Hallo liebes Trojaner-Board,

leider habe ich auf meiner Festplatte eine merkwürdige Datei gefunden. Wenn ich meine Festplatte öffne, sieht alles ganz normal aus, allerdings ist dort eine Datei die mir verdächtig vorkommt. Sie heißt "END" und ist 9 Byte groß. Das Erstellungsdatum war laut Windows am 26.5.2013. Nun weiß ich nicht wirklich was ich machen soll. Was ist das für eine Datei? Ist sie schädlich? Wie entferne ich sie?
Bisher habe ich sie nur als Textdatei geöffnet, dann ist folgendes zu lesen:"ConduitOK". Der PC läuft bisher übrigens ganz normal, es gibt keine Beschwerden.


OTL:
OTL logfile created on: 07.07.2013 02:49:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tristan\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,96 Gb Total Physical Memory | 6,32 Gb Available Physical Memory | 79,36% Memory free
15,93 Gb Paging File | 14,09 Gb Available in Paging File | 88,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 290,90 Gb Free Space | 62,47% Space Free | Partition Type: NTFS

Computer Name: TRISTAN-PC | User Name: Tristan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.07.07 02:47:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tristan\Desktop\OTL.exe
PRC - [2013.06.26 12:14:10 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.06.26 12:13:57 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.06.26 12:13:57 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.04.14 02:25:44 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.04.13 21:32:45 | 005,019,360 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUSB\XFastUsb.exe
PRC - [2013.04.03 03:06:06 | 003,684,488 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2013.04.03 03:05:58 | 002,777,736 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
PRC - [2012.05.30 14:00:02 | 000,013,632 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012.05.30 14:00:00 | 000,284,480 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2012.02.28 17:13:56 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.02.28 17:13:54 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.02.26 21:01:56 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012.02.21 12:29:38 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.02.21 12:29:28 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2011.05.19 11:10:22 | 000,909,824 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe


========== Modules (No Company Name) ==========

MOD - [2013.05.15 16:27:54 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll
MOD - [2013.05.15 16:27:45 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.15 16:27:40 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll
MOD - [2013.05.15 16:27:33 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013.05.15 16:27:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\56765d6988c0fc573c31d3c6066fc704\System.Configuration.ni.dll
MOD - [2013.04.16 09:39:29 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll
MOD - [2013.04.15 17:12:31 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\a9f8b35698a9a28f22861f7b814b79bc\IAStorCommon.ni.dll
MOD - [2013.04.15 17:12:19 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.04.15 17:12:17 | 000,489,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c484ce0997e68573a00dc6cddf16e2ac\IAStorUtil.ni.dll
MOD - [2013.04.15 17:12:12 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.04.15 17:12:09 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.04.15 17:12:06 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.04.15 17:12:02 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011.05.04 16:32:20 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\de-DE\THXAudNB.resources.dll
MOD - [2011.04.12 09:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013.03.29 03:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.06.26 12:14:10 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.06.26 12:13:57 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.06.03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.21 01:05:50 | 000,053,248 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.14 02:25:44 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.04.03 03:06:12 | 001,149,104 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc)
SRV - [2012.05.30 14:00:02 | 000,013,632 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012.05.24 09:16:54 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.02.28 17:13:56 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.02.28 17:13:54 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.02.21 12:29:38 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.02.21 12:29:28 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.02.09 16:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Programme\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
SRV - [2012.02.02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2011.10.19 16:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Programme\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.07.07 02:40:39 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001)
DRV:64bit: - [2013.07.07 01:54:30 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2)
DRV:64bit: - [2013.05.26 20:26:55 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013.05.26 20:21:41 | 000,032,320 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2013.04.13 21:32:45 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2013.03.29 04:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013.03.29 03:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013.03.06 15:13:37 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.02.26 15:56:51 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.02.26 15:56:50 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.02.14 13:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013.01.03 10:17:48 | 000,043,400 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2013.01.03 10:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013.01.03 10:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.05.30 13:42:10 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012.05.21 06:04:18 | 014,759,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.26 21:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.02.26 21:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.02.26 21:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.02.09 16:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2012.02.09 16:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent)
DRV:64bit: - [2012.02.09 16:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)
DRV:64bit: - [2012.01.13 12:52:38 | 000,031,016 | ---- | M] (ASRock Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AsrRamDisk.sys -- (AsrRamDisk)
DRV:64bit: - [2011.12.05 22:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.08.23 15:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.07.04 15:19:34 | 001,632,128 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed)
DRV:64bit: - [2011.05.10 16:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.11.18 01:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8B AE EC 3F 87 38 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
IE - HKCU\..\SearchScopes\{4C8F3E2C-A122-408a-86C4-059AC1EC6A12}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF %3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.4: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{go ogle:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - Extension: Google Docs = C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SciLor's Grooveshark(tm) Unlocker = C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\feegenemlbjkbnfpgdmjddbeiecdbpob\0.3.3_0\
CHR - Extension: AdBlock = C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\
CHR - Extension: Google Mail = C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [XFast LAN] C:\Programme\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [XFastUSB] C:\Program Files (x86)\XFastUSB\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKCU..\Run: [ASRockXTU] File not found
O4 - HKCU..\Run: [zASRockInstantBoot] File not found
O4 - Startup: C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.188.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75DAE2F7-FB78-476B-9338-9541D2050005}: DhcpNameServer = 192.168.188.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f8903caf-a3d5-11e2-a287-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f8903caf-a3d5-11e2-a287-806e6f6e6963}\Shell\AutoRun\command - "" = D:\ASRSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1
[2013.07.07 02:47:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tristan\Desktop\OTL.exe
[2013.07.07 01:54:30 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2013.07.07 01:54:30 | 000,000,000 | ---D | C] -- C:\Users\Tristan\AppData\Roaming\Spyware Terminator
[2013.07.07 01:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2013.07.07 01:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2013.07.07 01:54:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2013.06.23 10:41:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.06.21 19:41:16 | 000,000,000 | ---D | C] -- C:\Users\Tristan\AppData\Roaming\LolClient
[2013.06.21 18:57:37 | 000,000,000 | ---D | C] -- C:\Riot Games
[2013.06.21 18:33:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\League of Legends
[2013.06.21 18:32:55 | 000,000,000 | ---D | C] -- C:\Users\Tristan\AppData\Local\PMB Files
[2013.06.21 18:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013.06.21 18:32:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013.06.21 18:32:38 | 000,000,000 | ---D | C] -- C:\Users\Tristan\.swt
[2013.06.14 15:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.06.14 15:54:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013.06.14 15:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2013.06.14 15:54:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2013.06.14 15:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013.06.14 15:53:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013.06.14 15:53:54 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013.06.14 15:53:33 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013.06.14 15:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
[2013.06.14 15:28:56 | 000,000,000 | ---D | C] -- C:\Fraps
[2013.06.13 00:28:22 | 000,000,000 | ---D | C] -- C:\Users\Tristan\AppData\Local\IW4M
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.07.07 02:48:43 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.07 02:48:43 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.07 02:47:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tristan\Desktop\OTL.exe
[2013.07.07 02:46:51 | 000,000,168 | ---- | M] () -- C:\Users\Tristan\defogger_reenable
[2013.07.07 02:40:39 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2013.07.07 02:40:39 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013.07.07 02:40:35 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.07 02:40:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.07 02:40:25 | 2118,393,855 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.07 01:54:30 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2013.07.07 01:32:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.05 11:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013.07.03 23:30:07 | 000,001,354 | ---- | M] () -- C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2013.06.26 12:14:13 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.06.24 15:05:07 | 000,001,166 | ---- | M] () -- C:\Users\Tristan\Desktop\CoreTemp.ini
[2013.06.23 15:11:13 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.23 15:11:13 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.23 15:11:13 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.23 15:11:13 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.23 15:11:13 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.22 12:51:21 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.06.22 12:51:21 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.06.22 12:51:01 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.06.21 19:01:39 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2013.06.21 18:33:33 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.06.12 17:12:13 | 000,010,550 | ---- | M] () -- C:\Users\Tristan\Desktop\battlefield_3_premium_key_14000763_F6S2CPSM.jpg
[2013.06.12 17:12:03 | 000,012,110 | ---- | M] () -- C:\Users\Tristan\Desktop\battlefield_3_key_multiplayer_head_start_kit_key_42592210_XJJNYMTU.jpg
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.07.07 02:46:51 | 000,000,168 | ---- | C] () -- C:\Users\Tristan\defogger_reenable
[2013.07.03 23:29:51 | 000,001,354 | ---- | C] () -- C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2013.06.21 19:01:39 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2013.06.13 00:28:25 | 000,001,120 | ---- | C] () -- C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play IW4M (Modern Warfare 2).lnk
[2013.06.12 17:12:13 | 000,010,550 | ---- | C] () -- C:\Users\Tristan\Desktop\battlefield_3_premium_key_14000763_F6S2CPSM.jpg
[2013.06.12 17:12:03 | 000,012,110 | ---- | C] () -- C:\Users\Tristan\Desktop\battlefield_3_key_multiplayer_head_start_kit_key_42592210_XJJNYMTU.jpg
[2013.04.14 01:24:42 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.04.14 01:24:42 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.04.13 22:45:32 | 001,588,762 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.04.13 22:00:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.04.13 21:34:12 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2013.04.13 21:34:12 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2013.04.13 21:34:12 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2013.04.13 21:34:11 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013.04.13 21:34:11 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013.04.13 21:32:51 | 000,000,003 | ---- | C] () -- C:\Users\Tristan\AppData\Local\user_data.ini
[2013.04.13 21:24:59 | 013,026,816 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2013.04.13 21:24:59 | 000,755,572 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2013.04.13 21:24:59 | 000,559,972 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2013.04.13 21:24:59 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013.03.29 04:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013.03.29 04:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2012.12.19 21:52:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.12.19 21:52:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.11.27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.05.26 20:28:58 | 000,000,000 | ---D | M] -- C:\Users\Tristan\AppData\Roaming\DAEMON Tools Lite
[2013.04.16 02:47:31 | 000,000,000 | ---D | M] -- C:\Users\Tristan\AppData\Roaming\DeviceVm
[2013.05.06 00:37:50 | 000,000,000 | ---D | M] -- C:\Users\Tristan\AppData\Roaming\Leadertech
[2013.06.21 19:41:16 | 000,000,000 | ---D | M] -- C:\Users\Tristan\AppData\Roaming\LolClient
[2013.05.26 20:26:42 | 000,000,000 | ---D | M] -- C:\Users\Tristan\AppData\Roaming\OpenCandy
[2013.04.26 11:24:01 | 000,000,000 | ---D | M] -- C:\Users\Tristan\AppData\Roaming\OpenOffice.org
[2013.06.08 20:53:52 | 000,000,000 | ---D | M] -- C:\Users\Tristan\AppData\Roaming\Origin
[2013.07.07 01:54:30 | 000,000,000 | ---D | M] -- C:\Users\Tristan\AppData\Roaming\Spyware Terminator
[2013.04.29 02:16:12 | 000,000,000 | ---D | M] -- C:\Users\Tristan\AppData\Roaming\The Creative Assembly
[2013.07.04 17:12:56 | 000,000,000 | ---D | M] -- C:\Users\Tristan\AppData\Roaming\TS3Client

========== Purity Check ==========



< End of report >

Extras:
OTL Extras logfile created on: 07.07.2013 02:49:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tristan\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,96 Gb Total Physical Memory | 6,32 Gb Available Physical Memory | 79,36% Memory free
15,93 Gb Paging File | 14,09 Gb Available in Paging File | 88,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 290,90 Gb Free Space | 62,47% Space Free | Partition Type: NTFS

