Computer stürzt ab, läuft dann stabil. Virus oder Hardwaredefekt?

Schomsi · 04.09.2013, 21:29

Hallo allerseits,

zunächst das Wesentliche:
Windows 7 Home Premium Home Edition
ATI Radeon HD 5450

Hab nun schon seit einigen Monaten ein Problem mit meinem PC. Es hat sich seitdem ein wenig gewandelt, aber seit etwa... 3(?) Monaten verhält er sich immer ziemlich gleich.

Zunächst stell ich ihn an, er fährt hoch, läuft für ca. 3 min, dann ein ganz hässliches, quer-verzerrtes Bild und Absturz (ungefähr so:

; das Bild stammt nicht von meinem PC, hab leider keine Kamera.)
(was mir aufgefallen ist, er scheint nicht richtig hochzufahren, kein hellblauer Hintergrund, kein "Willkommen", sondern sofort der Desktop, als wär er in Standby gewesen. Weiß nicht, ob das wichtig sein könnte...)

Danach stell ich ihn wieder an, da stürzt er meist schon beim Hochfahren ab. Beim nächsten Mal kommt dann oft die Starthilfe. Die nützt aber auch nix, manchmal stürzt er auch während der Starthilfe ab. Ansonsten kurz danach.
Wenn ich ihn dann ein weiteres Mal hochfahre, läuft er in der Regel einwandfrei. Stundenlang, Spielezocken ist kein Problem.

Die ganze Prozedur kann sich jeweils etwas unterscheiden. Manchmal stürzt er ein weiteres Mal ab, manchmal kommt keine Starthilfe, manchmal kommt auch das verzerrte Bild ein weiteres Mal...
Aber im Prinzip bleibts immer gleich. Und vor allem: Am Ende läuft der PC eigentlich immer stabil.

Nun hab ich verschiedene Fragen:
1) Kann das ein Virus-Problem sein oder eher kaputte Hardware?
Ein Freund, der sich ein bisschen mit PCs auskennt, meinte, dass es gut am Arbeitsspeicher liegen könnte (hab ich mit dem windowseigenen Programm durchgecheckt: nix), ebenso an der Grafikkarte (das kann ich aber auch kaum glauben, da es ja eigentlich nur beim Hochfahren Probleme gibt, und wenn er erstmal läuft, dann läuft er..).

2) Hab mit Malwarebytes ne Komplettuntersuchung gemacht und jede Menge gefunden. Nun möchte ich nicht einfach alles blind löschen und die Sache dadurch noch schlimmer, denn viele der Einträge hängen wohl irgendwie mit der Registry zusammen. (Und auch wenn ich nur ahnen kann, was das genau ist, hab ich mittlerweile mitgekriegt, das man da nicht rumfuhrwerken soll

)
Deswegen hier mein Ergebnis und nochmal die Frage: Soll ich das alles löschen???

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.04.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
Tristan :: HAL [Administrator]

Schutz: Deaktiviert

04.09.2013 15:26:13
MBAM-log-2013-09-04 (21-56-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 650473
Laufzeit: 5 Stunde(n), 58 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 20
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> Keine Aktion durchgeführt.
HKCU\Software\DataMngr (PUP.Optional.DataMngr) -> Keine Aktion durchgeführt.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 5
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Keine Aktion durchgeführt.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0F1H1M1E1M1R1QtG0OtFzs -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 9
C:\Users\Tristan\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
C:\Users\Tristan\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Tristan\AppData\Roaming\OpenCandy\3FE96299A1A4470EB36233A99120D768 (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Tristan\AppData\Roaming\OpenCandy\5B07587216934404B44FE061D12B24C5 (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Tristan\AppData\Roaming\OpenCandy\E6191646FF4C469DA9E5AEA5363AE025 (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Tristan\AppData\Roaming\OpenCandy\OpenCandy_3FE96299A1A4470EB36233A99120D768 (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.

Infizierte Dateien: 23
C:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Keine Aktion durchgeführt.
C:\$RECYCLE.BIN\S-1-5-21-52014972-690284243-1808445519-1000\$RX4NOAR\System\t3.exe (Spyware.Zbot.USBV) -> Keine Aktion durchgeführt.
C:\Windows\System32\roboot.exe (PUP.Optional.PCPerformer.A) -> Keine Aktion durchgeführt.
C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\trz4FBC.tmp (PUP.Optional.Installrex) -> Keine Aktion durchgeführt.
C:\Users\Tristan\AppData\Local\Temp\DTLite4471-0337.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Tristan\AppData\Roaming\OpenCandy\5B07587216934404B44FE061D12B24C5\DeltaTB.exe (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Users\Tristan\AppData\Roaming\OpenCandy\OpenCandy_3FE96299A1A4470EB36233A99120D768\LatestDLMgr.exe (PUP.Optional.OpenCandy.A) -> Keine Aktion durchgeführt.
C:\Users\Tristan\Programme u.ä\installer_anydvd_6_3_0_3_final_Deutsch_Deutsch.exe (PUP.SmsPay.pns) -> Keine Aktion durchgeführt.
C:\Users\Tristan\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
C:\Users\Tristan\AppData\Roaming\OpenCandy\3FE96299A1A4470EB36233A99120D768\3135.ico (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Tristan\AppData\Roaming\OpenCandy\3FE96299A1A4470EB36233A99120D768\TuneUpUtilities2013-2200218-p3v0.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Tristan\AppData\Roaming\OpenCandy\3FE96299A1A4470EB36233A99120D768\TuneUpUtilities2013-2200218_de-DE.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Tristan\AppData\Roaming\OpenCandy\5B07587216934404B44FE061D12B24C5\5471.ico (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Tristan\AppData\Roaming\OpenCandy\5B07587216934404B44FE061D12B24C5\EBB77268-338F-4C6A-8590-AD88FED26F4A (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Tristan\AppData\Roaming\OpenCandy\5B07587216934404B44FE061D12B24C5\OCBrowserHelper_1.0.6.125.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Tristan\AppData\Roaming\OpenCandy\E6191646FF4C469DA9E5AEA5363AE025\4649.ico (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Tristan\AppData\Roaming\OpenCandy\E6191646FF4C469DA9E5AEA5363AE025\EBB77268-338F-4C6A-8590-AD88FED26F4A (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Tristan\AppData\Roaming\OpenCandy\E6191646FF4C469DA9E5AEA5363AE025\Installer.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Tristan\AppData\Roaming\OpenCandy\E6191646FF4C469DA9E5AEA5363AE025\OCBrowserHelper_1.0.6.128.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.

(Ende)

Ich würd sagen, es ist klar, dass ich im Laufe der Zeit jede Menge ausprobiert habe, um das Problem zu beheben. Was das genau alles war, das kann ich wohl gar nicht alles aufzählen... Aber auf Nachfrage wüsst ichs wohl noch.

Vielleicht sollte ich noch hinzufügen, dass alles damit angefangen hat, dass bei jedem Start automatisch und erfolglos versucht wurde das SP1 zu installieren. Das hat auch immer eeeeeeeeewig gedauert. Hat erst immer alles runtergeladen, installiert, dann festgestellt, dass es nicht geht, und dann wieder alles auf den status quo gesetzt. Ich nehm mal an, dass das über mehrere Monate auch nicht sonderlich gut sein kann..

Irgendwann wars dann aber doch drauf und jetzt hab ich die Abstürze.
(Ich bin mir nicht 100%ig sicher, aber ich glaube, dass diese Querstreifen schon da waren, bevor das SP1 drauf war. "Normale" Abstürze in häufigerer Zahl gabs auf jeden Fall auch schon vor dem SP1 bzw. in etwa seit der Zeit, als es bei jedem Start automatisch installiert wurde.)

Gut, ich würd sagen, das reicht erstmal. Falls noch weitere Infos erforderlich sind, bitte fragen.
Ansonsten möchte ich mich schon mal ganz herzlich bedanken. Allein schon für die Bereitschaft, mir zu helfen.
Vielen Dank!!

schrauber · 05.09.2013, 04:02

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Schomsi · 05.09.2013, 13:50

Hallo,
danke schon mal für die schnelle Antwort.
Hab den Scan grad durchgeführt und hier sind die Ergebnisse:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-09-2013
Ran by Tristan (administrator) on HAL on 05-09-2013 14:40:22
Running from C:\Users\Tristan\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Realtek) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(WiseCleaner.com) C:\Program Files\Wise\Wise Care 365\WiseTray.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11947080 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKCU\...\Policies\Explorer: [NoDriveAutorun] 0
HKCU\...\Policies\Explorer: [NoDriveTypeAutoRun] 221
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
MountPoints2: {a87a5fdc-b426-11e0-9897-6c626d9212ea} - I:\blank.exe
HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [x]
HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()
HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [x]

==================== Internet (Whitelisted) ====================

ProxyServer: http-proxy.fu-berlin.de:80
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=93bee78c-1d22-4af9-b043-058bd59030c2&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=16/06/2013&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=93bee78c-1d22-4af9-b043-058bd59030c2&searchtype=hp&fr=linkury-tb&installDate=16/06/2013&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=93bee78c-1d22-4af9-b043-058bd59030c2&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=16/06/2013&type=hp1000
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=93bee78c-1d22-4af9-b043-058bd59030c2&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=16/06/2013&type=hp1000
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=93bee78c-1d22-4af9-b043-058bd59030c2&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=16/06/2013&type=hp1000
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {165562B3-BD7A-467C-B852-0BADE9EFF219} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=38cb0152-fcb6-11e0-82d1-6c626d9212ea&q={searchTerms}
SearchScopes: HKLM - {481FB855-EFC2-48E7-928A-76B7FAB7DA59} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=38cb0152-fcb6-11e0-82d1-6c626d9212ea&q={searchTerms}
SearchScopes: HKLM - {5A629FD9-F526-4493-B915-A7D5A2816B10} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=38cb0152-fcb6-11e0-82d1-6c626d9212ea&q={searchTerms}
SearchScopes: HKLM - {B1C6A53C-1551-4D95-9A1C-2E62AC31BD6C} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=38cb0152-fcb6-11e0-82d1-6c626d9212ea&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=93bee78c-1d22-4af9-b043-058bd59030c2&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=16/06/2013&type=hp1000
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=93bee78c-1d22-4af9-b043-058bd59030c2&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=16/06/2013&type=hp1000
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: IE5BarLauncherBHO Class - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - VShareToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU -VShareToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} hxxp://download.sopcast.com/download/SOPCORE.CAB
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Tristan\AppData\Roaming\Mozilla\Firefox\Profiles\kcczhbk5.default
FF user.js: detected! => C:\Users\Tristan\AppData\Roaming\Mozilla\Firefox\Profiles\kcczhbk5.default\user.js
FF NewTab: about:blank
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://www.google.de/webhp?rls=ig
FF Keyword.URL: hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=93bee78c-1d22-4af9-b043-058bd59030c2&searchtype=ds&fr=linkury-tb&installDate=16/06/2013&type=hp1000&p=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @torrentstream.net/tsplugin,version=1.0.6 - C:\Users\Tristan\AppData\Roaming\TorrentStream\player\npts.dll (The Torrent Stream and VideoLAN and Delft University of Technology)
FF SearchPlugin: C:\Users\Tristan\AppData\Roaming\Mozilla\Firefox\Profiles\kcczhbk5.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [magicplayer@torrentstream.org] C:\Users\Tristan\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: TS Magic Player - C:\Users\Tristan\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org

Chrome: 
=======
CHR HomePage: hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=93bee78c-1d22-4af9-b043-058bd59030c2&searchtype=hp&fr=linkury-tb&installDate=16/06/2013&type=hp1000
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Torrent Stream P2P Multimedia Plug-in) - C:\Users\Tristan\AppData\Roaming\TorrentStream\player\npts.dll (The Torrent Stream and VideoLAN and Delft University of Technology)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (VshareComplete plugin for chrome) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0
CHR Extension: (AdBlock) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0
CHR Extension: (vshare plugin) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (YouTube Unblocker) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl\0.4.5_0
CHR Extension: (TS Magic Player) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ochbjojkpcmlfeagbaahkofepalngihg\1.1.28_0
CHR Extension: (Gmail) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [dlfienamagdnkekbbbocojppncdambda] - C:\Program Files\VshareComplete\chrome\VshareCompleteChrome.crx
CHR HKLM\...\Chrome\Extension: [kpionmjnkbpcdpcflammlgllecmejgjj] - C:\Program Files\vShare.tv plugin\vshareplg.crx

========================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-03-28] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S4 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Realtek11nSU; C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP4\RpcAgentSrv.exe [71832 2009-06-15] (SiSoftware)
S4 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [537592 2012-08-03] (Cisco Systems, Inc.)
S2 WiseBootAssistant; C:\Program Files\Wise\Wise Care 365\BootTime.exe [580232 2013-04-25] (WiseCleaner.com)

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-08-03] (Cisco Systems, Inc.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70824 2012-10-11] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34984 2012-10-11] (Advanced Micro Devices)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121208 2012-05-02] (SlySoft, Inc.)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-28] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-10-02] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2013-08-31] (Disc Soft Ltd)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
R1 Eve; C:\Windows\System32\DRIVERS\eve.sys [33624 2013-03-28] ()
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [23136 2012-07-16] (JMicron Technology Corp.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-10-02] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-09-04] (Malwarebytes Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP4\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S3 SynasUSB; system32\drivers\SynasUSB.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-05 14:30 - 2013-09-05 14:30 - 00000000 ____D C:\FRST
2013-09-05 14:28 - 2013-09-05 14:29 - 01080319 _____ (Farbar) C:\Users\Tristan\Downloads\FRST.exe
2013-09-02 20:13 - 2013-09-04 15:25 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-09-02 18:27 - 2013-09-02 18:27 - 00144168 _____ C:\Windows\Minidump\090213-23790-01.dmp
2013-09-02 18:04 - 2013-09-02 18:04 - 00144168 _____ C:\Windows\Minidump\090213-23977-01.dmp
2013-09-02 06:42 - 2013-09-02 06:42 - 00002436 _____ C:\Users\Tristan\Desktop\piece by piece2.txt
2013-09-02 04:19 - 2013-09-02 06:08 - 00001456 _____ C:\Users\Tristan\Desktop\piece by piece.txt
2013-08-31 23:32 - 1996-11-11 08:00 - 00051472 ____R (Microsoft Corporation) C:\Windows\system32\IMAGECFG.EXE
2013-08-31 23:31 - 2013-08-31 23:31 - 00024643 _____ C:\Users\Tristan\Downloads\imagecfg.zip
2013-08-31 23:31 - 2013-08-31 23:31 - 00000000 ____D C:\Users\Tristan\Downloads\imagecfg
2013-08-31 23:16 - 2013-08-31 23:16 - 00292184 _____ (Microsoft Corporation) C:\Users\Tristan\Downloads\dxwebsetup.exe
2013-08-31 23:16 - 2013-08-31 23:16 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-08-31 23:16 - 2013-08-31 23:16 - 00000000 ____D C:\Windows\system32\directx
2013-08-31 23:06 - 2013-08-31 23:06 - 00036814 _____ C:\Users\Tristan\Downloads\Thief_3_Deadly_Shadows.zip
2013-08-31 23:06 - 2013-08-31 23:06 - 00000000 ____D C:\Users\Tristan\Downloads\Thief_3_Deadly_Shadows
2013-08-31 23:01 - 2013-08-31 23:21 - 00003387 _____ C:\Windows\DirectX.log
2013-08-31 22:59 - 2013-08-31 22:59 - 00000000 ____D C:\Users\Tristan\Documents\Thief - Deadly Shadows
2013-08-31 22:55 - 2013-08-31 22:55 - 03739173 _____ (                                                            ) C:\Users\Tristan\Downloads\Setup_T3SneakyUpgrade_1.1.2.1.exe
2013-08-31 22:46 - 2013-08-31 22:46 - 00000000 ____D C:\Users\Public\Documents\Thief - Deadly Shadows
2013-08-31 22:24 - 2013-08-31 22:24 - 00000000 ____D C:\Users\Tristan\Downloads\T3Patch
2013-08-31 22:23 - 2013-08-31 22:24 - 00424623 _____ C:\Users\Tristan\Downloads\T3Patch.zip
2013-08-31 21:40 - 2013-08-31 21:40 - 00243128 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-08-31 21:36 - 2013-08-31 21:36 - 00001856 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-08-31 21:34 - 2013-08-31 21:40 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2013-08-31 17:57 - 2013-08-31 17:57 - 01075237 _____ (SWE Sven Ritter                        ) C:\Users\Tristan\Downloads\bio7646.exe
2013-08-31 17:52 - 2013-08-31 17:52 - 00000000 ____D C:\Program Files\CPUID
2013-08-31 17:50 - 2013-08-31 17:50 - 01458872 _____ (                                                            ) C:\Users\Tristan\Downloads\cpu-z_1.66.1-setup-en.exe
2013-08-31 16:04 - 2013-08-31 16:04 - 00000000 _____ C:\Users\Tristan\AppData\Roaming\kcczhbk5.default.tmp
2013-08-31 15:59 - 2013-08-31 15:59 - 00065536 _____ C:\Users\Tristan\AppData\Roaming\kcczhbk5.default.dat
2013-08-31 15:59 - 2013-08-31 15:59 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\xmldm
2013-08-31 15:59 - 2013-08-31 15:59 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\ckoock
2013-08-31 04:20 - 2013-08-31 04:20 - 00000065 _____ C:\Windows\wininit.ini
2013-08-31 04:13 - 2013-08-31 04:13 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Malwarebytes
2013-08-31 04:13 - 2013-08-31 04:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-31 04:13 - 2013-08-31 04:13 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-31 04:13 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-31 04:12 - 2013-08-31 04:13 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tristan\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-30 18:30 - 2013-08-30 18:30 - 00144168 _____ C:\Windows\Minidump\083013-27955-01.dmp
2013-08-29 17:23 - 2013-08-29 17:23 - 00000000 ____D C:\Program Files\Common Files\Java
2013-08-29 17:22 - 2013-08-29 17:22 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-29 17:22 - 2013-08-29 17:22 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-29 17:22 - 2013-08-29 17:22 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-29 17:22 - 2013-08-29 17:22 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-08-29 17:11 - 2013-08-29 17:11 - 00903080 _____ (Oracle Corporation) C:\Users\Tristan\Downloads\chromeinstall-7u25.exe
2013-08-29 02:55 - 2013-08-29 02:55 - 00000000 ____D C:\Windows\system32\RTCOM
2013-08-29 02:54 - 2013-05-21 21:50 - 02666248 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2013-08-29 02:54 - 2013-05-21 15:57 - 00117832 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2013-08-29 02:54 - 2013-05-21 12:11 - 04164376 _____ (ASUSTeKcomputer.Inc) C:\Windows\system32\RTKSMlfx.dll
2013-08-29 02:54 - 2013-05-21 12:08 - 00711512 _____ (A-Volute) C:\Windows\system32\RTKSMSettingsIPC.dll
2013-08-29 02:54 - 2013-05-20 16:16 - 00769096 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2013-08-29 02:54 - 2013-05-20 14:36 - 02535496 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2013-08-29 02:54 - 2013-05-14 21:27 - 05479244 _____ C:\Windows\system32\Drivers\rtvienna.dat
2013-08-29 02:54 - 2013-05-02 12:01 - 01824000 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2013-08-29 02:54 - 2013-04-30 19:53 - 03237448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2013-08-29 02:54 - 2013-04-30 14:29 - 00860720 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2013-08-29 02:54 - 2013-04-24 17:16 - 01596488 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2013-08-29 02:54 - 2013-04-16 06:23 - 00709400 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt32.dll
2013-08-29 02:54 - 2013-04-16 06:23 - 00548632 _____ (SRS Labs, Inc.) C:\Windows\system32\sltech32.dll
2013-08-29 02:54 - 2013-04-16 06:23 - 00341272 _____ (SRS Labs, Inc.) C:\Windows\system32\sl3apo32.dll
2013-08-29 02:54 - 2013-04-16 06:23 - 00186136 _____ (TODO: <Company name>) C:\Windows\system32\slprp32.dll
2013-08-29 02:54 - 2012-01-30 11:42 - 00819648 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo2.dll
2013-08-29 02:54 - 2012-01-10 10:20 - 00058264 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\TepeqAPO.dll
2013-08-29 02:54 - 2011-11-22 16:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2013-08-29 02:54 - 2011-09-02 14:21 - 00214368 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK.dll
2013-08-29 02:54 - 2011-09-02 14:21 - 00074080 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM.dll
2013-08-29 02:54 - 2011-09-02 14:21 - 00068960 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO.dll
2013-08-29 02:54 - 2011-03-17 12:16 - 01379760 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2013-08-29 02:54 - 2011-03-07 17:03 - 00134584 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2013-08-29 02:54 - 2009-11-24 09:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2013-08-29 02:54 - 2009-11-24 09:55 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2013-08-29 02:54 - 2009-11-24 09:55 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2013-08-29 02:54 - 2009-11-24 09:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2013-08-29 02:54 - 2009-11-18 18:42 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
2013-08-29 02:53 - 2013-05-21 15:05 - 00576929 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-08-29 02:53 - 2013-05-21 14:16 - 24962560 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes.dat
2013-08-29 02:53 - 2013-05-02 12:01 - 00788224 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2013-08-29 02:53 - 2013-05-02 12:00 - 01932032 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2013-08-29 02:53 - 2013-04-23 00:39 - 02388000 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2013-08-29 02:53 - 2013-04-18 13:48 - 13780736 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2013-08-29 02:53 - 2013-04-18 13:48 - 02886400 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN.dll
2013-08-29 02:53 - 2013-04-18 13:48 - 01661184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek2.dll
2013-08-29 02:53 - 2013-04-15 11:19 - 00642816 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO50.dll
2013-08-29 02:53 - 2013-04-03 14:12 - 00852016 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2013-08-29 02:53 - 2013-03-20 13:17 - 08872216 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA.dll
2013-08-29 02:53 - 2012-12-12 11:17 - 00350664 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2013-08-29 02:53 - 2012-10-02 14:39 - 00426952 _____ (DTS) C:\Windows\system32\DTSU2PLFX32.dll
2013-08-29 02:53 - 2012-10-02 14:39 - 00402888 _____ (DTS) C:\Windows\system32\DTSU2PGFX32.dll
2013-08-29 02:53 - 2012-10-02 14:39 - 00346056 _____ (DTS) C:\Windows\system32\DTSU2PREC32.dll
2013-08-29 02:53 - 2012-09-10 20:06 - 00549240 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO40.dll
2013-08-29 02:53 - 2012-08-31 19:17 - 07162128 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP32A.dll
2013-08-29 02:53 - 2012-08-31 19:17 - 00352016 _____ (Dolby Laboratories) C:\Windows\system32\R4EED32A.dll
2013-08-29 02:53 - 2012-08-31 19:17 - 00106768 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL32A.dll
2013-08-29 02:53 - 2012-08-31 19:17 - 00091920 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA32A.dll
2013-08-29 02:53 - 2012-08-31 19:17 - 00062224 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG32A.dll
2013-08-29 02:53 - 2012-07-15 21:13 - 00349048 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2013-08-29 02:53 - 2011-08-23 17:00 - 00357712 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 01509480 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 01292904 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 01220200 _____ (DTS) C:\Windows\system32\DTSBoostDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00654952 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00631400 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00601704 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00458344 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00389736 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00375400 _____ (DTS) C:\Windows\system32\DTSLimiterDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00218728 _____ (DTS) C:\Windows\system32\DTSGFXAPONS.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00218728 _____ (DTS) C:\Windows\system32\DTSGFXAPO.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00218216 _____ (DTS) C:\Windows\system32\DTSLFXAPO.dll
2013-08-29 02:53 - 2010-11-08 07:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2013-08-29 02:53 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2013-08-29 02:53 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2013-08-29 02:53 - 2010-11-08 07:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2013-08-29 02:53 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2013-08-29 02:53 - 2010-11-08 07:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2013-08-29 02:53 - 2010-09-27 09:34 - 00232792 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2013-08-29 02:53 - 2009-12-04 15:43 - 00132368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2013-08-29 02:52 - 2013-03-23 03:43 - 00181960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2013-08-29 02:52 - 2012-06-20 17:26 - 00090624 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-08-29 02:52 - 2012-03-08 11:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2013-08-29 02:42 - 2013-08-29 02:42 - 00000000 ____D C:\Users\Tristan\Documents\DriverEasy
2013-08-29 02:41 - 2013-08-29 02:41 - 03017672 _____ (Easeware                                                    ) C:\Users\Tristan\Downloads\DriverEasy_Setup_454.exe
2013-08-29 02:33 - 2013-08-29 02:33 - 28211040 _____ (TuneUp Software) C:\Users\Tristan\Downloads\TuneUpUtilities2013_de-DE.exe
2013-08-28 23:40 - 2013-08-28 23:40 - 00007865 _____ C:\Users\Tristan\Desktop\gh.mid
2013-08-28 23:24 - 2013-08-28 23:24 - 00001091 _____ C:\Users\Public\Desktop\WaveLab Elements 7.lnk
2013-08-28 23:24 - 2009-05-18 14:17 - 00026600 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-08-28 23:18 - 2013-08-28 23:18 - 00002239 _____ C:\Users\Tristan\Desktop\Cubase LE AI Elements 6.lnk
2013-08-25 00:08 - 2013-08-25 00:08 - 00000000 ____D C:\23
2013-08-25 00:04 - 2013-08-25 00:04 - 00381240 _____ C:\Users\Tristan\Downloads\429360_intl_i386_zip.exe
2013-08-23 23:12 - 2013-08-23 23:12 - 00000000 ____D C:\Program Files\Geeks3D
2013-08-23 23:11 - 2013-08-23 23:11 - 04816605 _____ (Geeks3D                                                     ) C:\Users\Tristan\Downloads\FurMark_1.11.0_Setup.exe
2013-08-20 22:45 - 2013-08-24 22:31 - 00000000 ____D C:\ProgramData\Avira
2013-08-20 22:32 - 2013-08-20 22:34 - 110344048 _____ C:\Users\Tristan\Downloads\avira_free_antivirus85_de.exe
2013-08-20 22:28 - 2013-08-20 22:28 - 00144168 _____ C:\Windows\Minidump\082013-28704-01.dmp
2013-08-19 20:47 - 2013-08-19 20:47 - 00001032 _____ C:\Users\Tristan\Desktop\EVEREST Home Edition.lnk
2013-08-19 20:47 - 2013-08-19 20:47 - 00000000 ____D C:\Program Files\Lavalys
2013-08-19 20:46 - 2013-08-19 20:46 - 04179293 _____ (Lavalys, Inc.                                               ) C:\Users\Tristan\Downloads\everesthome220.exe
2013-08-19 20:28 - 2013-08-19 20:28 - 00144168 _____ C:\Windows\Minidump\081913-36473-01.dmp
2013-08-19 20:18 - 2013-09-03 22:14 - 00001967 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-08-15 18:03 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 18:03 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 18:03 - 2013-07-26 05:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 18:03 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 18:03 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 18:03 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 18:03 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 18:03 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 18:03 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 18:03 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 18:03 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 18:03 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 18:03 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 18:03 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 18:03 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 18:03 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 18:15 - 2013-08-14 18:15 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2013-08-14 18:15 - 2013-08-14 18:15 - 00000000 ____D C:\Program Files\NirSoft
2013-08-14 18:14 - 2013-08-14 18:15 - 00141480 _____ C:\Users\Tristan\Downloads\bluescreenview_152setup.exe
2013-08-14 18:11 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 18:11 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 18:11 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 18:11 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 18:11 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 18:11 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 18:11 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 18:11 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 18:11 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 18:11 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 18:11 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 18:11 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 17:59 - 2013-09-02 18:26 - 436359241 _____ C:\Windows\MEMORY.DMP
2013-08-14 17:59 - 2013-08-14 17:59 - 00144168 _____ C:\Windows\Minidump\081413-29998-01.dmp
2013-08-11 16:27 - 2013-08-31 21:38 - 00016762 _____ C:\Windows\PFRO.log
2013-08-11 01:00 - 2013-09-05 14:32 - 00007934 _____ C:\Windows\setupact.log
2013-08-11 01:00 - 2013-08-11 01:00 - 00000000 _____ C:\Windows\setuperr.log
2013-08-08 18:42 - 2013-08-08 19:42 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-08-07 18:33 - 2013-08-07 18:33 - 00001182 _____ C:\Users\Tristan\Desktop\Revo Uninstaller.lnk
2013-08-07 18:33 - 2013-08-07 18:33 - 00000000 ____D C:\Program Files\VS Revo Group
2013-08-07 18:30 - 2013-08-07 18:30 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Tristan\Downloads\revosetup95.exe
2013-08-07 18:28 - 2013-08-07 18:28 - 00000000 ____D C:\Users\Tristan\Downloads\spacesniffer_1_1_4_0
2013-08-07 18:27 - 2013-08-07 18:28 - 01536858 _____ C:\Users\Tristan\Downloads\spacesniffer_1_1_4_0.zip

