-10-07 10:03 - 2013-10-09 10:04 - 00000253 _____ C:\Users\Nightmare\Desktop\WoW.mfil
2013-10-07 10:03 - 2013-10-09 10:04 - 00000000 ____D C:\Users\Nightmare\Desktop\Data
2013-10-07 10:03 - 2013-10-07 10:07 - 00000000 ____D C:\Users\Nightmare\Desktop\WTF
2013-10-06 00:21 - 2013-10-06 00:21 - 00000752 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2013-10-04 08:25 - 2013-10-19 12:27 - 00000000 ____D C:\Users\Nightmare\Desktop\Bewerbungen
2013-10-03 12:59 - 2013-10-03 12:59 - 00000000 ____D C:\Users\Public\Documents\Blizzard Entertainment
2013-10-03 12:57 - 2013-10-03 12:57 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-10-03 11:05 - 2013-10-03 11:08 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-10-03 10:54 - 2013-10-03 10:54 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Blizzard Entertainment
2013-10-03 10:32 - 2013-10-03 10:32 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2013-10-03 10:06 - 2013-10-03 10:07 - 00000000 ____D C:\ProgramData\Battle.net
2013-09-30 22:25 - 2013-09-30 22:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-10-27 13:05 - 2013-10-27 13:05 - 00001282 _____ C:\Users\Nightmare\Desktop\Fixlist.txt
2013-10-27 13:02 - 2013-09-10 12:28 - 00000000 ____D C:\Users\Nightmare\Desktop\trojaner-board
2013-10-27 12:59 - 2013-10-27 12:59 - 00106272 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2013-10-27 12:59 - 2013-04-13 18:26 - 00019016 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys
2013-10-27 12:58 - 2013-10-27 12:58 - 00003119 _____ C:\Users\Nightmare\Desktop\GPU Observer - Gadget Dump.txt
2013-10-27 12:55 - 2013-09-21 21:39 - 00000000 ____D C:\Users\Nightmare\Desktop\Handy Mix
2013-10-27 12:55 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-27 12:55 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-27 12:54 - 2013-03-25 15:18 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Deployment
2013-10-27 12:54 - 2010-11-21 07:50 - 00699030 _____ C:\Windows\system32\perfh007.dat
2013-10-27 12:54 - 2010-11-21 07:50 - 00149170 _____ C:\Windows\system32\perfc007.dat
2013-10-27 12:54 - 2009-07-14 06:13 - 01619024 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-27 12:54 - 2009-07-14 05:51 - 00098511 _____ C:\Windows\setupact.log
2013-10-27 12:53 - 2013-03-25 14:43 - 02021672 _____ C:\Windows\WindowsUpdate.log
2013-10-27 12:48 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-27 04:08 - 2013-03-25 15:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-26 13:18 - 2013-09-09 16:46 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-10-26 13:18 - 2013-05-07 16:47 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-10-24 09:39 - 2013-10-24 09:39 - 609794099 _____ C:\Windows\MEMORY.DMP
2013-10-24 09:39 - 2013-10-24 09:39 - 00976952 _____ C:\Windows\Minidump\102413-5319-01.dmp
2013-10-24 09:39 - 2013-05-30 15:11 - 00000000 ____D C:\Windows\Minidump
2013-10-24 00:35 - 2013-10-23 16:57 - 00063320 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2013-10-24 00:35 - 2013-10-23 16:57 - 00002011 _____ C:\Users\Public\Desktop\G Data InternetSecurity 2014.lnk
2013-10-24 00:35 - 2013-10-23 16:56 - 00130392 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2013-10-24 00:35 - 2013-10-23 16:56 - 00065368 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2013-10-24 00:35 - 2013-10-23 16:56 - 00064856 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2013-10-24 00:35 - 2013-10-23 16:56 - 00060248 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2013-10-23 17:02 - 2013-03-25 15:00 - 00000000 ____D C:\ProgramData\G DATA
2013-10-23 16:56 - 2013-03-25 15:00 - 00000000 ____D C:\Program Files (x86)\G Data
2013-10-23 16:53 - 2010-11-21 04:47 - 00424310 _____ C:\Windows\PFRO.log
2013-10-23 16:52 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2013-10-23 16:52 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-10-23 16:52 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2013-10-23 16:52 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\com
2013-10-22 23:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\LiveKernelReports