Computer Name: TRISTAN-PC | User Name: Tristan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0276DA22-EFED-4267-AFD3-7EADC03BA1D7}" = lport=57544 | protocol=17 | dir=in | name=pando media booster |
"{8AF8EDBD-0C2E-4DB7-872E-FB447AAA6C8B}" = lport=57544 | protocol=6 | dir=in | name=pando media booster |
"{CD2E4394-8E53-4243-9CAA-B5E764417A07}" = lport=57544 | protocol=17 | dir=in | name=pando media booster |
"{D2AE67BC-3A4D-47D0-9BC4-A9EF8208C524}" = lport=57544 | protocol=6 | dir=in | name=pando media booster |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{097778E2-7ED0-49F1-A76B-2116B15A0B1A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0F28B379-CB8C-42F1-93A5-CB9EA16DD6CC}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{19F43090-2DDC-46A3-9D40-750E3FE7BA65}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe |
"{1CF977CA-EEB4-4272-A117-4062DF07DF7D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{21B18E58-A65E-4AE7-8FAA-7B731369A6ED}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{223EA740-23ED-4EFC-AFAD-F61BDAC0A3B2}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2A0FA25C-A4CE-46C5-815D-963E9371F145}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{2A29D970-E0C9-4F97-AA4E-5B063C09AA88}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{342741C9-8699-4FB8-B470-A409684C5715}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{3B97C120-0145-4347-85B3-9CA10FDFF0DE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe |
"{3C157466-5625-462A-858A-542320FD6F86}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{440EA94A-1D95-4E29-B238-3ADCA9EAC556}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"{5B6D6E91-8099-48B2-A7E4-85794C5054BF}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{64871FB3-04F7-458B-B5B3-0D35864DE777}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{7121BB76-2044-4080-9E7A-65323C192FFB}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{87DE00C1-2A39-4BE8-8B7F-926BC9AF1CEE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{8ACC5AF1-C978-446C-A887-47CEF7698D43}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{92BCFFD3-1FE6-42F5-B9F2-8849A8D0D4EA}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9516962C-6142-47F3-BCF0-8EA4999A6AEA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{97A16679-E744-4524-A25C-E021825779B0}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{9933076B-C4A7-4392-96D7-D3C91F27AF05}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A0C6BC46-870C-4335-87CD-62D98DDFF671}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A0DCD29E-0741-4566-9717-04010D60FAB6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A91A1B09-B693-4953-A700-8D00FC0FD427}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{B1808168-CD7A-4A4B-9E09-E647F5E3C3BE}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{B5A7672C-A2BF-48B6-B85E-A658CE0F1D78}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C0ACF8FC-22FF-486F-B915-97A0CD9C76D1}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe |
"{DBC3F649-5FD7-4590-B86B-AA35349180C3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{E23BBD37-B2C1-497F-B255-8E3702159FDD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{E33A788C-C971-44EA-BE07-15C52D5BB37C}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{E3C6003A-130B-4C88-8015-73AD6EBEA746}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{E81614BA-7B0A-482B-B3C3-AB79F261C4BD}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{ED79BE0D-5B85-43AC-A8F4-8617F6F6B390}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{EDE20C98-EA3E-4975-BD44-8894BD789BE9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{F252B95E-328C-41C1-B433-5A9330FB79D8}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{F7835B36-3CDF-45C1-901B-9C9FD8002DC9}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"{FAEF6B7F-8784-42BF-9FE4-ED6680B8770C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe |
"{FD8B2538-638F-455D-8F7E-BAE9AB2D60B2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"TCP Query User{0747B6E8-D366-4A38-9528-82D31303D31A}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe |
"TCP Query User{81BFD8CC-C890-4B42-A96E-D2D6AE6AADD7}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"TCP Query User{A9C27E02-D316-4B38-BB5B-F382A24A41DC}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{B87016D3-56F8-4BDF-9BD4-3AC566649B00}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{BF733011-B984-4703-9A14-5C7282191C7D}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{C2C05653-340F-4ABD-9ECE-A88690F37C02}C:\users\tristan\appdata\local\iw4m\iw4m.dat" = protocol=6 | dir=in | app=c:\users\tristan\appdata\local\iw4m\iw4m.dat |
"TCP Query User{F3AC80CD-6AAB-4A6E-A049-9EDB214B50F7}C:\users\tristan\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\tristan\appdata\local\temp\gw2.exe |
"UDP Query User{0703E576-3FCE-4401-8BDA-F01ED8592112}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{160EF2A1-86EE-445E-BFFF-9D5B8540B93C}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"UDP Query User{57610685-2989-4D65-9E12-F48E0A53560B}C:\users\tristan\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\tristan\appdata\local\temp\gw2.exe |
"UDP Query User{935BF5F2-5680-42DD-83DD-A12E537E640F}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe |
"UDP Query User{AD9B954B-C58F-4EBA-BC56-90CCB8CF4785}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{BB478420-A876-4AA3-A77A-7DAE768A7FBE}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{C0A92CBF-7E4F-4E95-A782-A10A94B6FE6C}C:\users\tristan\appdata\local\iw4m\iw4m.dat" = protocol=17 | dir=in | app=c:\users\tristan\appdata\local\iw4m\iw4m.dat |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003B37AE-21F5-5BC5-F5EB-CD60A8928696}" = AMD Accelerated Video Transcoding
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{35D00343-3BFA-46A1-C6DD-FFD770501E0B}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{54F8B6C7-9B25-4E85-A1E0-26CFB80DE787}" = Intel(R) Smart Connect Technology 2.0 x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{653B9326-BD45-53BE-681A-A49CAAEE8A3C}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{AAFE68DD-A2D5-BDBF-E1B2-CB01DEFD6EB0}" = AMD Media Foundation Decoders
"{C8807716-1F6F-5C43-3C32-7295A45CF060}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ASRock App Charger_is1" = ASRock App Charger v1.0.5
"ASRock SmartConnect_is1" = ASRock SmartConnect v1.0.6
"ASRock XFast RAM_is1" = ASRock XFast RAM v2.0.9
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"XFast LAN" = XFast LAN v6.61

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{09D5819F-0F1A-4480-A112-B5CCA58D9773}_is1" = Darkest Hour
"{13464292-6666-B2DB-1B0C-A3FE14DAD1F9}" = CCC Help Dutch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{2470F2F2-8491-5A0B-B8F5-8B72A8D74597}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{338CD56F-1CDC-CF32-33F6-DED2DF92284E}" = CCC Help French
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{46458556-5C46-79A9-A6FF-81DF1F8B2729}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{519D68B8-A768-4CDC-E4C9-B115D49CED93}" = CCC Help Norwegian
"{51D383BC-D988-8C1E-FAA1-BC5260A32A87}" = CCC Help Polish
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{67A4760F-9804-CCF6-C319-27840ED77924}" = CCC Help Korean
"{6BE5E4A9-D88B-532D-26E6-883C32BF098A}" = CCC Help Thai
"{6E0D26C1-4265-1D02-4D19-D0A8F6A463F8}" = Catalyst Control Center
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DD62206-7B6C-E32E-BD11-B49B3B089D16}" = CCC Help Danish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9739158D-EDED-D628-9865-1460B5A7FAE3}" = CCC Help Portuguese
"{9809124C-0C4C-2367-7889-1E16D8EF1AAF}" = CCC Help Chinese Standard
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A6E1EE9D-01DD-82FD-BDBC-193BCEF9FD5C}" = CCC Help Greek
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB13F192-49FC-A065-F15C-746B10CC43C8}" = CCC Help Japanese
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AE548812-D611-608D-61C6-7E40F28573A2}" = CCC Help Russian
"{AFB907F5-C0E6-4753-8284-DE955EF86AC2}" = THX TruStudio
"{BC63AEF9-1367-9F7C-5926-52E56450EDCD}" = CCC Help Spanish
"{C1E2D27F-B363-588E-8859-9EF7F4EBF418}" = CCC Help Chinese Traditional
"{D76AC809-CCC1-6198-4970-A63FA5CF7DCB}" = CCC Help Swedish
"{D7ECDD70-EBAB-42AD-8BE3-2F4D1CEC70A7}" = DayZ Commander
"{DA675EE2-4C04-9699-0EE2-7EF9FE7AB870}" = CCC Help German
"{E06F7C95-4D68-63D9-2231-AA5F8E186FCB}" = CCC Help English
"{E21A8F3C-1ACB-46B1-CE72-E9CF09549DED}" = Catalyst Control Center Localization All
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E2F52AC2-B925-C18F-E1AE-42FBD46ECAC7}" = CCC Help Czech
"{E649AC39-69C0-C6FE-0A54-4752DB5D1FD2}" = Catalyst Control Center Graphics Previews Common
"{E9463114-898C-7C2A-2C47-E9ABC63F5D43}" = CCC Help Finnish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FF10AC4D-3349-99DA-3E58-5197CEA1D833}" = CCC Help Italian
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFEC93FF-C162-C0C3-B5E7-01214B0E5F2D}" = CCC Help Turkish
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.263
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.29
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Lite" = DAEMON Tools Lite
"DarthMod Napoleon" = DarthMod Napoleon
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps
"Google Chrome" = Google Chrome
"Guild Wars" = GUILD WARS
"Guild Wars 2" = Guild Wars 2
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 33910" = Arma 2
"Steam App 33930" = Arma 2: Operation Arrowhead
"Steam App 34030" = Napoleon: Total War
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"XFastUSB" = XFastUSB

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 06.07.2013 10:48:00 | Computer Name = Tristan-PC | Source = ISCT Agent | ID = 1003
Description =

Error - 06.07.2013 10:49:40 | Computer Name = Tristan-PC | Source = WinMgmt | ID = 10
Description =

Error - 06.07.2013 13:19:36 | Computer Name = Tristan-PC | Source = ISCT Agent | ID = 1003
Description =

Error - 06.07.2013 13:21:16 | Computer Name = Tristan-PC | Source = WinMgmt | ID = 10
Description =

Error - 06.07.2013 13:39:29 | Computer Name = Tristan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16611,
Zeitstempel: 0x5191e7aa Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x4a801f90 ID des fehlerhaften
Prozesses: 0xce0 Startzeit der fehlerhaften Anwendung: 0x01ce7a6fb8195003 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 01ec696d-e663-11e2-bb5a-bc5ff465885f

Error - 06.07.2013 18:07:58 | Computer Name = Tristan-PC | Source = ISCT Agent | ID = 1003
Description =

Error - 06.07.2013 18:09:35 | Computer Name = Tristan-PC | Source = WinMgmt | ID = 10
Description =

Error - 06.07.2013 20:07:35 | Computer Name = Tristan-PC | Source = ISCT Agent | ID = 1003
Description =

Error - 06.07.2013 20:40:39 | Computer Name = Tristan-PC | Source = ISCT Agent | ID = 1003
Description =

Error - 06.07.2013 20:42:20 | Computer Name = Tristan-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 05.07.2013 05:26:20 | Computer Name = Tristan-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 05.07.2013 06:57:47 | Computer Name = Tristan-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 05.07.2013 13:30:37 | Computer Name = Tristan-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 05.07.2013 17:00:24 | Computer Name = Tristan-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 06.07.2013 09:31:00 | Computer Name = Tristan-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 06.07.2013 10:48:46 | Computer Name = Tristan-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 06.07.2013 13:20:25 | Computer Name = Tristan-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 06.07.2013 18:08:42 | Computer Name = Tristan-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 06.07.2013 20:08:34 | Computer Name = Tristan-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 06.07.2013 20:41:38 | Computer Name = Tristan-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom


< End of report >

Gmer:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-07 03:27:16
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST500DM0 rev.1AJ1 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Tristan\AppData\Local\Temp\fwdirfoc.sys


---- User code sections - GMER 2.1 ----

.text C:\Windows\SysWOW64\PnkBstrA.exe[2212] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073ad1a22 2 bytes [AD, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2212] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073ad1ad0 2 bytes [AD, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2212] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073ad1b08 2 bytes [AD, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2212] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073ad1bba 2 bytes [AD, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2212] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073ad1bda 2 bytes [AD, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b21465 2 bytes [B2, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b214bb 2 bytes [B2, 75]
.text ... * 2

---- EOF - GMER 2.1 ----

Da ich mir nicht sicher bin, ob es für euch wichtig ist: Ich habe Antivir nicht so schnell beendet gekriegt, deswegen habe ich es deinstalliert, aber nach dem Scan wieder installiert.

Ich entschuldige mich schon mal dafür, dass ich keine Spoiler benutzt habe, irgendwie habe ich es nicht hingekriegt.

Ich hoffe ihr könnt mir helfen.
Mit freundlichen Grüßen,
Semmel

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

• Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
• Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
• Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
• Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für die schnelle Antwort,

ich habe den Scan durchgeführt und hier sind die Ergebnisse:

FRST:

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by Tristan (administrator) on 07-07-2013 13:18:01
Running from C:\Users\Tristan\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\SCHED.EXE
(Avira Operations GmbH & Co. KG) C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVGUARD.EXE
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(cFos Software GmbH) C:\PROGRAM FILES\ASROCK\XFAST LAN\CFOSSPEED.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Crawler.com) C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE
(Crawler.com) C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORUPDATE.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Creative Technology Ltd) C:\PROGRAM FILES (X86)\CREATIVE\THX TRUSTUDIO\THXNBSET\THXAUDNB.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Oracle Corporation) C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE
(Avira Operations GmbH & Co. KG) C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVGNT.EXE
(APN) C:\PROGRAM FILES (X86)\ASKPARTNERNETWORK\TOOLBAR\UPDATER\TBNOTIFIER.EXE
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(Avira Operations GmbH & Co. KG) C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVWEBGRD.EXE
(Advanced Micro Devices Inc.) C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\MOM.EXE
(ATI Technologies Inc.) C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CCC.EXE
(Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORICON.EXE
(Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORDATAMGRSVC.EXE
(Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\LMS\LMS.EXE
(Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\UNS\UNS.EXE
(Microsoft Corporation) C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\INSTALL\MPAS-FE.EXE
(Microsoft Corporation) C:\8731FCDFC4A699DAFC296FA430D64B79\MPSIGSTUB.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-10-19] (cFos Software GmbH)
HKLM\...\Run: [THXCfg64] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [26624 2011-05-13] (Creative Technology Ltd.)
HKLM\...\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-04-03] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKCU\...\Run: [ASRockXTU]  [x]
HKCU\...\Run: [zASRockInstantBoot]  [x]
MountPoints2: {f8903caf-a3d5-11e2-a287-806e6f6e6963} - D:\ASRSetup.exe
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe" [5019360 2013-04-13] (FNet Co., Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [1558480 2013-07-03] (APN)
Startup: C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.188.1
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\19.52819_0
CHR Extension: (Google Docs) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (SciLor's Grooveshark(tm) Unlocker) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\feegenemlbjkbnfpgdmjddbeiecdbpob\0.3.3_0
CHR Extension: (AdBlock) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0
CHR Extension: (Gmail) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-06-20] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-03] (APN LLC.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [53248 2013-05-21] ()
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-04-14] ()
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1149104 2013-04-03] (Crawler.com)