==================== One Month Modified Files and Folders =======

2013-09-05 14:40 - 2009-07-14 06:34 - 00010432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-05 14:40 - 2009-07-14 06:34 - 00010432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-05 14:36 - 2013-07-10 22:33 - 01774532 _____ C:\Windows\WindowsUpdate.log
2013-09-05 14:34 - 2013-06-09 17:30 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Wise Care 365
2013-09-05 14:34 - 2013-05-25 12:15 - 00000402 _____ C:\Windows\Tasks\Wise Care 365.job
2013-09-05 14:34 - 2011-02-08 22:34 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-05 14:34 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-05 14:33 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-05 14:32 - 2013-08-11 01:00 - 00007934 _____ C:\Windows\setupact.log
2013-09-05 14:30 - 2013-09-05 14:30 - 00000000 ____D C:\FRST
2013-09-05 14:29 - 2013-09-05 14:28 - 01080319 _____ (Farbar) C:\Users\Tristan\Downloads\FRST.exe
2013-09-05 14:24 - 2011-02-08 22:35 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-05 14:04 - 2012-05-29 13:19 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-05 03:30 - 2013-06-27 21:35 - 00000000 ____D C:\Users\Tristan\Documents\VSO Downloader
2013-09-04 15:25 - 2013-09-02 20:13 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-09-04 08:11 - 2011-03-18 00:44 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Winamp
2013-09-04 08:11 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2013-09-04 08:11 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-09-04 01:20 - 2011-04-23 00:48 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\vlc
2013-09-03 22:14 - 2013-08-19 20:18 - 00001967 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-03 22:14 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-09-03 22:13 - 2011-02-08 22:38 - 00000000 ____D C:\Users\Tristan
2013-09-03 00:36 - 2010-07-06 22:23 - 00005834 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-03 00:18 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-09-02 18:27 - 2013-09-02 18:27 - 00144168 _____ C:\Windows\Minidump\090213-23790-01.dmp
2013-09-02 18:27 - 2011-07-15 18:14 - 00000000 ____D C:\Windows\Minidump
2013-09-02 18:26 - 2013-08-14 17:59 - 436359241 _____ C:\Windows\MEMORY.DMP
2013-09-02 18:04 - 2013-09-02 18:04 - 00144168 _____ C:\Windows\Minidump\090213-23977-01.dmp
2013-09-02 06:42 - 2013-09-02 06:42 - 00002436 _____ C:\Users\Tristan\Desktop\piece by piece2.txt
2013-09-02 06:08 - 2013-09-02 04:19 - 00001456 _____ C:\Users\Tristan\Desktop\piece by piece.txt
2013-09-01 00:07 - 2011-04-18 19:24 - 00000000 ___RD C:\Users\Tristan\Hörbücher
2013-08-31 23:31 - 2013-08-31 23:31 - 00024643 _____ C:\Users\Tristan\Downloads\imagecfg.zip
2013-08-31 23:31 - 2013-08-31 23:31 - 00000000 ____D C:\Users\Tristan\Downloads\imagecfg
2013-08-31 23:21 - 2013-08-31 23:01 - 00003387 _____ C:\Windows\DirectX.log
2013-08-31 23:16 - 2013-08-31 23:16 - 00292184 _____ (Microsoft Corporation) C:\Users\Tristan\Downloads\dxwebsetup.exe
2013-08-31 23:16 - 2013-08-31 23:16 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-08-31 23:16 - 2013-08-31 23:16 - 00000000 ____D C:\Windows\system32\directx
2013-08-31 23:06 - 2013-08-31 23:06 - 00036814 _____ C:\Users\Tristan\Downloads\Thief_3_Deadly_Shadows.zip
2013-08-31 23:06 - 2013-08-31 23:06 - 00000000 ____D C:\Users\Tristan\Downloads\Thief_3_Deadly_Shadows
2013-08-31 22:59 - 2013-08-31 22:59 - 00000000 ____D C:\Users\Tristan\Documents\Thief - Deadly Shadows
2013-08-31 22:55 - 2013-08-31 22:55 - 03739173 _____ (                                                            ) C:\Users\Tristan\Downloads\Setup_T3SneakyUpgrade_1.1.2.1.exe
2013-08-31 22:46 - 2013-08-31 22:46 - 00000000 ____D C:\Users\Public\Documents\Thief - Deadly Shadows
2013-08-31 22:39 - 2011-03-15 18:38 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\uTorrent
2013-08-31 22:24 - 2013-08-31 22:24 - 00000000 ____D C:\Users\Tristan\Downloads\T3Patch
2013-08-31 22:24 - 2013-08-31 22:23 - 00424623 _____ C:\Users\Tristan\Downloads\T3Patch.zip
2013-08-31 22:17 - 2012-01-18 23:26 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-08-31 21:47 - 2010-09-15 15:00 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-08-31 21:46 - 2011-07-23 18:02 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-08-31 21:44 - 2011-07-23 18:02 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\DAEMON Tools Lite
2013-08-31 21:40 - 2013-08-31 21:40 - 00243128 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-08-31 21:40 - 2013-08-31 21:34 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2013-08-31 21:38 - 2013-08-11 16:27 - 00016762 _____ C:\Windows\PFRO.log
2013-08-31 21:36 - 2013-08-31 21:36 - 00001856 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-08-31 21:14 - 2013-03-29 18:42 - 00000000 ____D C:\Users\Tristan\Downloads\torrents
2013-08-31 17:57 - 2013-08-31 17:57 - 01075237 _____ (SWE Sven Ritter                        ) C:\Users\Tristan\Downloads\bio7646.exe
2013-08-31 17:52 - 2013-08-31 17:52 - 00000000 ____D C:\Program Files\CPUID
2013-08-31 17:50 - 2013-08-31 17:50 - 01458872 _____ (                                                            ) C:\Users\Tristan\Downloads\cpu-z_1.66.1-setup-en.exe
2013-08-31 16:07 - 2011-03-15 01:19 - 00000000 ____D C:\Users\Tristan\AppData\Local\Adobe
2013-08-31 16:04 - 2013-08-31 16:04 - 00000000 _____ C:\Users\Tristan\AppData\Roaming\kcczhbk5.default.tmp
2013-08-31 16:00 - 2012-05-29 13:19 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-31 16:00 - 2011-11-05 16:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-31 15:59 - 2013-08-31 15:59 - 00065536 _____ C:\Users\Tristan\AppData\Roaming\kcczhbk5.default.dat
2013-08-31 15:59 - 2013-08-31 15:59 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\xmldm
2013-08-31 15:59 - 2013-08-31 15:59 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\ckoock
2013-08-31 04:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Speech
2013-08-31 04:20 - 2013-08-31 04:20 - 00000065 _____ C:\Windows\wininit.ini
2013-08-31 04:13 - 2013-08-31 04:13 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Malwarebytes
2013-08-31 04:13 - 2013-08-31 04:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-31 04:13 - 2013-08-31 04:13 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-31 04:13 - 2013-08-31 04:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tristan\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-31 04:02 - 2011-03-24 22:40 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Orbit
2013-08-31 03:56 - 2013-05-07 03:07 - 00000000 ____D C:\Program Files\Ubi Soft
2013-08-30 18:30 - 2013-08-30 18:30 - 00144168 _____ C:\Windows\Minidump\083013-27955-01.dmp
2013-08-29 17:23 - 2013-08-29 17:23 - 00000000 ____D C:\Program Files\Common Files\Java
2013-08-29 17:22 - 2013-08-29 17:22 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-29 17:22 - 2013-08-29 17:22 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-29 17:22 - 2013-08-29 17:22 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-29 17:22 - 2013-08-29 17:22 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-08-29 17:22 - 2012-07-27 15:26 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll
2013-08-29 17:22 - 2010-10-13 18:38 - 00000000 ____D C:\Program Files\Java
2013-08-29 17:22 - 2010-07-06 23:32 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-29 17:11 - 2013-08-29 17:11 - 00903080 _____ (Oracle Corporation) C:\Users\Tristan\Downloads\chromeinstall-7u25.exe
2013-08-29 16:16 - 2011-08-27 18:50 - 00000000 ____D C:\Program Files\ElsterFormular
2013-08-29 15:51 - 2011-03-14 23:54 - 00000000 ____D C:\Users\Tristan\Arbeit
2013-08-29 03:22 - 2012-12-24 23:41 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\dvdcss
2013-08-29 02:55 - 2013-08-29 02:55 - 00000000 ____D C:\Windows\system32\RTCOM
2013-08-29 02:43 - 2013-07-17 23:39 - 00000000 ____D C:\Driver_allOS
2013-08-29 02:42 - 2013-08-29 02:42 - 00000000 ____D C:\Users\Tristan\Documents\DriverEasy
2013-08-29 02:41 - 2013-08-29 02:41 - 03017672 _____ (Easeware                                                    ) C:\Users\Tristan\Downloads\DriverEasy_Setup_454.exe
2013-08-29 02:33 - 2013-08-29 02:33 - 28211040 _____ (TuneUp Software) C:\Users\Tristan\Downloads\TuneUpUtilities2013_de-DE.exe
2013-08-28 23:40 - 2013-08-28 23:40 - 00007865 _____ C:\Users\Tristan\Desktop\gh.mid
2013-08-28 23:24 - 2013-08-28 23:24 - 00001091 _____ C:\Users\Public\Desktop\WaveLab Elements 7.lnk
2013-08-28 23:24 - 2011-12-25 20:00 - 00000000 ____D C:\Program Files\Steinberg
2013-08-28 23:18 - 2013-08-28 23:18 - 00002239 _____ C:\Users\Tristan\Desktop\Cubase LE AI Elements 6.lnk
2013-08-28 23:18 - 2011-12-25 20:00 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase LE AI Elements 6
2013-08-25 00:08 - 2013-08-25 00:08 - 00000000 ____D C:\23
2013-08-25 00:07 - 2011-02-08 22:39 - 00000000 ____D C:\Users\Tristan\AppData\Local\VirtualStore
2013-08-25 00:04 - 2013-08-25 00:04 - 00381240 _____ C:\Users\Tristan\Downloads\429360_intl_i386_zip.exe
2013-08-24 22:31 - 2013-08-20 22:45 - 00000000 ____D C:\ProgramData\Avira
2013-08-23 23:12 - 2013-08-23 23:12 - 00000000 ____D C:\Program Files\Geeks3D
2013-08-23 23:11 - 2013-08-23 23:11 - 04816605 _____ (Geeks3D                                                     ) C:\Users\Tristan\Downloads\FurMark_1.11.0_Setup.exe
2013-08-22 22:16 - 2013-07-10 22:43 - 00000000 ____D C:\Program Files\SpeedFan
2013-08-21 22:48 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-08-20 22:34 - 2013-08-20 22:32 - 110344048 _____ C:\Users\Tristan\Downloads\avira_free_antivirus85_de.exe
2013-08-20 22:28 - 2013-08-20 22:28 - 00144168 _____ C:\Windows\Minidump\082013-28704-01.dmp
2013-08-20 06:15 - 2012-11-17 21:02 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\.Torrent Stream
2013-08-19 20:47 - 2013-08-19 20:47 - 00001032 _____ C:\Users\Tristan\Desktop\EVEREST Home Edition.lnk
2013-08-19 20:47 - 2013-08-19 20:47 - 00000000 ____D C:\Program Files\Lavalys
2013-08-19 20:46 - 2013-08-19 20:46 - 04179293 _____ (Lavalys, Inc.                                               ) C:\Users\Tristan\Downloads\everesthome220.exe
2013-08-19 20:28 - 2013-08-19 20:28 - 00144168 _____ C:\Windows\Minidump\081913-36473-01.dmp
2013-08-17 16:52 - 2012-11-29 22:59 - 00000000 ____D C:\TorrentStream
2013-08-15 18:42 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-15 18:31 - 2010-07-06 23:11 - 00000000 ____D C:\Windows\Panther
2013-08-15 18:27 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-15 18:12 - 2013-07-13 09:58 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 18:08 - 2010-07-06 23:03 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 18:15 - 2013-08-14 18:15 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2013-08-14 18:15 - 2013-08-14 18:15 - 00000000 ____D C:\Program Files\NirSoft
2013-08-14 18:15 - 2013-08-14 18:14 - 00141480 _____ C:\Users\Tristan\Downloads\bluescreenview_152setup.exe
2013-08-14 17:59 - 2013-08-14 17:59 - 00144168 _____ C:\Windows\Minidump\081413-29998-01.dmp
2013-08-11 01:00 - 2013-08-11 01:00 - 00000000 _____ C:\Windows\setuperr.log
2013-08-09 16:16 - 2012-05-09 21:21 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-08 19:42 - 2013-08-08 18:42 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-08-07 18:33 - 2013-08-07 18:33 - 00001182 _____ C:\Users\Tristan\Desktop\Revo Uninstaller.lnk
2013-08-07 18:33 - 2013-08-07 18:33 - 00000000 ____D C:\Program Files\VS Revo Group
2013-08-07 18:30 - 2013-08-07 18:30 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Tristan\Downloads\revosetup95.exe
2013-08-07 18:28 - 2013-08-07 18:28 - 00000000 ____D C:\Users\Tristan\Downloads\spacesniffer_1_1_4_0
2013-08-07 18:28 - 2013-08-07 18:27 - 01536858 _____ C:\Users\Tristan\Downloads\spacesniffer_1_1_4_0.zip
2013-08-07 04:22 - 2010-07-06 23:02 - 00238872 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Files to move or delete:
====================
C:\Users\Tristan\AppData\Local\Temp\DTLite4471-0337.exe
C:\Users\Tristan\AppData\Local\Temp\gpushark.exe
C:\Users\Tristan\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Tristan\AppData\Local\Temp\sfareca00001.dll
C:\Users\Tristan\AppData\Local\Temp\SIntf16.dll
C:\Users\Tristan\AppData\Local\Temp\SIntf32.dll
C:\Users\Tristan\AppData\Local\Temp\SIntfNT.dll
C:\Users\Tristan\AppData\Local\Temp\utildel.exe
C:\Users\Tristan\AppData\Local\Temp\WLZABC8.tmp\CddbLangDE.dll
C:\Users\Tristan\AppData\Local\Temp\eLicenserInst\DotNetCheck.exe
C:\Users\Tristan\AppData\Local\Temp\eLicenserInst\eLicenserWISEHelper.exe
C:\Users\Tristan\AppData\Local\Temp\eLicenserInst\msvcr71.dll
C:\Users\Tristan\AppData\Local\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-01 22:31

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-09-2013
Ran by Tristan at 2013-09-05 14:41:31
Running from C:\Users\Tristan\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

"Nero SoundTrax Help (Version: 4.0.15.0)
µTorrent (HKCU Version: 3.3.1.29812)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 3.7.0.2090)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
Advertising Center (Version: 0.0.0.1)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328)
AMD APP SDK Runtime (Version: 10.0.1124.2)
AMD Catalyst Install Manager (Version: 8.0.911.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2013.0328.2218.38225)
AMD Media Foundation Decoders (Version: 1.0.80328.2203)
AMD VISION Engine Control Center (Version: 2013.0328.2218.38225)
AnyDVD (Version: 7.0.5.0)
ASIO4ALL
Audacity 1.2.6
avast! Free Antivirus (Version: 8.0.1489.0)
BurnInTest v7.1 Pro (Version: 7.1)
Canon ScanGear Starter
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2013.0328.2218.38225)
Catalyst Control Center InstallProxy (Version: 2013.0328.2218.38225)
Catalyst Control Center Localization All (Version: 2013.0328.2218.38225)
CCC Help Chinese Standard (Version: 2013.0328.2217.38225)
CCC Help Chinese Traditional (Version: 2013.0328.2217.38225)
CCC Help Czech (Version: 2013.0328.2217.38225)
CCC Help Danish (Version: 2013.0328.2217.38225)
CCC Help Dutch (Version: 2013.0328.2217.38225)
CCC Help English (Version: 2013.0328.2217.38225)
CCC Help Finnish (Version: 2013.0328.2217.38225)
CCC Help French (Version: 2013.0328.2217.38225)
CCC Help German (Version: 2013.0328.2217.38225)
CCC Help Greek (Version: 2013.0328.2217.38225)
CCC Help Hungarian (Version: 2013.0328.2217.38225)
CCC Help Italian (Version: 2013.0328.2217.38225)
CCC Help Japanese (Version: 2013.0328.2217.38225)
CCC Help Korean (Version: 2013.0328.2217.38225)
CCC Help Norwegian (Version: 2013.0328.2217.38225)
CCC Help Polish (Version: 2013.0328.2217.38225)
CCC Help Portuguese (Version: 2013.0328.2217.38225)
CCC Help Russian (Version: 2013.0328.2217.38225)
CCC Help Spanish (Version: 2013.0328.2217.38225)
CCC Help Swedish (Version: 2013.0328.2217.38225)
CCC Help Thai (Version: 2013.0328.2217.38225)
CCC Help Turkish (Version: 2013.0328.2217.38225)
ccc-utility (Version: 2013.0328.2218.38225)
CCleaner (Version: 4.03)
CDBurnerXP (Version: 4.5.1.4003)
Cisco AnyConnect Secure Mobility Client  (Version: 3.1.00495)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.00495)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Cisco Systems VPN Client 5.0.07.0410 (Version: 5.0.7)
Content Transfer (Version: 1.3.0.23190)
CorelDRAW Essentials 4
CorelDRAW Essentials 4 - Content (Version: 4.0)
CorelDRAW Essentials 4 - Draw (Version: 4.0)
CorelDRAW Essentials 4 - Filters (Version: 4.0)
CorelDRAW Essentials 4 - ICA (Version: 4.0)
CorelDRAW Essentials 4 - IPM - No VBA (Version: 4.0)
CorelDRAW Essentials 4 - Lang BR (Version: 4.0)
CorelDRAW Essentials 4 - Lang DE (Version: 4.0)
CorelDRAW Essentials 4 - Lang EN (Version: 4.0)
CorelDRAW Essentials 4 - Lang ES (Version: 4.0)
CorelDRAW Essentials 4 - Lang FR (Version: 4.0)
CorelDRAW Essentials 4 - Lang IT (Version: 4.0)
CorelDRAW Essentials 4 - Lang NL (Version: 4.0)
CorelDRAW Essentials 4 - PHOTO-PAINT (Version: 4.0)
CorelDRAW Essentials 4 - Windows Shell Extension
CorelDRAW Essentials 4 - Windows Shell Extension (Version: 1.1)
CorelDRAW Essentials 4 (Version: 4.0)
CPUID CPU-Z 1.66.1
CyberLink LabelPrint (Version: 2.5.2515)
CyberLink Power2Go (Version: 6.1.3602c)
CyberLink PowerDVD Copy (Version: 1.5.1306)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.47.1.0337)
DolbyFiles (Version: 2.0)
DVDx 2 (Version: 2.20)
eLicenser Control
ElsterFormular für Privatanwender (Version: 12.3.2.6814p)
ElsterFormular-Upgrade (Version: 14.3.11574)
eMule
EVEREST Home Edition v2.20 (Version: 2.20)
FormatFactory 2.60 (Version: 2.60)
Fotogalerie (Version: 16.4.3505.0912)
Fotogalerija (Version: 16.4.3505.0912)
Fotoğraf Galerisi (Version: 16.4.3505.0912)
Fotótár (Version: 16.4.3505.0912)
Free CD Ripper 3.1
Free Opener (Version: 1.4)
Free YouTube Download 3 version 3.0.6.715
Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922)
Galería de fotos (Version: 16.4.3505.0912)
Galeria fotografii (Version: 16.4.3505.0912)
Galerie de photos (Version: 16.4.3505.0912)
Geeks3D FurMark 1.11.0
Google Chrome (Version: 29.0.1547.66)
Google Drive (Version: 1.11.4865.2530)
Google Drive (Version: 1.9.4536.8202)
Google Earth Plug-in (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.153)
ImagXpress (Version: 7.0.74.0)
Internet-TV für Windows Media Center (Version: 4.2.2.0)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
JMicron 1394 Filter Driver (Version: 1.00.25.03)
Junk Mail filter update (Version: 16.4.3505.0912)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Massive ThirdAge Translator 1.0 (Version: 1.0)
Medieval II Total War (Version: 1.03.000)
Medieval II Total War : Kingdoms : Americas (Version: 1.05.000)
Medieval II Total War : Kingdoms : Britannia (Version: 1.05.000)
Medieval II Total War : Kingdoms : Crusades (Version: 1.05.000)
Medieval II Total War : Kingdoms : Teutonic (Version: 1.05.000)
Menu Templates - Starter Kit (Version: 9.0.4.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft PowerPoint Viewer (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual J# .NET Redistributable Package 1.1 (Version: 1.1.4322)
Movie Maker (Version: 16.4.3505.0912)
Movie Templates - Starter Kit (Version: 9.0.4.0)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 17.0.8)
Mozilla Thunderbird 17.0.8 (x86 de) (Version: 17.0.8)
MP3 Splitter 5.5.1
MP3 Splitter version 3.1
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Myst IV - Revelation (Version: 1)
Nero 9
Nero BurningROM (Version: 9.0.0.0)
Nero BurnRights (Version: 2.99.6.100)
Nero ControlCenter (Version: 0.0.0.1)
Nero ControlCenter (Version: 9.0.0.1)
Nero CoverDesigner (Version: 4.0.5.100)
Nero CoverDesigner Help (Version: 4.0.0.0)
Nero Disc Copy Gadget (Version: 1.53.0.0)
Nero Disc Copy Gadget Help (Version: 2.0.0.0)
Nero DiscSpeed (Version: 4.99.5.105)
Nero DriveSpeed (Version: 3.99.5.105)
Nero Express (Version: 9.0.0.0)
Nero InfoTool (Version: 5.99.5.105)
Nero Installer (Version: 2.0.0.1)
Nero Live (Version: 1.0.164.0)
Nero Live Help (Version: 1.0.162.0)
Nero PhotoSnap (Version: 1.53.2.0)
Nero PhotoSnap Help (Version: 1.53.2.0)
Nero Recode (Version: 3.53.0.0)
Nero Recode Help (Version: 3.53.0.0)
Nero Rescue Agent (Version: 1.99.0.1)
Nero RescueAgent Help (Version: 1.99.0.1)
Nero ShowTime (Version: 4.99.0.0)
Nero StartSmart (Version: 9.0.10.100)
Nero StartSmart Help (Version: 9.0.0.0)
Nero Vision (Version: 0.0.0.1)
Nero Vision (Version: 6.0.6.100)
Nero WaveEditor (Version: 5.0.18.0)
Nero WaveEditor Help (Version: 5.0.15.0)
NeroBurningROM (Version: 9.0.9.100)
NeroExpress (Version: 9.0.9.100)
neroxml (Version: 1.0.0)
NirSoft BlueScreenView
Notepad++ (Version: 6.3.1)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
PDF24 Creator 5.2.0
Photo Common (Version: 16.4.3505.0912)
Photo Gallery (Version: 16.4.3505.0912)
Poczta usługi Windows Live (Version: 16.4.3505.0912)
Podstawowe programy Windows Live (Version: 16.4.3505.0912)
Pošta Windows Live (Version: 16.4.3505.0912)
QuickTime (Version: 7.74.80.86)
Raccolta foto (Version: 16.4.3505.0912)
Realtek Ethernet Controller Driver (Version: 7.72.410.2013)
Realtek High Definition Audio Driver (Version: 6.0.1.6914)
REALTEK Wireless LAN Driver and Utility (Version: 1.00.0182)
Revo Uninstaller 1.95 (Version: 1.95)
Sierra-Dienstprogramme
SiSoftware Sandra Lite 2013.SP4 (Version: 19.50.2013.7)
Skat24sv
Sonnox Restoration Tools for Wavelab VST v1.0.0 (32-bit) (Version: 1.0.0)
SopCast 3.8.2 (Version: 3.8.2)
SoundTrax (Version: 4.0.18.0)
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Steinberg Cubase LE AI Elements 6 (Version: 6.0.2)
Steinberg Drum Loop Expansion 01 (Version: 2.0.0.0)
Steinberg Groove Agent ONE Content (Version: 1.0.0.003)
Steinberg Groove Agent ONE Vintage Beatboxes (Version: 1.0.0.000)
Steinberg HALion Sonic SE (Version: 1.6.0)
Steinberg HALion Sonic SE Content for Cubase LE AI Elements (Version: 1.5.2.000)
Steinberg HALionOne (Version: 1.1.0.457)
Steinberg HALionOne Essential Set (Version: 1.0.1.457)
Steinberg HALionOne Expression Set (Version: 1.0.1.0)
Steinberg HALionOne GM Drum Set (Version: 1.0.1.457)
Steinberg HALionOne GM Set (Version: 1.0.1.457)
Steinberg HALionOne Pro Set (Version: 1.0.1.457)
Steinberg HALionOne Studio Drum Set (Version: 1.0.1.457)
Steinberg HALionOne Studio Set (Version: 1.0.1.457)
Steinberg LoopMash Content (Version: 1.0.0.005)
Steinberg REVerence Content 01 (Version: 2.0.1.000)
Steinberg VST Amp Rack Content 01 (Version: 1.0.0.000)
StreamTorrent 1.0
swMSM (Version: 12.0.0.1)
Third Age - Total War 2.0 (Part1of2)
Third Age - Total War 2.0 (Part2of2)
Third Age - Total War 3.0 (Part 1of2)
Third Age - Total War 3.0 (Part 2of2)
Torrent Stream 1.0.6 (HKCU Version: 1.0.6)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
VideoPerformer
VLC media player 2.0.7 (Version: 2.0.7)
vShare.tv plugin 1.3 (Version: 1.3)
VshareComplete
VSO Downloader 3.0.3.5 (Version: 3.0.3.5)
VSO EVE Network Driver version 0.4 (Version: 0.4)
WaveLab Elements 7 (Version: 7.0.0.506)
Winamp (Version: 5.63 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mail (Version: 16.4.3505.0912)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live Temel Parçalar (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer (Version: 16.4.3505.0912)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 16.4.3505.0912)
WinRAR 5.00 beta 5 (32-bit) (Version: 5.00.5)
Wise Care 365 version 2.64 (Version: 2.64)
Συλλογή φωτογραφιών (Version: 16.4.3505.0912)
 