2013-10-22 11:47 - 2013-08-22 16:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-21 16:18 - 2013-10-21 16:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-19 12:27 - 2013-10-04 08:25 - 00000000 ____D C:\Users\Nightmare\Desktop\Bewerbungen
2013-10-15 01:57 - 2013-03-25 20:03 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\vlc
2013-10-13 14:51 - 2013-08-21 20:52 - 00000000 ____D C:\AdwCleaner
2013-10-13 14:51 - 2013-06-09 20:22 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Common
2013-10-12 13:47 - 2013-10-12 13:47 - 00008079 _____ C:\Users\Nightmare\Desktop\Microsoft Office Excel-Arbeitsblatt (neu).xlsx
2013-10-11 16:05 - 2013-10-11 16:05 - 00010464 _____ C:\Windows\SysWOW64\sx_p2d.tlb
2013-10-11 16:05 - 2013-10-11 16:05 - 00000830 _____ C:\Users\Nightmare\Desktop\Free PDF Perfect.lnk
2013-10-11 16:05 - 2013-10-11 16:05 - 00000000 ____D C:\ProgramData\Freemium
2013-10-11 16:04 - 2013-10-11 16:04 - 00000000 ____D C:\Program Files (x86)\Covus Freemium
2013-10-11 16:04 - 2013-10-11 16:03 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-11 10:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-10-11 10:31 - 2009-07-14 05:45 - 00312496 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 01:56 - 2013-03-25 21:36 - 01591896 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-11 01:55 - 2013-04-10 18:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-11 01:54 - 2013-08-22 16:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 01:54 - 2013-08-22 16:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 01:53 - 2013-08-06 00:30 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 01:52 - 2013-03-29 10:27 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 12:16 - 2013-10-10 12:11 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Curse Advertising
2013-10-10 12:11 - 2013-10-10 12:11 - 00000318 _____ C:\Users\Nightmare\Desktop\Curse Client.appref-ms
2013-10-10 12:11 - 2013-10-10 12:11 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2013-10-10 12:11 - 2013-03-25 14:47 - 00000000 ___RD C:\Users\Nightmare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-10 12:08 - 2013-03-25 15:18 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Apps\2.0
2013-10-09 19:09 - 2013-03-25 15:39 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 19:09 - 2013-03-25 15:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 19:09 - 2013-03-25 15:39 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 10:05 - 2013-10-09 10:05 - 00000878 _____ C:\Users\Nightmare\Desktop\World of Warcraft - Verknüpfung.lnk
2013-10-09 10:04 - 2013-10-07 10:03 - 00000253 _____ C:\Users\Nightmare\Desktop\WoW.mfil
2013-10-09 10:04 - 2013-10-07 10:03 - 00000000 ____D C:\Users\Nightmare\Desktop\Data
2013-10-07 10:07 - 2013-10-07 10:03 - 00000000 ____D C:\Users\Nightmare\Desktop\WTF
2013-10-07 10:05 - 2013-09-09 14:56 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Thunderbird
2013-10-07 10:04 - 2013-10-07 10:04 - 00000614 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-10-06 00:21 - 2013-10-06 00:21 - 00000752 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2013-10-05 12:52 - 2013-05-07 16:46 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-10-03 12:59 - 2013-10-03 12:59 - 00000000 ____D C:\Users\Public\Documents\Blizzard Entertainment
2013-10-03 12:57 - 2013-10-03 12:57 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-10-03 11:08 - 2013-10-03 11:05 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-10-03 10:54 - 2013-10-03 10:54 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Blizzard Entertainment
2013-10-03 10:32 - 2013-10-03 10:32 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2013-10-03 10:07 - 2013-10-03 10:06 - 00000000 ____D C:\ProgramData\Battle.net
2013-10-01 13:12 - 2013-03-25 15:31 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Mozilla
2013-09-30 22:25 - 2013-09-30 22:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\Nightmare\AppData\Local\Temp\Quarantine.exe
C:\Users\Nightmare\AppData\Local\Temp\sonarinst.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-21 12:56