==================== Drivers (Whitelisted) ====================

R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-06-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-06-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-26] (DT Soft Ltd)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-05-26] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-04-13] (FNet Co., Ltd.)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2013-07-07] (Windows (R) Win 7 DDK provider)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2013-07-07] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-07 13:17 - 2013-07-07 13:17 - 00000000 ____D C:\FRST
2013-07-07 13:16 - 2013-07-07 13:17 - 01934636 ____A (Farbar) C:\Users\Tristan\Downloads\FRST64.exe
2013-07-07 13:12 - 2013-07-07 13:12 - 00094656 ____A (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp
2013-07-07 03:38 - 2013-07-07 03:38 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Avira
2013-07-07 03:33 - 2013-07-07 03:33 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-07-07 03:33 - 2013-07-07 03:33 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Mozilla
2013-07-07 03:33 - 2013-07-07 03:33 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-07-07 03:33 - 2013-07-07 03:33 - 00000000 ____D C:\ProgramData\APN
2013-07-07 03:33 - 2013-07-07 03:33 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-07-07 03:32 - 2013-07-07 03:32 - 00000000 ____D C:\ProgramData\Avira
2013-07-07 03:32 - 2013-07-07 03:32 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-07 03:32 - 2013-06-20 14:48 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-07-07 03:32 - 2013-06-20 14:48 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-07-07 03:32 - 2013-03-06 16:13 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-07-07 03:27 - 2013-07-07 03:27 - 00001436 ____A C:\Users\Tristan\Desktop\gmer.txt
2013-07-07 03:12 - 2013-07-07 03:12 - 00377856 ____A C:\Users\Tristan\Downloads\gmer_2.1.19163.exe
2013-07-07 03:11 - 2013-07-07 03:11 - 104943936 ____A C:\Users\Tristan\Downloads\avira3737_free_antivirus_de.exe
2013-07-07 02:54 - 2013-07-07 02:54 - 00053338 ____A C:\Users\Tristan\Desktop\Extras.Txt
2013-07-07 02:53 - 2013-07-07 02:53 - 00082074 ____A C:\Users\Tristan\Desktop\OTL.Txt
2013-07-07 02:47 - 2013-07-07 02:47 - 00602112 ____A (OldTimer Tools) C:\Users\Tristan\Desktop\OTL.exe
2013-07-07 02:46 - 2013-07-07 02:46 - 00050477 ____A C:\Users\Tristan\Downloads\Defogger.exe
2013-07-07 02:46 - 2013-07-07 02:46 - 00000546 ____A C:\Users\Tristan\Downloads\defogger_disable.log
2013-07-07 02:46 - 2013-07-07 02:46 - 00000168 ____A C:\Users\Tristan\defogger_reenable
2013-07-07 01:54 - 2013-07-07 02:07 - 00000000 ____D C:\ProgramData\Spyware Terminator
2013-07-07 01:54 - 2013-07-07 01:54 - 05049344 ____A (Crawler.com                                                 ) C:\Users\Tristan\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2013-07-07 01:54 - 2013-07-07 01:54 - 00051496 ____A (Windows (R) Win 7 DDK provider) C:\Windows\System32\Drivers\stflt.sys
2013-07-07 01:54 - 2013-07-07 01:54 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Spyware Terminator
2013-07-07 01:54 - 2013-07-07 01:54 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2013-06-23 10:41 - 2013-06-23 10:41 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-23 10:41 - 2013-06-23 10:41 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-23 10:41 - 2013-06-23 10:41 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-23 10:41 - 2013-06-23 10:41 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-23 10:41 - 2013-06-23 10:41 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-22 18:26 - 2013-06-22 18:26 - 141110624 ____A (Advanced Micro Devices, Inc.) C:\Users\Tristan\Downloads\13-4_win7_win8_64_dd_ccc_whql.exe
2013-06-22 01:31 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-22 01:31 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-22 01:31 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-22 01:31 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-22 01:31 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-22 01:31 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-22 01:31 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-22 01:31 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-22 01:31 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-22 01:31 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-22 01:31 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-22 01:31 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-21 19:41 - 2013-06-21 19:41 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\LolClient
2013-06-21 19:01 - 2013-06-21 19:01 - 00001722 ____A C:\Users\Public\Desktop\League of Legends spielen .lnk
2013-06-21 19:01 - 2008-07-12 08:18 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-06-21 19:01 - 2008-07-12 08:18 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-06-21 19:01 - 2008-07-12 08:18 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-06-21 18:57 - 2013-06-21 18:57 - 00000000 ____D C:\Riot Games
2013-06-21 18:33 - 2013-06-21 18:46 - 00000000 ____D C:\Program Files (x86)\League of Legends
2013-06-21 18:32 - 2013-06-27 13:21 - 00000000 ____D C:\Users\Tristan\AppData\Local\PMB Files
2013-06-21 18:32 - 2013-06-27 13:21 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-21 18:32 - 2013-06-21 18:32 - 03461416 ____A C:\Users\Tristan\Downloads\LeagueofLegends.exe
2013-06-21 18:32 - 2013-06-21 18:32 - 00000000 ____D C:\Users\Tristan\.swt
2013-06-21 18:32 - 2013-06-21 18:32 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\ProgramData\ATI
2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-06-14 15:53 - 2013-06-14 15:54 - 00000000 ____D C:\Program Files\ATI Technologies
2013-06-14 15:53 - 2013-06-14 15:53 - 00000000 ____D C:\Program Files\ATI
2013-06-14 15:53 - 2013-06-14 15:53 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2013-06-14 15:28 - 2013-06-14 15:34 - 00000000 ____D C:\Fraps
2013-06-13 00:28 - 2013-06-13 00:29 - 00000000 ____D C:\Users\Tristan\AppData\Local\IW4M
2013-06-12 21:00 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 21:00 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 21:00 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 21:00 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 21:00 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 21:00 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 21:00 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 21:00 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 21:00 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 21:00 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 21:00 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 21:00 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 21:00 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 21:00 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 21:00 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 21:00 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 21:00 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 21:00 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 21:00 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 13:09 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 13:09 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 13:09 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 13:09 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 13:09 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 13:09 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 13:09 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 13:09 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 13:09 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 13:09 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 13:09 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 13:09 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 13:09 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 13:09 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 13:09 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 13:09 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 13:09 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 13:09 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 13:09 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-07 13:18 - 2013-04-13 21:08 - 01964930 ____A C:\Windows\WindowsUpdate.log
2013-07-07 13:17 - 2013-07-07 13:17 - 00000000 ____D C:\FRST
2013-07-07 13:17 - 2013-07-07 13:16 - 01934636 ____A (Farbar) C:\Users\Tristan\Downloads\FRST64.exe
2013-07-07 13:12 - 2013-07-07 13:12 - 00094656 ____A (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp
2013-07-07 13:12 - 2013-04-13 23:20 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-07 13:12 - 2013-04-13 21:32 - 00034752 ____A C:\Windows\System32\Drivers\WPRO_41_2001.sys
2013-07-07 13:12 - 2013-04-13 21:30 - 00000828 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-07-07 13:12 - 2010-11-21 05:47 - 00636324 ____A C:\Windows\PFRO.log
2013-07-07 13:12 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-07 13:12 - 2009-07-14 06:51 - 00044129 ____A C:\Windows\setupact.log
2013-07-07 03:38 - 2013-07-07 03:38 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Avira
2013-07-07 03:38 - 2009-07-14 06:45 - 00021856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-07 03:38 - 2009-07-14 06:45 - 00021856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-07 03:33 - 2013-07-07 03:33 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-07-07 03:33 - 2013-07-07 03:33 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Mozilla
2013-07-07 03:33 - 2013-07-07 03:33 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-07-07 03:33 - 2013-07-07 03:33 - 00000000 ____D C:\ProgramData\APN
2013-07-07 03:33 - 2013-07-07 03:33 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-07-07 03:32 - 2013-07-07 03:32 - 00000000 ____D C:\ProgramData\Avira
2013-07-07 03:32 - 2013-07-07 03:32 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-07 03:32 - 2013-04-13 23:20 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-07 03:27 - 2013-07-07 03:27 - 00001436 ____A C:\Users\Tristan\Desktop\gmer.txt
2013-07-07 03:12 - 2013-07-07 03:12 - 00377856 ____A C:\Users\Tristan\Downloads\gmer_2.1.19163.exe
2013-07-07 03:11 - 2013-07-07 03:11 - 104943936 ____A C:\Users\Tristan\Downloads\avira3737_free_antivirus_de.exe
2013-07-07 02:54 - 2013-07-07 02:54 - 00053338 ____A C:\Users\Tristan\Desktop\Extras.Txt
2013-07-07 02:53 - 2013-07-07 02:53 - 00082074 ____A C:\Users\Tristan\Desktop\OTL.Txt
2013-07-07 02:47 - 2013-07-07 02:47 - 00602112 ____A (OldTimer Tools) C:\Users\Tristan\Desktop\OTL.exe
2013-07-07 02:46 - 2013-07-07 02:46 - 00050477 ____A C:\Users\Tristan\Downloads\Defogger.exe
2013-07-07 02:46 - 2013-07-07 02:46 - 00000546 ____A C:\Users\Tristan\Downloads\defogger_disable.log
2013-07-07 02:46 - 2013-07-07 02:46 - 00000168 ____A C:\Users\Tristan\defogger_reenable
2013-07-07 02:46 - 2013-04-13 21:08 - 00000000 ____D C:\users\Tristan
2013-07-07 02:07 - 2013-07-07 01:54 - 00000000 ____D C:\ProgramData\Spyware Terminator
2013-07-07 01:54 - 2013-07-07 01:54 - 05049344 ____A (Crawler.com                                                 ) C:\Users\Tristan\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2013-07-07 01:54 - 2013-07-07 01:54 - 00051496 ____A (Windows (R) Win 7 DDK provider) C:\Windows\System32\Drivers\stflt.sys
2013-07-07 01:54 - 2013-07-07 01:54 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Spyware Terminator
2013-07-07 01:54 - 2013-07-07 01:54 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2013-07-06 22:03 - 2013-04-13 23:25 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-06 19:39 - 2013-04-29 02:16 - 00000000 ____D C:\Users\Tristan\AppData\Local\CrashDumps
2013-07-06 15:30 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-05 11:51 - 2013-04-13 21:30 - 00000830 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-07-04 17:12 - 2013-04-15 11:31 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\TS3Client
2013-07-04 00:27 - 2013-05-06 00:37 - 00038716 ____A C:\Windows\LDPINST.LOG
2013-07-04 00:27 - 2013-05-06 00:37 - 00000000 ____D C:\ProgramData\Logitech
2013-07-04 00:27 - 2013-05-06 00:37 - 00000000 ____D C:\ProgramData\Logishrd
2013-07-03 23:29 - 2013-05-06 00:37 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2013-07-03 23:29 - 2013-05-06 00:37 - 00001020 ____A C:\Windows\LkmdfCoInst.log
2013-07-01 23:27 - 2013-04-14 11:57 - 00000000 ____D C:\Users\Tristan\Documents\StarCraft II
2013-06-30 19:20 - 2013-04-14 12:31 - 00000000 ____D C:\Program Files (x86)\Steam
2013-06-27 23:08 - 2013-04-20 13:47 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Skype
2013-06-27 13:21 - 2013-06-21 18:32 - 00000000 ____D C:\Users\Tristan\AppData\Local\PMB Files
2013-06-27 13:21 - 2013-06-21 18:32 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-24 15:05 - 2013-04-14 00:42 - 00001166 ____A C:\Users\Tristan\Desktop\CoreTemp.ini
2013-06-23 15:11 - 2011-04-12 09:43 - 00696620 ____A C:\Windows\System32\perfh007.dat
2013-06-23 15:11 - 2011-04-12 09:43 - 00147916 ____A C:\Windows\System32\perfc007.dat
2013-06-23 15:11 - 2009-07-14 07:13 - 01612484 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-23 10:41 - 2013-06-23 10:41 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-23 10:41 - 2013-06-23 10:41 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-23 10:41 - 2013-06-23 10:41 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-23 10:41 - 2013-06-23 10:41 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-23 10:41 - 2013-06-23 10:41 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-23 10:41 - 2013-04-14 12:20 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-23 10:41 - 2013-04-14 12:20 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-22 18:26 - 2013-06-22 18:26 - 141110624 ____A (Advanced Micro Devices, Inc.) C:\Users\Tristan\Downloads\13-4_win7_win8_64_dd_ccc_whql.exe
2013-06-22 12:51 - 2013-04-14 02:13 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2013-06-22 12:51 - 2013-04-14 01:24 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2013-06-22 12:51 - 2013-04-14 01:24 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2013-06-21 19:41 - 2013-06-21 19:41 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\LolClient
2013-06-21 19:01 - 2013-06-21 19:01 - 00001722 ____A C:\Users\Public\Desktop\League of Legends spielen .lnk
2013-06-21 18:57 - 2013-06-21 18:57 - 00000000 ____D C:\Riot Games
2013-06-21 18:57 - 2013-04-13 21:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-21 18:46 - 2013-06-21 18:33 - 00000000 ____D C:\Program Files (x86)\League of Legends
2013-06-21 18:33 - 2013-04-13 23:21 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-21 18:32 - 2013-06-21 18:32 - 03461416 ____A C:\Users\Tristan\Downloads\LeagueofLegends.exe
2013-06-21 18:32 - 2013-06-21 18:32 - 00000000 ____D C:\Users\Tristan\.swt
2013-06-21 18:32 - 2013-06-21 18:32 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-06-21 18:11 - 2013-04-14 11:57 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2013-06-21 17:56 - 2013-04-14 02:12 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-06-20 14:48 - 2013-07-07 03:32 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-20 14:48 - 2013-07-07 03:32 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\ProgramData\ATI
2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-06-14 15:54 - 2013-06-14 15:53 - 00000000 ____D C:\Program Files\ATI Technologies
2013-06-14 15:54 - 2013-04-13 21:55 - 00000000 ____D C:\ProgramData\AMD
2013-06-14 15:53 - 2013-06-14 15:53 - 00000000 ____D C:\Program Files\ATI
2013-06-14 15:53 - 2013-06-14 15:53 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2013-06-14 15:34 - 2013-06-14 15:28 - 00000000 ____D C:\Fraps
2013-06-13 19:00 - 2013-04-20 13:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-13 19:00 - 2013-04-20 13:47 - 00000000 ____D C:\ProgramData\Skype
2013-06-13 00:29 - 2013-06-13 00:28 - 00000000 ____D C:\Users\Tristan\AppData\Local\IW4M
2013-06-12 23:10 - 2013-04-13 23:25 - 00000000 ____D C:\ProgramData\Origin
2013-06-12 21:01 - 2013-04-13 22:29 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-08 20:53 - 2013-04-13 23:25 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Origin
2013-06-08 20:53 - 2013-04-13 23:25 - 00000000 ____D C:\Users\Tristan\AppData\Local\Origin
2013-06-08 16:08 - 2013-06-22 01:31 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-22 01:31 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-22 01:31 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-22 01:31 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-22 01:31 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-22 01:31 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-22 01:31 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-22 01:31 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-22 01:31 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-22 01:31 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-22 01:31 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-22 01:31 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