==================== Restore Points  =========================

28-08-2013 19:47:22 Removed Steinberg Cubase LE AI Elements 6
28-08-2013 21:16:56 Installed Steinberg Cubase LE AI Elements 6
29-08-2013 00:35:20 TuneUp Utilities 2013 wird installiert
29-08-2013 00:38:52 Revo Uninstaller's restore point - TuneUp Utilities 2013
29-08-2013 00:39:06 TuneUp Utilities 2013 wird entfernt
29-08-2013 00:40:02 TuneUp Utilities Language Pack (de-DE) wird entfernt
29-08-2013 15:20:52 Removed Java 7 Update 25
29-08-2013 15:22:11 Installed Java 7 Update 25
31-08-2013 01:49:43 Revo Uninstaller's restore point - DriverEasy 4.5.4
31-08-2013 01:55:38 Revo Uninstaller's restore point - Myst Masterpiece Edition
31-08-2013 01:56:00 Removed Myst Masterpiece Edition
31-08-2013 02:00:34 Revo Uninstaller's restore point - Orbit Downloader
31-08-2013 02:20:19 Revo Uninstaller's restore point - Sierra-Dienstprogramme
31-08-2013 19:41:29 Gerätetreiber-Paketinstallation: DT Soft Ltd Systemgeräte
31-08-2013 19:47:35 Installed Thief - Deadly Shadows
31-08-2013 20:25:56 Removed Thief - Deadly Shadows
31-08-2013 20:28:03 Installed Thief - Deadly Shadows
02-09-2013 17:22:55 Revo Uninstaller's restore point - Thief 3 Sneaky Upgrade version 1.1.2.1
02-09-2013 17:32:02 Revo Uninstaller's restore point - Thief - Deadly Shadows
02-09-2013 17:32:35 Removed Thief - Deadly Shadows
03-09-2013 09:40:36 Windows Update
03-09-2013 20:19:15 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2013-05-24 02:21 - 00005269 ____A C:\Windows\system32\Drivers\etc\hosts
160.45.252.2	vpn.fu-berlin.de
160.45.252.2	vpn.fu-berlin.de
160.45.252.2	vpn.fu-berlin.de
160.45.252.2	vpn.fu-berlin.de
160.45.252.2	vpn.fu-berlin.de
160.45.252.2	vpn.fu-berlin.de
160.45.252.2	vpn.fu-berlin.de
160.45.252.2	vpn.fu-berlin.de
160.45.252.2	vpn.fu-berlin.de
160.45.252.2	vpn.fu-berlin.de
160.45.252.2	vpn.fu-berlin.de
160.45.252.2	vpn.fu-berlin.de
160.45.252.2	vpn.fu-berlin.de
160.45.252.2	vpn.fu-berlin.de
160.45.252.2	vpn.fu-berlin.de
160.45.252.2	vpn.fu-berlin.de
160.45.252.2	vpn.fu-berlin.de
160.45.252.2	vpn.fu-berlin.de
160.45.252.2	vpn.fu-berlin.de
160.45.252.2	vpn.fu-berlin.de
160.45.252.2	vpn.fu-berlin.de
160.45.252.2	vpn.fu-berlin.de
160.45.252.2	vpn.fu-berlin.de
160.45.252.2	vpn.fu-berlin.de
160.45.252.2	vpn.fu-berlin.de
160.45.252.2	vpn.fu-berlin.de
160.45.252.2	vpn.fu-berlin.de
160.45.252.2	vpn.fu-berlin.de
160.45.252.2	vpn.fu-berlin.de

There are 97 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {0D264394-68A3-4B68-A9B2-DB3B2C534DE0} - System32\Tasks\{97126722-129F-4933-BA4C-5B1418DB2F4F} => C:\SIERRA\DSF98-99\DSF98-99.EXE
Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {1AB8189F-0607-478B-A20A-02713E78C7E9} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {1B9A158D-2EBB-400C-9F2A-3F5F66A695AA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {271AC23D-98B3-48C5-B971-F9F2B7A2FB67} - System32\Tasks\{7ED16936-C232-43EF-9599-6D5E79EE20C5} => C:\Program Files\Atari\RollerCoaster Tycoon 3\RCT3plus.exe
Task: {2CFA6212-2325-4F6B-9A09-3131EDAD5BD3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3D2F88A5-8AC2-4D7F-B721-0B78CC6B7D64} - System32\Tasks\{4290FB85-127A-4C72-9BC6-4D57AFB0269D} => C:\Windows\System32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: {3DEAA63D-6E4E-467D-973F-234BC99C1686} - System32\Tasks\{BAC009A4-0F19-4251-8273-48A893B578A9} => C:\SIERRA\DSF98-99\DSF98-99.EXE
Task: {4A9994AB-392D-4E66-A712-38A81263F090} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {510E4F5A-9AA3-4887-9376-4DE8989A5AF7} - System32\Tasks\{80274049-2934-46BE-92BF-E7A7C9F09B99} => C:\Program Files\Thief - Deadly Shadows\System\t3.exe
Task: {55CB4902-5255-4F9E-B8E2-B9133028321F} - System32\Tasks\User_Feed_Synchronization-{07FBE106-8BC6-48CD-9C78-816FA9D928B5} => C:\Windows\system32\msfeedssync.exe [2013-07-03] (Microsoft Corporation)
Task: {583E3822-E887-4F41-AAAF-CD29765D1E91} - System32\Tasks\{AC7F1222-1411-43AA-8479-0DA8D9878A3E} => C:\SIERRA\DSF\DSFE.EXE
Task: {6324C5C0-49CC-42B0-9A19-740700628D85} - System32\Tasks\Wise Care 365 => C:\Program Files\Wise\Wise Care 365\WiseTray.exe [2013-04-26] (WiseCleaner.com)
Task: {675DE1FB-1E48-4010-81E5-282C7D5A3CC8} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-20] (Microsoft Corporation)
Task: {85E56F93-B779-48C7-8B0B-B1638BCD9193} - System32\Tasks\{1415D546-C458-42B1-BFD1-9BCA0C26D927} => C:\SIERRA\DSF98-99\DSF98-99.EXE
Task: {88B2618D-C943-4F08-AF96-31F1FD7C7ABF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {8E7BBFDB-8A5E-4A4A-87DA-35AD38AB7F63} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {92D7B5E0-DD62-4086-987B-B25E8693983F} - System32\Tasks\{C8AD0B5D-0EE8-4B3C-9CD2-8918BC132289} => C:\Program Files\Steinberg\Cubase 5\Cubase5.exe
Task: {97DBEAC3-7FEC-424B-BF40-86D662942197} - System32\Tasks\Wise Turbo Checker => C:\Program Files\Wise\Wise Care 365\WiseTurbo.exe [2013-05-23] (WiseCleaner.COM)
Task: {98B2851C-24AD-4463-B02B-327676011C77} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-08] (Google Inc.)
Task: {B120A12A-EE72-4685-B13F-9789DE1D6BBA} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {B3B289C6-4D08-4186-8920-96988AB7CD20} - System32\Tasks\{5B402CB3-9577-41D9-B13C-6EFD0C1DC607} => C:\Program Files\Ubi Soft\Riven\Riven.exe
Task: {C7F6EC98-C1BC-44FF-B054-DB4FAF31F1B3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-08] (Google Inc.)
Task: {CB59AB02-5E33-4093-9AA7-65F2CE4205EC} - System32\Tasks\{99634637-84ED-4139-BCD0-B03C776CAC8A} => C:\Program Files\Thief - Deadly Shadows\System\t3.exe
Task: {D50FA768-0DA3-411F-8436-7BFA57B7BFE9} - System32\Tasks\{F591E6E7-FABA-49B5-B3E6-23360FF9326A} => C:\Program Files\Ubi Soft\Riven\Riven.exe
Task: {F8D1FA64-0FFB-4ABB-AF35-559E3B2EEED4} - System32\Tasks\{B1AAD4BA-9A2F-4B42-B5E1-EB2D67DB97A5} => C:\SIERRA\DSF\DSFE.EXE
Task: {F8EC8223-2BBE-416A-9CBA-B81B731282E2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {FDE820E8-4C74-4770-AC68-A20C2609F45A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-31] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Wise Care 365.job => C:\Program Files\Wise\Wise Care 365\WiseTray.exe
Task: C:\Windows\Tasks\Wise Turbo Checker.job => C:\Program Files\Wise\Wise Care 365\WiseTurbo.exe

==================== Loaded Modules (whitelisted) =============

2013-04-07 18:46 - 2013-04-07 18:46 - 00220632 _____ (Microsoft Corporation) C:\Users\Tristan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
2013-04-07 18:46 - 2013-04-07 18:46 - 00534480 _____ (Microsoft Corporation) C:\Users\Tristan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\MSVCP110.dll
2013-04-07 18:46 - 2013-04-07 18:46 - 00862664 _____ (Microsoft Corporation) C:\Users\Tristan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\MSVCR110.dll
2013-04-07 18:46 - 2013-04-07 18:46 - 00537560 _____ (Microsoft Corporation) C:\Users\Tristan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\Telemetry.dll
2013-04-07 18:46 - 2013-04-07 18:46 - 00038360 _____ (Microsoft Corporation) C:\Users\Tristan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\logging.dll
2009-07-14 02:07 - 2009-07-14 03:14 - 00064000 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2009-11-02 23:20 - 2009-11-02 23:20 - 00619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 23:23 - 2009-11-02 23:23 - 00013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2013-03-28 22:29 - 2013-03-28 22:29 - 00095232 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-08-31 20:49 - 2013-08-24 19:48 - 09962960 _____ (The ICU Project) C:\Program Files\Google\Chrome\Application\29.0.1547.62\icudt.dll
2013-08-31 20:49 - 2013-08-24 19:49 - 00709584 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.62\libglesv2.dll
2013-08-31 20:49 - 2013-08-24 19:49 - 00099792 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.62\libegl.dll
2013-08-31 20:49 - 2013-08-24 19:49 - 04053456 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.62\pdf.dll
2013-08-31 20:49 - 2013-08-24 19:49 - 00410576 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll
2013-08-31 20:49 - 2013-08-24 19:48 - 01604560 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.62\ffmpegsumo.dll
2013-08-31 20:49 - 2013-08-24 19:49 - 13594064 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Users\Tristan\AppData\Roaming\default.rss:OECustomProperty

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/05/2013 02:33:30 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_LanmanServer, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeaf722
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00009c56
ID des fehlerhaften Prozesses: 0x424
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_LanmanServer0
Pfad der fehlerhaften Anwendung: svchost.exe_LanmanServer1
Pfad des fehlerhaften Moduls: svchost.exe_LanmanServer2
Berichtskennung: svchost.exe_LanmanServer3

Error: (09/05/2013 02:04:14 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Failed to Start the CVH service 1063

Error: (09/04/2013 00:55:09 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/03/2013 01:12:01 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/03/2013 00:36:48 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (09/03/2013 00:36:48 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (09/03/2013 00:36:48 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (09/03/2013 00:27:04 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (09/03/2013 00:27:04 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (09/03/2013 00:27:04 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.


System errors:
=============
Error: (09/05/2013 02:35:47 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Multimediaklassenplaner" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (09/05/2013 02:35:47 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Benutzerprofildienst" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (09/05/2013 02:35:47 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (09/05/2013 02:35:47 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Computerbrowser" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (09/05/2013 02:34:47 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Server" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (09/05/2013 02:34:47 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Shellhardwareerkennung" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (09/05/2013 02:33:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/05/2013 02:33:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/05/2013 02:33:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Shellhardwareerkennung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/05/2013 02:33:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (09/05/2013 02:33:30 PM) (Source: Application Error)(User: )
Description: svchost.exe_LanmanServer6.1.7600.163854a5bc100msvcrt.dll7.0.7601.177444eeaf722c000000500009c5642401ceaa340e1b73c6C:\Windows\system32\svchost.exeC:\Windows\system32\msvcrt.dll5eaf4c30-1627-11e3-b725-6c626d9212ea

Error: (09/05/2013 02:04:14 PM) (Source: CVHSVC)(User: )
Description: Failed to Start the CVH service 1063

Error: (09/04/2013 00:55:09 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\sisoftware\sisoftware sandra lite 2013.sp4\wnt500x64\RpcSandraSrv.exe

Error: (09/03/2013 01:12:01 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\sisoftware\sisoftware sandra lite 2013.sp4\wnt500x64\RpcSandraSrv.exe

Error: (09/03/2013 00:36:48 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (09/03/2013 00:36:48 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (09/03/2013 00:36:48 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (09/03/2013 00:27:04 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (09/03/2013 00:27:04 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (09/03/2013 00:27:04 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000


==================== Memory info =========================== 

Percentage of memory in use: 38%
Total physical RAM: 3327.29 MB
Available physical RAM: 2034.42 MB
Total Pagefile: 6652.87 MB
Available Pagefile: 5105.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.59 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:900.41 GB) (Free:152.99 GB) NTFS
Drive d: (Recover) (Fixed) (Total:30 GB) (Free:12.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=900 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================

schrauber · 05.09.2013, 14:07

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schomsi · 05.09.2013, 14:41

Erledigt!
Hier ist das Log:
(Die Fehlermeldung hab ich übrigens nicht erhalten...)

Code:

ATTFilter

ComboFix 13-09-04.04 - Tristan 05.09.2013  15:16:04.1.3 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3327.1812 [GMT 2:00]
ausgeführt von:: c:\users\Tristan\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
C:\prefs.js
c:\users\Tristan\AppData\Local\TempDIR
c:\users\Tristan\AppData\Local\TempDIR\BetterInstaller.exe
c:\users\Tristan\AppData\Roaming\kcczhbk5.default.tmp
c:\users\Tristan\AppData\Roaming\SearchProtect
c:\users\Tristan\AppData\Roaming\SearchProtect\bin\rep.dat
c:\users\Tristan\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css
c:\users\Tristan\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png
c:\users\Tristan\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png
c:\users\Tristan\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png
c:\users\Tristan\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png
c:\users\Tristan\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png
c:\users\Tristan\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html
c:\users\Tristan\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png
c:\users\Tristan\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png
c:\users\Tristan\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png
c:\users\Tristan\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html
c:\users\Tristan\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css
c:\users\Tristan\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.css
c:\users\Tristan\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\information.png
c:\users\Tristan\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-LTR.png
c:\users\Tristan\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-RTL.png
c:\users\Tristan\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-LTR.png
c:\users\Tristan\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-RTL.png
c:\users\Tristan\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\main.html
c:\users\Tristan\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\ok-button.png
c:\users\Tristan\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\separation-line.png
c:\users\Tristan\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\warning.png
c:\users\Tristan\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\main.html
c:\users\Tristan\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\SearchProtector.css
c:\users\Tristan\AppData\Roaming\SearchProtect\ffprotect\popupTransparent.xul
c:\users\Tristan\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN
c:\windows\IsUn0407.exe
c:\windows\system32\roboot.exe
c:\windows\system32\Temp
c:\windows\system32\Temp\KSKD87SFXS
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-08-05 bis 2013-09-05  ))))))))))))))))))))))))))))))
.
.
2013-09-05 13:29 . 2013-09-05 13:29	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-09-05 13:21 . 2013-09-05 13:21	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{95173E05-B5BC-4DB6-B57A-B5D57053E433}\offreg.dll
2013-09-05 12:30 . 2013-09-05 12:30	--------	d-----w-	C:\FRST
2013-09-03 20:19 . 2013-08-19 22:47	7166848	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{95173E05-B5BC-4DB6-B57A-B5D57053E433}\mpengine.dll
2013-09-02 18:13 . 2013-09-04 13:25	40776	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2013-08-31 21:32 . 1996-11-11 06:00	51472	----a-r-	c:\windows\system32\IMAGECFG.EXE
2013-08-31 21:16 . 2013-08-31 21:16	--------	d--h--w-	c:\windows\msdownld.tmp
2013-08-31 19:40 . 2013-08-31 19:40	243128	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2013-08-31 19:34 . 2013-08-31 19:40	--------	d-----w-	c:\program files\DAEMON Tools Lite
2013-08-31 15:52 . 2013-08-31 15:52	--------	d-----w-	c:\program files\CPUID
2013-08-31 13:59 . 2013-08-31 13:59	--------	d-----w-	c:\users\Tristan\AppData\Roaming\xmldm
2013-08-31 13:59 . 2013-08-31 13:59	--------	d-----w-	c:\users\Tristan\AppData\Roaming\ckoock
2013-08-31 02:13 . 2013-08-31 02:13	--------	d-----w-	c:\users\Tristan\AppData\Roaming\Malwarebytes
2013-08-31 02:13 . 2013-08-31 02:13	--------	d-----w-	c:\programdata\Malwarebytes
2013-08-31 02:13 . 2013-08-31 02:13	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-08-31 02:13 . 2013-04-04 12:50	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-08-29 15:23 . 2013-08-29 15:23	--------	d-----w-	c:\program files\Common Files\Java
2013-08-29 15:22 . 2013-08-29 15:22	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-08-29 00:55 . 2013-08-29 00:55	--------	d-----w-	c:\windows\system32\RTCOM
2013-08-29 00:53 . 2010-11-08 05:31	78680	----a-w-	c:\windows\system32\RTEEL32A.dll
2013-08-29 00:52 . 2012-06-20 15:26	90624	----a-w-	c:\windows\system32\CONEQMSAPOGUILibrary.dll
2013-08-29 00:52 . 2013-03-23 01:43	181960	----a-w-	c:\windows\system32\AERTACap.dll
2013-08-29 00:52 . 2012-03-08 09:47	95840	----a-w-	c:\windows\system32\AERTARen.dll
2013-08-28 21:24 . 2009-05-18 12:17	26600	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2013-08-24 22:08 . 2013-08-24 22:08	--------	d-----w-	C:\23
2013-08-23 21:12 . 2013-08-23 21:12	--------	d-----w-	c:\program files\Geeks3D
2013-08-20 20:45 . 2013-08-24 20:31	--------	d-----w-	c:\programdata\Avira
2013-08-19 18:47 . 2013-08-19 18:47	--------	d-----w-	c:\program files\Lavalys
2013-08-14 16:15 . 2013-08-14 16:15	--------	d-----w-	c:\program files\NirSoft
2013-08-14 16:11 . 2013-06-15 03:38	31232	----a-w-	c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 16:11 . 2013-07-09 04:50	652800	----a-w-	c:\windows\system32\rpcrt4.dll
2013-08-14 16:11 . 2013-07-09 04:52	175104	----a-w-	c:\windows\system32\wintrust.dll
2013-08-14 16:11 . 2013-07-09 04:46	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2013-08-14 16:11 . 2013-07-09 04:46	1166848	----a-w-	c:\windows\system32\crypt32.dll
2013-08-14 16:11 . 2013-07-09 04:46	103936	----a-w-	c:\windows\system32\cryptnet.dll
2013-08-14 16:11 . 2013-07-09 05:03	3913664	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-08-14 16:11 . 2013-07-09 05:03	3968960	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-08-14 16:11 . 2013-07-09 04:53	1289096	----a-w-	c:\windows\system32\ntdll.dll
2013-08-14 16:11 . 2013-07-06 05:05	1293760	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-08-14 16:11 . 2013-07-25 08:57	1620992	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-08-14 16:11 . 2013-07-19 01:41	2048	----a-w-	c:\windows\system32\tzres.dll
2013-08-08 16:42 . 2013-08-08 17:42	--------	d-----w-	c:\program files\Mozilla Thunderbird
2013-08-07 16:33 . 2013-08-07 16:33	--------	d-----w-	c:\program files\VS Revo Group
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-31 14:00 . 2012-05-29 11:19	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-08-31 14:00 . 2011-11-05 14:34	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-29 15:22 . 2012-07-27 13:26	867240	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-08-29 15:22 . 2010-07-06 21:32	789416	----a-w-	c:\windows\system32\deployJava1.dll
2013-08-07 02:22 . 2010-07-06 21:02	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-07-03 20:55 . 2013-07-03 20:55	745472	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-07-03 20:55 . 2013-07-03 20:55	73728	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-07-03 20:55 . 2013-07-03 20:55	523264	----a-w-	c:\windows\system32\vbscript.dll
2013-07-03 20:55 . 2013-07-03 20:55	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-07-03 20:55 . 2013-07-03 20:55	38400	----a-w-	c:\windows\system32\imgutil.dll
2013-07-03 20:55 . 2013-07-03 20:55	185344	----a-w-	c:\windows\system32\elshyph.dll
2013-07-03 20:55 . 2013-07-03 20:55	158720	----a-w-	c:\windows\system32\msls31.dll
2013-07-03 20:55 . 2013-07-03 20:55	150528	----a-w-	c:\windows\system32\iexpress.exe
2013-07-03 20:55 . 2013-07-03 20:55	138752	----a-w-	c:\windows\system32\wextract.exe
2013-07-03 20:55 . 2013-07-03 20:55	137216	----a-w-	c:\windows\system32\ieUnatt.exe
2013-07-03 20:55 . 2013-07-03 20:55	12800	----a-w-	c:\windows\system32\mshta.exe
2013-07-03 20:55 . 2013-07-03 20:55	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-07-03 20:55 . 2013-07-03 20:55	719360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-07-03 20:55 . 2013-07-03 20:55	61952	----a-w-	c:\windows\system32\tdc.ocx
2013-07-03 20:55 . 2013-07-03 20:55	361984	----a-w-	c:\windows\system32\html.iec
2013-07-03 20:55 . 2013-07-03 20:55	23040	----a-w-	c:\windows\system32\licmgr10.dll
2013-07-03 20:55 . 2013-07-03 20:55	1441280	----a-w-	c:\windows\system32\inetcpl.cpl
2013-07-03 20:54 . 2013-07-03 20:54	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-03 20:54 . 2013-07-03 20:54	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-03 20:54 . 2013-07-03 20:54	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-03 20:54 . 2013-07-03 20:54	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-03 20:54 . 2013-07-03 20:54	906240	----a-w-	c:\windows\system32\FntCache.dll
2013-07-03 20:54 . 2013-07-03 20:54	604160	----a-w-	c:\windows\system32\d3d10level9.dll
2013-07-03 20:54 . 2013-07-03 20:54	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-03 20:54 . 2013-07-03 20:54	417792	----a-w-	c:\windows\system32\WMPhoto.dll
2013-07-03 20:54 . 2013-07-03 20:54	364544	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-07-03 20:54 . 2013-07-03 20:54	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-03 20:54 . 2013-07-03 20:54	3419136	----a-w-	c:\windows\system32\d2d1.dll
2013-07-03 20:54 . 2013-07-03 20:54	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-03 20:54 . 2013-07-03 20:54	293376	----a-w-	c:\windows\system32\dxgi.dll
2013-07-03 20:54 . 2013-07-03 20:54	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-03 20:54 . 2013-07-03 20:54	249856	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-07-03 20:54 . 2013-07-03 20:54	2284544	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-07-03 20:54 . 2013-07-03 20:54	220160	----a-w-	c:\windows\system32\d3d10core.dll
2013-07-03 20:54 . 2013-07-03 20:54	207872	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2013-07-03 20:54 . 2013-07-03 20:54	1988096	----a-w-	c:\windows\system32\d3d10warp.dll
2013-07-03 20:54 . 2013-07-03 20:54	187392	----a-w-	c:\windows\system32\UIAnimation.dll
2013-07-03 20:54 . 2013-07-03 20:54	161792	----a-w-	c:\windows\system32\d3d10_1.dll
2013-07-03 20:54 . 2013-07-03 20:54	1158144	----a-w-	c:\windows\system32\XpsPrint.dll
2013-07-03 20:54 . 2013-07-03 20:54	1080832	----a-w-	c:\windows\system32\d3d10.dll
2013-07-03 20:54 . 2013-07-03 20:54	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-28 14:07 . 2013-06-08 18:25	369584	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-06-28 14:07 . 2013-06-08 18:24	770344	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-06-28 14:07 . 2013-06-08 18:24	175176	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-06-14 17:54 . 2009-07-14 02:05	152576	----a-w-	c:\windows\system32\msclmd.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-04-07 16:46	220632	----a-w-	c:\users\Tristan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-04-07 16:46	220632	----a-w-	c:\users\Tristan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-04-07 16:46	220632	----a-w-	c:\users\Tristan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58	121968	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 14:11	579024	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 14:11	579024	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 14:11	579024	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 14:11	579024	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 14:11	579024	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 14:11	579024	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-08-01 3673696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2013-05-21 11947080]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-06-14 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 WiseBootAssistant;Wise Boot Assistant;c:\program files\Wise\Wise Care 365\BootTime.exe [2013-04-25 580232]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [2012-08-03 87976]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-09-04 40776]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2013.SP4\RpcAgentSrv.exe [2009-06-14 71832]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-11 1343400]
R4 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-08-03 537592]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2012-10-11 70824]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2012-10-11 34984]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-08-31 243128]
S1 Eve;EVE Protocol Driver;c:\windows\system32\DRIVERS\eve.sys [2013-03-28 33624]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-03-29 219136]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-03-28 291840]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-04-09 48256]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 Realtek11nSU;Realtek11nSU;c:\program files\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-02-14 79872]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2012-07-16 23136]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2013-04-10 651848]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2011-08-11 602216]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2012-08-28 45736]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 14:28	1177552	----a-w-	c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-29 14:00]
.
2013-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 20:34]
.
2013-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 20:34]
.
2013-09-05 c:\windows\Tasks\Wise Care 365.job
- c:\program files\Wise\Wise Care 365\WiseTray.exe [2013-06-09 12:57]
.
2013-06-22 c:\windows\Tasks\Wise Turbo Checker.job
- c:\program files\Wise\Wise Care 365\WiseTurbo.exe [2013-06-09 08:06]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=93bee78c-1d22-4af9-b043-058bd59030c2&searchtype=hp&fr=linkury-tb&installDate=16/06/2013&type=hp1000
uInternet Settings,ProxyServer = http-proxy.fu-berlin.de:80
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=93bee78c-1d22-4af9-b043-058bd59030c2&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=16/06/2013&type=hp1000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Tristan\AppData\Roaming\Mozilla\Firefox\Profiles\kcczhbk5.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/webhp?rls=ig
FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=93bee78c-1d22-4af9-b043-058bd59030c2&searchtype=ds&fr=linkury-tb&installDate=16/06/2013&type=hp1000&p=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.claro.tlbrSrchUrl - 
FF - user.js: extensions.claro.id - 1e6b7ca5000000000000485d604eb2f1
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15680
FF - user.js: extensions.claro.vrsn - 1.8.3.10
FF - user.js: extensions.claro.vrsni - 1.8.3.10
FF - user.js: extensions.claro_i.vrsnTs - 1.8.3.1016:47
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - base
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-BsScanner
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
AddRemove-Sierra-Dienstprogramme - c:\program files\Sierra On-Line\sutil32.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-52014972-690284243-1808445519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-52014972-690284243-1808445519-1000)
@Denied: (2) (LocalSystem)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-52014972-690284243-1808445519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-09-05  15:32:30
ComboFix-quarantined-files.txt  2013-09-05 13:32
.
Vor Suchlauf: 21 Verzeichnis(se), 185.002.278.912 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 185.264.799.744 Bytes frei
.
- - End Of File - - D0E86307377C77506172BC072D82ADA6
8BCB23B30DB1819E7D8DDAE01AEBB583