==================== End Of Log ============================
--- --- ---

--- --- ---


FRST nach Fix: Addition:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2013 01
Ran by Nightmare at 2013-10-27 13:07:56
Running from E:\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: G Data InternetSecurity 2014 (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G Data InternetSecurity 2014 (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Battlefield 3™ (x32 Version: 1.6.0.0)
Battlelog Web Plugins (x32 Version: 2.3.0)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485)
CCC Help Czech (x32 Version: 2012.1219.1520.27485)
CCC Help Danish (x32 Version: 2012.1219.1520.27485)
CCC Help Dutch (x32 Version: 2012.1219.1520.27485)
CCC Help English (x32 Version: 2012.1219.1520.27485)
CCC Help Finnish (x32 Version: 2012.1219.1520.27485)
CCC Help French (x32 Version: 2012.1219.1520.27485)
CCC Help German (x32 Version: 2012.1219.1520.27485)
CCC Help Greek (x32 Version: 2012.1219.1520.27485)
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485)
CCC Help Italian (x32 Version: 2012.1219.1520.27485)
CCC Help Japanese (x32 Version: 2012.1219.1520.27485)
CCC Help Korean (x32 Version: 2012.1219.1520.27485)
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485)
CCC Help Polish (x32 Version: 2012.1219.1520.27485)
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485)
CCC Help Russian (x32 Version: 2012.1219.1520.27485)
CCC Help Spanish (x32 Version: 2012.1219.1520.27485)
CCC Help Swedish (x32 Version: 2012.1219.1520.27485)
CCC Help Thai (x32 Version: 2012.1219.1520.27485)
CCC Help Turkish (x32 Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
Counter-Strike: Global Offensive (x32)
Curse Client (HKCU Version: 5.1.1.792)
D3DX10 (x32 Version: 15.4.2368.0902)
ESET Online Scanner v3 (x32)
ESN Sonar (x32 Version: 0.70.4)
EVEREST Home Edition v2.20 (x32 Version: 2.20)
Fotogalerie (x32 Version: 16.4.3508.0205)
Free Pdf Perfect Prereq (x32 Version: 1.0.0.0)
Free Video Flip and Rotate version 2.1.8.717 (x32 Version: 2.1.8.717)
Free YouTube Download version 3.2.8.717 (x32 Version: 3.2.8.717)
Free YouTube to MP3 Converter version 3.12.8.717 (x32 Version: 3.12.8.717)
Freemium Free PDF Perfect (x32 Version: 1.0)
G Data InternetSecurity 2014 (x32 Version: 24.0.3.4)
iTunes (Version: 11.0.2.26)
Left 4 Dead (x32)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Metro: Last Light (x32)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3508.0205)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0.1)
Mozilla Thunderbird 24.0.1 (x86 de) (x32 Version: 24.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
neroxml (x32 Version: 1.0.0)
NVIDIA PhysX (x32 Version: 9.12.1031)
Origin (x32 Version: 9.1.13.85)
Photo Common (x32 Version: 16.4.3508.0205)
Photo Gallery (x32 Version: 16.4.3508.0205)
PunkBuster Services (x32 Version: 0.991)
Realtek Ethernet Controller Driver For Windows Vista and Later (x32 Version: 1.00.0009)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6251)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0)
Secunia PSI (3.0.0.7011) (x32 Version: 3.0.0.7011)
Steam (x32 Version: 1.0.0.0)
TeamSpeak 3 Client (Version: 3.0.13)
Tomb Raider (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
VLC media player 2.1.0 (x32 Version: 2.1.0)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
World of Warcraft (x32 Version: 4.0.0.12911)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-09-18 15:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {A8EB5811-A1C3-4990-9580-77C332ECB59A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {DD794993-B0B2-48B9-A6A6-05766AF86FA8} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-10-10 12:11 - 2013-10-10 12:10 - 00014848 _____ () C:\Users\Nightmare\AppData\Local\Apps\2.0\MPGPWVQ2.N2Z\OAENOJ5Y.28J\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\Curse.CurseClient.WowDb.dll
2013-10-10 12:11 - 2013-10-10 12:10 - 00035840 _____ () C:\Users\Nightmare\AppData\Local\Apps\2.0\MPGPWVQ2.N2Z\OAENOJ5Y.28J\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\Curse.Advertising.dll
2013-10-10 12:11 - 2013-10-10 12:10 - 00099840 _____ () C:\Users\Nightmare\AppData\Local\Apps\2.0\MPGPWVQ2.N2Z\OAENOJ5Y.28J\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\Curse.CurseClient.CMOD2.dll
2013-10-05 14:38 - 2013-10-03 07:33 - 23950848 _____ () E:\Spiele\World of Warcraft\Utils\libcef.dll
2013-09-30 22:25 - 2013-09-30 22:25 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/27/2013 01:01:33 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (10/27/2013 00:50:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/26/2013 11:30:22 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/26/2013 00:55:47 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (10/26/2013 00:31:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/25/2013 11:30:11 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/25/2013 04:07:19 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (10/25/2013 03:42:29 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (10/25/2013 00:31:43 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/25/2013 10:42:54 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/27/2013 00:54:37 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.

Error: (10/24/2013 09:42:11 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎24.‎10.‎2013 um 10:40:57 unerwartet heruntergefahren.

Error: (10/24/2013 09:40:01 AM) (Source: BugCheck) (User: )
Description: 0x00000116 (0xfffffa800ae9e4e0, 0xfffff88004063410, 0xffffffffc00000b5, 0x000000000000000a)C:\Windows\MEMORY.DMP102413-5319-01

Error: (10/24/2013 09:39:59 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎24.‎10.‎2013 um 10:38:20 unerwartet heruntergefahren.

Error: (10/23/2013 04:56:36 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (10/23/2013 04:51:59 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "G Data AntiVirus Proxy" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (10/23/2013 04:50:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "G Data AntiVirus Proxy" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (10/23/2013 00:30:41 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎23.‎10.‎2013 um 06:10:43 unerwartet heruntergefahren.

Error: (10/22/2013 03:23:09 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.

Error: (10/22/2013 02:33:20 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-09-18 16:25:40.436
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-18 16:25:40.420
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-09 16:04:27.849
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Nightmare\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-09 16:04:27.833
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Nightmare\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-09 16:04:27.755
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Progamme\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-09 16:04:27.740
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Progamme\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 8173.21 MB
Available physical RAM: 5208.77 MB
Total Pagefile: 16344.61 MB
Available Pagefile: 12507.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Samsung SSD BOOT Device) (Fixed) (Total:111.79 GB) (Free:8.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Removable) (Total:3.75 GB) (Free:3.06 GB) FAT32
Drive e: (DATA 2 TB) (Fixed) (Total:1862.92 GB) (Free:1696.66 GB) NTFS
Drive g: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive l: (CRUZER) (Removable) (Total:7.47 GB) (Free:0.01 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 7BE1F435)
Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 11BB29FA)
Partition 1: (Not Active) - (Size=-198731276288) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

========================================================
Disk: 3 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

==================== End Of Log ============================
Gruß David

aharonov 27.10.2013 15:10
Hallo David,

da ist in der Zwischenzeit wieder ein bisschen was dazugekommen.
Jetzt noch die hoffentlich letzte Runde:


Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKCU\...\Run: [SCheck] - "C:\Users\Nightmare\AppData\Roaming\SCheck\SCheck.exe" check
HKCU\...\Run: [SSync] - "C:\Users\Nightmare\AppData\Roaming\SSync\SSync.exe"
HKCU\...\Run: [Intermediate] - "C:\Users\Nightmare\AppData\Roaming\Intermediate\Intermediate.exe"
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://wisersearch.com/?channel=de
FF Extension: om - C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\Extensions\om@offermosquito.com.xpi
HKCU\...\Run: [Snoozer] - C:\Users\Nightmare\AppData\Roaming\Snz\Snz.exe [1226844 2013-10-11] ()
HKCU\...\Run: [OMESupervisor] - C:\Users\Nightmare\AppData\Local\omesuperv.exe [2220366 2013-10-11] ()
C:\Users\Nightmare\AppData\Roaming\SCheck
C:\Users\Nightmare\AppData\Roaming\SSync
C:\Users\Nightmare\AppData\Roaming\Intermediate
C:\Users\Nightmare\AppData\Roaming\Snz
C:\Users\Nightmare\AppData\Local\omesuperv.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Schritt 2

Rechner neustarten und danach nochmals ein FRST-Scan:

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Nightmare199 04.11.2013 12:02
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013
Ran by Nightmare at 2013-11-04 11:58:18 Run:3
Running from C:\Users\Nightmare\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\...\Run: [SCheck] - "C:\Users\Nightmare\AppData\Roaming\SCheck\SCheck.exe" check
HKCU\...\Run: [SSync] - "C:\Users\Nightmare\AppData\Roaming\SSync\SSync.exe"
HKCU\...\Run: [Intermediate] - "C:\Users\Nightmare\AppData\Roaming\Intermediate\Intermediate.exe"
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://wisersearch.com/?channel=de
FF Extension: om - C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\Extensions\om@offermosquito.com.xpi
HKCU\...\Run: [Snoozer] - C:\Users\Nightmare\AppData\Roaming\Snz\Snz.exe [1226844 2013-10-11] ()
HKCU\...\Run: [OMESupervisor] - C:\Users\Nightmare\AppData\Local\omesuperv.exe [2220366 2013-10-11] ()
C:\Users\Nightmare\AppData\Roaming\SCheck
C:\Users\Nightmare\AppData\Roaming\SSync
C:\Users\Nightmare\AppData\Roaming\Intermediate
C:\Users\Nightmare\AppData\Roaming\Snz
C:\Users\Nightmare\AppData\Local\omesuperv.exe
       
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SCheck => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SSync => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Intermediate => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\Extensions\om@offermosquito.com.xpi => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Snoozer => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\OMESupervisor => Value not found.
"C:\Users\Nightmare\AppData\Roaming\SCheck" => File/Directory not found.
"C:\Users\Nightmare\AppData\Roaming\SSync" => File/Directory not found.
"C:\Users\Nightmare\AppData\Roaming\Intermediate" => File/Directory not found.
"C:\Users\Nightmare\AppData\Roaming\Snz" => File/Directory not found.
"C:\Users\Nightmare\AppData\Local\omesuperv.exe" => File/Directory not found.

==== End of Fixlog ====

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by Nightmare (administrator) on NIGHTMARE-NB on 04-11-2013 12:00:56
Running from C:\Users\Nightmare\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Valve Corporation) E:\Progamme\Steam\Steam.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Curse) C:\Users\Nightmare\AppData\Local\Apps\2.0\MPGPWVQ2.N2Z\OAENOJ5Y.28J\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Reader_sl.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Farbar) C:\Users\Nightmare\Desktop\FRST64(2).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe
HKCU\...\Run: [Steam] - E:\Progamme\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [G Data ASM] - C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [472016 2013-02-25] (G Data Software AG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [G Data AntiVirus Tray] - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe [1444472 2013-08-21] (G Data Software AG)
HKLM-x32\...\Run: [GDFirewallTray] - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1854928 2013-03-22] (G Data Software AG)
Startup: C:\Users\Nightmare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9C8DE98C6329CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {5C54CC0F-5F8D-475F-855B-11CDCDF6B2DC} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKLM-x32 - {2B296690-1DB5-4923-A71A-09AE504D4D20} URL = hxxp://www.bing.com/?cc=de
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - Free PDF Perfect - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - E:\Progamme\Free PDF Perfect\ieagent64.dll (soft Xpansion)
Toolbar: HKLM-x32 - Free PDF Perfect - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - E:\Progamme\Free PDF Perfect\ieagent32.dll (soft Xpansion)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default
FF Homepage: www.bing.com
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - E:\Progamme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @soft-xpansion/npsxpdf - C:\Program Files (x86)\Common Files\Freemium\np-sxpdf.dll (soft-Xpansion)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - E:\Progamme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - E:\Progamme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Nightmare\AppData\Roaming\Mozilla\Firefox\Profiles\b7k5xtih.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF Extension: Free PDF Perfect - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF HKLM-x32\...\Thunderbird\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF Extension: Free PDF Perfect - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb

Chrome:
=======
CHR HomePage: http:\/\/wisersearch.com\/?channel=de
CHR RestoreOnStartup: "http:\/\/wisersearch.com\/?channel=de"],"restore_on_startup_migrated":true,"restore_on_startup":4},"default_search_provider":{"enabled":true,"encodings":"UTF-8","id":"10","keyword":"Search","suggest_url":null,"name":"Search","icon_url":"http:\/\/wisersearch.com\/search.ico","search_url":"http:\/\/wisersearch.com\/search.php?channel=de&q={searchTerms}","prepopulate_id":0,"instant_url"
CHR Extension: (Docs) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\Nightmare\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1970296 2013-08-26] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [635000 2013-08-21] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2562208 2013-10-15] (G Data Software AG)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2942808 2013-10-17] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [695416 2013-08-22] (G Data Software AG)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-05-09] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-10-11] (soft Xpansion)

==================== Drivers (Whitelisted) ====================

R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [60248 2013-10-24] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [130392 2013-10-24] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [63320 2013-10-24] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64856 2013-10-24] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2013-10-27] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65368 2013-10-24] (G Data Software AG)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 XENfiltv; C:\Windows\System32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-04 11:57 - 2013-11-04 11:57 - 01957098 _____ (Farbar) C:\Users\Nightmare\Desktop\FRST64(2).exe
2013-10-29 23:01 - 2013-10-29 23:02 - 00000000 ____D C:\Users\Nightmare\Desktop\Musik neu
2013-10-29 18:52 - 2013-10-29 18:55 - 00000000 ____D C:\Users\Nightmare\Desktop\Store'n Go Sicherheitskopie
2013-10-27 12:59 - 2013-10-27 12:59 - 00106272 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2013-10-27 12:58 - 2013-10-27 12:58 - 00003119 _____ C:\Users\Nightmare\Desktop\GPU Observer - Gadget Dump.txt
2013-10-24 09:39 - 2013-10-24 09:39 - 609794099 _____ C:\Windows\MEMORY.DMP
2013-10-24 09:39 - 2013-10-24 09:39 - 00976952 _____ C:\Windows\Minidump\102413-5319-01.dmp
2013-10-23 16:57 - 2013-10-24 00:35 - 00063320 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2013-10-23 16:57 - 2013-10-24 00:35 - 00002011 _____ C:\Users\Public\Desktop\G Data InternetSecurity 2014.lnk
2013-10-23 16:56 - 2013-10-24 00:35 - 00130392 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2013-10-23 16:56 - 2013-10-24 00:35 - 00065368 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2013-10-23 16:56 - 2013-10-24 00:35 - 00064856 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2013-10-23 16:56 - 2013-10-24 00:35 - 00060248 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2013-10-21 16:05 - 2013-10-21 16:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-12 13:47 - 2013-10-12 13:47 - 00008079 _____ C:\Users\Nightmare\Desktop\Microsoft Office Excel-Arbeitsblatt (neu).xlsx
2013-10-12 11:03 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-12 11:03 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-12 11:03 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-12 11:03 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-12 11:03 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-12 11:03 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-12 11:03 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-11 16:05 - 2013-10-11 16:05 - 00010464 _____ C:\Windows\SysWOW64\sx_p2d.tlb
2013-10-11 16:05 - 2013-10-11 16:05 - 00000830 _____ C:\Users\Nightmare\Desktop\Free PDF Perfect.lnk
2013-10-11 16:05 - 2013-10-11 16:05 - 00000000 ____D C:\ProgramData\Freemium
2013-10-11 16:04 - 2013-10-11 16:04 - 00000000 ____D C:\Program Files (x86)\Covus Freemium
2013-10-11 16:03 - 2013-10-11 16:04 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-11 01:54 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 01:54 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 01:54 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 01:54 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 01:54 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 01:54 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 01:54 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 01:54 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 01:54 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 01:54 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 01:54 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-11 01:54 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 01:54 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-11 01:54 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 01:54 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 01:54 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 01:54 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 01:54 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 01:54 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 01:54 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 01:54 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 01:54 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 01:54 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 01:54 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 01:54 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 01:54 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 01:54 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 01:54 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 01:54 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 01:54 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-11 01:54 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-10 23:11 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 23:11 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 23:11 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 23:11 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 23:11 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 23:11 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 23:11 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 23:11 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-10 23:11 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 23:11 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 23:11 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 23:11 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-10 23:11 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-10 23:11 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-10 23:11 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-10 23:11 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-10 23:11 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 23:11 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-10 23:11 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-10 23:11 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 23:11 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 23:11 - 2013-07-12 11:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-10 23:11 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 23:11 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 23:11 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 23:11 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 23:11 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 23:11 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 23:11 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-10 23:11 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 23:11 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 23:11 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 23:11 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 23:11 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 23:11 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 23:11 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 23:11 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 23:11 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 23:11 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 23:11 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 23:11 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 23:11 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-10 23:10 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 23:10 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 23:10 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 23:10 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 12:11 - 2013-10-10 12:16 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Curse Advertising
2013-10-10 12:11 - 2013-10-10 12:11 - 00000318 _____ C:\Users\Nightmare\Desktop\Curse Client.appref-ms
2013-10-10 12:11 - 2013-10-10 12:11 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2013-10-09 10:05 - 2013-10-09 10:05 - 00000878 _____ C:\Users\Nightmare\Desktop\World of Warcraft - Verknüpfung.lnk
2013-10-07 10:04 - 2013-10-07 10:04 - 00000614 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-10-07 10:03 - 2013-10-09 10:04 - 00000253 _____ C:\Users\Nightmare\Desktop\WoW.mfil
2013-10-07 10:03 - 2013-10-09 10:04 - 00000000 ____D C:\Users\Nightmare\Desktop\Data
2013-10-07 10:03 - 2013-10-07 10:07 - 00000000 ____D C:\Users\Nightmare\Desktop\WTF
2013-10-06 00:21 - 2013-10-06 00:21 - 00000752 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk

==================== One Month Modified Files and Folders =======

2013-11-04 12:00 - 2013-03-25 15:18 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Deployment
2013-11-04 12:00 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-04 12:00 - 2009-07-14 05:51 - 00100001 _____ C:\Windows\setupact.log
2013-11-04 11:59 - 2013-03-25 14:43 - 01138791 _____ C:\Windows\WindowsUpdate.log
2013-11-04 11:57 - 2013-11-04 11:57 - 01957098 _____ (Farbar) C:\Users\Nightmare\Desktop\FRST64(2).exe
2013-11-04 11:08 - 2013-03-25 15:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-03 12:45 - 2010-11-21 07:50 - 00699030 _____ C:\Windows\system32\perfh007.dat
2013-11-03 12:45 - 2010-11-21 07:50 - 00149170 _____ C:\Windows\system32\perfc007.dat
2013-11-03 12:45 - 2009-07-14 06:13 - 01619024 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-03 10:12 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-03 10:12 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-29 23:02 - 2013-10-29 23:01 - 00000000 ____D C:\Users\Nightmare\Desktop\Musik neu
2013-10-29 18:55 - 2013-10-29 18:52 - 00000000 ____D C:\Users\Nightmare\Desktop\Store'n Go Sicherheitskopie
2013-10-27 13:02 - 2013-09-10 12:28 - 00000000 ____D C:\Users\Nightmare\Desktop\trojaner-board
2013-10-27 12:59 - 2013-10-27 12:59 - 00106272 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2013-10-27 12:59 - 2013-04-13 18:26 - 00019016 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys
2013-10-27 12:58 - 2013-10-27 12:58 - 00003119 _____ C:\Users\Nightmare\Desktop\GPU Observer - Gadget Dump.txt
2013-10-27 12:55 - 2013-09-21 21:39 - 00000000 ____D C:\Users\Nightmare\Desktop\Handy Mix
2013-10-26 13:18 - 2013-09-09 16:46 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-10-26 13:18 - 2013-05-07 16:47 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-10-24 09:39 - 2013-10-24 09:39 - 609794099 _____ C:\Windows\MEMORY.DMP
2013-10-24 09:39 - 2013-10-24 09:39 - 00976952 _____ C:\Windows\Minidump\102413-5319-01.dmp
2013-10-24 09:39 - 2013-05-30 15:11 - 00000000 ____D C:\Windows\Minidump
2013-10-24 00:35 - 2013-10-23 16:57 - 00063320 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2013-10-24 00:35 - 2013-10-23 16:57 - 00002011 _____ C:\Users\Public\Desktop\G Data InternetSecurity 2014.lnk
2013-10-24 00:35 - 2013-10-23 16:56 - 00130392 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2013-10-24 00:35 - 2013-10-23 16:56 - 00065368 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2013-10-24 00:35 - 2013-10-23 16:56 - 00064856 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2013-10-24 00:35 - 2013-10-23 16:56 - 00060248 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2013-10-23 17:02 - 2013-03-25 15:00 - 00000000 ____D C:\ProgramData\G DATA
2013-10-23 16:56 - 2013-03-25 15:00 - 00000000 ____D C:\Program Files (x86)\G Data
2013-10-23 16:53 - 2010-11-21 04:47 - 00424310 _____ C:\Windows\PFRO.log
2013-10-23 16:52 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2013-10-23 16:52 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-10-23 16:52 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2013-10-23 16:52 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\com
2013-10-22 23:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\LiveKernelReports
2013-10-22 11:47 - 2013-08-22 16:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-21 16:18 - 2013-10-21 16:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-19 12:27 - 2013-10-04 08:25 - 00000000 ____D C:\Users\Nightmare\Desktop\Bewerbungen
2013-10-15 01:57 - 2013-03-25 20:03 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\vlc
2013-10-13 14:51 - 2013-08-21 20:52 - 00000000 ____D C:\AdwCleaner
2013-10-13 14:51 - 2013-06-09 20:22 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Common
2013-10-12 13:47 - 2013-10-12 13:47 - 00008079 _____ C:\Users\Nightmare\Desktop\Microsoft Office Excel-Arbeitsblatt (neu).xlsx
2013-10-11 16:05 - 2013-10-11 16:05 - 00010464 _____ C:\Windows\SysWOW64\sx_p2d.tlb
2013-10-11 16:05 - 2013-10-11 16:05 - 00000830 _____ C:\Users\Nightmare\Desktop\Free PDF Perfect.lnk
2013-10-11 16:05 - 2013-10-11 16:05 - 00000000 ____D C:\ProgramData\Freemium
2013-10-11 16:04 - 2013-10-11 16:04 - 00000000 ____D C:\Program Files (x86)\Covus Freemium
2013-10-11 16:04 - 2013-10-11 16:03 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-11 10:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-10-11 10:31 - 2009-07-14 05:45 - 00312496 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 01:56 - 2013-03-25 21:36 - 01591896 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-11 01:55 - 2013-04-10 18:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-11 01:54 - 2013-08-22 16:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 01:54 - 2013-08-22 16:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 01:53 - 2013-08-06 00:30 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 01:52 - 2013-03-29 10:27 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 12:16 - 2013-10-10 12:11 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Curse Advertising
2013-10-10 12:11 - 2013-10-10 12:11 - 00000318 _____ C:\Users\Nightmare\Desktop\Curse Client.appref-ms
2013-10-10 12:11 - 2013-10-10 12:11 - 00000000 ____D C:\Users\Nightmare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2013-10-10 12:11 - 2013-03-25 14:47 - 00000000 ___RD C:\Users\Nightmare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-10 12:08 - 2013-03-25 15:18 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Apps\2.0
2013-10-09 19:09 - 2013-03-25 15:39 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 19:09 - 2013-03-25 15:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 19:09 - 2013-03-25 15:39 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 10:05 - 2013-10-09 10:05 - 00000878 _____ C:\Users\Nightmare\Desktop\World of Warcraft - Verknüpfung.lnk
2013-10-09 10:04 - 2013-10-07 10:03 - 00000253 _____ C:\Users\Nightmare\Desktop\WoW.mfil
2013-10-09 10:04 - 2013-10-07 10:03 - 00000000 ____D C:\Users\Nightmare\Desktop\Data
2013-10-07 10:07 - 2013-10-07 10:03 - 00000000 ____D C:\Users\Nightmare\Desktop\WTF
2013-10-07 10:05 - 2013-09-09 14:56 - 00000000 ____D C:\Users\Nightmare\AppData\Local\Thunderbird
2013-10-07 10:04 - 2013-10-07 10:04 - 00000614 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-10-06 00:21 - 2013-10-06 00:21 - 00000752 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2013-10-05 12:52 - 2013-05-07 16:46 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins

Some content of TEMP:
====================
C:\Users\Nightmare\AppData\Local\Temp\Quarantine.exe
C:\Users\Nightmare\AppData\Local\Temp\sonarinst.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-01 11:48

==================== End Of Log ============================
--- --- ---

--- --- ---


Addition:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by Nightmare at 2013-11-04 12:01:15
Running from C:\Users\Nightmare\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: G Data InternetSecurity 2014 (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G Data InternetSecurity 2014 (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Battlefield 3™ (x32 Version: 1.6.0.0)
Battlelog Web Plugins (x32 Version: 2.3.0)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485)
CCC Help Czech (x32 Version: 2012.1219.1520.27485)
CCC Help Danish (x32 Version: 2012.1219.1520.27485)
CCC Help Dutch (x32 Version: 2012.1219.1520.27485)
CCC Help English (x32 Version: 2012.1219.1520.27485)
CCC Help Finnish (x32 Version: 2012.1219.1520.27485)
CCC Help French (x32 Version: 2012.1219.1520.27485)
CCC Help German (x32 Version: 2012.1219.1520.27485)
CCC Help Greek (x32 Version: 2012.1219.1520.27485)
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485)
CCC Help Italian (x32 Version: 2012.1219.1520.27485)
CCC Help Japanese (x32 Version: 2012.1219.1520.27485)
CCC Help Korean (x32 Version: 2012.1219.1520.27485)
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485)
CCC Help Polish (x32 Version: 2012.1219.1520.27485)
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485)
CCC Help Russian (x32 Version: 2012.1219.1520.27485)
CCC Help Spanish (x32 Version: 2012.1219.1520.27485)
CCC Help Swedish (x32 Version: 2012.1219.1520.27485)
CCC Help Thai (x32 Version: 2012.1219.1520.27485)
CCC Help Turkish (x32 Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
Counter-Strike: Global Offensive (x32)
Curse Client (HKCU Version: 5.1.1.792)
D3DX10 (x32 Version: 15.4.2368.0902)
ESET Online Scanner v3 (x32)
ESN Sonar (x32 Version: 0.70.4)
EVEREST Home Edition v2.20 (x32 Version: 2.20)
Fotogalerie (x32 Version: 16.4.3508.0205)
Free Pdf Perfect Prereq (x32 Version: 1.0.0.0)
Free Video Flip and Rotate version 2.1.8.717 (x32 Version: 2.1.8.717)
Free YouTube Download version 3.2.8.717 (x32 Version: 3.2.8.717)
Free YouTube to MP3 Converter version 3.12.8.717 (x32 Version: 3.12.8.717)
Freemium Free PDF Perfect (x32 Version: 1.0)
G Data InternetSecurity 2014 (x32 Version: 24.0.3.4)
iTunes (Version: 11.0.2.26)
Left 4 Dead (x32)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Metro: Last Light (x32)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3508.0205)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0.1)
Mozilla Thunderbird 24.0.1 (x86 de) (x32 Version: 24.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
neroxml (x32 Version: 1.0.0)
NVIDIA PhysX (x32 Version: 9.12.1031)
Origin (x32 Version: 9.1.13.85)
Photo Common (x32 Version: 16.4.3508.0205)
Photo Gallery (x32 Version: 16.4.3508.0205)
PunkBuster Services (x32 Version: 0.991)
Realtek Ethernet Controller Driver For Windows Vista and Later (x32 Version: 1.00.0009)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6251)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0)
Secunia PSI (3.0.0.7011) (x32 Version: 3.0.0.7011)
Steam (x32 Version: 1.0.0.0)
TeamSpeak 3 Client (Version: 3.0.13)
Tomb Raider (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
VLC media player 2.1.0 (x32 Version: 2.1.0)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
World of Warcraft (x32 Version: 5.4.1.17538)