Files to move or delete:
====================
C:\ProgramData\NTUser.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-29 17:32

==================== End Of Log ============================
         

--- --- ---

--- --- ---



Addition:

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-07-2013
Ran by Tristan at 2013-07-07 13:18:38
Running from C:\Users\Tristan\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Acrobat.com (x32 Version: 0.0.0)
Acrobat.com (x32 Version: 1.1.377)
Adobe AIR (x32 Version: 1.0.4990)
Adobe AIR (x32 Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.169)
Adobe Flash Player 11 Plugin (x32 Version: 11.1.102.55)
Adobe Reader 9 (x32 Version: 9.0.0)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328)
AMD Catalyst Install Manager (Version: 8.0.911.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.80328.2204)
Arma 2 (x32)
Arma 2: Operation Arrowhead (x32)
ASRock App Charger v1.0.5
ASRock eXtreme Tuner v0.1.263 (x32)
ASRock InstantBoot v1.29 (x32)
ASRock SmartConnect v1.0.6
ASRock XFast RAM v2.0.9
Avira Free Antivirus (x32 Version: 13.0.0.3737)
Avira SearchFree Toolbar plus Web Protection (x32 Version: 12.2.1.477)
Battlefield 3™ (x32 Version: 1.6.0.0)
Battlelog Web Plugins (x32 Version: 2.1.7)
BattlEye for OA Uninstall (x32)
BattlEye Uninstall (x32)
Call of Duty: Modern Warfare 2 - Multiplayer (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2013.0328.2218.38225)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225)
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225)
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225)
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225)
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225)
CCC Help Czech (x32 Version: 2013.0328.2217.38225)
CCC Help Danish (x32 Version: 2013.0328.2217.38225)
CCC Help Dutch (x32 Version: 2013.0328.2217.38225)
CCC Help English (x32 Version: 2013.0328.2217.38225)
CCC Help Finnish (x32 Version: 2013.0328.2217.38225)
CCC Help French (x32 Version: 2013.0328.2217.38225)
CCC Help German (x32 Version: 2013.0328.2217.38225)
CCC Help Greek (x32 Version: 2013.0328.2217.38225)
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225)
CCC Help Italian (x32 Version: 2013.0328.2217.38225)
CCC Help Japanese (x32 Version: 2013.0328.2217.38225)
CCC Help Korean (x32 Version: 2013.0328.2217.38225)
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225)
CCC Help Polish (x32 Version: 2013.0328.2217.38225)
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225)
CCC Help Russian (x32 Version: 2013.0328.2217.38225)
CCC Help Spanish (x32 Version: 2013.0328.2217.38225)
CCC Help Swedish (x32 Version: 2013.0328.2217.38225)
CCC Help Thai (x32 Version: 2013.0328.2217.38225)
CCC Help Turkish (x32 Version: 2013.0328.2217.38225)
ccc-utility64 (Version: 2013.0328.2218.38225)
DAEMON Tools Lite (x32 Version: 4.47.1.0333)
Darkest Hour (x32)
DarthMod Napoleon (x32)
DayZ Commander (x32 Version: 0.92.79)
eReg (x32 Version: 1.20.138.34)
ESN Sonar (x32 Version: 0.70.4)
Fraps (x32)
Google Chrome (x32 Version: 27.0.1453.116)
Google Update Helper (x32 Version: 1.3.21.145)
GUILD WARS (x32)
Guild Wars 2 (x32)
Intel(R) Control Center (x32 Version: 1.2.1.1008)
Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.35342)
Intel(R) Management Engine Components (x32 Version: 8.0.3.1427)
Intel(R) OpenCL CPU Runtime (x32)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2761)
Intel(R) Rapid Storage Technology (x32 Version: 11.2.0.1006)
Intel(R) Smart Connect Technology 2.0 x64 (Version: 2.0.1083.0)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.220)
Intel® Trusted Connect Service Client (Version: 1.23.605.1)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
League of Legends (x32 Version: 1.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Napoleon: Total War (x32)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Origin (x32 Version: 9.1.15.109)
Pando Media Booster (x32 Version: 2.6.0.9)
PunkBuster Services (x32 Version: 0.991)
Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6482)
Skype™ 6.5 (x32 Version: 6.5.158)
Spyware Terminator 2012 (x32 Version: 3.0.0.82)
StarCraft II (x32 Version: 2.0.9.26147)
Steam (x32 Version: 1.0.0.0)
TeamSpeak 3 Client (Version: 3.0.10.1)
TechPowerUp GPU-Z (x32)
THX TruStudio (x32 Version: 1.00.01)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
XFast LAN v6.61 (Version: 6.61)
XFastUSB (x32 Version: 3.02.30)

==================== Restore Points  =========================

12-06-2013 18:59:55 Windows Update
21-06-2013 16:57:26 Installiert League of Legends
21-06-2013 23:30:45 Windows Update
23-06-2013 08:41:28 Installed Java 7 Update 25
07-07-2013 11:17:35 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {14361A76-5E8C-41E1-9A4E-4755989D8FCF} - System32\Tasks\{0C42D0AD-27F7-4B46-93E4-5509B00BE365} => C:\program files (x86)\google\chrome\application\chrome.exe [2013-06-15] (Google Inc.)
Task: {15A930FC-FE11-4DE6-979F-BFA5474C5ABF} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {1795E88E-0BC8-4F2B-933A-D89A46D31623} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {59EAC220-7558-46E2-847E-A1B70E6C2D61} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {891563EA-319C-4398-ADE8-AFAA019214BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-13] (Google Inc.)
Task: {8B342C98-1ABC-4ACF-A72B-E8E3471BE1B0} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {92C78106-7278-4B56-8ADC-F9DCCB3A8DAB} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {B70562EB-9B94-4FA5-9C02-46830C3406F6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-13] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/07/2013 01:14:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/07/2013 01:12:46 PM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (07/07/2013 03:32:00 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/07/2013 03:30:19 AM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (07/07/2013 02:42:20 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/07/2013 02:40:39 AM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (07/07/2013 02:07:35 AM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (07/07/2013 00:09:35 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/07/2013 00:07:58 AM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (07/06/2013 07:39:29 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16611, Zeitstempel: 0x5191e7aa
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x4a801f90
ID des fehlerhaften Prozesses: 0xce0
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3


System errors:
=============
Error: (07/07/2013 01:12:55 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (07/07/2013 03:30:29 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (07/07/2013 02:41:38 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (07/07/2013 02:08:34 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (07/07/2013 00:08:42 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (07/06/2013 07:20:25 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (07/06/2013 04:48:46 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (07/06/2013 03:31:00 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (07/05/2013 11:00:24 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (07/05/2013 07:30:37 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom


Microsoft Office Sessions:
=========================
Error: (07/07/2013 01:14:06 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/07/2013 01:12:46 PM) (Source: ISCT Agent)(User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (07/07/2013 03:32:00 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/07/2013 03:30:19 AM) (Source: ISCT Agent)(User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (07/07/2013 02:42:20 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/07/2013 02:40:39 AM) (Source: ISCT Agent)(User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (07/07/2013 02:07:35 AM) (Source: ISCT Agent)(User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (07/07/2013 00:09:35 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/07/2013 00:07:58 AM) (Source: ISCT Agent)(User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (07/06/2013 07:39:29 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.166115191e7aaunknown0.0.0.000000000c00000054a801f90ce001ce7a6fb8195003C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown01ec696d-e663-11e2-bb5a-bc5ff465885f


==================== Memory info =========================== 

Percentage of memory in use: 29%
Total physical RAM: 8155.01 MB
Available physical RAM: 5713.9 MB
Total Pagefile: 16308.21 MB
Available Pagefile: 13192.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:290.36 GB) NTFS (Disk=0 Partition=2)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 7F168691)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Mit freundlichen Grüßen,
Semmel