schrauber · 05.09.2013, 19:37

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Schomsi · 05.09.2013, 22:13

So, hab alles gemacht.

Also zunächst das Log von malewarebytes:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.05.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
Tristan :: HAL [Administrator]

Schutz: Deaktiviert

05.09.2013 21:01:51
mbam-log-2013-09-05 (21-01-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Autostart | P2P
Durchsuchte Objekte: 243402
Laufzeit: 11 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 3
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0F1H1M1E1M1R1QtG0OtFzs -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 9
C:\Users\Tristan\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tristan\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tristan\AppData\Roaming\OpenCandy\3FE96299A1A4470EB36233A99120D768 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tristan\AppData\Roaming\OpenCandy\5B07587216934404B44FE061D12B24C5 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tristan\AppData\Roaming\OpenCandy\E6191646FF4C469DA9E5AEA5363AE025 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tristan\AppData\Roaming\OpenCandy\OpenCandy_3FE96299A1A4470EB36233A99120D768 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 17
C:\Users\Tristan\AppData\Roaming\OpenCandy\5B07587216934404B44FE061D12B24C5\DeltaTB.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tristan\AppData\Roaming\OpenCandy\OpenCandy_3FE96299A1A4470EB36233A99120D768\LatestDLMgr.exe (PUP.Optional.OpenCandy.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tristan\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tristan\AppData\Roaming\OpenCandy\3FE96299A1A4470EB36233A99120D768\3135.ico (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tristan\AppData\Roaming\OpenCandy\3FE96299A1A4470EB36233A99120D768\TuneUpUtilities2013-2200218-p3v0.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tristan\AppData\Roaming\OpenCandy\3FE96299A1A4470EB36233A99120D768\TuneUpUtilities2013-2200218_de-DE.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tristan\AppData\Roaming\OpenCandy\5B07587216934404B44FE061D12B24C5\5471.ico (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tristan\AppData\Roaming\OpenCandy\5B07587216934404B44FE061D12B24C5\EBB77268-338F-4C6A-8590-AD88FED26F4A (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tristan\AppData\Roaming\OpenCandy\5B07587216934404B44FE061D12B24C5\OCBrowserHelper_1.0.6.125.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tristan\AppData\Roaming\OpenCandy\E6191646FF4C469DA9E5AEA5363AE025\4649.ico (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tristan\AppData\Roaming\OpenCandy\E6191646FF4C469DA9E5AEA5363AE025\EBB77268-338F-4C6A-8590-AD88FED26F4A (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tristan\AppData\Roaming\OpenCandy\E6191646FF4C469DA9E5AEA5363AE025\Installer.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tristan\AppData\Roaming\OpenCandy\E6191646FF4C469DA9E5AEA5363AE025\OCBrowserHelper_1.0.6.128.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Nun das Adw-Log:

Code:

ATTFilter

# AdwCleaner v3.002 - Bericht erstellt am 05/09/2013 um 21:21:35
# Updated 01/09/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Tristan - HAL
# Gestartet von : C:\Users\Tristan\Desktop\adwcleaner_3002.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BabylonUpdater
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files\SearchProtect
Ordner Gelöscht : C:\Program Files\vShare.tv plugin
Ordner Gelöscht : C:\Program Files\VshareComplete
Ordner Gelöscht : C:\Users\Tristan\AppData\Local\cre
Ordner Gelöscht : C:\Users\Tristan\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\Tristan\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Tristan\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Tristan\AppData\LocalLow\Claro LTD
Ordner Gelöscht : C:\Users\Tristan\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Tristan\AppData\Roaming\eType
Ordner Gelöscht : C:\Users\Tristan\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\Tristan\AppData\Roaming\Toolplugin
Ordner Gelöscht : C:\Users\Tristan\AppData\Roaming\VshareComplete
Ordner Gelöscht : C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Tristan\AppData\Roaming\Mozilla\Firefox\Profiles\kcczhbk5.default\searchplugins\Web Search.xml
Datei Gelöscht : C:\Users\Tristan\AppData\Roaming\Mozilla\Firefox\Profiles\kcczhbk5.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
Schlüssel Gelöscht : HKCU\Software\5a53d88bb36fbd44
Schlüssel Gelöscht : HKLM\SOFTWARE\5a53d88bb36fbd44
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_championship-manager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_championship-manager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_sopcast_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_sopcast_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_jlcs-internet-tv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_jlcs-internet-tv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\SimplyGen
Produkt Gelöscht : Google Update Helper

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16660

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v22.0 (de)

[ Datei : C:\Users\Tristan\AppData\Roaming\Mozilla\Firefox\Profiles\kcczhbk5.default\prefs.js ]

Zeile gelöscht : user_pref("avg.install.userHPSettings", "hxxp://www.claro-search.com/?affID=117423&tt=4912_7&babsrc=HP_ss&mntrId=1e6b7ca5000000000000485d604eb2f1");
Zeile gelöscht : user_pref("avg.install.userSPSettings", "Claro Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=117423&tt=4912_7&babsrc=NT_ss&mntrId=1e6b7ca5000000000000485d604eb2f1");
Zeile gelöscht : user_pref("extensions.claro.admin", false);
Zeile gelöscht : user_pref("extensions.claro.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Zeile gelöscht : user_pref("extensions.claro.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.claro.excTlbr", false);
Zeile gelöscht : user_pref("extensions.claro.id", "1e6b7ca5000000000000485d604eb2f1");
Zeile gelöscht : user_pref("extensions.claro.instlDay", "15680");
Zeile gelöscht : user_pref("extensions.claro.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.claro.prdct", "claro");
Zeile gelöscht : user_pref("extensions.claro.prtnrId", "claro");
Zeile gelöscht : user_pref("extensions.claro.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.claro.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.claro.vrsn", "1.8.3.10");
Zeile gelöscht : user_pref("extensions.claro.vrsni", "1.8.3.10");
Zeile gelöscht : user_pref("extensions.claro_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1016:47:52");
Zeile gelöscht : user_pref("extensions.crossrider.bic", "13b7116cfb382b65d3e474b805f8db86");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=93bee78c-1d22-4af9-b043-058bd59030c2&searchtype=ds&fr=linkury-tb&installDate=16/06/2013&type=hp1000&p="[...]

-\\ Google Chrome v29.0.1547.66

[ Datei : C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage

*************************

AdwCleaner[R0].txt - [10563 octets] - [05/09/2013 21:19:28]
AdwCleaner[S0].txt - [9589 octets] - [05/09/2013 21:21:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9649 octets] ##########

Als nächstes das JRT-Log:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.7 (09.01.2013:1)
OS: Windows 7 Home Premium x86
Ran by Tristan on 05.09.2013 at 21:33:03,48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-52014972-690284243-1808445519-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etype_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etype_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypesetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypesetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypeuninstall_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypeuninstall_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypeupdate_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypeupdate_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{165562B3-BD7A-467C-B852-0BADE9EFF219}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{481FB855-EFC2-48E7-928A-76B7FAB7DA59}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{5A629FD9-F526-4493-B915-A7D5A2816B10}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B1C6A53C-1551-4D95-9A1C-2E62AC31BD6C}



~~~ Files

Successfully deleted: [File] "C:\Windows\Tasks\wise care 365.job"



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Tristan\appdata\local\{19EB43AD-874B-429A-B944-F4A765A1A6C9}
Successfully deleted: [Empty Folder] C:\Users\Tristan\appdata\local\{20378EA7-78FF-4796-979C-181028F284CC}
Successfully deleted: [Empty Folder] C:\Users\Tristan\appdata\local\{8D0BC2DC-B6A2-47A7-9E22-A7BFC0ACB873}
Successfully deleted: [Empty Folder] C:\Users\Tristan\appdata\local\{8D2563AF-A07C-4926-A771-E7079C058B01}
Successfully deleted: [Empty Folder] C:\Users\Tristan\appdata\local\{B5EBA9BD-0FE3-41CE-8A9E-1851561B0621}
Successfully deleted: [Empty Folder] C:\Users\Tristan\appdata\local\{B817BD59-40D3-419A-A024-3F5AACA9F2E3}
Successfully deleted: [Empty Folder] C:\Users\Tristan\appdata\local\{C5FA7DBD-3A06-4928-9267-75A66AE6EB63}
Successfully deleted: [Empty Folder] C:\Users\Tristan\appdata\local\{F3FC3C2E-0128-406D-9A93-EC82EEF17B94}
Successfully deleted: [Empty Folder] C:\Users\Tristan\appdata\local\{F819967C-D10F-4516-AA15-24282581C091}
Successfully deleted: [Empty Folder] C:\Users\Tristan\appdata\local\{F81C871D-CE75-4CA1-84B0-B27AF798FFBB}



~~~ FireFox

Emptied folder: C:\Users\Tristan\AppData\Roaming\mozilla\firefox\profiles\kcczhbk5.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.09.2013 at 21:35:52,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Und zu guter Letzt noch das FRST-Log:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-09-2013
Ran by Tristan (administrator) on HAL on 05-09-2013 23:02:10
Running from C:\Users\Tristan\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(WiseCleaner.com) C:\Program Files\Wise\Wise Care 365\WiseTray.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Realtek) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Thisisu) C:\Users\Tristan\Desktop\JRT_5.5.7.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11947080 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKCU\...\Policies\Explorer: [NoDriveAutorun] 0
HKCU\...\Policies\Explorer: [NoDriveTypeAutoRun] 221
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKCU\...\Policies\Explorer: [NoDrives] 0
HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [x]
HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()
HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [x]

==================== Internet (Whitelisted) ====================

ProxyServer: http-proxy.fu-berlin.de:80
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} hxxp://download.sopcast.com/download/SOPCORE.CAB
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Tristan\AppData\Roaming\Mozilla\Firefox\Profiles\kcczhbk5.default
FF NewTab: about:blank
FF Homepage: hxxp://www.google.de/webhp?rls=ig
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @torrentstream.net/tsplugin,version=1.0.6 - C:\Users\Tristan\AppData\Roaming\TorrentStream\player\npts.dll (The Torrent Stream and VideoLAN and Delft University of Technology)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [magicplayer@torrentstream.org] C:\Users\Tristan\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: TS Magic Player - C:\Users\Tristan\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org

Chrome: 
=======
CHR HomePage: hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=93bee78c-1d22-4af9-b043-058bd59030c2&searchtype=hp&fr=linkury-tb&installDate=16/06/2013&type=hp1000
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Torrent Stream P2P Multimedia Plug-in) - C:\Users\Tristan\AppData\Roaming\TorrentStream\player\npts.dll (The Torrent Stream and VideoLAN and Delft University of Technology)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (YouTube Unblocker) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl\0.4.5_0
CHR Extension: (TS Magic Player) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ochbjojkpcmlfeagbaahkofepalngihg\1.1.28_0
CHR Extension: (Gmail) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [kpionmjnkbpcdpcflammlgllecmejgjj] - C:\Program Files\vShare.tv plugin\vshareplg.crx

========================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-03-28] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S4 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Realtek11nSU; C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP4\RpcAgentSrv.exe [71832 2009-06-15] (SiSoftware)
S4 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [537592 2012-08-03] (Cisco Systems, Inc.)
S2 WiseBootAssistant; C:\Program Files\Wise\Wise Care 365\BootTime.exe [580232 2013-04-25] (WiseCleaner.com)

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-08-03] (Cisco Systems, Inc.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70824 2012-10-11] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34984 2012-10-11] (Advanced Micro Devices)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121208 2012-05-02] (SlySoft, Inc.)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-28] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-10-02] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2013-08-31] (Disc Soft Ltd)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
R1 Eve; C:\Windows\System32\DRIVERS\eve.sys [33624 2013-03-28] ()
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [23136 2012-07-16] (JMicron Technology Corp.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-10-02] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP4\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Tristan\AppData\Local\Temp\catchme.sys [x]
S3 SynasUSB; system32\drivers\SynasUSB.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-05 21:32 - 2013-09-05 21:32 - 00000000 ____D C:\Windows\ERUNT
2013-09-05 21:19 - 2013-09-05 21:21 - 00000000 ____D C:\AdwCleaner
2013-09-05 21:12 - 2013-09-05 21:12 - 01028757 _____ (Thisisu) C:\Users\Tristan\Desktop\JRT_5.5.7.exe
2013-09-05 21:00 - 2013-09-05 21:01 - 01037134 _____ C:\Users\Tristan\Desktop\adwcleaner_3002.exe
2013-09-05 15:32 - 2013-09-05 15:32 - 00025294 _____ C:\ComboFix.txt
2013-09-05 15:13 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-05 15:13 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-05 15:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-05 15:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-05 15:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-05 15:13 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-05 15:13 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-05 15:13 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-05 15:12 - 2013-09-05 15:32 - 00000000 ____D C:\Qoobox
2013-09-05 15:11 - 2013-09-05 15:31 - 00000000 ____D C:\Windows\erdnt
2013-09-05 15:10 - 2013-09-05 15:10 - 05120804 ____R (Swearware) C:\Users\Tristan\Desktop\ComboFix.exe
2013-09-05 14:41 - 2013-09-05 14:41 - 00034441 _____ C:\Users\Tristan\Downloads\Addition.txt
2013-09-05 14:30 - 2013-09-05 14:30 - 00000000 ____D C:\FRST
2013-09-05 14:28 - 2013-09-05 14:29 - 01080319 _____ (Farbar) C:\Users\Tristan\Downloads\FRST.exe
2013-09-02 18:27 - 2013-09-02 18:27 - 00144168 _____ C:\Windows\Minidump\090213-23790-01.dmp
2013-09-02 18:04 - 2013-09-02 18:04 - 00144168 _____ C:\Windows\Minidump\090213-23977-01.dmp
2013-09-02 06:42 - 2013-09-02 06:42 - 00002436 _____ C:\Users\Tristan\Desktop\piece by piece2.txt
2013-09-02 04:19 - 2013-09-02 06:08 - 00001456 _____ C:\Users\Tristan\Desktop\piece by piece.txt
2013-08-31 23:32 - 1996-11-11 08:00 - 00051472 ____R (Microsoft Corporation) C:\Windows\system32\IMAGECFG.EXE
2013-08-31 23:31 - 2013-08-31 23:31 - 00024643 _____ C:\Users\Tristan\Downloads\imagecfg.zip
2013-08-31 23:31 - 2013-08-31 23:31 - 00000000 ____D C:\Users\Tristan\Downloads\imagecfg
2013-08-31 23:16 - 2013-08-31 23:16 - 00292184 _____ (Microsoft Corporation) C:\Users\Tristan\Downloads\dxwebsetup.exe
2013-08-31 23:16 - 2013-08-31 23:16 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-08-31 23:16 - 2013-08-31 23:16 - 00000000 ____D C:\Windows\system32\directx
2013-08-31 23:06 - 2013-08-31 23:06 - 00036814 _____ C:\Users\Tristan\Downloads\Thief_3_Deadly_Shadows.zip
2013-08-31 23:06 - 2013-08-31 23:06 - 00000000 ____D C:\Users\Tristan\Downloads\Thief_3_Deadly_Shadows
2013-08-31 23:01 - 2013-08-31 23:21 - 00003387 _____ C:\Windows\DirectX.log
2013-08-31 22:59 - 2013-08-31 22:59 - 00000000 ____D C:\Users\Tristan\Documents\Thief - Deadly Shadows
2013-08-31 22:55 - 2013-08-31 22:55 - 03739173 _____ (                                                            ) C:\Users\Tristan\Downloads\Setup_T3SneakyUpgrade_1.1.2.1.exe
2013-08-31 22:46 - 2013-08-31 22:46 - 00000000 ____D C:\Users\Public\Documents\Thief - Deadly Shadows
2013-08-31 22:24 - 2013-08-31 22:24 - 00000000 ____D C:\Users\Tristan\Downloads\T3Patch
2013-08-31 22:23 - 2013-08-31 22:24 - 00424623 _____ C:\Users\Tristan\Downloads\T3Patch.zip
2013-08-31 21:40 - 2013-08-31 21:40 - 00243128 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-08-31 21:36 - 2013-08-31 21:36 - 00001856 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-08-31 21:34 - 2013-08-31 21:40 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2013-08-31 17:57 - 2013-08-31 17:57 - 01075237 _____ (SWE Sven Ritter                        ) C:\Users\Tristan\Downloads\bio7646.exe
2013-08-31 17:52 - 2013-08-31 17:52 - 00000000 ____D C:\Program Files\CPUID
2013-08-31 17:50 - 2013-08-31 17:50 - 01458872 _____ (                                                            ) C:\Users\Tristan\Downloads\cpu-z_1.66.1-setup-en.exe
2013-08-31 15:59 - 2013-08-31 15:59 - 00065536 _____ C:\Users\Tristan\AppData\Roaming\kcczhbk5.default.dat
2013-08-31 15:59 - 2013-08-31 15:59 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\xmldm
2013-08-31 15:59 - 2013-08-31 15:59 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\ckoock
2013-08-31 04:13 - 2013-08-31 04:13 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Malwarebytes
2013-08-31 04:13 - 2013-08-31 04:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-31 04:13 - 2013-08-31 04:13 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-31 04:13 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-31 04:12 - 2013-08-31 04:13 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tristan\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-30 18:30 - 2013-08-30 18:30 - 00144168 _____ C:\Windows\Minidump\083013-27955-01.dmp
2013-08-29 17:23 - 2013-08-29 17:23 - 00000000 ____D C:\Program Files\Common Files\Java
2013-08-29 17:22 - 2013-08-29 17:22 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-29 17:22 - 2013-08-29 17:22 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-29 17:22 - 2013-08-29 17:22 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-29 17:22 - 2013-08-29 17:22 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-08-29 17:11 - 2013-08-29 17:11 - 00903080 _____ (Oracle Corporation) C:\Users\Tristan\Downloads\chromeinstall-7u25.exe
2013-08-29 02:55 - 2013-08-29 02:55 - 00000000 ____D C:\Windows\system32\RTCOM
2013-08-29 02:54 - 2013-05-21 21:50 - 02666248 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2013-08-29 02:54 - 2013-05-21 15:57 - 00117832 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2013-08-29 02:54 - 2013-05-21 12:11 - 04164376 _____ (ASUSTeKcomputer.Inc) C:\Windows\system32\RTKSMlfx.dll
2013-08-29 02:54 - 2013-05-21 12:08 - 00711512 _____ (A-Volute) C:\Windows\system32\RTKSMSettingsIPC.dll
2013-08-29 02:54 - 2013-05-20 16:16 - 00769096 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2013-08-29 02:54 - 2013-05-20 14:36 - 02535496 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2013-08-29 02:54 - 2013-05-14 21:27 - 05479244 _____ C:\Windows\system32\Drivers\rtvienna.dat
2013-08-29 02:54 - 2013-05-02 12:01 - 01824000 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2013-08-29 02:54 - 2013-04-30 19:53 - 03237448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2013-08-29 02:54 - 2013-04-30 14:29 - 00860720 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2013-08-29 02:54 - 2013-04-24 17:16 - 01596488 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2013-08-29 02:54 - 2013-04-16 06:23 - 00709400 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt32.dll
2013-08-29 02:54 - 2013-04-16 06:23 - 00548632 _____ (SRS Labs, Inc.) C:\Windows\system32\sltech32.dll
2013-08-29 02:54 - 2013-04-16 06:23 - 00341272 _____ (SRS Labs, Inc.) C:\Windows\system32\sl3apo32.dll
2013-08-29 02:54 - 2013-04-16 06:23 - 00186136 _____ (TODO: <Company name>) C:\Windows\system32\slprp32.dll
2013-08-29 02:54 - 2012-01-30 11:42 - 00819648 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo2.dll
2013-08-29 02:54 - 2012-01-10 10:20 - 00058264 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\TepeqAPO.dll
2013-08-29 02:54 - 2011-11-22 16:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2013-08-29 02:54 - 2011-09-02 14:21 - 00214368 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK.dll
2013-08-29 02:54 - 2011-09-02 14:21 - 00074080 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM.dll
2013-08-29 02:54 - 2011-09-02 14:21 - 00068960 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO.dll
2013-08-29 02:54 - 2011-03-17 12:16 - 01379760 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2013-08-29 02:54 - 2011-03-07 17:03 - 00134584 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2013-08-29 02:54 - 2009-11-24 09:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2013-08-29 02:54 - 2009-11-24 09:55 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2013-08-29 02:54 - 2009-11-24 09:55 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2013-08-29 02:54 - 2009-11-24 09:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2013-08-29 02:54 - 2009-11-18 18:42 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
2013-08-29 02:53 - 2013-05-21 15:05 - 00576929 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-08-29 02:53 - 2013-05-21 14:16 - 24962560 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes.dat
2013-08-29 02:53 - 2013-05-02 12:01 - 00788224 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2013-08-29 02:53 - 2013-05-02 12:00 - 01932032 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2013-08-29 02:53 - 2013-04-23 00:39 - 02388000 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2013-08-29 02:53 - 2013-04-18 13:48 - 13780736 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2013-08-29 02:53 - 2013-04-18 13:48 - 02886400 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN.dll
2013-08-29 02:53 - 2013-04-18 13:48 - 01661184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek2.dll
2013-08-29 02:53 - 2013-04-15 11:19 - 00642816 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO50.dll
2013-08-29 02:53 - 2013-04-03 14:12 - 00852016 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2013-08-29 02:53 - 2013-03-20 13:17 - 08872216 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA.dll
2013-08-29 02:53 - 2012-12-12 11:17 - 00350664 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2013-08-29 02:53 - 2012-10-02 14:39 - 00426952 _____ (DTS) C:\Windows\system32\DTSU2PLFX32.dll
2013-08-29 02:53 - 2012-10-02 14:39 - 00402888 _____ (DTS) C:\Windows\system32\DTSU2PGFX32.dll
2013-08-29 02:53 - 2012-10-02 14:39 - 00346056 _____ (DTS) C:\Windows\system32\DTSU2PREC32.dll
2013-08-29 02:53 - 2012-09-10 20:06 - 00549240 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO40.dll
2013-08-29 02:53 - 2012-08-31 19:17 - 07162128 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP32A.dll
2013-08-29 02:53 - 2012-08-31 19:17 - 00352016 _____ (Dolby Laboratories) C:\Windows\system32\R4EED32A.dll
2013-08-29 02:53 - 2012-08-31 19:17 - 00106768 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL32A.dll
2013-08-29 02:53 - 2012-08-31 19:17 - 00091920 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA32A.dll
2013-08-29 02:53 - 2012-08-31 19:17 - 00062224 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG32A.dll
2013-08-29 02:53 - 2012-07-15 21:13 - 00349048 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2013-08-29 02:53 - 2011-08-23 17:00 - 00357712 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 01509480 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 01292904 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 01220200 _____ (DTS) C:\Windows\system32\DTSBoostDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00654952 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00631400 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00601704 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00458344 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00389736 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00375400 _____ (DTS) C:\Windows\system32\DTSLimiterDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00218728 _____ (DTS) C:\Windows\system32\DTSGFXAPONS.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00218728 _____ (DTS) C:\Windows\system32\DTSGFXAPO.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00218216 _____ (DTS) C:\Windows\system32\DTSLFXAPO.dll
2013-08-29 02:53 - 2010-11-08 07:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2013-08-29 02:53 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2013-08-29 02:53 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2013-08-29 02:53 - 2010-11-08 07:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2013-08-29 02:53 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2013-08-29 02:53 - 2010-11-08 07:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2013-08-29 02:53 - 2010-09-27 09:34 - 00232792 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2013-08-29 02:53 - 2009-12-04 15:43 - 00132368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2013-08-29 02:52 - 2013-03-23 03:43 - 00181960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2013-08-29 02:52 - 2012-06-20 17:26 - 00090624 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-08-29 02:52 - 2012-03-08 11:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2013-08-29 02:42 - 2013-08-29 02:42 - 00000000 ____D C:\Users\Tristan\Documents\DriverEasy
2013-08-29 02:41 - 2013-08-29 02:41 - 03017672 _____ (Easeware                                                    ) C:\Users\Tristan\Downloads\DriverEasy_Setup_454.exe
2013-08-29 02:33 - 2013-08-29 02:33 - 28211040 _____ (TuneUp Software) C:\Users\Tristan\Downloads\TuneUpUtilities2013_de-DE.exe
2013-08-28 23:40 - 2013-08-28 23:40 - 00007865 _____ C:\Users\Tristan\Desktop\gh.mid
2013-08-28 23:24 - 2013-08-28 23:24 - 00001091 _____ C:\Users\Public\Desktop\WaveLab Elements 7.lnk
2013-08-28 23:24 - 2009-05-18 14:17 - 00026600 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-08-28 23:18 - 2013-08-28 23:18 - 00002239 _____ C:\Users\Tristan\Desktop\Cubase LE AI Elements 6.lnk
2013-08-25 00:08 - 2013-08-25 00:08 - 00000000 ____D C:\23
2013-08-25 00:04 - 2013-08-25 00:04 - 00381240 _____ C:\Users\Tristan\Downloads\429360_intl_i386_zip.exe
2013-08-23 23:12 - 2013-08-23 23:12 - 00000000 ____D C:\Program Files\Geeks3D
2013-08-23 23:11 - 2013-08-23 23:11 - 04816605 _____ (Geeks3D                                                     ) C:\Users\Tristan\Downloads\FurMark_1.11.0_Setup.exe
2013-08-20 22:45 - 2013-08-24 22:31 - 00000000 ____D C:\ProgramData\Avira
2013-08-20 22:32 - 2013-08-20 22:34 - 110344048 _____ C:\Users\Tristan\Downloads\avira_free_antivirus85_de.exe
2013-08-20 22:28 - 2013-08-20 22:28 - 00144168 _____ C:\Windows\Minidump\082013-28704-01.dmp
2013-08-19 20:47 - 2013-08-19 20:47 - 00001032 _____ C:\Users\Tristan\Desktop\EVEREST Home Edition.lnk
2013-08-19 20:47 - 2013-08-19 20:47 - 00000000 ____D C:\Program Files\Lavalys
2013-08-19 20:46 - 2013-08-19 20:46 - 04179293 _____ (Lavalys, Inc.                                               ) C:\Users\Tristan\Downloads\everesthome220.exe
2013-08-19 20:28 - 2013-08-19 20:28 - 00144168 _____ C:\Windows\Minidump\081913-36473-01.dmp
2013-08-19 20:18 - 2013-09-03 22:14 - 00001967 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-08-15 18:03 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 18:03 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 18:03 - 2013-07-26 05:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 18:03 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 18:03 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 18:03 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 18:03 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 18:03 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 18:03 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 18:03 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 18:03 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 18:03 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 18:03 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 18:03 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 18:03 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 18:03 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 18:15 - 2013-08-14 18:15 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2013-08-14 18:15 - 2013-08-14 18:15 - 00000000 ____D C:\Program Files\NirSoft
2013-08-14 18:14 - 2013-08-14 18:15 - 00141480 _____ C:\Users\Tristan\Downloads\bluescreenview_152setup.exe
2013-08-14 18:11 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 18:11 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 18:11 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 18:11 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 18:11 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 18:11 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 18:11 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 18:11 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 18:11 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 18:11 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 18:11 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 18:11 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 17:59 - 2013-09-02 18:26 - 436359241 _____ C:\Windows\MEMORY.DMP
2013-08-14 17:59 - 2013-08-14 17:59 - 00144168 _____ C:\Windows\Minidump\081413-29998-01.dmp
2013-08-11 16:27 - 2013-09-05 21:26 - 00025196 _____ C:\Windows\PFRO.log
2013-08-11 01:00 - 2013-09-05 21:26 - 00007990 _____ C:\Windows\setupact.log
2013-08-11 01:00 - 2013-08-11 01:00 - 00000000 _____ C:\Windows\setuperr.log
2013-08-08 18:42 - 2013-08-08 19:42 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-08-07 18:33 - 2013-08-07 18:33 - 00001182 _____ C:\Users\Tristan\Desktop\Revo Uninstaller.lnk
2013-08-07 18:33 - 2013-08-07 18:33 - 00000000 ____D C:\Program Files\VS Revo Group
2013-08-07 18:30 - 2013-08-07 18:30 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Tristan\Downloads\revosetup95.exe
2013-08-07 18:28 - 2013-08-07 18:28 - 00000000 ____D C:\Users\Tristan\Downloads\spacesniffer_1_1_4_0
2013-08-07 18:27 - 2013-08-07 18:28 - 01536858 _____ C:\Users\Tristan\Downloads\spacesniffer_1_1_4_0.zip