==================== Restore Points  =========================

01-11-2013 10:10:59 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-09-18 15:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {A8EB5811-A1C3-4990-9580-77C332ECB59A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {DD794993-B0B2-48B9-A6A6-05766AF86FA8} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-10-10 12:11 - 2013-10-10 12:10 - 00014848 _____ () C:\Users\Nightmare\AppData\Local\Apps\2.0\MPGPWVQ2.N2Z\OAENOJ5Y.28J\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\Curse.CurseClient.WowDb.dll
2013-10-10 12:11 - 2013-10-10 12:10 - 00035840 _____ () C:\Users\Nightmare\AppData\Local\Apps\2.0\MPGPWVQ2.N2Z\OAENOJ5Y.28J\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\Curse.Advertising.dll
2013-03-25 13:23 - 2013-10-24 18:45 - 00691200 _____ () E:\Progamme\Steam\SDL2.dll
2013-04-19 12:10 - 2013-10-30 20:25 - 01123240 _____ () E:\Progamme\Steam\bin\chromehtml.DLL
2013-03-26 15:16 - 2013-10-23 21:07 - 20625832 _____ () E:\Progamme\Steam\bin\libcef.dll
2012-12-11 08:51 - 2013-06-15 00:49 - 01100800 _____ () E:\Progamme\Steam\bin\avcodec-53.dll
2012-12-11 08:51 - 2013-06-15 00:49 - 00124416 _____ () E:\Progamme\Steam\bin\avutil-51.dll
2012-12-11 08:51 - 2013-06-15 00:49 - 00192000 _____ () E:\Progamme\Steam\bin\avformat-53.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/04/2013 04:15:36 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (11/04/2013 03:42:24 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/03/2013 10:43:18 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (11/03/2013 10:07:09 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2013 00:30:17 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/02/2013 02:49:48 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (11/02/2013 00:13:22 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/02/2013 10:41:07 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2013 07:59:49 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (11/01/2013 11:49:19 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (11/04/2013 00:00:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147014847

Error: (11/02/2013 10:39:50 AM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.100
registriert werden. Der Computer mit IP-Adresse 192.168.2.105 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (11/02/2013 10:39:50 AM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.100
registriert werden. Der Computer mit IP-Adresse 192.168.2.105 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (10/31/2013 01:28:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (10/31/2013 01:28:44 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (10/30/2013 02:21:15 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR6 gefunden.

Error: (10/29/2013 06:51:30 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden.

Error: (10/27/2013 10:57:54 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR6 gefunden.

Error: (10/27/2013 00:54:37 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.

Error: (10/24/2013 09:42:11 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎24.‎10.‎2013 um 10:40:57 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-09-18 16:25:40.436
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-18 16:25:40.420
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-09 16:04:27.849
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Nightmare\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-09 16:04:27.833
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Nightmare\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-09 16:04:27.755
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Progamme\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-09 16:04:27.740
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Progamme\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 27%
Total physical RAM: 8173.21 MB
Available physical RAM: 5945.61 MB
Total Pagefile: 16344.61 MB
Available Pagefile: 13926.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (Samsung SSD BOOT Device) (Fixed) (Total:111.79 GB) (Free:5.13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA BASE) (Fixed) (Total:931.28 GB) (Free:190.05 GB) FAT32
Drive e: (DATA 2 TB) (Fixed) (Total:1862.92 GB) (Free:1696.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 7BE1F435)
Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 11BB29FA)
Partition 1: (Not Active) - (Size=-198731276288) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: F2E0AD49)
Partition 1: (Active) - (Size=932 GB) - (Type=0C)

==================== End Of Log ============================

aharonov 04.11.2013 12:15
Und wie sieht es jetzt aus? Stört noch irgendwo irgendwas?

Nightmare199 04.11.2013 13:34
Also bis jetzt kann ich keine Anzeichen mehr finden! :rofl::rofl:

aharonov 04.11.2013 13:54
Das hatte wir ja schon ein paar Mal. :lach:

Melde dich nach ein paar Neustarts nochmals, ob dann immer noch alles in Ordnung ist oder nicht.

aharonov 17.11.2013 22:11
Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.

Nightmare199 29.12.2013 20:54
Hallo Leo,

der Plagegeist ist wirklich weg, 1000 Dank für deine Hilfe.

Ich wünsche ein gutes neues Jahr!!
Ps.: entschuldige bitte die späte Rückmeldung

Gruß
David


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:31 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132