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop

• Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hallo,
hier sind die Ergebnisse:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 13-07-07.01 - Tristan 07.07.2013  13:58:58.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8155.5839 [GMT 2:00]
ausgeführt von:: c:\users\Tristan\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-07 bis 2013-07-07  ))))))))))))))))))))))))))))))
.
.
2013-07-07 12:03 . 2013-07-07 12:03	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-07 11:32 . 2013-07-07 11:32	94656	----a-w-	c:\windows\system32\WPRO_41_2001woem.tmp
2013-07-07 11:18 . 2013-06-17 00:10	9552976	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F4BB747-2987-4D7C-9505-AE146005B5D0}\mpengine.dll
2013-07-07 11:17 . 2013-07-07 11:17	--------	d-----w-	C:\FRST
2013-07-07 01:38 . 2013-07-07 01:38	--------	d-----w-	c:\users\Tristan\AppData\Roaming\Avira
2013-07-07 01:33 . 2013-07-07 01:33	83672	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-07-07 01:33 . 2013-07-07 01:33	--------	d-----w-	c:\programdata\APN
2013-07-07 01:32 . 2013-03-06 14:13	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-07-07 01:32 . 2013-06-20 12:48	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-07-07 01:32 . 2013-06-20 12:48	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-07-07 01:32 . 2013-07-07 01:32	--------	d-----w-	c:\programdata\Avira
2013-07-07 01:32 . 2013-07-07 01:32	--------	d-----w-	c:\program files (x86)\Avira
2013-07-06 23:54 . 2013-07-07 11:32	--------	d-----w-	c:\programdata\Spyware Terminator
2013-07-06 23:54 . 2013-07-06 23:54	51496	----a-w-	c:\windows\system32\drivers\stflt.sys
2013-07-06 23:54 . 2013-07-06 23:54	--------	d-----w-	c:\users\Tristan\AppData\Roaming\Spyware Terminator
2013-07-06 23:54 . 2013-07-06 23:54	--------	d-----w-	c:\program files (x86)\Spyware Terminator
2013-07-03 21:29 . 2013-07-03 21:29	53248	----a-r-	c:\users\Tristan\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-06-23 08:41 . 2013-06-23 08:41	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-23 08:41 . 2013-06-23 08:41	--------	d-----w-	c:\program files (x86)\Java
2013-06-21 17:41 . 2013-06-21 17:41	--------	d-----w-	c:\users\Tristan\AppData\Roaming\LolClient
2013-06-21 17:01 . 2008-07-12 06:18	467984	----a-w-	c:\windows\SysWow64\d3dx10_39.dll
2013-06-21 17:01 . 2008-07-12 06:18	1493528	----a-w-	c:\windows\SysWow64\D3DCompiler_39.dll
2013-06-21 17:01 . 2008-07-12 06:18	3851784	----a-w-	c:\windows\SysWow64\D3DX9_39.dll
2013-06-21 16:57 . 2013-06-21 16:57	--------	d-----w-	C:\Riot Games
2013-06-21 16:33 . 2013-06-21 16:46	--------	d-----w-	c:\program files (x86)\League of Legends
2013-06-21 16:32 . 2013-06-27 11:21	--------	d-----w-	c:\users\Tristan\AppData\Local\PMB Files
2013-06-21 16:32 . 2013-06-27 11:21	--------	d-----w-	c:\programdata\PMB Files
2013-06-21 16:32 . 2013-06-21 16:32	--------	d-----w-	c:\program files (x86)\Pando Networks
2013-06-21 16:32 . 2013-06-21 16:32	--------	d-----w-	c:\users\Tristan\.swt
2013-06-14 13:54 . 2013-06-14 13:54	--------	d-----w-	c:\programdata\ATI
2013-06-14 13:54 . 2013-06-14 13:54	--------	d-----w-	c:\program files (x86)\AMD AVT
2013-06-14 13:54 . 2013-06-14 13:54	--------	d-----w-	c:\program files\Common Files\ATI Technologies
2013-06-14 13:54 . 2013-06-14 13:54	--------	d-----w-	c:\program files (x86)\Common Files\ATI Technologies
2013-06-14 13:53 . 2013-06-14 13:53	--------	d-----w-	c:\program files (x86)\ATI Technologies
2013-06-14 13:53 . 2013-06-14 13:53	--------	d-----w-	c:\program files\ATI
2013-06-14 13:53 . 2013-06-14 13:54	--------	d-----w-	c:\program files\ATI Technologies
2013-06-14 13:28 . 2013-06-14 13:34	--------	d-----w-	C:\Fraps
2013-06-12 22:28 . 2013-06-12 22:29	--------	d-----w-	c:\users\Tristan\AppData\Local\IW4M
2013-06-12 11:09 . 2013-05-08 06:39	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-07 11:32 . 2013-04-13 19:32	34752	----a-w-	c:\windows\system32\drivers\WPRO_41_2001.sys
2013-07-03 21:29 . 2013-05-05 22:37	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2013-06-23 08:41 . 2013-04-14 10:20	867240	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-06-23 08:41 . 2013-04-14 10:20	789416	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-06-22 10:51 . 2013-04-14 00:13	291088	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-06-22 10:51 . 2013-04-13 23:24	291088	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-06-22 10:51 . 2013-04-13 23:24	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-06-12 19:01 . 2013-04-13 20:29	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-05-26 18:26 . 2013-05-26 18:26	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2013-05-26 18:21 . 2013-05-26 18:21	32320	----a-w-	c:\windows\system32\drivers\FNETTBOH_305.SYS
2013-05-02 00:06 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-18 14:10 . 2013-04-18 14:10	691592	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-18 14:10 . 2013-04-17 18:50	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-14 10:14 . 2013-04-14 10:14	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-14 10:14 . 2013-04-14 10:14	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-14 10:14 . 2013-04-14 10:14	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-04-14 10:14 . 2013-04-14 10:14	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-04-14 10:14 . 2013-04-14 10:14	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-04-14 10:14 . 2013-04-14 10:14	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-04-14 10:14 . 2013-04-14 10:14	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-04-14 10:14 . 2013-04-14 10:14	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-04-14 10:14 . 2013-04-14 10:14	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-04-14 10:14 . 2013-04-14 10:14	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-04-14 10:14 . 2013-04-14 10:14	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-04-14 10:14 . 2013-04-14 10:14	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-04-14 10:14 . 2013-04-14 10:14	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-04-14 10:14 . 2013-04-14 10:14	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-04-14 10:14 . 2013-04-14 10:14	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-04-14 10:14 . 2013-04-14 10:14	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-04-14 10:14 . 2013-04-14 10:14	81408	----a-w-	c:\windows\system32\icardie.dll
2013-04-14 10:14 . 2013-04-14 10:14	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-04-14 10:14 . 2013-04-14 10:14	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-04-14 10:14 . 2013-04-14 10:14	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-04-14 10:14 . 2013-04-14 10:14	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-04-14 10:14 . 2013-04-14 10:14	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-04-14 10:14 . 2013-04-14 10:14	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-04-14 10:14 . 2013-04-14 10:14	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-04-14 10:14 . 2013-04-14 10:14	441856	----a-w-	c:\windows\system32\html.iec
2013-04-14 10:14 . 2013-04-14 10:14	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-04-14 10:14 . 2013-04-14 10:14	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-04-14 10:14 . 2013-04-14 10:14	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-04-14 10:14 . 2013-04-14 10:14	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-04-14 10:14 . 2013-04-14 10:14	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-04-14 10:14 . 2013-04-14 10:14	235008	----a-w-	c:\windows\system32\url.dll
2013-04-14 10:14 . 2013-04-14 10:14	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-04-14 10:14 . 2013-04-14 10:14	216064	----a-w-	c:\windows\system32\msls31.dll
2013-04-14 10:14 . 2013-04-14 10:14	197120	----a-w-	c:\windows\system32\msrating.dll
2013-04-14 10:14 . 2013-04-14 10:14	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-04-14 10:14 . 2013-04-14 10:14	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-04-14 10:14 . 2013-04-14 10:14	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-04-14 10:14 . 2013-04-14 10:14	149504	----a-w-	c:\windows\system32\occache.dll
2013-04-14 10:14 . 2013-04-14 10:14	144896	----a-w-	c:\windows\system32\wextract.exe
2013-04-14 10:14 . 2013-04-14 10:14	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-04-14 10:14 . 2013-04-14 10:14	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-04-14 10:14 . 2013-04-14 10:14	13824	----a-w-	c:\windows\system32\mshta.exe
2013-04-14 10:14 . 2013-04-14 10:14	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-04-14 10:14 . 2013-04-14 10:14	102912	----a-w-	c:\windows\system32\inseng.dll
2013-04-14 10:14 . 2013-04-14 10:14	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-04-14 10:14 . 2013-04-14 10:14	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-04-14 10:14 . 2013-04-14 10:14	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-04-14 10:14 . 2013-04-14 10:14	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-04-14 10:14 . 2013-04-14 10:14	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-04-14 00:25 . 2013-04-13 23:24	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2013-04-13 19:32 . 2013-04-13 19:32	15936	----a-w-	c:\windows\system32\drivers\FNETURPX.SYS
2013-04-13 05:49 . 2013-05-15 14:18	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 14:18	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 14:18	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 14:18	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 14:18	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 14:18	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 13:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 14:18	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 14:18	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 14:18	3153920	----a-w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-06-07 56128]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-26 291608]
"XFastUSB"="c:\program files (x86)\XFastUSB\XFastUsb.exe" [2013-04-13 5019360]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-06-20 345144]
.
c:\users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Produktregistrierung.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe /remind /language=DEU /_WFM="." [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS;c:\windows\SYSNATIVE\drivers\FNETTBOH_305.SYS [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys;c:\windows\SYSNATIVE\DRIVERS\AsrRamDisk.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS;c:\windows\SYSNATIVE\drivers\FNETURPX.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys;c:\windows\SYSNATIVE\DRIVERS\stflt.sys [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-21 16:32	1165776	----a-w-	c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-13 21:20]
.
2013-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-13 21:20]
.
2013-07-07 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
2013-07-05 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-24 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-24 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-24 440128]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-10-19 1441152]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2013-04-03 2777736]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-04-03 3684488]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.188.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-ASRockXTU - (no file)
Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-07  14:04:30
ComboFix-quarantined-files.txt  2013-07-07 12:04
.
Vor Suchlauf: 12 Verzeichnis(se), 311.578.726.400 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 311.705.505.792 Bytes frei
.
- - End Of File - - 6629E8CBE4C22CD4719E292D5B0DE92A
D41D8CD98F00B204E9800998ECF8427E
         

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST Log bitte.

Hallo,
ich muss mich erstmal bei dir bedanken, dass du mir so gut und schnell hilfst. Herzlichsten Dank.

Hier sind die Logs:

Frischer FRST:
FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by Tristan (administrator) on 07-07-2013 15:26:20
Running from C:\Users\Tristan\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\SCHED.EXE
(Avira Operations GmbH & Co. KG) C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVGUARD.EXE
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(cFos Software GmbH) C:\PROGRAM FILES\ASROCK\XFAST LAN\CFOSSPEED.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Creative Technology Ltd) C:\PROGRAM FILES (X86)\CREATIVE\THX TRUSTUDIO\THXNBSET\THXAUDNB.EXE
(Oracle Corporation) C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE
(Advanced Micro Devices Inc.) C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\MOM.EXE
(ATI Technologies Inc.) C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CCC.EXE
(Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORICON.EXE
(Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORDATAMGRSVC.EXE
(Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\LMS\LMS.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-10-19] (cFos Software GmbH)
HKLM\...\Run: [THXCfg64] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [26624 2011-05-13] (Creative Technology Ltd.)
HKLM\...\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-04-03] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe" [5019360 2013-04-13] (FNet Co., Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-20] (Avira Operations GmbH & Co. KG)
Startup: C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.188.1

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (SciLor's Grooveshark(tm) Unlocker) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\feegenemlbjkbnfpgdmjddbeiecdbpob\0.3.3_0
CHR Extension: (AdBlock) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0
CHR Extension: (Gmail) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-20] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [53248 2013-05-21] ()
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-04-14] ()
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1149104 2013-04-03] (Crawler.com)