==================== One Month Modified Files and Folders =======

2013-09-05 22:24 - 2011-02-08 22:35 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-05 22:18 - 2013-07-10 22:33 - 01789363 _____ C:\Windows\WindowsUpdate.log
2013-09-05 22:12 - 2012-05-29 13:19 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-05 21:35 - 2013-09-05 21:35 - 00003674 _____ C:\Users\Tristan\Desktop\JRT.txt
2013-09-05 21:35 - 2009-07-14 06:34 - 00010432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-05 21:35 - 2009-07-14 06:34 - 00010432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-05 21:32 - 2013-09-05 21:32 - 00000000 ____D C:\Windows\ERUNT
2013-09-05 21:28 - 2013-06-09 17:30 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Wise Care 365
2013-09-05 21:26 - 2013-08-11 16:27 - 00025196 _____ C:\Windows\PFRO.log
2013-09-05 21:26 - 2013-08-11 01:00 - 00007990 _____ C:\Windows\setupact.log
2013-09-05 21:26 - 2011-02-08 22:34 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-05 21:26 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-05 21:26 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\PLA
2013-09-05 21:21 - 2013-09-05 21:19 - 00000000 ____D C:\AdwCleaner
2013-09-05 21:12 - 2013-09-05 21:12 - 01028757 _____ (Thisisu) C:\Users\Tristan\Desktop\JRT_5.5.7.exe
2013-09-05 21:01 - 2013-09-05 21:00 - 01037134 _____ C:\Users\Tristan\Desktop\adwcleaner_3002.exe
2013-09-05 18:22 - 2011-04-07 13:44 - 00000000 ____D C:\Users\Tristan\Übergangsordner
2013-09-05 15:32 - 2013-09-05 15:32 - 00025294 _____ C:\ComboFix.txt
2013-09-05 15:32 - 2013-09-05 15:12 - 00000000 ____D C:\Qoobox
2013-09-05 15:32 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-09-05 15:32 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-09-05 15:31 - 2013-09-05 15:11 - 00000000 ____D C:\Windows\erdnt
2013-09-05 15:29 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-09-05 15:10 - 2013-09-05 15:10 - 05120804 ____R (Swearware) C:\Users\Tristan\Desktop\ComboFix.exe
2013-09-05 14:41 - 2013-09-05 14:41 - 00034441 _____ C:\Users\Tristan\Downloads\Addition.txt
2013-09-05 14:33 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-05 14:30 - 2013-09-05 14:30 - 00000000 ____D C:\FRST
2013-09-05 14:29 - 2013-09-05 14:28 - 01080319 _____ (Farbar) C:\Users\Tristan\Downloads\FRST.exe
2013-09-05 03:30 - 2013-06-27 21:35 - 00000000 ____D C:\Users\Tristan\Documents\VSO Downloader
2013-09-04 08:11 - 2011-03-18 00:44 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Winamp
2013-09-04 08:11 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2013-09-04 08:11 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-09-04 01:20 - 2011-04-23 00:48 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\vlc
2013-09-03 22:14 - 2013-08-19 20:18 - 00001967 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-03 22:14 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-09-03 22:13 - 2011-02-08 22:38 - 00000000 ____D C:\Users\Tristan
2013-09-03 00:36 - 2010-07-06 22:23 - 00005834 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-03 00:18 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-09-02 18:27 - 2013-09-02 18:27 - 00144168 _____ C:\Windows\Minidump\090213-23790-01.dmp
2013-09-02 18:27 - 2011-07-15 18:14 - 00000000 ____D C:\Windows\Minidump
2013-09-02 18:26 - 2013-08-14 17:59 - 436359241 _____ C:\Windows\MEMORY.DMP
2013-09-02 18:04 - 2013-09-02 18:04 - 00144168 _____ C:\Windows\Minidump\090213-23977-01.dmp
2013-09-02 06:42 - 2013-09-02 06:42 - 00002436 _____ C:\Users\Tristan\Desktop\piece by piece2.txt
2013-09-02 06:08 - 2013-09-02 04:19 - 00001456 _____ C:\Users\Tristan\Desktop\piece by piece.txt
2013-09-01 00:07 - 2011-04-18 19:24 - 00000000 ___RD C:\Users\Tristan\Hörbücher
2013-08-31 23:31 - 2013-08-31 23:31 - 00024643 _____ C:\Users\Tristan\Downloads\imagecfg.zip
2013-08-31 23:31 - 2013-08-31 23:31 - 00000000 ____D C:\Users\Tristan\Downloads\imagecfg
2013-08-31 23:21 - 2013-08-31 23:01 - 00003387 _____ C:\Windows\DirectX.log
2013-08-31 23:16 - 2013-08-31 23:16 - 00292184 _____ (Microsoft Corporation) C:\Users\Tristan\Downloads\dxwebsetup.exe
2013-08-31 23:16 - 2013-08-31 23:16 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-08-31 23:16 - 2013-08-31 23:16 - 00000000 ____D C:\Windows\system32\directx
2013-08-31 23:06 - 2013-08-31 23:06 - 00036814 _____ C:\Users\Tristan\Downloads\Thief_3_Deadly_Shadows.zip
2013-08-31 23:06 - 2013-08-31 23:06 - 00000000 ____D C:\Users\Tristan\Downloads\Thief_3_Deadly_Shadows
2013-08-31 22:59 - 2013-08-31 22:59 - 00000000 ____D C:\Users\Tristan\Documents\Thief - Deadly Shadows
2013-08-31 22:55 - 2013-08-31 22:55 - 03739173 _____ (                                                            ) C:\Users\Tristan\Downloads\Setup_T3SneakyUpgrade_1.1.2.1.exe
2013-08-31 22:46 - 2013-08-31 22:46 - 00000000 ____D C:\Users\Public\Documents\Thief - Deadly Shadows
2013-08-31 22:39 - 2011-03-15 18:38 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\uTorrent
2013-08-31 22:24 - 2013-08-31 22:24 - 00000000 ____D C:\Users\Tristan\Downloads\T3Patch
2013-08-31 22:24 - 2013-08-31 22:23 - 00424623 _____ C:\Users\Tristan\Downloads\T3Patch.zip
2013-08-31 22:17 - 2012-01-18 23:26 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-08-31 21:47 - 2010-09-15 15:00 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-08-31 21:46 - 2011-07-23 18:02 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-08-31 21:44 - 2011-07-23 18:02 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\DAEMON Tools Lite
2013-08-31 21:40 - 2013-08-31 21:40 - 00243128 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-08-31 21:40 - 2013-08-31 21:34 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2013-08-31 21:36 - 2013-08-31 21:36 - 00001856 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-08-31 21:14 - 2013-03-29 18:42 - 00000000 ____D C:\Users\Tristan\Downloads\torrents
2013-08-31 17:57 - 2013-08-31 17:57 - 01075237 _____ (SWE Sven Ritter                        ) C:\Users\Tristan\Downloads\bio7646.exe
2013-08-31 17:52 - 2013-08-31 17:52 - 00000000 ____D C:\Program Files\CPUID
2013-08-31 17:50 - 2013-08-31 17:50 - 01458872 _____ (                                                            ) C:\Users\Tristan\Downloads\cpu-z_1.66.1-setup-en.exe
2013-08-31 16:07 - 2011-03-15 01:19 - 00000000 ____D C:\Users\Tristan\AppData\Local\Adobe
2013-08-31 16:00 - 2012-05-29 13:19 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-31 16:00 - 2011-11-05 16:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-31 15:59 - 2013-08-31 15:59 - 00065536 _____ C:\Users\Tristan\AppData\Roaming\kcczhbk5.default.dat
2013-08-31 15:59 - 2013-08-31 15:59 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\xmldm
2013-08-31 15:59 - 2013-08-31 15:59 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\ckoock
2013-08-31 04:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Speech
2013-08-31 04:13 - 2013-08-31 04:13 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Malwarebytes
2013-08-31 04:13 - 2013-08-31 04:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-31 04:13 - 2013-08-31 04:13 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-31 04:13 - 2013-08-31 04:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tristan\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-31 04:02 - 2011-03-24 22:40 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Orbit
2013-08-31 03:56 - 2013-05-07 03:07 - 00000000 ____D C:\Program Files\Ubi Soft
2013-08-30 18:30 - 2013-08-30 18:30 - 00144168 _____ C:\Windows\Minidump\083013-27955-01.dmp
2013-08-29 17:23 - 2013-08-29 17:23 - 00000000 ____D C:\Program Files\Common Files\Java
2013-08-29 17:22 - 2013-08-29 17:22 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-29 17:22 - 2013-08-29 17:22 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-29 17:22 - 2013-08-29 17:22 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-29 17:22 - 2013-08-29 17:22 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-08-29 17:22 - 2012-07-27 15:26 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll
2013-08-29 17:22 - 2010-10-13 18:38 - 00000000 ____D C:\Program Files\Java
2013-08-29 17:22 - 2010-07-06 23:32 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-29 17:11 - 2013-08-29 17:11 - 00903080 _____ (Oracle Corporation) C:\Users\Tristan\Downloads\chromeinstall-7u25.exe
2013-08-29 16:16 - 2011-08-27 18:50 - 00000000 ____D C:\Program Files\ElsterFormular
2013-08-29 15:51 - 2011-03-14 23:54 - 00000000 ____D C:\Users\Tristan\Arbeit
2013-08-29 03:22 - 2012-12-24 23:41 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\dvdcss
2013-08-29 02:55 - 2013-08-29 02:55 - 00000000 ____D C:\Windows\system32\RTCOM
2013-08-29 02:43 - 2013-07-17 23:39 - 00000000 ____D C:\Driver_allOS
2013-08-29 02:42 - 2013-08-29 02:42 - 00000000 ____D C:\Users\Tristan\Documents\DriverEasy
2013-08-29 02:41 - 2013-08-29 02:41 - 03017672 _____ (Easeware                                                    ) C:\Users\Tristan\Downloads\DriverEasy_Setup_454.exe
2013-08-29 02:33 - 2013-08-29 02:33 - 28211040 _____ (TuneUp Software) C:\Users\Tristan\Downloads\TuneUpUtilities2013_de-DE.exe
2013-08-28 23:40 - 2013-08-28 23:40 - 00007865 _____ C:\Users\Tristan\Desktop\gh.mid
2013-08-28 23:24 - 2013-08-28 23:24 - 00001091 _____ C:\Users\Public\Desktop\WaveLab Elements 7.lnk
2013-08-28 23:24 - 2011-12-25 20:00 - 00000000 ____D C:\Program Files\Steinberg
2013-08-28 23:18 - 2013-08-28 23:18 - 00002239 _____ C:\Users\Tristan\Desktop\Cubase LE AI Elements 6.lnk
2013-08-28 23:18 - 2011-12-25 20:00 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase LE AI Elements 6
2013-08-25 00:08 - 2013-08-25 00:08 - 00000000 ____D C:\23
2013-08-25 00:07 - 2011-02-08 22:39 - 00000000 ____D C:\Users\Tristan\AppData\Local\VirtualStore
2013-08-25 00:04 - 2013-08-25 00:04 - 00381240 _____ C:\Users\Tristan\Downloads\429360_intl_i386_zip.exe
2013-08-24 22:31 - 2013-08-20 22:45 - 00000000 ____D C:\ProgramData\Avira
2013-08-23 23:12 - 2013-08-23 23:12 - 00000000 ____D C:\Program Files\Geeks3D
2013-08-23 23:11 - 2013-08-23 23:11 - 04816605 _____ (Geeks3D                                                     ) C:\Users\Tristan\Downloads\FurMark_1.11.0_Setup.exe
2013-08-22 22:16 - 2013-07-10 22:43 - 00000000 ____D C:\Program Files\SpeedFan
2013-08-21 22:48 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-08-20 22:34 - 2013-08-20 22:32 - 110344048 _____ C:\Users\Tristan\Downloads\avira_free_antivirus85_de.exe
2013-08-20 22:28 - 2013-08-20 22:28 - 00144168 _____ C:\Windows\Minidump\082013-28704-01.dmp
2013-08-20 06:15 - 2012-11-17 21:02 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\.Torrent Stream
2013-08-19 20:47 - 2013-08-19 20:47 - 00001032 _____ C:\Users\Tristan\Desktop\EVEREST Home Edition.lnk
2013-08-19 20:47 - 2013-08-19 20:47 - 00000000 ____D C:\Program Files\Lavalys
2013-08-19 20:46 - 2013-08-19 20:46 - 04179293 _____ (Lavalys, Inc.                                               ) C:\Users\Tristan\Downloads\everesthome220.exe
2013-08-19 20:28 - 2013-08-19 20:28 - 00144168 _____ C:\Windows\Minidump\081913-36473-01.dmp
2013-08-17 16:52 - 2012-11-29 22:59 - 00000000 ____D C:\TorrentStream
2013-08-15 18:42 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-15 18:31 - 2010-07-06 23:11 - 00000000 ____D C:\Windows\Panther
2013-08-15 18:27 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-15 18:12 - 2013-07-13 09:58 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 18:08 - 2010-07-06 23:03 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 18:15 - 2013-08-14 18:15 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2013-08-14 18:15 - 2013-08-14 18:15 - 00000000 ____D C:\Program Files\NirSoft
2013-08-14 18:15 - 2013-08-14 18:14 - 00141480 _____ C:\Users\Tristan\Downloads\bluescreenview_152setup.exe
2013-08-14 17:59 - 2013-08-14 17:59 - 00144168 _____ C:\Windows\Minidump\081413-29998-01.dmp
2013-08-11 01:00 - 2013-08-11 01:00 - 00000000 _____ C:\Windows\setuperr.log
2013-08-09 16:16 - 2012-05-09 21:21 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-08 19:42 - 2013-08-08 18:42 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-08-07 18:33 - 2013-08-07 18:33 - 00001182 _____ C:\Users\Tristan\Desktop\Revo Uninstaller.lnk
2013-08-07 18:33 - 2013-08-07 18:33 - 00000000 ____D C:\Program Files\VS Revo Group
2013-08-07 18:30 - 2013-08-07 18:30 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Tristan\Downloads\revosetup95.exe
2013-08-07 18:28 - 2013-08-07 18:28 - 00000000 ____D C:\Users\Tristan\Downloads\spacesniffer_1_1_4_0
2013-08-07 18:28 - 2013-08-07 18:27 - 01536858 _____ C:\Users\Tristan\Downloads\spacesniffer_1_1_4_0.zip
2013-08-07 04:22 - 2010-07-06 23:02 - 00238872 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Files to move or delete:
====================
C:\Users\Tristan\AppData\Local\Temp\Quarantine.exe
C:\Users\Tristan\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-01 22:31

==================== End Of Log ============================

--- --- ---

So, das müsstes sein..
Seit dem Neustart ist übrigens nix weiter passiert, kein Absturz o.ä.
Allerdings lief er ja auch vorher bei längerer Benutzung meist einwandfrei.

schrauber · 06.09.2013, 09:51

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Schomsi · 08.09.2013, 18:09

Servus,
habs jetzt mit ESET - ich glaube drei Mal - versucht, leider ist der Computer jedes Mal währenddessen abgestürzt (in zwei Fällen mit querverzerrtem Bildschirm, was eigentlich eher selten geschieht). Hat allerdings auch immer extrem lang gedauert: Ich glaube mich zu erinnern, dass beim ersten Versuch nach über 5einhalb Stunden der Balken bei kaum 50% stand. Auch die anderen Versuche waren in dem Tempo.
Sind 11-12 Stunden für ein Scan mit dem Programm normal??

Hatte allerdings nur beim ersten Versuch die Windows Firewall deaktiviert, weil in der Liste mit potentiell nerviger Software nur Avast Free Antivirus aufgelistet war. (Hatt ich deaktiviert.)

Den andern hab ich gemacht:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.72  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 CCleaner     
 Java 7 Update 25  
 Adobe Flash Player 	11.8.800.94  
 Adobe Reader 9 Adobe Reader out of Date! 
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox 22.0 Firefox out of Date!  
 Mozilla Thunderbird (17.0.8) 
 Google Chrome 29.0.1547.62  
 Google Chrome 29.0.1547.66  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

Hier das neue FRST-Log:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-09-2013
Ran by Tristan (administrator) on HAL on 08-09-2013 18:54:48
Running from C:\Users\Tristan\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\lpksetup.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Realtek) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winamp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(ESET) C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11947080 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKCU\...\Policies\Explorer: [NoDrives] 0
HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs
HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()
HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs

==================== Internet (Whitelisted) ====================

ProxyServer: http-proxy.fu-berlin.de:80
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} hxxp://download.sopcast.com/download/SOPCORE.CAB
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Tristan\AppData\Roaming\Mozilla\Firefox\Profiles\kcczhbk5.default
FF NewTab: about:blank
FF Homepage: hxxp://www.google.de/webhp?rls=ig
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @torrentstream.net/tsplugin,version=1.0.6 - C:\Users\Tristan\AppData\Roaming\TorrentStream\player\npts.dll (The Torrent Stream and VideoLAN and Delft University of Technology)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [magicplayer@torrentstream.org] C:\Users\Tristan\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: TS Magic Player - C:\Users\Tristan\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org

Chrome: 
=======
CHR HomePage: hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=93bee78c-1d22-4af9-b043-058bd59030c2&searchtype=hp&fr=linkury-tb&installDate=16/06/2013&type=hp1000
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Torrent Stream P2P Multimedia Plug-in) - C:\Users\Tristan\AppData\Roaming\TorrentStream\player\npts.dll (The Torrent Stream and VideoLAN and Delft University of Technology)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (YouTube Unblocker) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl\0.4.5_0
CHR Extension: (TS Magic Player) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ochbjojkpcmlfeagbaahkofepalngihg\1.1.28_0
CHR Extension: (Gmail) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [kpionmjnkbpcdpcflammlgllecmejgjj] - C:\Program Files\vShare.tv plugin\vshareplg.crx

========================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-03-28] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S4 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Realtek11nSU; C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP4\RpcAgentSrv.exe [71832 2009-06-15] (SiSoftware)
S4 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [537592 2012-08-03] (Cisco Systems, Inc.)
S2 WiseBootAssistant; C:\Program Files\Wise\Wise Care 365\BootTime.exe [580232 2013-04-25] (WiseCleaner.com)

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-08-03] (Cisco Systems, Inc.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70824 2012-10-11] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34984 2012-10-11] (Advanced Micro Devices)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121208 2012-05-02] (SlySoft, Inc.)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-28] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-10-02] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2013-08-31] (Disc Soft Ltd)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
R1 Eve; C:\Windows\System32\DRIVERS\eve.sys [33624 2013-03-28] ()
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [23136 2012-07-16] (JMicron Technology Corp.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-10-02] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP4\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Tristan\AppData\Local\Temp\catchme.sys [x]
S3 SynasUSB; system32\drivers\SynasUSB.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-08 18:23 - 2013-09-08 18:23 - 00891115 _____ C:\Users\Tristan\Desktop\SecurityCheck.exe
2013-09-08 16:44 - 2013-09-08 16:44 - 00000000 _____ C:\Users\Tristan\Desktop\Filme.txt
2013-09-07 04:53 - 2013-09-07 04:53 - 00144168 _____ C:\Windows\Minidump\090713-26176-01.dmp
2013-09-06 20:43 - 2013-09-06 20:43 - 00000000 ____D C:\Program Files\ESET
2013-09-06 20:22 - 2013-09-06 20:22 - 02347384 _____ (ESET) C:\Users\Tristan\Desktop\esetsmartinstaller_enu.exe
2013-09-05 23:03 - 2013-09-05 23:03 - 00052184 _____ C:\Users\Tristan\Downloads\FRST.txt
2013-09-05 21:35 - 2013-09-05 21:35 - 00003674 _____ C:\Users\Tristan\Desktop\JRT.txt
2013-09-05 21:32 - 2013-09-05 21:32 - 00000000 ____D C:\Windows\ERUNT
2013-09-05 21:19 - 2013-09-05 21:21 - 00000000 ____D C:\AdwCleaner
2013-09-05 21:12 - 2013-09-05 21:12 - 01028757 _____ (Thisisu) C:\Users\Tristan\Desktop\JRT_5.5.7.exe
2013-09-05 21:00 - 2013-09-05 21:01 - 01037134 _____ C:\Users\Tristan\Desktop\adwcleaner_3002.exe
2013-09-05 15:32 - 2013-09-05 15:32 - 00025294 _____ C:\ComboFix.txt
2013-09-05 15:13 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-05 15:13 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-05 15:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-05 15:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-05 15:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-05 15:13 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-05 15:13 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-05 15:13 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-05 15:12 - 2013-09-05 15:32 - 00000000 ____D C:\Qoobox
2013-09-05 15:11 - 2013-09-05 15:31 - 00000000 ____D C:\Windows\erdnt
2013-09-05 15:10 - 2013-09-05 15:10 - 05120804 ____R (Swearware) C:\Users\Tristan\Desktop\ComboFix.exe
2013-09-05 14:41 - 2013-09-05 14:41 - 00034441 _____ C:\Users\Tristan\Downloads\Addition.txt
2013-09-05 14:30 - 2013-09-05 14:30 - 00000000 ____D C:\FRST
2013-09-02 18:27 - 2013-09-02 18:27 - 00144168 _____ C:\Windows\Minidump\090213-23790-01.dmp
2013-09-02 18:04 - 2013-09-02 18:04 - 00144168 _____ C:\Windows\Minidump\090213-23977-01.dmp
2013-09-02 06:42 - 2013-09-02 06:42 - 00002436 _____ C:\Users\Tristan\Desktop\piece by piece2.txt
2013-09-02 04:19 - 2013-09-02 06:08 - 00001456 _____ C:\Users\Tristan\Desktop\piece by piece.txt
2013-08-31 23:32 - 1996-11-11 08:00 - 00051472 ____R (Microsoft Corporation) C:\Windows\system32\IMAGECFG.EXE
2013-08-31 23:31 - 2013-08-31 23:31 - 00024643 _____ C:\Users\Tristan\Downloads\imagecfg.zip
2013-08-31 23:31 - 2013-08-31 23:31 - 00000000 ____D C:\Users\Tristan\Downloads\imagecfg
2013-08-31 23:16 - 2013-08-31 23:16 - 00292184 _____ (Microsoft Corporation) C:\Users\Tristan\Downloads\dxwebsetup.exe
2013-08-31 23:16 - 2013-08-31 23:16 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-08-31 23:16 - 2013-08-31 23:16 - 00000000 ____D C:\Windows\system32\directx
2013-08-31 23:06 - 2013-08-31 23:06 - 00036814 _____ C:\Users\Tristan\Downloads\Thief_3_Deadly_Shadows.zip
2013-08-31 23:06 - 2013-08-31 23:06 - 00000000 ____D C:\Users\Tristan\Downloads\Thief_3_Deadly_Shadows
2013-08-31 23:01 - 2013-08-31 23:21 - 00003387 _____ C:\Windows\DirectX.log
2013-08-31 22:59 - 2013-08-31 22:59 - 00000000 ____D C:\Users\Tristan\Documents\Thief - Deadly Shadows
2013-08-31 22:55 - 2013-08-31 22:55 - 03739173 _____ (                                                            ) C:\Users\Tristan\Downloads\Setup_T3SneakyUpgrade_1.1.2.1.exe
2013-08-31 22:46 - 2013-08-31 22:46 - 00000000 ____D C:\Users\Public\Documents\Thief - Deadly Shadows
2013-08-31 22:24 - 2013-08-31 22:24 - 00000000 ____D C:\Users\Tristan\Downloads\T3Patch
2013-08-31 22:23 - 2013-08-31 22:24 - 00424623 _____ C:\Users\Tristan\Downloads\T3Patch.zip
2013-08-31 21:40 - 2013-08-31 21:40 - 00243128 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-08-31 21:36 - 2013-08-31 21:36 - 00001856 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-08-31 21:34 - 2013-08-31 21:40 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2013-08-31 17:57 - 2013-08-31 17:57 - 01075237 _____ (SWE Sven Ritter                        ) C:\Users\Tristan\Downloads\bio7646.exe
2013-08-31 17:52 - 2013-08-31 17:52 - 00000000 ____D C:\Program Files\CPUID
2013-08-31 17:50 - 2013-08-31 17:50 - 01458872 _____ (                                                            ) C:\Users\Tristan\Downloads\cpu-z_1.66.1-setup-en.exe
2013-08-31 15:59 - 2013-08-31 15:59 - 00065536 _____ C:\Users\Tristan\AppData\Roaming\kcczhbk5.default.dat
2013-08-31 15:59 - 2013-08-31 15:59 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\xmldm
2013-08-31 15:59 - 2013-08-31 15:59 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\ckoock
2013-08-31 04:13 - 2013-08-31 04:13 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Malwarebytes
2013-08-31 04:13 - 2013-08-31 04:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-31 04:13 - 2013-08-31 04:13 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-31 04:13 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-31 04:12 - 2013-08-31 04:13 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tristan\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-30 18:30 - 2013-08-30 18:30 - 00144168 _____ C:\Windows\Minidump\083013-27955-01.dmp
2013-08-29 17:23 - 2013-08-29 17:23 - 00000000 ____D C:\Program Files\Common Files\Java
2013-08-29 17:22 - 2013-08-29 17:22 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-29 17:22 - 2013-08-29 17:22 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-29 17:22 - 2013-08-29 17:22 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-29 17:22 - 2013-08-29 17:22 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-08-29 17:11 - 2013-08-29 17:11 - 00903080 _____ (Oracle Corporation) C:\Users\Tristan\Downloads\chromeinstall-7u25.exe
2013-08-29 02:55 - 2013-08-29 02:55 - 00000000 ____D C:\Windows\system32\RTCOM
2013-08-29 02:54 - 2013-05-21 21:50 - 02666248 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2013-08-29 02:54 - 2013-05-21 15:57 - 00117832 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2013-08-29 02:54 - 2013-05-21 12:11 - 04164376 _____ (ASUSTeKcomputer.Inc) C:\Windows\system32\RTKSMlfx.dll
2013-08-29 02:54 - 2013-05-21 12:08 - 00711512 _____ (A-Volute) C:\Windows\system32\RTKSMSettingsIPC.dll
2013-08-29 02:54 - 2013-05-20 16:16 - 00769096 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2013-08-29 02:54 - 2013-05-20 14:36 - 02535496 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2013-08-29 02:54 - 2013-05-14 21:27 - 05479244 _____ C:\Windows\system32\Drivers\rtvienna.dat
2013-08-29 02:54 - 2013-05-02 12:01 - 01824000 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2013-08-29 02:54 - 2013-04-30 19:53 - 03237448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2013-08-29 02:54 - 2013-04-30 14:29 - 00860720 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2013-08-29 02:54 - 2013-04-24 17:16 - 01596488 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2013-08-29 02:54 - 2013-04-16 06:23 - 00709400 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt32.dll
2013-08-29 02:54 - 2013-04-16 06:23 - 00548632 _____ (SRS Labs, Inc.) C:\Windows\system32\sltech32.dll
2013-08-29 02:54 - 2013-04-16 06:23 - 00341272 _____ (SRS Labs, Inc.) C:\Windows\system32\sl3apo32.dll
2013-08-29 02:54 - 2013-04-16 06:23 - 00186136 _____ (TODO: <Company name>) C:\Windows\system32\slprp32.dll
2013-08-29 02:54 - 2012-01-30 11:42 - 00819648 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo2.dll
2013-08-29 02:54 - 2012-01-10 10:20 - 00058264 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\TepeqAPO.dll
2013-08-29 02:54 - 2011-11-22 16:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2013-08-29 02:54 - 2011-09-02 14:21 - 00214368 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK.dll
2013-08-29 02:54 - 2011-09-02 14:21 - 00074080 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM.dll
2013-08-29 02:54 - 2011-09-02 14:21 - 00068960 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO.dll
2013-08-29 02:54 - 2011-03-17 12:16 - 01379760 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2013-08-29 02:54 - 2011-03-07 17:03 - 00134584 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2013-08-29 02:54 - 2009-11-24 09:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2013-08-29 02:54 - 2009-11-24 09:55 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2013-08-29 02:54 - 2009-11-24 09:55 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2013-08-29 02:54 - 2009-11-24 09:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2013-08-29 02:54 - 2009-11-18 18:42 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
2013-08-29 02:53 - 2013-05-21 15:05 - 00576929 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-08-29 02:53 - 2013-05-21 14:16 - 24962560 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes.dat
2013-08-29 02:53 - 2013-05-02 12:01 - 00788224 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2013-08-29 02:53 - 2013-05-02 12:00 - 01932032 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2013-08-29 02:53 - 2013-04-23 00:39 - 02388000 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2013-08-29 02:53 - 2013-04-18 13:48 - 13780736 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2013-08-29 02:53 - 2013-04-18 13:48 - 02886400 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN.dll
2013-08-29 02:53 - 2013-04-18 13:48 - 01661184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek2.dll
2013-08-29 02:53 - 2013-04-15 11:19 - 00642816 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO50.dll
2013-08-29 02:53 - 2013-04-03 14:12 - 00852016 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2013-08-29 02:53 - 2013-03-20 13:17 - 08872216 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA.dll
2013-08-29 02:53 - 2012-12-12 11:17 - 00350664 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2013-08-29 02:53 - 2012-10-02 14:39 - 00426952 _____ (DTS) C:\Windows\system32\DTSU2PLFX32.dll
2013-08-29 02:53 - 2012-10-02 14:39 - 00402888 _____ (DTS) C:\Windows\system32\DTSU2PGFX32.dll
2013-08-29 02:53 - 2012-10-02 14:39 - 00346056 _____ (DTS) C:\Windows\system32\DTSU2PREC32.dll
2013-08-29 02:53 - 2012-09-10 20:06 - 00549240 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO40.dll
2013-08-29 02:53 - 2012-08-31 19:17 - 07162128 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP32A.dll
2013-08-29 02:53 - 2012-08-31 19:17 - 00352016 _____ (Dolby Laboratories) C:\Windows\system32\R4EED32A.dll
2013-08-29 02:53 - 2012-08-31 19:17 - 00106768 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL32A.dll
2013-08-29 02:53 - 2012-08-31 19:17 - 00091920 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA32A.dll
2013-08-29 02:53 - 2012-08-31 19:17 - 00062224 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG32A.dll
2013-08-29 02:53 - 2012-07-15 21:13 - 00349048 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2013-08-29 02:53 - 2011-08-23 17:00 - 00357712 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 01509480 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 01292904 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 01220200 _____ (DTS) C:\Windows\system32\DTSBoostDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00654952 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00631400 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00601704 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00458344 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00389736 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00375400 _____ (DTS) C:\Windows\system32\DTSLimiterDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00218728 _____ (DTS) C:\Windows\system32\DTSGFXAPONS.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00218728 _____ (DTS) C:\Windows\system32\DTSGFXAPO.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00218216 _____ (DTS) C:\Windows\system32\DTSLFXAPO.dll
2013-08-29 02:53 - 2010-11-08 07:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2013-08-29 02:53 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2013-08-29 02:53 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2013-08-29 02:53 - 2010-11-08 07:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2013-08-29 02:53 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2013-08-29 02:53 - 2010-11-08 07:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2013-08-29 02:53 - 2010-09-27 09:34 - 00232792 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2013-08-29 02:53 - 2009-12-04 15:43 - 00132368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2013-08-29 02:52 - 2013-03-23 03:43 - 00181960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2013-08-29 02:52 - 2012-06-20 17:26 - 00090624 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-08-29 02:52 - 2012-03-08 11:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2013-08-29 02:42 - 2013-08-29 02:42 - 00000000 ____D C:\Users\Tristan\Documents\DriverEasy
2013-08-29 02:41 - 2013-08-29 02:41 - 03017672 _____ (Easeware                                                    ) C:\Users\Tristan\Downloads\DriverEasy_Setup_454.exe
2013-08-29 02:33 - 2013-08-29 02:33 - 28211040 _____ (TuneUp Software) C:\Users\Tristan\Downloads\TuneUpUtilities2013_de-DE.exe
2013-08-28 23:40 - 2013-08-28 23:40 - 00007865 _____ C:\Users\Tristan\Desktop\gh.mid
2013-08-28 23:24 - 2013-08-28 23:24 - 00001091 _____ C:\Users\Public\Desktop\WaveLab Elements 7.lnk
2013-08-28 23:24 - 2009-05-18 14:17 - 00026600 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-08-28 23:18 - 2013-08-28 23:18 - 00002239 _____ C:\Users\Tristan\Desktop\Cubase LE AI Elements 6.lnk
2013-08-25 00:08 - 2013-08-25 00:08 - 00000000 ____D C:\23
2013-08-25 00:04 - 2013-08-25 00:04 - 00381240 _____ C:\Users\Tristan\Downloads\429360_intl_i386_zip.exe
2013-08-23 23:12 - 2013-08-23 23:12 - 00000000 ____D C:\Program Files\Geeks3D
2013-08-23 23:11 - 2013-08-23 23:11 - 04816605 _____ (Geeks3D                                                     ) C:\Users\Tristan\Downloads\FurMark_1.11.0_Setup.exe
2013-08-20 22:45 - 2013-08-24 22:31 - 00000000 ____D C:\ProgramData\Avira
2013-08-20 22:32 - 2013-08-20 22:34 - 110344048 _____ C:\Users\Tristan\Downloads\avira_free_antivirus85_de.exe
2013-08-20 22:28 - 2013-08-20 22:28 - 00144168 _____ C:\Windows\Minidump\082013-28704-01.dmp
2013-08-19 20:47 - 2013-08-19 20:47 - 00001032 _____ C:\Users\Tristan\Desktop\EVEREST Home Edition.lnk
2013-08-19 20:47 - 2013-08-19 20:47 - 00000000 ____D C:\Program Files\Lavalys
2013-08-19 20:46 - 2013-08-19 20:46 - 04179293 _____ (Lavalys, Inc.                                               ) C:\Users\Tristan\Downloads\everesthome220.exe
2013-08-19 20:28 - 2013-08-19 20:28 - 00144168 _____ C:\Windows\Minidump\081913-36473-01.dmp
2013-08-19 20:18 - 2013-09-03 22:14 - 00001967 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-08-15 18:03 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 18:03 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 18:03 - 2013-07-26 05:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 18:03 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 18:03 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 18:03 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 18:03 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 18:03 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 18:03 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 18:03 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 18:03 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 18:03 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 18:03 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 18:03 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 18:03 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 18:03 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 18:15 - 2013-08-14 18:15 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2013-08-14 18:15 - 2013-08-14 18:15 - 00000000 ____D C:\Program Files\NirSoft
2013-08-14 18:14 - 2013-08-14 18:15 - 00141480 _____ C:\Users\Tristan\Downloads\bluescreenview_152setup.exe
2013-08-14 18:11 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 18:11 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 18:11 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 18:11 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 18:11 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 18:11 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 18:11 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 18:11 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 18:11 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 18:11 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 18:11 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 18:11 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 17:59 - 2013-09-07 04:53 - 633561289 _____ C:\Windows\MEMORY.DMP
2013-08-14 17:59 - 2013-08-14 17:59 - 00144168 _____ C:\Windows\Minidump\081413-29998-01.dmp
2013-08-11 16:27 - 2013-09-06 15:35 - 00025572 _____ C:\Windows\PFRO.log
2013-08-11 01:00 - 2013-09-08 16:58 - 00008494 _____ C:\Windows\setupact.log
2013-08-11 01:00 - 2013-08-11 01:00 - 00000000 _____ C:\Windows\setuperr.log