==================== Drivers (Whitelisted) ====================

R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-06-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-06-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-26] (DT Soft Ltd)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-05-26] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-04-13] (FNet Co., Ltd.)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2013-07-07] (Windows (R) Win 7 DDK provider)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2013-07-07] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-07 15:24 - 2013-07-07 15:24 - 00000627 ____A C:\Users\Tristan\Desktop\JRT.txt
2013-07-07 15:22 - 2013-07-07 15:22 - 00000000 ____D C:\Windows\ERUNT
2013-07-07 15:22 - 2013-07-07 15:22 - 00000000 ____D C:\JRT
2013-07-07 15:21 - 2013-07-07 15:21 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Tristan\Desktop\JRT.exe
2013-07-07 15:21 - 2013-07-07 15:21 - 00001201 ____A C:\Users\Tristan\Desktop\AdwCleaner[S1].txt
2013-07-07 15:17 - 2013-07-07 15:17 - 00001201 ____A C:\AdwCleaner[S1].txt
2013-07-07 15:16 - 2013-07-07 15:16 - 00650027 ____A C:\Users\Tristan\Desktop\adwcleaner.exe
2013-07-07 15:09 - 2013-07-07 15:18 - 00094656 ____A (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp
2013-07-07 14:04 - 2013-07-07 14:04 - 00025238 ____A C:\ComboFix.txt
2013-07-07 13:58 - 2013-07-07 14:04 - 00000000 ____D C:\Qoobox
2013-07-07 13:58 - 2013-07-07 14:04 - 00000000 ____D C:\ComboFix
2013-07-07 13:58 - 2013-07-07 14:03 - 00000000 ____D C:\Windows\erdnt
2013-07-07 13:58 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-07 13:58 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-07 13:58 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-07-07 13:58 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-07 13:58 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-07 13:58 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-07 13:58 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-07 13:58 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-07 13:56 - 2013-07-07 13:56 - 05087096 ____R (Swearware) C:\Users\Tristan\Desktop\ComboFix.exe
2013-07-07 13:18 - 2013-07-07 13:18 - 00037549 ____A C:\Users\Tristan\Downloads\FRST.txt
2013-07-07 13:18 - 2013-07-07 13:18 - 00015925 ____A C:\Users\Tristan\Downloads\Addition.txt
2013-07-07 13:17 - 2013-07-07 13:17 - 00000000 ____D C:\FRST
2013-07-07 13:16 - 2013-07-07 13:17 - 01934636 ____A (Farbar) C:\Users\Tristan\Desktop\FRST64.exe
2013-07-07 03:38 - 2013-07-07 03:38 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Avira
2013-07-07 03:33 - 2013-07-07 03:33 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-07-07 03:32 - 2013-07-07 03:32 - 00000000 ____D C:\ProgramData\Avira
2013-07-07 03:32 - 2013-07-07 03:32 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-07 03:32 - 2013-06-20 14:48 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-07-07 03:32 - 2013-06-20 14:48 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-07-07 03:32 - 2013-03-06 16:13 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-07-07 03:27 - 2013-07-07 03:27 - 00001436 ____A C:\Users\Tristan\Desktop\gmer.txt
2013-07-07 03:12 - 2013-07-07 03:12 - 00377856 ____A C:\Users\Tristan\Downloads\gmer_2.1.19163.exe
2013-07-07 03:11 - 2013-07-07 03:11 - 104943936 ____A C:\Users\Tristan\Downloads\avira3737_free_antivirus_de.exe
2013-07-07 02:54 - 2013-07-07 02:54 - 00053338 ____A C:\Users\Tristan\Desktop\Extras.Txt
2013-07-07 02:53 - 2013-07-07 02:53 - 00082074 ____A C:\Users\Tristan\Desktop\OTL.Txt
2013-07-07 02:47 - 2013-07-07 02:47 - 00602112 ____A (OldTimer Tools) C:\Users\Tristan\Desktop\OTL.exe
2013-07-07 02:46 - 2013-07-07 02:46 - 00050477 ____A C:\Users\Tristan\Downloads\Defogger.exe
2013-07-07 02:46 - 2013-07-07 02:46 - 00000546 ____A C:\Users\Tristan\Downloads\defogger_disable.log
2013-07-07 02:46 - 2013-07-07 02:46 - 00000168 ____A C:\Users\Tristan\defogger_reenable
2013-07-07 01:54 - 2013-07-07 13:32 - 00000000 ____D C:\ProgramData\Spyware Terminator
2013-07-07 01:54 - 2013-07-07 01:54 - 05049344 ____A (Crawler.com                                                 ) C:\Users\Tristan\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2013-07-07 01:54 - 2013-07-07 01:54 - 00051496 ____A (Windows (R) Win 7 DDK provider) C:\Windows\System32\Drivers\stflt.sys
2013-07-07 01:54 - 2013-07-07 01:54 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Spyware Terminator
2013-07-07 01:54 - 2013-07-07 01:54 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2013-06-23 10:41 - 2013-06-23 10:41 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-23 10:41 - 2013-06-23 10:41 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-23 10:41 - 2013-06-23 10:41 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-23 10:41 - 2013-06-23 10:41 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-23 10:41 - 2013-06-23 10:41 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-22 18:26 - 2013-06-22 18:26 - 141110624 ____A (Advanced Micro Devices, Inc.) C:\Users\Tristan\Downloads\13-4_win7_win8_64_dd_ccc_whql.exe
2013-06-22 01:31 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-22 01:31 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-22 01:31 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-22 01:31 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-22 01:31 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-22 01:31 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-22 01:31 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-22 01:31 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-22 01:31 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-22 01:31 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-22 01:31 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-22 01:31 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-21 19:41 - 2013-06-21 19:41 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\LolClient
2013-06-21 19:01 - 2013-06-21 19:01 - 00001722 ____A C:\Users\Public\Desktop\League of Legends spielen .lnk
2013-06-21 19:01 - 2008-07-12 08:18 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-06-21 19:01 - 2008-07-12 08:18 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-06-21 19:01 - 2008-07-12 08:18 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-06-21 18:57 - 2013-06-21 18:57 - 00000000 ____D C:\Riot Games
2013-06-21 18:33 - 2013-06-21 18:46 - 00000000 ____D C:\Program Files (x86)\League of Legends
2013-06-21 18:32 - 2013-06-27 13:21 - 00000000 ____D C:\Users\Tristan\AppData\Local\PMB Files
2013-06-21 18:32 - 2013-06-27 13:21 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-21 18:32 - 2013-06-21 18:32 - 03461416 ____A C:\Users\Tristan\Downloads\LeagueofLegends.exe
2013-06-21 18:32 - 2013-06-21 18:32 - 00000000 ____D C:\Users\Tristan\.swt
2013-06-21 18:32 - 2013-06-21 18:32 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\ProgramData\ATI
2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-06-14 15:53 - 2013-06-14 15:54 - 00000000 ____D C:\Program Files\ATI Technologies
2013-06-14 15:53 - 2013-06-14 15:53 - 00000000 ____D C:\Program Files\ATI
2013-06-14 15:53 - 2013-06-14 15:53 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2013-06-14 15:28 - 2013-06-14 15:34 - 00000000 ____D C:\Fraps
2013-06-13 00:28 - 2013-06-13 00:29 - 00000000 ____D C:\Users\Tristan\AppData\Local\IW4M
2013-06-12 21:00 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 21:00 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 21:00 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 21:00 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 21:00 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 21:00 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 21:00 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 21:00 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 21:00 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 21:00 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 21:00 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 21:00 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 21:00 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 21:00 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 21:00 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 21:00 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 21:00 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 21:00 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 21:00 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 13:09 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 13:09 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 13:09 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 13:09 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 13:09 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 13:09 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 13:09 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 13:09 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 13:09 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 13:09 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 13:09 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 13:09 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 13:09 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 13:09 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 13:09 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 13:09 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 13:09 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 13:09 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 13:09 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-07 15:25 - 2009-07-14 06:45 - 00021856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-07 15:25 - 2009-07-14 06:45 - 00021856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-07 15:24 - 2013-07-07 15:24 - 00000627 ____A C:\Users\Tristan\Desktop\JRT.txt
2013-07-07 15:22 - 2013-07-07 15:22 - 00000000 ____D C:\Windows\ERUNT
2013-07-07 15:22 - 2013-07-07 15:22 - 00000000 ____D C:\JRT
2013-07-07 15:21 - 2013-07-07 15:21 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Tristan\Desktop\JRT.exe
2013-07-07 15:21 - 2013-07-07 15:21 - 00001201 ____A C:\Users\Tristan\Desktop\AdwCleaner[S1].txt
2013-07-07 15:18 - 2013-07-07 15:09 - 00094656 ____A (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp
2013-07-07 15:18 - 2013-04-13 23:20 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-07 15:18 - 2013-04-13 21:32 - 00034752 ____A C:\Windows\System32\Drivers\WPRO_41_2001.sys
2013-07-07 15:18 - 2013-04-13 21:30 - 00000828 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-07-07 15:18 - 2010-11-21 05:47 - 00638070 ____A C:\Windows\PFRO.log
2013-07-07 15:18 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-07 15:18 - 2009-07-14 06:51 - 00044353 ____A C:\Windows\setupact.log
2013-07-07 15:17 - 2013-07-07 15:17 - 00001201 ____A C:\AdwCleaner[S1].txt
2013-07-07 15:17 - 2013-04-13 21:08 - 02010854 ____A C:\Windows\WindowsUpdate.log
2013-07-07 15:16 - 2013-07-07 15:16 - 00650027 ____A C:\Users\Tristan\Desktop\adwcleaner.exe
2013-07-07 14:32 - 2013-04-13 23:20 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-07 14:04 - 2013-07-07 14:04 - 00025238 ____A C:\ComboFix.txt
2013-07-07 14:04 - 2013-07-07 13:58 - 00000000 ____D C:\Qoobox
2013-07-07 14:04 - 2013-07-07 13:58 - 00000000 ____D C:\ComboFix
2013-07-07 14:03 - 2013-07-07 13:58 - 00000000 ____D C:\Windows\erdnt
2013-07-07 14:03 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-07-07 13:56 - 2013-07-07 13:56 - 05087096 ____R (Swearware) C:\Users\Tristan\Desktop\ComboFix.exe
2013-07-07 13:32 - 2013-07-07 01:54 - 00000000 ____D C:\ProgramData\Spyware Terminator
2013-07-07 13:18 - 2013-07-07 13:18 - 00037549 ____A C:\Users\Tristan\Downloads\FRST.txt
2013-07-07 13:18 - 2013-07-07 13:18 - 00015925 ____A C:\Users\Tristan\Downloads\Addition.txt
2013-07-07 13:17 - 2013-07-07 13:17 - 00000000 ____D C:\FRST
2013-07-07 13:17 - 2013-07-07 13:16 - 01934636 ____A (Farbar) C:\Users\Tristan\Desktop\FRST64.exe
2013-07-07 03:38 - 2013-07-07 03:38 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Avira
2013-07-07 03:33 - 2013-07-07 03:33 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-07-07 03:32 - 2013-07-07 03:32 - 00000000 ____D C:\ProgramData\Avira
2013-07-07 03:32 - 2013-07-07 03:32 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-07 03:27 - 2013-07-07 03:27 - 00001436 ____A C:\Users\Tristan\Desktop\gmer.txt
2013-07-07 03:12 - 2013-07-07 03:12 - 00377856 ____A C:\Users\Tristan\Downloads\gmer_2.1.19163.exe
2013-07-07 03:11 - 2013-07-07 03:11 - 104943936 ____A C:\Users\Tristan\Downloads\avira3737_free_antivirus_de.exe
2013-07-07 02:54 - 2013-07-07 02:54 - 00053338 ____A C:\Users\Tristan\Desktop\Extras.Txt
2013-07-07 02:53 - 2013-07-07 02:53 - 00082074 ____A C:\Users\Tristan\Desktop\OTL.Txt
2013-07-07 02:47 - 2013-07-07 02:47 - 00602112 ____A (OldTimer Tools) C:\Users\Tristan\Desktop\OTL.exe
2013-07-07 02:46 - 2013-07-07 02:46 - 00050477 ____A C:\Users\Tristan\Downloads\Defogger.exe
2013-07-07 02:46 - 2013-07-07 02:46 - 00000546 ____A C:\Users\Tristan\Downloads\defogger_disable.log
2013-07-07 02:46 - 2013-07-07 02:46 - 00000168 ____A C:\Users\Tristan\defogger_reenable
2013-07-07 02:46 - 2013-04-13 21:08 - 00000000 ____D C:\users\Tristan
2013-07-07 01:54 - 2013-07-07 01:54 - 05049344 ____A (Crawler.com                                                 ) C:\Users\Tristan\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2013-07-07 01:54 - 2013-07-07 01:54 - 00051496 ____A (Windows (R) Win 7 DDK provider) C:\Windows\System32\Drivers\stflt.sys
2013-07-07 01:54 - 2013-07-07 01:54 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Spyware Terminator
2013-07-07 01:54 - 2013-07-07 01:54 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2013-07-06 22:03 - 2013-04-13 23:25 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-06 19:39 - 2013-04-29 02:16 - 00000000 ____D C:\Users\Tristan\AppData\Local\CrashDumps
2013-07-06 15:30 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-05 11:51 - 2013-04-13 21:30 - 00000830 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-07-04 17:12 - 2013-04-15 11:31 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\TS3Client
2013-07-04 00:27 - 2013-05-06 00:37 - 00038716 ____A C:\Windows\LDPINST.LOG
2013-07-04 00:27 - 2013-05-06 00:37 - 00000000 ____D C:\ProgramData\Logitech
2013-07-04 00:27 - 2013-05-06 00:37 - 00000000 ____D C:\ProgramData\Logishrd
2013-07-03 23:29 - 2013-05-06 00:37 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2013-07-03 23:29 - 2013-05-06 00:37 - 00001020 ____A C:\Windows\LkmdfCoInst.log
2013-07-01 23:27 - 2013-04-14 11:57 - 00000000 ____D C:\Users\Tristan\Documents\StarCraft II
2013-06-30 19:20 - 2013-04-14 12:31 - 00000000 ____D C:\Program Files (x86)\Steam
2013-06-27 23:08 - 2013-04-20 13:47 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Skype
2013-06-27 13:21 - 2013-06-21 18:32 - 00000000 ____D C:\Users\Tristan\AppData\Local\PMB Files
2013-06-27 13:21 - 2013-06-21 18:32 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-24 15:05 - 2013-04-14 00:42 - 00001166 ____A C:\Users\Tristan\Desktop\CoreTemp.ini
2013-06-23 15:11 - 2011-04-12 09:43 - 00696620 ____A C:\Windows\System32\perfh007.dat
2013-06-23 15:11 - 2011-04-12 09:43 - 00147916 ____A C:\Windows\System32\perfc007.dat
2013-06-23 15:11 - 2009-07-14 07:13 - 01612484 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-23 10:41 - 2013-06-23 10:41 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-23 10:41 - 2013-06-23 10:41 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-23 10:41 - 2013-06-23 10:41 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-23 10:41 - 2013-06-23 10:41 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-23 10:41 - 2013-06-23 10:41 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-23 10:41 - 2013-04-14 12:20 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-23 10:41 - 2013-04-14 12:20 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-22 18:26 - 2013-06-22 18:26 - 141110624 ____A (Advanced Micro Devices, Inc.) C:\Users\Tristan\Downloads\13-4_win7_win8_64_dd_ccc_whql.exe
2013-06-22 12:51 - 2013-04-14 02:13 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2013-06-22 12:51 - 2013-04-14 01:24 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2013-06-22 12:51 - 2013-04-14 01:24 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2013-06-21 19:41 - 2013-06-21 19:41 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\LolClient
2013-06-21 19:01 - 2013-06-21 19:01 - 00001722 ____A C:\Users\Public\Desktop\League of Legends spielen .lnk
2013-06-21 18:57 - 2013-06-21 18:57 - 00000000 ____D C:\Riot Games
2013-06-21 18:57 - 2013-04-13 21:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-21 18:46 - 2013-06-21 18:33 - 00000000 ____D C:\Program Files (x86)\League of Legends
2013-06-21 18:33 - 2013-04-13 23:21 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-21 18:32 - 2013-06-21 18:32 - 03461416 ____A C:\Users\Tristan\Downloads\LeagueofLegends.exe
2013-06-21 18:32 - 2013-06-21 18:32 - 00000000 ____D C:\Users\Tristan\.swt
2013-06-21 18:32 - 2013-06-21 18:32 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-06-21 18:11 - 2013-04-14 11:57 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2013-06-21 17:56 - 2013-04-14 02:12 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-06-20 14:48 - 2013-07-07 03:32 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-20 14:48 - 2013-07-07 03:32 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\ProgramData\ATI
2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-06-14 15:54 - 2013-06-14 15:53 - 00000000 ____D C:\Program Files\ATI Technologies
2013-06-14 15:54 - 2013-04-13 21:55 - 00000000 ____D C:\ProgramData\AMD
2013-06-14 15:53 - 2013-06-14 15:53 - 00000000 ____D C:\Program Files\ATI
2013-06-14 15:53 - 2013-06-14 15:53 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2013-06-14 15:34 - 2013-06-14 15:28 - 00000000 ____D C:\Fraps
2013-06-13 19:00 - 2013-04-20 13:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-13 19:00 - 2013-04-20 13:47 - 00000000 ____D C:\ProgramData\Skype
2013-06-13 00:29 - 2013-06-13 00:28 - 00000000 ____D C:\Users\Tristan\AppData\Local\IW4M
2013-06-12 23:10 - 2013-04-13 23:25 - 00000000 ____D C:\ProgramData\Origin
2013-06-12 21:01 - 2013-04-13 22:29 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-08 20:53 - 2013-04-13 23:25 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Origin
2013-06-08 20:53 - 2013-04-13 23:25 - 00000000 ____D C:\Users\Tristan\AppData\Local\Origin
2013-06-08 16:08 - 2013-06-22 01:31 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-22 01:31 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-22 01:31 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-22 01:31 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-22 01:31 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-22 01:31 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-22 01:31 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-22 01:31 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-22 01:31 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-22 01:31 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-22 01:31 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-22 01:31 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-29 17:32