==================== One Month Modified Files and Folders =======

2013-09-08 18:52 - 2013-09-08 18:52 - 01082239 _____ (Farbar) C:\Users\Tristan\Desktop\FRST.exe
2013-09-08 18:37 - 2013-03-30 22:26 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Notepad++
2013-09-08 18:37 - 2013-03-30 22:26 - 00000000 ____D C:\Program Files\Notepad++
2013-09-08 18:24 - 2011-02-08 22:35 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-08 18:23 - 2013-09-08 18:23 - 00891115 _____ C:\Users\Tristan\Desktop\SecurityCheck.exe
2013-09-08 18:23 - 2011-04-23 00:48 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\vlc
2013-09-08 18:04 - 2012-05-29 13:19 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-08 18:00 - 2013-07-10 22:33 - 01855291 _____ C:\Windows\WindowsUpdate.log
2013-09-08 17:07 - 2009-07-14 06:34 - 00010432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-08 17:07 - 2009-07-14 06:34 - 00010432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-08 16:59 - 2013-06-09 17:30 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Wise Care 365
2013-09-08 16:58 - 2013-08-11 01:00 - 00008494 _____ C:\Windows\setupact.log
2013-09-08 16:58 - 2011-02-08 22:34 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-08 16:58 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-08 16:44 - 2013-09-08 16:44 - 00000000 _____ C:\Users\Tristan\Desktop\Filme.txt
2013-09-07 13:30 - 2010-07-06 22:23 - 00005834 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-07 04:53 - 2013-09-07 04:53 - 00144168 _____ C:\Windows\Minidump\090713-26176-01.dmp
2013-09-07 04:53 - 2013-08-14 17:59 - 633561289 _____ C:\Windows\MEMORY.DMP
2013-09-07 04:53 - 2011-07-15 18:14 - 00000000 ____D C:\Windows\Minidump
2013-09-07 04:35 - 2013-06-27 21:35 - 00000000 ____D C:\Users\Tristan\Documents\VSO Downloader
2013-09-06 20:43 - 2013-09-06 20:43 - 00000000 ____D C:\Program Files\ESET
2013-09-06 20:22 - 2013-09-06 20:22 - 02347384 _____ (ESET) C:\Users\Tristan\Desktop\esetsmartinstaller_enu.exe
2013-09-06 17:52 - 2013-03-16 16:15 - 00000000 ____D C:\Users\Tristan\Downloads\ISO ZERTIFIZIERUNG
2013-09-06 15:35 - 2013-08-11 16:27 - 00025572 _____ C:\Windows\PFRO.log
2013-09-05 23:16 - 2011-04-07 13:44 - 00000000 ____D C:\Users\Tristan\Übergangsordner
2013-09-05 23:03 - 2013-09-05 23:03 - 00052184 _____ C:\Users\Tristan\Downloads\FRST.txt
2013-09-05 21:35 - 2013-09-05 21:35 - 00003674 _____ C:\Users\Tristan\Desktop\JRT.txt
2013-09-05 21:32 - 2013-09-05 21:32 - 00000000 ____D C:\Windows\ERUNT
2013-09-05 21:26 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\PLA
2013-09-05 21:21 - 2013-09-05 21:19 - 00000000 ____D C:\AdwCleaner
2013-09-05 21:12 - 2013-09-05 21:12 - 01028757 _____ (Thisisu) C:\Users\Tristan\Desktop\JRT_5.5.7.exe
2013-09-05 21:01 - 2013-09-05 21:00 - 01037134 _____ C:\Users\Tristan\Desktop\adwcleaner_3002.exe
2013-09-05 15:32 - 2013-09-05 15:32 - 00025294 _____ C:\ComboFix.txt
2013-09-05 15:32 - 2013-09-05 15:12 - 00000000 ____D C:\Qoobox
2013-09-05 15:32 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-09-05 15:32 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-09-05 15:31 - 2013-09-05 15:11 - 00000000 ____D C:\Windows\erdnt
2013-09-05 15:29 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-09-05 15:10 - 2013-09-05 15:10 - 05120804 ____R (Swearware) C:\Users\Tristan\Desktop\ComboFix.exe
2013-09-05 14:41 - 2013-09-05 14:41 - 00034441 _____ C:\Users\Tristan\Downloads\Addition.txt
2013-09-05 14:33 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-05 14:30 - 2013-09-05 14:30 - 00000000 ____D C:\FRST
2013-09-04 08:11 - 2011-03-18 00:44 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Winamp
2013-09-04 08:11 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2013-09-04 08:11 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-09-03 22:14 - 2013-08-19 20:18 - 00001967 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-03 22:14 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-09-03 22:13 - 2011-02-08 22:38 - 00000000 ____D C:\Users\Tristan
2013-09-03 00:18 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-09-02 18:27 - 2013-09-02 18:27 - 00144168 _____ C:\Windows\Minidump\090213-23790-01.dmp
2013-09-02 18:04 - 2013-09-02 18:04 - 00144168 _____ C:\Windows\Minidump\090213-23977-01.dmp
2013-09-02 06:42 - 2013-09-02 06:42 - 00002436 _____ C:\Users\Tristan\Desktop\piece by piece2.txt
2013-09-02 06:08 - 2013-09-02 04:19 - 00001456 _____ C:\Users\Tristan\Desktop\piece by piece.txt
2013-09-01 00:07 - 2011-04-18 19:24 - 00000000 ___RD C:\Users\Tristan\Hörbücher
2013-08-31 23:31 - 2013-08-31 23:31 - 00024643 _____ C:\Users\Tristan\Downloads\imagecfg.zip
2013-08-31 23:31 - 2013-08-31 23:31 - 00000000 ____D C:\Users\Tristan\Downloads\imagecfg
2013-08-31 23:21 - 2013-08-31 23:01 - 00003387 _____ C:\Windows\DirectX.log
2013-08-31 23:16 - 2013-08-31 23:16 - 00292184 _____ (Microsoft Corporation) C:\Users\Tristan\Downloads\dxwebsetup.exe
2013-08-31 23:16 - 2013-08-31 23:16 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-08-31 23:16 - 2013-08-31 23:16 - 00000000 ____D C:\Windows\system32\directx
2013-08-31 23:06 - 2013-08-31 23:06 - 00036814 _____ C:\Users\Tristan\Downloads\Thief_3_Deadly_Shadows.zip
2013-08-31 23:06 - 2013-08-31 23:06 - 00000000 ____D C:\Users\Tristan\Downloads\Thief_3_Deadly_Shadows
2013-08-31 22:59 - 2013-08-31 22:59 - 00000000 ____D C:\Users\Tristan\Documents\Thief - Deadly Shadows
2013-08-31 22:55 - 2013-08-31 22:55 - 03739173 _____ (                                                            ) C:\Users\Tristan\Downloads\Setup_T3SneakyUpgrade_1.1.2.1.exe
2013-08-31 22:46 - 2013-08-31 22:46 - 00000000 ____D C:\Users\Public\Documents\Thief - Deadly Shadows
2013-08-31 22:39 - 2011-03-15 18:38 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\uTorrent
2013-08-31 22:24 - 2013-08-31 22:24 - 00000000 ____D C:\Users\Tristan\Downloads\T3Patch
2013-08-31 22:24 - 2013-08-31 22:23 - 00424623 _____ C:\Users\Tristan\Downloads\T3Patch.zip
2013-08-31 22:17 - 2012-01-18 23:26 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-08-31 21:47 - 2010-09-15 15:00 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-08-31 21:46 - 2011-07-23 18:02 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-08-31 21:44 - 2011-07-23 18:02 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\DAEMON Tools Lite
2013-08-31 21:40 - 2013-08-31 21:40 - 00243128 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-08-31 21:40 - 2013-08-31 21:34 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2013-08-31 21:36 - 2013-08-31 21:36 - 00001856 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-08-31 21:14 - 2013-03-29 18:42 - 00000000 ____D C:\Users\Tristan\Downloads\torrents
2013-08-31 17:57 - 2013-08-31 17:57 - 01075237 _____ (SWE Sven Ritter                        ) C:\Users\Tristan\Downloads\bio7646.exe
2013-08-31 17:52 - 2013-08-31 17:52 - 00000000 ____D C:\Program Files\CPUID
2013-08-31 17:50 - 2013-08-31 17:50 - 01458872 _____ (                                                            ) C:\Users\Tristan\Downloads\cpu-z_1.66.1-setup-en.exe
2013-08-31 16:07 - 2011-03-15 01:19 - 00000000 ____D C:\Users\Tristan\AppData\Local\Adobe
2013-08-31 16:00 - 2012-05-29 13:19 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-31 16:00 - 2011-11-05 16:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-31 15:59 - 2013-08-31 15:59 - 00065536 _____ C:\Users\Tristan\AppData\Roaming\kcczhbk5.default.dat
2013-08-31 15:59 - 2013-08-31 15:59 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\xmldm
2013-08-31 15:59 - 2013-08-31 15:59 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\ckoock
2013-08-31 04:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Speech
2013-08-31 04:13 - 2013-08-31 04:13 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Malwarebytes
2013-08-31 04:13 - 2013-08-31 04:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-31 04:13 - 2013-08-31 04:13 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-31 04:13 - 2013-08-31 04:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tristan\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-31 04:02 - 2011-03-24 22:40 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Orbit
2013-08-31 03:56 - 2013-05-07 03:07 - 00000000 ____D C:\Program Files\Ubi Soft
2013-08-30 18:30 - 2013-08-30 18:30 - 00144168 _____ C:\Windows\Minidump\083013-27955-01.dmp
2013-08-29 17:23 - 2013-08-29 17:23 - 00000000 ____D C:\Program Files\Common Files\Java
2013-08-29 17:22 - 2013-08-29 17:22 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-29 17:22 - 2013-08-29 17:22 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-29 17:22 - 2013-08-29 17:22 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-29 17:22 - 2013-08-29 17:22 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-08-29 17:22 - 2012-07-27 15:26 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll
2013-08-29 17:22 - 2010-10-13 18:38 - 00000000 ____D C:\Program Files\Java
2013-08-29 17:22 - 2010-07-06 23:32 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-29 17:11 - 2013-08-29 17:11 - 00903080 _____ (Oracle Corporation) C:\Users\Tristan\Downloads\chromeinstall-7u25.exe
2013-08-29 16:16 - 2011-08-27 18:50 - 00000000 ____D C:\Program Files\ElsterFormular
2013-08-29 15:51 - 2011-03-14 23:54 - 00000000 ____D C:\Users\Tristan\Arbeit
2013-08-29 03:22 - 2012-12-24 23:41 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\dvdcss
2013-08-29 02:55 - 2013-08-29 02:55 - 00000000 ____D C:\Windows\system32\RTCOM
2013-08-29 02:43 - 2013-07-17 23:39 - 00000000 ____D C:\Driver_allOS
2013-08-29 02:42 - 2013-08-29 02:42 - 00000000 ____D C:\Users\Tristan\Documents\DriverEasy
2013-08-29 02:41 - 2013-08-29 02:41 - 03017672 _____ (Easeware                                                    ) C:\Users\Tristan\Downloads\DriverEasy_Setup_454.exe
2013-08-29 02:33 - 2013-08-29 02:33 - 28211040 _____ (TuneUp Software) C:\Users\Tristan\Downloads\TuneUpUtilities2013_de-DE.exe
2013-08-28 23:40 - 2013-08-28 23:40 - 00007865 _____ C:\Users\Tristan\Desktop\gh.mid
2013-08-28 23:24 - 2013-08-28 23:24 - 00001091 _____ C:\Users\Public\Desktop\WaveLab Elements 7.lnk
2013-08-28 23:24 - 2011-12-25 20:00 - 00000000 ____D C:\Program Files\Steinberg
2013-08-28 23:18 - 2013-08-28 23:18 - 00002239 _____ C:\Users\Tristan\Desktop\Cubase LE AI Elements 6.lnk
2013-08-28 23:18 - 2011-12-25 20:00 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase LE AI Elements 6
2013-08-25 00:08 - 2013-08-25 00:08 - 00000000 ____D C:\23
2013-08-25 00:07 - 2011-02-08 22:39 - 00000000 ____D C:\Users\Tristan\AppData\Local\VirtualStore
2013-08-25 00:04 - 2013-08-25 00:04 - 00381240 _____ C:\Users\Tristan\Downloads\429360_intl_i386_zip.exe
2013-08-24 22:31 - 2013-08-20 22:45 - 00000000 ____D C:\ProgramData\Avira
2013-08-23 23:12 - 2013-08-23 23:12 - 00000000 ____D C:\Program Files\Geeks3D
2013-08-23 23:11 - 2013-08-23 23:11 - 04816605 _____ (Geeks3D                                                     ) C:\Users\Tristan\Downloads\FurMark_1.11.0_Setup.exe
2013-08-22 22:16 - 2013-07-10 22:43 - 00000000 ____D C:\Program Files\SpeedFan
2013-08-21 22:48 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-08-20 22:34 - 2013-08-20 22:32 - 110344048 _____ C:\Users\Tristan\Downloads\avira_free_antivirus85_de.exe
2013-08-20 22:28 - 2013-08-20 22:28 - 00144168 _____ C:\Windows\Minidump\082013-28704-01.dmp
2013-08-20 06:15 - 2012-11-17 21:02 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\.Torrent Stream
2013-08-19 20:47 - 2013-08-19 20:47 - 00001032 _____ C:\Users\Tristan\Desktop\EVEREST Home Edition.lnk
2013-08-19 20:47 - 2013-08-19 20:47 - 00000000 ____D C:\Program Files\Lavalys
2013-08-19 20:46 - 2013-08-19 20:46 - 04179293 _____ (Lavalys, Inc.                                               ) C:\Users\Tristan\Downloads\everesthome220.exe
2013-08-19 20:28 - 2013-08-19 20:28 - 00144168 _____ C:\Windows\Minidump\081913-36473-01.dmp
2013-08-17 16:52 - 2012-11-29 22:59 - 00000000 ____D C:\TorrentStream
2013-08-15 18:42 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-15 18:31 - 2010-07-06 23:11 - 00000000 ____D C:\Windows\Panther
2013-08-15 18:27 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-15 18:12 - 2013-07-13 09:58 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 18:08 - 2010-07-06 23:03 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 18:15 - 2013-08-14 18:15 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2013-08-14 18:15 - 2013-08-14 18:15 - 00000000 ____D C:\Program Files\NirSoft
2013-08-14 18:15 - 2013-08-14 18:14 - 00141480 _____ C:\Users\Tristan\Downloads\bluescreenview_152setup.exe
2013-08-14 17:59 - 2013-08-14 17:59 - 00144168 _____ C:\Windows\Minidump\081413-29998-01.dmp
2013-08-11 01:00 - 2013-08-11 01:00 - 00000000 _____ C:\Windows\setuperr.log
2013-08-09 16:16 - 2012-05-09 21:21 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

Files to move or delete:
====================
C:\Users\Tristan\AppData\Local\Temp\npp.6.4.5.Installer.exe
C:\Users\Tristan\AppData\Local\Temp\Quarantine.exe
C:\Users\Tristan\AppData\Local\Temp\xmlUpdater.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-01 22:31

==================== End Of Log ============================

--- --- ---

--- --- ---

Gut, werds nochmal mit ESET versuchen. Vielleicht klappts ja diesmal..

schrauber · 09.09.2013, 06:19

Adobe und Firefox updaten.

Wenn ESET nicht geht mach bitte nen Vollscan mit deinem AV Programm.

Schomsi · 13.09.2013, 14:34

hallo,
scan geht nicht => mehrmals absturz. tastatur funktioniert nicht mehr, auch nicht im BIOS (benutze grad bildschirmtastatur). lämpchen leuchten direkt nach start kurz auf. dann tot.
was tun?
gruß

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-09-2013
Ran by Tristan (administrator) on HAL on 13-09-2013 15:33:17
Running from C:\Users\Tristan\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Realtek) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11947080 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKCU\...\Policies\Explorer: [NoDrives] 0
HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs
HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()
HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs

==================== Internet (Whitelisted) ====================

ProxyServer: http-proxy.fu-berlin.de:80
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} hxxp://download.sopcast.com/download/SOPCORE.CAB
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Tristan\AppData\Roaming\Mozilla\Firefox\Profiles\kcczhbk5.default
FF NewTab: about:blank
FF Homepage: hxxp://www.google.de/webhp?rls=ig
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @torrentstream.net/tsplugin,version=1.0.6 - C:\Users\Tristan\AppData\Roaming\TorrentStream\player\npts.dll (The Torrent Stream and VideoLAN and Delft University of Technology)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: hdvc3 - C:\Users\Tristan\AppData\Roaming\Mozilla\Firefox\Profiles\kcczhbk5.default\Extensions\hdvc3@hdvidcodec.com.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\Tristan\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: TS Magic Player - C:\Users\Tristan\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org

Chrome: 
=======
CHR HomePage: hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=93bee78c-1d22-4af9-b043-058bd59030c2&searchtype=hp&fr=linkury-tb&installDate=16/06/2013&type=hp1000
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Torrent Stream P2P Multimedia Plug-in) - C:\Users\Tristan\AppData\Roaming\TorrentStream\player\npts.dll (The Torrent Stream and VideoLAN and Delft University of Technology)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0
CHR Extension: (avast! Online Security) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (YouTube Unblocker) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl\0.4.5_0
CHR Extension: (TS Magic Player) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ochbjojkpcmlfeagbaahkofepalngihg\1.1.28_0
CHR Extension: (Gmail) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [kpionmjnkbpcdpcflammlgllecmejgjj] - C:\Program Files\vShare.tv plugin\vshareplg.crx

========================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-03-28] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S4 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Realtek11nSU; C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP4\RpcAgentSrv.exe [71832 2009-06-15] (SiSoftware)
S4 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [537592 2012-08-03] (Cisco Systems, Inc.)
S2 WiseBootAssistant; C:\Program Files\Wise\Wise Care 365\BootTime.exe [580232 2013-04-25] (WiseCleaner.com)

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-08-03] (Cisco Systems, Inc.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70824 2012-10-11] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34984 2012-10-11] (Advanced Micro Devices)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121208 2012-05-02] (SlySoft, Inc.)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-10-02] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2013-08-31] (Disc Soft Ltd)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
R1 Eve; C:\Windows\System32\DRIVERS\eve.sys [33624 2013-03-28] ()
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [23136 2012-07-16] (JMicron Technology Corp.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-10-02] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP4\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Tristan\AppData\Local\Temp\catchme.sys [x]
S3 SynasUSB; system32\drivers\SynasUSB.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-13 15:32 - 2013-09-13 15:33 - 01082459 _____ (Farbar) C:\Users\Tristan\Desktop\FRST.exe
2013-09-13 04:12 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-13 04:12 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-13 04:12 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-13 04:12 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 04:12 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-13 04:12 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-13 04:12 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-13 04:12 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-13 04:12 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-13 04:12 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-13 04:12 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-13 04:12 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-13 04:12 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-13 04:12 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-13 04:12 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-13 04:11 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-13 04:02 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-13 04:02 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-13 04:02 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-13 04:02 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-13 04:02 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-13 04:02 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-13 04:02 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 04:02 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 04:02 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 04:02 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 04:02 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 04:02 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 04:02 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 04:02 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 04:02 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 04:02 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 04:02 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 04:02 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 04:02 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-13 04:02 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 04:02 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 04:02 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-13 04:02 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 04:02 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 04:02 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 04:02 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 04:02 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 04:02 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 04:02 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-13 04:02 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-13 04:02 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-13 04:02 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 04:02 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 04:02 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-13 04:02 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-13 04:02 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 22:13 - 2013-09-12 22:15 - 00000000 ____D C:\Users\Tristan\Downloads\Janelle Monae – The Electric Lady (2013)
2013-09-12 20:41 - 2013-09-12 22:08 - 131749155 _____ C:\Users\Tristan\Downloads\Janelle Monae – The Electric Lady (2013).zip
2013-09-10 15:43 - 2013-09-10 15:51 - 00000000 ____D C:\Users\Tristan\Downloads\Youtube
2013-09-10 15:38 - 2013-09-10 15:43 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2013-09-10 15:38 - 2013-09-10 15:41 - 00001207 _____ C:\Users\Public\Desktop\YTD Video Downloader.lnk
2013-09-10 15:38 - 2013-09-10 15:38 - 00000000 ____D C:\Program Files\GreenTree Applications
2013-09-10 15:37 - 2013-09-10 15:37 - 11067384 _____ C:\Users\Tristan\Downloads\YTD43Setup.exe
2013-09-10 10:25 - 2013-09-13 03:54 - 00001967 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-10 10:25 - 2013-08-30 09:48 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-09-10 10:25 - 2013-08-30 09:48 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-09-10 10:25 - 2013-08-30 09:48 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-09-10 10:25 - 2013-08-30 09:48 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-09-10 10:25 - 2013-08-30 09:48 - 00061680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-09-10 10:25 - 2013-08-30 09:48 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-09-10 10:25 - 2013-08-30 09:48 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-09-10 10:25 - 2013-08-30 09:48 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-09-10 10:24 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-09-10 10:22 - 2013-09-10 10:24 - 131918888 _____ C:\Users\Tristan\Downloads\avast_free_antivirus_setup.exe
2013-09-10 01:53 - 2013-09-10 01:53 - 00000092 ____H C:\Users\Tristan\Downloads\.~lock.SOOOOOOOOOOOOZI.doc#
2013-09-10 01:41 - 2013-09-10 01:42 - 22240760 _____ (Mozilla) C:\Users\Tristan\Downloads\Firefox_Setup_23.0.1.exe
2013-09-09 17:00 - 2013-09-09 17:04 - 162401424 _____ C:\Users\Tristan\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_de.exe
2013-09-08 21:33 - 2013-09-13 15:33 - 00001204 _____ C:\Windows\Tasks\HDvid Codec V1-updater.job
2013-09-08 21:33 - 2013-09-13 15:33 - 00001198 _____ C:\Windows\Tasks\HDvid Codec V1-codedownloader.job
2013-09-08 21:33 - 2013-09-13 15:33 - 00001108 _____ C:\Windows\Tasks\HDvid Codec V1-enabler.job
2013-09-08 21:31 - 2013-09-08 21:31 - 00000000 ____D C:\ProgramData\APN
2013-09-08 21:31 - 2013-09-08 21:31 - 00000000 ____D C:\Program Files\HDvidCodec.com
2013-09-08 21:29 - 2013-09-08 21:29 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDPlayer
2013-09-08 21:29 - 2013-09-08 21:29 - 00000000 ____D C:\Program Files\HDPlayer
2013-09-08 21:29 - 2013-09-08 21:29 - 00000000 ____D C:\Program Files\FreeHDSport.TV
2013-09-08 18:23 - 2013-09-08 18:23 - 00891115 _____ C:\Users\Tristan\Desktop\SecurityCheck.exe
2013-09-08 16:44 - 2013-09-08 16:44 - 00000000 _____ C:\Users\Tristan\Desktop\Filme.txt
2013-09-07 04:53 - 2013-09-07 04:53 - 00144168 _____ C:\Windows\Minidump\090713-26176-01.dmp
2013-09-06 20:43 - 2013-09-06 20:43 - 00000000 ____D C:\Program Files\ESET
2013-09-06 20:22 - 2013-09-06 20:22 - 02347384 _____ (ESET) C:\Users\Tristan\Desktop\esetsmartinstaller_enu.exe
2013-09-05 23:03 - 2013-09-05 23:03 - 00052184 _____ C:\Users\Tristan\Downloads\FRST.txt
2013-09-05 21:35 - 2013-09-05 21:35 - 00003674 _____ C:\Users\Tristan\Desktop\JRT.txt
2013-09-05 21:32 - 2013-09-05 21:32 - 00000000 ____D C:\Windows\ERUNT
2013-09-05 21:19 - 2013-09-05 21:21 - 00000000 ____D C:\AdwCleaner
2013-09-05 21:12 - 2013-09-05 21:12 - 01028757 _____ (Thisisu) C:\Users\Tristan\Desktop\JRT_5.5.7.exe
2013-09-05 21:00 - 2013-09-05 21:01 - 01037134 _____ C:\Users\Tristan\Desktop\adwcleaner_3002.exe
2013-09-05 15:32 - 2013-09-05 15:32 - 00025294 _____ C:\ComboFix.txt
2013-09-05 15:13 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-05 15:13 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-05 15:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-05 15:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-05 15:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-05 15:13 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-05 15:13 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-05 15:13 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-05 15:12 - 2013-09-05 15:32 - 00000000 ____D C:\Qoobox
2013-09-05 15:11 - 2013-09-05 15:31 - 00000000 ____D C:\Windows\erdnt
2013-09-05 15:10 - 2013-09-05 15:10 - 05120804 ____R (Swearware) C:\Users\Tristan\Desktop\ComboFix.exe
2013-09-05 14:41 - 2013-09-05 14:41 - 00034441 _____ C:\Users\Tristan\Downloads\Addition.txt
2013-09-05 14:30 - 2013-09-05 14:30 - 00000000 ____D C:\FRST
2013-09-02 18:27 - 2013-09-02 18:27 - 00144168 _____ C:\Windows\Minidump\090213-23790-01.dmp
2013-09-02 18:04 - 2013-09-02 18:04 - 00144168 _____ C:\Windows\Minidump\090213-23977-01.dmp
2013-09-02 06:42 - 2013-09-02 06:42 - 00002436 _____ C:\Users\Tristan\Desktop\piece by piece2.txt
2013-09-02 04:19 - 2013-09-02 06:08 - 00001456 _____ C:\Users\Tristan\Desktop\piece by piece.txt
2013-08-31 23:32 - 1996-11-11 08:00 - 00051472 ____R (Microsoft Corporation) C:\Windows\system32\IMAGECFG.EXE
2013-08-31 23:31 - 2013-08-31 23:31 - 00024643 _____ C:\Users\Tristan\Downloads\imagecfg.zip
2013-08-31 23:31 - 2013-08-31 23:31 - 00000000 ____D C:\Users\Tristan\Downloads\imagecfg
2013-08-31 23:16 - 2013-08-31 23:16 - 00292184 _____ (Microsoft Corporation) C:\Users\Tristan\Downloads\dxwebsetup.exe
2013-08-31 23:16 - 2013-08-31 23:16 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-08-31 23:16 - 2013-08-31 23:16 - 00000000 ____D C:\Windows\system32\directx
2013-08-31 23:06 - 2013-08-31 23:06 - 00000000 ____D C:\Users\Tristan\Downloads\Thief_3_Deadly_Shadows
2013-08-31 23:01 - 2013-08-31 23:21 - 00003387 _____ C:\Windows\DirectX.log
2013-08-31 22:59 - 2013-08-31 22:59 - 00000000 ____D C:\Users\Tristan\Documents\Thief - Deadly Shadows
2013-08-31 22:55 - 2013-08-31 22:55 - 03739173 _____ (                                                            ) C:\Users\Tristan\Downloads\Setup_T3SneakyUpgrade_1.1.2.1.exe
2013-08-31 22:46 - 2013-08-31 22:46 - 00000000 ____D C:\Users\Public\Documents\Thief - Deadly Shadows
2013-08-31 22:24 - 2013-08-31 22:24 - 00000000 ____D C:\Users\Tristan\Downloads\T3Patch
2013-08-31 22:23 - 2013-08-31 22:24 - 00424623 _____ C:\Users\Tristan\Downloads\T3Patch.zip
2013-08-31 21:40 - 2013-08-31 21:40 - 00243128 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-08-31 21:36 - 2013-08-31 21:36 - 00001856 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-08-31 21:34 - 2013-08-31 21:40 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2013-08-31 17:57 - 2013-08-31 17:57 - 01075237 _____ (SWE Sven Ritter                        ) C:\Users\Tristan\Downloads\bio7646.exe
2013-08-31 17:52 - 2013-08-31 17:52 - 00000000 ____D C:\Program Files\CPUID
2013-08-31 17:50 - 2013-08-31 17:50 - 01458872 _____ (                                                            ) C:\Users\Tristan\Downloads\cpu-z_1.66.1-setup-en.exe
2013-08-31 15:59 - 2013-08-31 15:59 - 00065536 _____ C:\Users\Tristan\AppData\Roaming\kcczhbk5.default.dat
2013-08-31 15:59 - 2013-08-31 15:59 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\xmldm
2013-08-31 15:59 - 2013-08-31 15:59 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\ckoock
2013-08-31 04:13 - 2013-08-31 04:13 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Malwarebytes
2013-08-31 04:13 - 2013-08-31 04:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-31 04:13 - 2013-08-31 04:13 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-31 04:13 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-31 04:12 - 2013-08-31 04:13 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tristan\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-30 18:30 - 2013-08-30 18:30 - 00144168 _____ C:\Windows\Minidump\083013-27955-01.dmp
2013-08-29 17:23 - 2013-08-29 17:23 - 00000000 ____D C:\Program Files\Common Files\Java
2013-08-29 17:22 - 2013-08-29 17:22 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-29 17:22 - 2013-08-29 17:22 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-29 17:22 - 2013-08-29 17:22 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-29 17:22 - 2013-08-29 17:22 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-08-29 17:11 - 2013-08-29 17:11 - 00903080 _____ (Oracle Corporation) C:\Users\Tristan\Downloads\chromeinstall-7u25.exe
2013-08-29 02:55 - 2013-08-29 02:55 - 00000000 ____D C:\Windows\system32\RTCOM
2013-08-29 02:54 - 2013-05-21 21:50 - 02666248 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2013-08-29 02:54 - 2013-05-21 15:57 - 00117832 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2013-08-29 02:54 - 2013-05-21 12:11 - 04164376 _____ (ASUSTeKcomputer.Inc) C:\Windows\system32\RTKSMlfx.dll
2013-08-29 02:54 - 2013-05-21 12:08 - 00711512 _____ (A-Volute) C:\Windows\system32\RTKSMSettingsIPC.dll
2013-08-29 02:54 - 2013-05-20 16:16 - 00769096 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2013-08-29 02:54 - 2013-05-20 14:36 - 02535496 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2013-08-29 02:54 - 2013-05-14 21:27 - 05479244 _____ C:\Windows\system32\Drivers\rtvienna.dat
2013-08-29 02:54 - 2013-05-02 12:01 - 01824000 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2013-08-29 02:54 - 2013-04-30 19:53 - 03237448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2013-08-29 02:54 - 2013-04-30 14:29 - 00860720 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2013-08-29 02:54 - 2013-04-24 17:16 - 01596488 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2013-08-29 02:54 - 2013-04-16 06:23 - 00709400 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt32.dll
2013-08-29 02:54 - 2013-04-16 06:23 - 00548632 _____ (SRS Labs, Inc.) C:\Windows\system32\sltech32.dll
2013-08-29 02:54 - 2013-04-16 06:23 - 00341272 _____ (SRS Labs, Inc.) C:\Windows\system32\sl3apo32.dll
2013-08-29 02:54 - 2013-04-16 06:23 - 00186136 _____ (TODO: <Company name>) C:\Windows\system32\slprp32.dll
2013-08-29 02:54 - 2012-01-30 11:42 - 00819648 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo2.dll
2013-08-29 02:54 - 2012-01-10 10:20 - 00058264 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\TepeqAPO.dll
2013-08-29 02:54 - 2011-11-22 16:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2013-08-29 02:54 - 2011-09-02 14:21 - 00214368 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK.dll
2013-08-29 02:54 - 2011-09-02 14:21 - 00074080 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM.dll
2013-08-29 02:54 - 2011-09-02 14:21 - 00068960 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO.dll
2013-08-29 02:54 - 2011-03-17 12:16 - 01379760 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2013-08-29 02:54 - 2011-03-07 17:03 - 00134584 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2013-08-29 02:54 - 2009-11-24 09:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2013-08-29 02:54 - 2009-11-24 09:55 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2013-08-29 02:54 - 2009-11-24 09:55 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2013-08-29 02:54 - 2009-11-24 09:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2013-08-29 02:54 - 2009-11-18 18:42 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
2013-08-29 02:53 - 2013-05-21 15:05 - 00576929 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-08-29 02:53 - 2013-05-21 14:16 - 24962560 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes.dat
2013-08-29 02:53 - 2013-05-02 12:01 - 00788224 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2013-08-29 02:53 - 2013-05-02 12:00 - 01932032 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2013-08-29 02:53 - 2013-04-23 00:39 - 02388000 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2013-08-29 02:53 - 2013-04-18 13:48 - 13780736 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2013-08-29 02:53 - 2013-04-18 13:48 - 02886400 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN.dll
2013-08-29 02:53 - 2013-04-18 13:48 - 01661184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek2.dll
2013-08-29 02:53 - 2013-04-15 11:19 - 00642816 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO50.dll
2013-08-29 02:53 - 2013-04-03 14:12 - 00852016 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2013-08-29 02:53 - 2013-03-20 13:17 - 08872216 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA.dll
2013-08-29 02:53 - 2012-12-12 11:17 - 00350664 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2013-08-29 02:53 - 2012-10-02 14:39 - 00426952 _____ (DTS) C:\Windows\system32\DTSU2PLFX32.dll
2013-08-29 02:53 - 2012-10-02 14:39 - 00402888 _____ (DTS) C:\Windows\system32\DTSU2PGFX32.dll
2013-08-29 02:53 - 2012-10-02 14:39 - 00346056 _____ (DTS) C:\Windows\system32\DTSU2PREC32.dll
2013-08-29 02:53 - 2012-09-10 20:06 - 00549240 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO40.dll
2013-08-29 02:53 - 2012-08-31 19:17 - 07162128 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP32A.dll
2013-08-29 02:53 - 2012-08-31 19:17 - 00352016 _____ (Dolby Laboratories) C:\Windows\system32\R4EED32A.dll
2013-08-29 02:53 - 2012-08-31 19:17 - 00106768 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL32A.dll
2013-08-29 02:53 - 2012-08-31 19:17 - 00091920 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA32A.dll
2013-08-29 02:53 - 2012-08-31 19:17 - 00062224 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG32A.dll
2013-08-29 02:53 - 2012-07-15 21:13 - 00349048 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2013-08-29 02:53 - 2011-08-23 17:00 - 00357712 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 01509480 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 01292904 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 01220200 _____ (DTS) C:\Windows\system32\DTSBoostDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00654952 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00631400 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00601704 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00458344 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00389736 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00375400 _____ (DTS) C:\Windows\system32\DTSLimiterDLL.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00218728 _____ (DTS) C:\Windows\system32\DTSGFXAPONS.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00218728 _____ (DTS) C:\Windows\system32\DTSGFXAPO.dll
2013-08-29 02:53 - 2011-05-31 09:42 - 00218216 _____ (DTS) C:\Windows\system32\DTSLFXAPO.dll
2013-08-29 02:53 - 2010-11-08 07:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2013-08-29 02:53 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2013-08-29 02:53 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2013-08-29 02:53 - 2010-11-08 07:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2013-08-29 02:53 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2013-08-29 02:53 - 2010-11-08 07:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2013-08-29 02:53 - 2010-09-27 09:34 - 00232792 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2013-08-29 02:53 - 2009-12-04 15:43 - 00132368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2013-08-29 02:52 - 2013-03-23 03:43 - 00181960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2013-08-29 02:52 - 2012-06-20 17:26 - 00090624 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-08-29 02:52 - 2012-03-08 11:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2013-08-29 02:42 - 2013-08-29 02:42 - 00000000 ____D C:\Users\Tristan\Documents\DriverEasy
2013-08-29 02:41 - 2013-08-29 02:41 - 03017672 _____ (Easeware                                                    ) C:\Users\Tristan\Downloads\DriverEasy_Setup_454.exe
2013-08-29 02:33 - 2013-08-29 02:33 - 28211040 _____ (TuneUp Software) C:\Users\Tristan\Downloads\TuneUpUtilities2013_de-DE.exe
2013-08-28 23:40 - 2013-08-28 23:40 - 00007865 _____ C:\Users\Tristan\Desktop\gh.mid
2013-08-28 23:24 - 2013-08-28 23:24 - 00001091 _____ C:\Users\Public\Desktop\WaveLab Elements 7.lnk
2013-08-28 23:24 - 2009-05-18 14:17 - 00026600 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-08-28 23:18 - 2013-08-28 23:18 - 00002239 _____ C:\Users\Tristan\Desktop\Cubase LE AI Elements 6.lnk
2013-08-25 00:08 - 2013-08-25 00:08 - 00000000 ____D C:\23
2013-08-25 00:04 - 2013-08-25 00:04 - 00381240 _____ C:\Users\Tristan\Downloads\429360_intl_i386_zip.exe
2013-08-23 23:12 - 2013-08-23 23:12 - 00000000 ____D C:\Program Files\Geeks3D
2013-08-23 23:11 - 2013-08-23 23:11 - 04816605 _____ (Geeks3D                                                     ) C:\Users\Tristan\Downloads\FurMark_1.11.0_Setup.exe
2013-08-20 22:45 - 2013-08-24 22:31 - 00000000 ____D C:\ProgramData\Avira
2013-08-20 22:32 - 2013-08-20 22:34 - 110344048 _____ C:\Users\Tristan\Downloads\avira_free_antivirus85_de.exe
2013-08-20 22:28 - 2013-08-20 22:28 - 00144168 _____ C:\Windows\Minidump\082013-28704-01.dmp
2013-08-19 20:47 - 2013-08-19 20:47 - 00001032 _____ C:\Users\Tristan\Desktop\EVEREST Home Edition.lnk
2013-08-19 20:47 - 2013-08-19 20:47 - 00000000 ____D C:\Program Files\Lavalys
2013-08-19 20:46 - 2013-08-19 20:46 - 04179293 _____ (Lavalys, Inc.                                               ) C:\Users\Tristan\Downloads\everesthome220.exe
2013-08-19 20:28 - 2013-08-19 20:28 - 00144168 _____ C:\Windows\Minidump\081913-36473-01.dmp
2013-08-14 18:15 - 2013-08-14 18:15 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2013-08-14 18:15 - 2013-08-14 18:15 - 00000000 ____D C:\Program Files\NirSoft
2013-08-14 18:14 - 2013-08-14 18:15 - 00141480 _____ C:\Users\Tristan\Downloads\bluescreenview_152setup.exe
2013-08-14 18:11 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 18:11 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 18:11 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 18:11 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 18:11 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 18:11 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 18:11 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 18:11 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 18:11 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 18:11 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 18:11 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 18:11 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 17:59 - 2013-09-07 04:53 - 633561289 _____ C:\Windows\MEMORY.DMP
2013-08-14 17:59 - 2013-08-14 17:59 - 00144168 _____ C:\Windows\Minidump\081413-29998-01.dmp