==================== End Of Log ============================
         

--- --- ---

--- --- ---



AdwCleaner:

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v2.304 - Datei am 07/07/2013 um 15:17:26 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Tristan - TRISTAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Tristan\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Ordner Gelöscht : C:\ProgramData\APN
Ordner Gelöscht : C:\ProgramData\DeviceVM
Ordner Gelöscht : C:\Users\Tristan\AppData\Roaming\DeviceVM
Ordner Gelöscht : C:\Users\Tristan\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v27.0.1453.116

Datei : C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1072 octets] - [07/07/2013 15:17:26]

########## EOF - C:\AdwCleaner[S1].txt - [1132 octets] ##########
         

JRT:

Code: Alles auswählenAufklappen

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x64
Ran by Tristan on 07.07.2013 at 15:22:21,92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.07.2013 at 15:24:21,31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Mit freundlichen Grüßen,
Semmel

Supi


ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte SecurityCheck und:

• Speichere es auf dem Desktop.
• Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
• Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST Log bitte. Noch Probleme?

Hallo,
hier sind die neuen Logs:
Eset Er hat etwas gefunden, ich habe es aber nicht löschen lassen)

Code: Alles auswählenAufklappen

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c6a1185797c3be439911a1d035a09e9f
# engine=14307
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-07 06:41:01
# local_time=2013-07-07 08:41:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 0 238645751 0 0
# compatibility_mode=5893 16776573 100 94 4027 124852311 0 0
# compatibility_mode=7937 16777214 28 75 67583 7436109 0 0
# scanned=218824
# found=1
# cleaned=0
# scan_time=3839
sh=C276A0C648A0D36BD20CE1E5A15F7E863CD315C8 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Users\Tristan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\82QQE5LQ\firstload_com[1].htm"
         

Checkup:

Code: Alles auswählenAufklappen

ATTFilter

 Results of screen317's Security Check version 0.99.68  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Spyware Terminator 2012   
 Java 7 Update 25  
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome 27.0.1453.110  
 Google Chrome 27.0.1453.116  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Neues FRST:


FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by Tristan (administrator) on 07-07-2013 20:47:51
Running from C:\Users\Tristan\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\SCHED.EXE
(Avira Operations GmbH & Co. KG) C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVGUARD.EXE
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
() C:\PROGRAM FILES\INTEL\INTEL(R) SMART CONNECT TECHNOLOGY AGENT\ISCTAGENT.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(cFos Software GmbH) C:\PROGRAM FILES\ASROCK\XFAST LAN\CFOSSPEED.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(FNet Co., Ltd.) C:\PROGRAM FILES (X86)\XFASTUSB\XFASTUSB.EXE
(Creative Technology Ltd) C:\PROGRAM FILES (X86)\CREATIVE\THX TRUSTUDIO\THXNBSET\THXAUDNB.EXE
(Oracle Corporation) C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE
(Advanced Micro Devices Inc.) C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\MOM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ATI Technologies Inc.) C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CCC.EXE
(Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORICON.EXE
(Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORDATAMGRSVC.EXE
(Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\LMS\LMS.EXE
(Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\UNS\UNS.EXE
(Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-10-19] (cFos Software GmbH)
HKLM\...\Run: [THXCfg64] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [26624 2011-05-13] (Creative Technology Ltd.)
HKLM\...\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-04-03] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe" [5019360 2013-04-13] (FNet Co., Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-20] (Avira Operations GmbH & Co. KG)
Startup: C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.188.1

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Extension: (Google Docs) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (SciLor's Grooveshark(tm) Unlocker) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\feegenemlbjkbnfpgdmjddbeiecdbpob\0.3.3_0
CHR Extension: (AdBlock) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0
CHR Extension: (Gmail) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-20] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [53248 2013-05-21] ()
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-04-14] ()
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1149104 2013-04-03] (Crawler.com)