==================== One Month Modified Files and Folders =======

2013-09-13 15:33 - 2013-09-13 15:32 - 01082459 _____ (Farbar) C:\Users\Tristan\Desktop\FRST.exe
2013-09-13 15:33 - 2013-09-08 21:33 - 00001204 _____ C:\Windows\Tasks\HDvid Codec V1-updater.job
2013-09-13 15:33 - 2013-09-08 21:33 - 00001198 _____ C:\Windows\Tasks\HDvid Codec V1-codedownloader.job
2013-09-13 15:33 - 2013-09-08 21:33 - 00001108 _____ C:\Windows\Tasks\HDvid Codec V1-enabler.job
2013-09-13 15:29 - 2009-07-14 06:34 - 00010432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-13 15:29 - 2009-07-14 06:34 - 00010432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-13 15:24 - 2011-02-08 22:35 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-13 15:22 - 2013-08-11 01:00 - 00009222 _____ C:\Windows\setupact.log
2013-09-13 15:22 - 2013-06-09 17:30 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Wise Care 365
2013-09-13 15:22 - 2011-02-08 22:34 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-13 15:22 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-13 15:21 - 2013-07-10 22:33 - 01248631 _____ C:\Windows\WindowsUpdate.log
2013-09-13 15:20 - 2011-04-23 00:48 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\vlc
2013-09-13 14:48 - 2013-08-11 16:27 - 00027960 _____ C:\Windows\PFRO.log
2013-09-13 14:06 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-13 14:04 - 2012-05-29 13:19 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-13 14:03 - 2009-07-14 06:33 - 00330128 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 14:01 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-13 13:34 - 2011-03-18 00:44 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Winamp
2013-09-13 13:34 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2013-09-13 13:34 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-13 13:34 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-09-13 13:34 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-09-13 04:09 - 2013-07-13 09:58 - 00000000 ____D C:\Windows\system32\MRT
2013-09-13 04:09 - 2010-07-06 23:03 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-13 03:54 - 2013-09-10 10:25 - 00001967 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-13 03:54 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-09-13 03:51 - 2011-02-08 22:38 - 00000000 ____D C:\Users\Tristan
2013-09-12 22:15 - 2013-09-12 22:13 - 00000000 ____D C:\Users\Tristan\Downloads\Janelle Monae – The Electric Lady (2013)
2013-09-12 22:08 - 2013-09-12 20:41 - 131749155 _____ C:\Users\Tristan\Downloads\Janelle Monae – The Electric Lady (2013).zip
2013-09-10 15:58 - 2010-07-06 22:23 - 00005834 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-10 15:51 - 2013-09-10 15:43 - 00000000 ____D C:\Users\Tristan\Downloads\Youtube
2013-09-10 15:44 - 2013-06-27 21:35 - 00000000 ____D C:\Users\Tristan\Documents\VSO Downloader
2013-09-10 15:43 - 2013-09-10 15:38 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2013-09-10 15:41 - 2013-09-10 15:38 - 00001207 _____ C:\Users\Public\Desktop\YTD Video Downloader.lnk
2013-09-10 15:38 - 2013-09-10 15:38 - 00000000 ____D C:\Program Files\GreenTree Applications
2013-09-10 15:37 - 2013-09-10 15:37 - 11067384 _____ C:\Users\Tristan\Downloads\YTD43Setup.exe
2013-09-10 10:24 - 2013-09-10 10:22 - 131918888 _____ C:\Users\Tristan\Downloads\avast_free_antivirus_setup.exe
2013-09-10 10:24 - 2011-04-11 13:17 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-10 10:24 - 2011-04-11 13:17 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-10 10:06 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-10 02:24 - 2012-05-09 21:21 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-10 02:13 - 2013-07-06 17:31 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-10 02:12 - 2011-03-15 01:19 - 00000000 ____D C:\Users\Tristan\AppData\Local\Adobe
2013-09-10 02:11 - 2011-06-16 13:59 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-10 02:11 - 2010-07-06 23:27 - 00000000 ____D C:\ProgramData\Adobe
2013-09-10 02:11 - 2010-07-06 23:27 - 00000000 ____D C:\Program Files\Adobe
2013-09-10 01:53 - 2013-09-10 01:53 - 00000092 ____H C:\Users\Tristan\Downloads\.~lock.SOOOOOOOOOOOOZI.doc#
2013-09-10 01:42 - 2013-09-10 01:41 - 22240760 _____ (Mozilla) C:\Users\Tristan\Downloads\Firefox_Setup_23.0.1.exe
2013-09-09 17:04 - 2013-09-09 17:00 - 162401424 _____ C:\Users\Tristan\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_de.exe
2013-09-08 21:31 - 2013-09-08 21:31 - 00000000 ____D C:\ProgramData\APN
2013-09-08 21:31 - 2013-09-08 21:31 - 00000000 ____D C:\Program Files\HDvidCodec.com
2013-09-08 21:29 - 2013-09-08 21:29 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDPlayer
2013-09-08 21:29 - 2013-09-08 21:29 - 00000000 ____D C:\Program Files\HDPlayer
2013-09-08 21:29 - 2013-09-08 21:29 - 00000000 ____D C:\Program Files\FreeHDSport.TV
2013-09-08 18:37 - 2013-03-30 22:26 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Notepad++
2013-09-08 18:37 - 2013-03-30 22:26 - 00000000 ____D C:\Program Files\Notepad++
2013-09-08 18:23 - 2013-09-08 18:23 - 00891115 _____ C:\Users\Tristan\Desktop\SecurityCheck.exe
2013-09-08 16:44 - 2013-09-08 16:44 - 00000000 _____ C:\Users\Tristan\Desktop\Filme.txt
2013-09-07 04:53 - 2013-09-07 04:53 - 00144168 _____ C:\Windows\Minidump\090713-26176-01.dmp
2013-09-07 04:53 - 2013-08-14 17:59 - 633561289 _____ C:\Windows\MEMORY.DMP
2013-09-07 04:53 - 2011-07-15 18:14 - 00000000 ____D C:\Windows\Minidump
2013-09-06 20:43 - 2013-09-06 20:43 - 00000000 ____D C:\Program Files\ESET
2013-09-06 20:22 - 2013-09-06 20:22 - 02347384 _____ (ESET) C:\Users\Tristan\Desktop\esetsmartinstaller_enu.exe
2013-09-06 17:52 - 2013-03-16 16:15 - 00000000 ____D C:\Users\Tristan\Downloads\ISO ZERTIFIZIERUNG
2013-09-05 23:16 - 2011-04-07 13:44 - 00000000 ____D C:\Users\Tristan\Übergangsordner
2013-09-05 23:03 - 2013-09-05 23:03 - 00052184 _____ C:\Users\Tristan\Downloads\FRST.txt
2013-09-05 21:35 - 2013-09-05 21:35 - 00003674 _____ C:\Users\Tristan\Desktop\JRT.txt
2013-09-05 21:32 - 2013-09-05 21:32 - 00000000 ____D C:\Windows\ERUNT
2013-09-05 21:26 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\PLA
2013-09-05 21:21 - 2013-09-05 21:19 - 00000000 ____D C:\AdwCleaner
2013-09-05 21:12 - 2013-09-05 21:12 - 01028757 _____ (Thisisu) C:\Users\Tristan\Desktop\JRT_5.5.7.exe
2013-09-05 21:01 - 2013-09-05 21:00 - 01037134 _____ C:\Users\Tristan\Desktop\adwcleaner_3002.exe
2013-09-05 15:32 - 2013-09-05 15:32 - 00025294 _____ C:\ComboFix.txt
2013-09-05 15:32 - 2013-09-05 15:12 - 00000000 ____D C:\Qoobox
2013-09-05 15:32 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-09-05 15:32 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-09-05 15:31 - 2013-09-05 15:11 - 00000000 ____D C:\Windows\erdnt
2013-09-05 15:29 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-09-05 15:10 - 2013-09-05 15:10 - 05120804 ____R (Swearware) C:\Users\Tristan\Desktop\ComboFix.exe
2013-09-05 14:41 - 2013-09-05 14:41 - 00034441 _____ C:\Users\Tristan\Downloads\Addition.txt
2013-09-05 14:30 - 2013-09-05 14:30 - 00000000 ____D C:\FRST
2013-09-03 00:18 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-09-02 18:27 - 2013-09-02 18:27 - 00144168 _____ C:\Windows\Minidump\090213-23790-01.dmp
2013-09-02 18:04 - 2013-09-02 18:04 - 00144168 _____ C:\Windows\Minidump\090213-23977-01.dmp
2013-09-02 06:42 - 2013-09-02 06:42 - 00002436 _____ C:\Users\Tristan\Desktop\piece by piece2.txt
2013-09-02 06:08 - 2013-09-02 04:19 - 00001456 _____ C:\Users\Tristan\Desktop\piece by piece.txt
2013-09-01 00:07 - 2011-04-18 19:24 - 00000000 ___RD C:\Users\Tristan\Hörbücher
2013-08-31 23:31 - 2013-08-31 23:31 - 00024643 _____ C:\Users\Tristan\Downloads\imagecfg.zip
2013-08-31 23:31 - 2013-08-31 23:31 - 00000000 ____D C:\Users\Tristan\Downloads\imagecfg
2013-08-31 23:21 - 2013-08-31 23:01 - 00003387 _____ C:\Windows\DirectX.log
2013-08-31 23:16 - 2013-08-31 23:16 - 00292184 _____ (Microsoft Corporation) C:\Users\Tristan\Downloads\dxwebsetup.exe
2013-08-31 23:16 - 2013-08-31 23:16 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-08-31 23:16 - 2013-08-31 23:16 - 00000000 ____D C:\Windows\system32\directx
2013-08-31 23:06 - 2013-08-31 23:06 - 00000000 ____D C:\Users\Tristan\Downloads\Thief_3_Deadly_Shadows
2013-08-31 22:59 - 2013-08-31 22:59 - 00000000 ____D C:\Users\Tristan\Documents\Thief - Deadly Shadows
2013-08-31 22:55 - 2013-08-31 22:55 - 03739173 _____ (                                                            ) C:\Users\Tristan\Downloads\Setup_T3SneakyUpgrade_1.1.2.1.exe
2013-08-31 22:46 - 2013-08-31 22:46 - 00000000 ____D C:\Users\Public\Documents\Thief - Deadly Shadows
2013-08-31 22:39 - 2011-03-15 18:38 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\uTorrent
2013-08-31 22:24 - 2013-08-31 22:24 - 00000000 ____D C:\Users\Tristan\Downloads\T3Patch
2013-08-31 22:24 - 2013-08-31 22:23 - 00424623 _____ C:\Users\Tristan\Downloads\T3Patch.zip
2013-08-31 22:17 - 2012-01-18 23:26 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-08-31 21:47 - 2010-09-15 15:00 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-08-31 21:46 - 2011-07-23 18:02 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-08-31 21:44 - 2011-07-23 18:02 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\DAEMON Tools Lite
2013-08-31 21:40 - 2013-08-31 21:40 - 00243128 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-08-31 21:40 - 2013-08-31 21:34 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2013-08-31 21:36 - 2013-08-31 21:36 - 00001856 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-08-31 21:14 - 2013-03-29 18:42 - 00000000 ____D C:\Users\Tristan\Downloads\torrents
2013-08-31 17:57 - 2013-08-31 17:57 - 01075237 _____ (SWE Sven Ritter                        ) C:\Users\Tristan\Downloads\bio7646.exe
2013-08-31 17:52 - 2013-08-31 17:52 - 00000000 ____D C:\Program Files\CPUID
2013-08-31 17:50 - 2013-08-31 17:50 - 01458872 _____ (                                                            ) C:\Users\Tristan\Downloads\cpu-z_1.66.1-setup-en.exe
2013-08-31 16:00 - 2012-05-29 13:19 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-31 16:00 - 2011-11-05 16:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-31 15:59 - 2013-08-31 15:59 - 00065536 _____ C:\Users\Tristan\AppData\Roaming\kcczhbk5.default.dat
2013-08-31 15:59 - 2013-08-31 15:59 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\xmldm
2013-08-31 15:59 - 2013-08-31 15:59 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\ckoock
2013-08-31 04:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Speech
2013-08-31 04:13 - 2013-08-31 04:13 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Malwarebytes
2013-08-31 04:13 - 2013-08-31 04:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-31 04:13 - 2013-08-31 04:13 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-31 04:13 - 2013-08-31 04:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tristan\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-31 04:02 - 2011-03-24 22:40 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Orbit
2013-08-31 03:56 - 2013-05-07 03:07 - 00000000 ____D C:\Program Files\Ubi Soft
2013-08-30 18:30 - 2013-08-30 18:30 - 00144168 _____ C:\Windows\Minidump\083013-27955-01.dmp
2013-08-30 09:48 - 2013-09-10 10:25 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-30 09:48 - 2013-09-10 10:25 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-30 09:48 - 2013-09-10 10:25 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-30 09:48 - 2013-09-10 10:25 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-08-30 09:48 - 2013-09-10 10:25 - 00061680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-08-30 09:48 - 2013-09-10 10:25 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-08-30 09:48 - 2013-09-10 10:25 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-30 09:48 - 2013-09-10 10:25 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-08-30 09:47 - 2013-09-10 10:24 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-30 09:47 - 2011-04-11 13:18 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-08-29 17:23 - 2013-08-29 17:23 - 00000000 ____D C:\Program Files\Common Files\Java
2013-08-29 17:22 - 2013-08-29 17:22 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-29 17:22 - 2013-08-29 17:22 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-29 17:22 - 2013-08-29 17:22 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-29 17:22 - 2013-08-29 17:22 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-08-29 17:22 - 2012-07-27 15:26 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll
2013-08-29 17:22 - 2010-10-13 18:38 - 00000000 ____D C:\Program Files\Java
2013-08-29 17:22 - 2010-07-06 23:32 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-29 17:11 - 2013-08-29 17:11 - 00903080 _____ (Oracle Corporation) C:\Users\Tristan\Downloads\chromeinstall-7u25.exe
2013-08-29 16:16 - 2011-08-27 18:50 - 00000000 ____D C:\Program Files\ElsterFormular
2013-08-29 15:51 - 2011-03-14 23:54 - 00000000 ____D C:\Users\Tristan\Arbeit
2013-08-29 03:22 - 2012-12-24 23:41 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\dvdcss
2013-08-29 02:55 - 2013-08-29 02:55 - 00000000 ____D C:\Windows\system32\RTCOM
2013-08-29 02:43 - 2013-07-17 23:39 - 00000000 ____D C:\Driver_allOS
2013-08-29 02:42 - 2013-08-29 02:42 - 00000000 ____D C:\Users\Tristan\Documents\DriverEasy
2013-08-29 02:41 - 2013-08-29 02:41 - 03017672 _____ (Easeware                                                    ) C:\Users\Tristan\Downloads\DriverEasy_Setup_454.exe
2013-08-29 02:33 - 2013-08-29 02:33 - 28211040 _____ (TuneUp Software) C:\Users\Tristan\Downloads\TuneUpUtilities2013_de-DE.exe
2013-08-28 23:40 - 2013-08-28 23:40 - 00007865 _____ C:\Users\Tristan\Desktop\gh.mid
2013-08-28 23:24 - 2013-08-28 23:24 - 00001091 _____ C:\Users\Public\Desktop\WaveLab Elements 7.lnk
2013-08-28 23:24 - 2011-12-25 20:00 - 00000000 ____D C:\Program Files\Steinberg
2013-08-28 23:18 - 2013-08-28 23:18 - 00002239 _____ C:\Users\Tristan\Desktop\Cubase LE AI Elements 6.lnk
2013-08-28 23:18 - 2011-12-25 20:00 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase LE AI Elements 6
2013-08-25 00:08 - 2013-08-25 00:08 - 00000000 ____D C:\23
2013-08-25 00:07 - 2011-02-08 22:39 - 00000000 ____D C:\Users\Tristan\AppData\Local\VirtualStore
2013-08-25 00:04 - 2013-08-25 00:04 - 00381240 _____ C:\Users\Tristan\Downloads\429360_intl_i386_zip.exe
2013-08-24 22:31 - 2013-08-20 22:45 - 00000000 ____D C:\ProgramData\Avira
2013-08-23 23:12 - 2013-08-23 23:12 - 00000000 ____D C:\Program Files\Geeks3D
2013-08-23 23:11 - 2013-08-23 23:11 - 04816605 _____ (Geeks3D                                                     ) C:\Users\Tristan\Downloads\FurMark_1.11.0_Setup.exe
2013-08-22 22:16 - 2013-07-10 22:43 - 00000000 ____D C:\Program Files\SpeedFan
2013-08-20 22:34 - 2013-08-20 22:32 - 110344048 _____ C:\Users\Tristan\Downloads\avira_free_antivirus85_de.exe
2013-08-20 22:28 - 2013-08-20 22:28 - 00144168 _____ C:\Windows\Minidump\082013-28704-01.dmp
2013-08-20 06:15 - 2012-11-17 21:02 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\.Torrent Stream
2013-08-19 20:47 - 2013-08-19 20:47 - 00001032 _____ C:\Users\Tristan\Desktop\EVEREST Home Edition.lnk
2013-08-19 20:47 - 2013-08-19 20:47 - 00000000 ____D C:\Program Files\Lavalys
2013-08-19 20:46 - 2013-08-19 20:46 - 04179293 _____ (Lavalys, Inc.                                               ) C:\Users\Tristan\Downloads\everesthome220.exe
2013-08-19 20:28 - 2013-08-19 20:28 - 00144168 _____ C:\Windows\Minidump\081913-36473-01.dmp
2013-08-17 16:52 - 2012-11-29 22:59 - 00000000 ____D C:\TorrentStream
2013-08-15 18:31 - 2010-07-06 23:11 - 00000000 ____D C:\Windows\Panther
2013-08-14 18:15 - 2013-08-14 18:15 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2013-08-14 18:15 - 2013-08-14 18:15 - 00000000 ____D C:\Program Files\NirSoft
2013-08-14 18:15 - 2013-08-14 18:14 - 00141480 _____ C:\Users\Tristan\Downloads\bluescreenview_152setup.exe
2013-08-14 17:59 - 2013-08-14 17:59 - 00144168 _____ C:\Windows\Minidump\081413-29998-01.dmp

Files to move or delete:
====================
C:\Users\Tristan\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Tristan\AppData\Local\Temp\npp.6.4.5.Installer.exe
C:\Users\Tristan\AppData\Local\Temp\Quarantine.exe
C:\Users\Tristan\AppData\Local\Temp\xmlUpdater.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 00:55

==================== End Of Log ============================

--- --- ---

schrauber · 14.09.2013, 06:14

was für ne Tastatur? Kabel? USB?

Schomsi · 14.09.2013, 12:49

normal, nicht usb
gruß

schrauber · 14.09.2013, 22:09

schonmal ne andere versucht?

Schomsi · 15.09.2013, 00:00

jep, bei beiden leuchten am anfang kurz die 3 lichter oben rechts. das wars.
was soll ich machen???
gruß

HAB geschaut und die einträge
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kbdclass
und
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mouclass
verglichen. bei kbd fehlt der eintrag driverpackageid.
is das der fehler?

09.09.2013, 06:19	#10
schrauber /// the machine /// TB-Ausbilder	Computer stürzt ab, läuft dann stabil. Virus oder Hardwaredefekt? Adobe und Firefox updaten. Wenn ESET nicht geht mach bitte nen Vollscan mit deinem AV Programm. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

14.09.2013, 06:14	#12
schrauber /// the machine /// TB-Ausbilder	Computer stürzt ab, läuft dann stabil. Virus oder Hardwaredefekt? was für ne Tastatur? Kabel? USB? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

14.09.2013, 22:09	#14
schrauber /// the machine /// TB-Ausbilder	Computer stürzt ab, läuft dann stabil. Virus oder Hardwaredefekt? schonmal ne andere versucht? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Computer stürzt ab, läuft dann stabil. Virus oder Hardwaredefekt?

Log-Analyse und Auswertung: Computer stürzt ab, läuft dann stabil. Virus oder Hardwaredefekt?