==================== Drivers (Whitelisted) ====================

R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-06-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-06-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-26] (DT Soft Ltd)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-05-26] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-04-13] (FNet Co., Ltd.)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2013-07-07] (Windows (R) Win 7 DDK provider)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2013-07-07] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-07 20:42 - 2013-07-07 20:42 - 00890988 ____A C:\Users\Tristan\Desktop\SecurityCheck.exe
2013-07-07 19:34 - 2013-07-07 19:34 - 02347384 ____A (ESET) C:\Users\Tristan\Downloads\esetsmartinstaller_enu.exe
2013-07-07 17:57 - 2013-07-07 17:57 - 00094656 ____A (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp
2013-07-07 15:24 - 2013-07-07 15:24 - 00000627 ____A C:\Users\Tristan\Desktop\JRT.txt
2013-07-07 15:22 - 2013-07-07 15:22 - 00000000 ____D C:\Windows\ERUNT
2013-07-07 15:22 - 2013-07-07 15:22 - 00000000 ____D C:\JRT
2013-07-07 15:21 - 2013-07-07 15:21 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Tristan\Desktop\JRT.exe
2013-07-07 15:21 - 2013-07-07 15:21 - 00001201 ____A C:\Users\Tristan\Desktop\AdwCleaner[S1].txt
2013-07-07 15:17 - 2013-07-07 15:17 - 00001201 ____A C:\AdwCleaner[S1].txt
2013-07-07 15:16 - 2013-07-07 15:16 - 00650027 ____A C:\Users\Tristan\Desktop\adwcleaner.exe
2013-07-07 14:04 - 2013-07-07 14:04 - 00025238 ____A C:\ComboFix.txt
2013-07-07 13:58 - 2013-07-07 14:04 - 00000000 ____D C:\Qoobox
2013-07-07 13:58 - 2013-07-07 14:04 - 00000000 ____D C:\ComboFix
2013-07-07 13:58 - 2013-07-07 14:03 - 00000000 ____D C:\Windows\erdnt
2013-07-07 13:58 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-07 13:58 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-07 13:58 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-07-07 13:58 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-07 13:58 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-07 13:58 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-07 13:58 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-07 13:58 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-07 13:56 - 2013-07-07 13:56 - 05087096 ____R (Swearware) C:\Users\Tristan\Desktop\ComboFix.exe
2013-07-07 13:18 - 2013-07-07 13:18 - 00037549 ____A C:\Users\Tristan\Downloads\FRST.txt
2013-07-07 13:18 - 2013-07-07 13:18 - 00015925 ____A C:\Users\Tristan\Downloads\Addition.txt
2013-07-07 13:17 - 2013-07-07 13:17 - 00000000 ____D C:\FRST
2013-07-07 13:16 - 2013-07-07 13:17 - 01934636 ____A (Farbar) C:\Users\Tristan\Desktop\FRST64.exe
2013-07-07 03:38 - 2013-07-07 03:38 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Avira
2013-07-07 03:33 - 2013-07-07 03:33 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-07-07 03:32 - 2013-07-07 03:32 - 00000000 ____D C:\ProgramData\Avira
2013-07-07 03:32 - 2013-07-07 03:32 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-07 03:32 - 2013-06-20 14:48 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-07-07 03:32 - 2013-06-20 14:48 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-07-07 03:32 - 2013-03-06 16:13 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-07-07 03:27 - 2013-07-07 03:27 - 00001436 ____A C:\Users\Tristan\Desktop\gmer.txt
2013-07-07 03:12 - 2013-07-07 03:12 - 00377856 ____A C:\Users\Tristan\Downloads\gmer_2.1.19163.exe
2013-07-07 03:11 - 2013-07-07 03:11 - 104943936 ____A C:\Users\Tristan\Downloads\avira3737_free_antivirus_de.exe
2013-07-07 02:54 - 2013-07-07 02:54 - 00053338 ____A C:\Users\Tristan\Desktop\Extras.Txt
2013-07-07 02:53 - 2013-07-07 02:53 - 00082074 ____A C:\Users\Tristan\Desktop\OTL.Txt
2013-07-07 02:47 - 2013-07-07 02:47 - 00602112 ____A (OldTimer Tools) C:\Users\Tristan\Desktop\OTL.exe
2013-07-07 02:46 - 2013-07-07 02:46 - 00050477 ____A C:\Users\Tristan\Downloads\Defogger.exe
2013-07-07 02:46 - 2013-07-07 02:46 - 00000546 ____A C:\Users\Tristan\Downloads\defogger_disable.log
2013-07-07 02:46 - 2013-07-07 02:46 - 00000168 ____A C:\Users\Tristan\defogger_reenable
2013-07-07 01:54 - 2013-07-07 13:32 - 00000000 ____D C:\ProgramData\Spyware Terminator
2013-07-07 01:54 - 2013-07-07 01:54 - 05049344 ____A (Crawler.com                                                 ) C:\Users\Tristan\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2013-07-07 01:54 - 2013-07-07 01:54 - 00051496 ____A (Windows (R) Win 7 DDK provider) C:\Windows\System32\Drivers\stflt.sys
2013-07-07 01:54 - 2013-07-07 01:54 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Spyware Terminator
2013-07-07 01:54 - 2013-07-07 01:54 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2013-06-23 10:41 - 2013-06-23 10:41 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-23 10:41 - 2013-06-23 10:41 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-23 10:41 - 2013-06-23 10:41 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-23 10:41 - 2013-06-23 10:41 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-23 10:41 - 2013-06-23 10:41 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-22 18:26 - 2013-06-22 18:26 - 141110624 ____A (Advanced Micro Devices, Inc.) C:\Users\Tristan\Downloads\13-4_win7_win8_64_dd_ccc_whql.exe
2013-06-22 01:31 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-22 01:31 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-22 01:31 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-22 01:31 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-22 01:31 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-22 01:31 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-22 01:31 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-22 01:31 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-22 01:31 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-22 01:31 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-22 01:31 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-22 01:31 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-21 19:41 - 2013-06-21 19:41 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\LolClient
2013-06-21 19:01 - 2013-06-21 19:01 - 00001722 ____A C:\Users\Public\Desktop\League of Legends spielen .lnk
2013-06-21 19:01 - 2008-07-12 08:18 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-06-21 19:01 - 2008-07-12 08:18 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-06-21 19:01 - 2008-07-12 08:18 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-06-21 18:57 - 2013-06-21 18:57 - 00000000 ____D C:\Riot Games
2013-06-21 18:33 - 2013-06-21 18:46 - 00000000 ____D C:\Program Files (x86)\League of Legends
2013-06-21 18:32 - 2013-06-27 13:21 - 00000000 ____D C:\Users\Tristan\AppData\Local\PMB Files
2013-06-21 18:32 - 2013-06-27 13:21 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-21 18:32 - 2013-06-21 18:32 - 03461416 ____A C:\Users\Tristan\Downloads\LeagueofLegends.exe
2013-06-21 18:32 - 2013-06-21 18:32 - 00000000 ____D C:\Users\Tristan\.swt
2013-06-21 18:32 - 2013-06-21 18:32 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\ProgramData\ATI
2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-06-14 15:53 - 2013-06-14 15:54 - 00000000 ____D C:\Program Files\ATI Technologies
2013-06-14 15:53 - 2013-06-14 15:53 - 00000000 ____D C:\Program Files\ATI
2013-06-14 15:53 - 2013-06-14 15:53 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2013-06-14 15:28 - 2013-06-14 15:34 - 00000000 ____D C:\Fraps
2013-06-13 00:28 - 2013-06-13 00:29 - 00000000 ____D C:\Users\Tristan\AppData\Local\IW4M
2013-06-12 21:00 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 21:00 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 21:00 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 21:00 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 21:00 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 21:00 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 21:00 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 21:00 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 21:00 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 21:00 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 21:00 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 21:00 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 21:00 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 21:00 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 21:00 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 21:00 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 21:00 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 21:00 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 21:00 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 13:09 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 13:09 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 13:09 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 13:09 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 13:09 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 13:09 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 13:09 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 13:09 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 13:09 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 13:09 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 13:09 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 13:09 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 13:09 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 13:09 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 13:09 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 13:09 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 13:09 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 13:09 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 13:09 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-07 20:42 - 2013-07-07 20:42 - 00890988 ____A C:\Users\Tristan\Desktop\SecurityCheck.exe
2013-07-07 20:37 - 2013-04-13 21:08 - 02053339 ____A C:\Windows\WindowsUpdate.log
2013-07-07 20:32 - 2013-04-13 23:20 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-07 19:35 - 2011-04-12 09:43 - 00696620 ____A C:\Windows\System32\perfh007.dat
2013-07-07 19:35 - 2011-04-12 09:43 - 00147916 ____A C:\Windows\System32\perfc007.dat
2013-07-07 19:35 - 2009-07-14 07:13 - 01612484 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-07 19:34 - 2013-07-07 19:34 - 02347384 ____A (ESET) C:\Users\Tristan\Downloads\esetsmartinstaller_enu.exe
2013-07-07 19:08 - 2013-04-20 13:47 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Skype
2013-07-07 18:09 - 2013-04-15 11:31 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\TS3Client
2013-07-07 18:05 - 2009-07-14 06:45 - 00021856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-07 18:05 - 2009-07-14 06:45 - 00021856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-07 17:57 - 2013-07-07 17:57 - 00094656 ____A (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp
2013-07-07 17:57 - 2013-04-13 23:20 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-07 17:57 - 2013-04-13 21:32 - 00034752 ____A C:\Windows\System32\Drivers\WPRO_41_2001.sys
2013-07-07 17:57 - 2013-04-13 21:30 - 00000828 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-07-07 17:57 - 2010-11-21 05:47 - 00639052 ____A C:\Windows\PFRO.log
2013-07-07 17:57 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-07 17:57 - 2009-07-14 06:51 - 00044521 ____A C:\Windows\setupact.log
2013-07-07 15:24 - 2013-07-07 15:24 - 00000627 ____A C:\Users\Tristan\Desktop\JRT.txt
2013-07-07 15:22 - 2013-07-07 15:22 - 00000000 ____D C:\Windows\ERUNT
2013-07-07 15:22 - 2013-07-07 15:22 - 00000000 ____D C:\JRT
2013-07-07 15:21 - 2013-07-07 15:21 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Tristan\Desktop\JRT.exe
2013-07-07 15:21 - 2013-07-07 15:21 - 00001201 ____A C:\Users\Tristan\Desktop\AdwCleaner[S1].txt
2013-07-07 15:17 - 2013-07-07 15:17 - 00001201 ____A C:\AdwCleaner[S1].txt
2013-07-07 15:16 - 2013-07-07 15:16 - 00650027 ____A C:\Users\Tristan\Desktop\adwcleaner.exe
2013-07-07 14:04 - 2013-07-07 14:04 - 00025238 ____A C:\ComboFix.txt
2013-07-07 14:04 - 2013-07-07 13:58 - 00000000 ____D C:\Qoobox
2013-07-07 14:04 - 2013-07-07 13:58 - 00000000 ____D C:\ComboFix
2013-07-07 14:03 - 2013-07-07 13:58 - 00000000 ____D C:\Windows\erdnt
2013-07-07 14:03 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-07-07 13:56 - 2013-07-07 13:56 - 05087096 ____R (Swearware) C:\Users\Tristan\Desktop\ComboFix.exe
2013-07-07 13:32 - 2013-07-07 01:54 - 00000000 ____D C:\ProgramData\Spyware Terminator
2013-07-07 13:18 - 2013-07-07 13:18 - 00037549 ____A C:\Users\Tristan\Downloads\FRST.txt
2013-07-07 13:18 - 2013-07-07 13:18 - 00015925 ____A C:\Users\Tristan\Downloads\Addition.txt
2013-07-07 13:17 - 2013-07-07 13:17 - 00000000 ____D C:\FRST
2013-07-07 13:17 - 2013-07-07 13:16 - 01934636 ____A (Farbar) C:\Users\Tristan\Desktop\FRST64.exe
2013-07-07 03:38 - 2013-07-07 03:38 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Avira
2013-07-07 03:33 - 2013-07-07 03:33 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-07-07 03:32 - 2013-07-07 03:32 - 00000000 ____D C:\ProgramData\Avira
2013-07-07 03:32 - 2013-07-07 03:32 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-07 03:27 - 2013-07-07 03:27 - 00001436 ____A C:\Users\Tristan\Desktop\gmer.txt
2013-07-07 03:12 - 2013-07-07 03:12 - 00377856 ____A C:\Users\Tristan\Downloads\gmer_2.1.19163.exe
2013-07-07 03:11 - 2013-07-07 03:11 - 104943936 ____A C:\Users\Tristan\Downloads\avira3737_free_antivirus_de.exe
2013-07-07 02:54 - 2013-07-07 02:54 - 00053338 ____A C:\Users\Tristan\Desktop\Extras.Txt
2013-07-07 02:53 - 2013-07-07 02:53 - 00082074 ____A C:\Users\Tristan\Desktop\OTL.Txt
2013-07-07 02:47 - 2013-07-07 02:47 - 00602112 ____A (OldTimer Tools) C:\Users\Tristan\Desktop\OTL.exe
2013-07-07 02:46 - 2013-07-07 02:46 - 00050477 ____A C:\Users\Tristan\Downloads\Defogger.exe
2013-07-07 02:46 - 2013-07-07 02:46 - 00000546 ____A C:\Users\Tristan\Downloads\defogger_disable.log
2013-07-07 02:46 - 2013-07-07 02:46 - 00000168 ____A C:\Users\Tristan\defogger_reenable
2013-07-07 02:46 - 2013-04-13 21:08 - 00000000 ____D C:\users\Tristan
2013-07-07 01:54 - 2013-07-07 01:54 - 05049344 ____A (Crawler.com                                                 ) C:\Users\Tristan\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2013-07-07 01:54 - 2013-07-07 01:54 - 00051496 ____A (Windows (R) Win 7 DDK provider) C:\Windows\System32\Drivers\stflt.sys
2013-07-07 01:54 - 2013-07-07 01:54 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Spyware Terminator
2013-07-07 01:54 - 2013-07-07 01:54 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2013-07-06 22:03 - 2013-04-13 23:25 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-06 19:39 - 2013-04-29 02:16 - 00000000 ____D C:\Users\Tristan\AppData\Local\CrashDumps
2013-07-06 15:30 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-05 11:51 - 2013-04-13 21:30 - 00000830 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-07-04 00:27 - 2013-05-06 00:37 - 00038716 ____A C:\Windows\LDPINST.LOG
2013-07-04 00:27 - 2013-05-06 00:37 - 00000000 ____D C:\ProgramData\Logitech
2013-07-04 00:27 - 2013-05-06 00:37 - 00000000 ____D C:\ProgramData\Logishrd
2013-07-03 23:29 - 2013-05-06 00:37 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2013-07-03 23:29 - 2013-05-06 00:37 - 00001020 ____A C:\Windows\LkmdfCoInst.log
2013-07-01 23:27 - 2013-04-14 11:57 - 00000000 ____D C:\Users\Tristan\Documents\StarCraft II
2013-06-30 19:20 - 2013-04-14 12:31 - 00000000 ____D C:\Program Files (x86)\Steam
2013-06-27 13:21 - 2013-06-21 18:32 - 00000000 ____D C:\Users\Tristan\AppData\Local\PMB Files
2013-06-27 13:21 - 2013-06-21 18:32 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-24 15:05 - 2013-04-14 00:42 - 00001166 ____A C:\Users\Tristan\Desktop\CoreTemp.ini
2013-06-23 10:41 - 2013-06-23 10:41 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-23 10:41 - 2013-06-23 10:41 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-23 10:41 - 2013-06-23 10:41 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-23 10:41 - 2013-06-23 10:41 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-23 10:41 - 2013-06-23 10:41 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-23 10:41 - 2013-04-14 12:20 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-23 10:41 - 2013-04-14 12:20 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-22 18:26 - 2013-06-22 18:26 - 141110624 ____A (Advanced Micro Devices, Inc.) C:\Users\Tristan\Downloads\13-4_win7_win8_64_dd_ccc_whql.exe
2013-06-22 12:51 - 2013-04-14 02:13 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2013-06-22 12:51 - 2013-04-14 01:24 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2013-06-22 12:51 - 2013-04-14 01:24 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2013-06-21 19:41 - 2013-06-21 19:41 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\LolClient
2013-06-21 19:01 - 2013-06-21 19:01 - 00001722 ____A C:\Users\Public\Desktop\League of Legends spielen .lnk
2013-06-21 18:57 - 2013-06-21 18:57 - 00000000 ____D C:\Riot Games
2013-06-21 18:57 - 2013-04-13 21:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-21 18:46 - 2013-06-21 18:33 - 00000000 ____D C:\Program Files (x86)\League of Legends
2013-06-21 18:33 - 2013-04-13 23:21 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-21 18:32 - 2013-06-21 18:32 - 03461416 ____A C:\Users\Tristan\Downloads\LeagueofLegends.exe
2013-06-21 18:32 - 2013-06-21 18:32 - 00000000 ____D C:\Users\Tristan\.swt
2013-06-21 18:32 - 2013-06-21 18:32 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-06-21 18:11 - 2013-04-14 11:57 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2013-06-21 17:56 - 2013-04-14 02:12 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-06-20 14:48 - 2013-07-07 03:32 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-20 14:48 - 2013-07-07 03:32 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\ProgramData\ATI
2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-06-14 15:54 - 2013-06-14 15:53 - 00000000 ____D C:\Program Files\ATI Technologies
2013-06-14 15:54 - 2013-04-13 21:55 - 00000000 ____D C:\ProgramData\AMD
2013-06-14 15:53 - 2013-06-14 15:53 - 00000000 ____D C:\Program Files\ATI
2013-06-14 15:53 - 2013-06-14 15:53 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2013-06-14 15:34 - 2013-06-14 15:28 - 00000000 ____D C:\Fraps
2013-06-13 19:00 - 2013-04-20 13:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-13 19:00 - 2013-04-20 13:47 - 00000000 ____D C:\ProgramData\Skype
2013-06-13 00:29 - 2013-06-13 00:28 - 00000000 ____D C:\Users\Tristan\AppData\Local\IW4M
2013-06-12 23:10 - 2013-04-13 23:25 - 00000000 ____D C:\ProgramData\Origin
2013-06-12 21:01 - 2013-04-13 22:29 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-08 20:53 - 2013-04-13 23:25 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Origin
2013-06-08 20:53 - 2013-04-13 23:25 - 00000000 ____D C:\Users\Tristan\AppData\Local\Origin
2013-06-08 16:08 - 2013-06-22 01:31 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-22 01:31 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-22 01:31 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-22 01:31 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-22 01:31 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-22 01:31 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-22 01:31 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-22 01:31 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-22 01:31 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-22 01:31 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-22 01:31 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-22 01:31 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-29 17:32

==================== End Of Log ============================
         

--- --- ---

--- --- ---


Ich hoffe es hilft,

Semmel

Das sind nur Temp-Files

Adobe Reader bitte updaten.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Noch Probleme?

Hallo Schrauber,
danke für deine Hilfe.
Ist das Problem jetzt gelöst? Die "END" Datei ist zumindest nicht mehr vorhanden. Was war das überhaupt für eine Datei? Kann sie Schaden verursacht haben?

Mit freundlichen Grüßen,
Semmel

Hi,

die gehörte zu Adware, nix dramatisches

Die Reihenfolge ist hier entscheidend.

1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
   • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
   • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
   • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
3. Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
   • Schließe alle offenen Programme.
   • Starte die delfix.exe mit einem Doppelklick.
   • Setze vor jede Funktion ein Häkchen.
   • Klicke auf Start.
   • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
   • Starte deinen Rechner abschließend neu.
4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

• Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
• Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
• Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
• Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Hi,

ich habe jetzt alle Programme so entfernt, wie du es beschrieben hast. Ich denke wir sind jetzt fertig oder?
Auf jeden Fall muss ich mich ganz herzlich bei dir bedanken Kaum zu glauben, dass du das alles in deiner Freizeit machst. Wirklich sehr sehr nett.

Mit freundlichen Grüßen,
Semmel

Sorry das mit den Codetags war falsch, eigentlich sollte das hier kommen

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

• Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
• Windows Updates
  • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
  • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
• Gehe sicher das die automatischen Updates aktiviert sind.
• Software Updates
  Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
  Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

• Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

• MalwareBytes Anti Malware
  Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
  Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
  Ein Tutorial zur Verwendung findest Du hier.
• WinPatrol
  Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

• SpywareBlaster
  Eine kurze Einführung findest du Hier
• MVPs hosts file
  Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
• WOT (Web of trust)
  Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

• Opera
• Mozilla Firefox.
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts

• Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
• verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
• Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
• Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Jap es hat sich alles geklärt. Nochmals ein großes Dankeschön für deine kompetente Hilfe

Mit freundlich und dankbaren Grüßen,
Semmel