Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Safesaver und Chrome

Safesaver und Chrome


Plagegeister aller Art und deren Bekämpfung: Safesaver und Chrome

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 23.01.2014, 13:03   #1
Der Internet
 
Safesaver und Chrome - Standard

Safesaver und Chrome


Juten Tach zusammen,
sehr beschämt muss ich zugeben, mir irgendwo dieses furchtbare safesaver plugin eingefangen habe... ich bin eigentlich kein Amateur, bekomme es aber einfach nicht weg. Habe auch schon die Anleitungen die hier im Board sind befolgt, leider ohne Erfolg

System: Win7 64bit, tritt nur bei Chrome auf.

Unter Software findet sich nichts zum deinstallieren

AdwCleaner findet nur unter Chrome was mit preferences:

Code:
ATTFilter
# AdwCleaner v3.017 - Bericht erstellt am 23/01/2014 um 12:48:33
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Der Internet - JO-PC
# Gestartet von : C:\Users\Der Internet\Desktop\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Google Chrome v33.0.1750.46

[ Datei : C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gefunden : homepage
Gefunden : homepage
Gefunden : homepage

*************************

AdwCleaner[R1].txt - [3047 octets] - [03/01/2014 01:31:35]
AdwCleaner[R2].txt - [1134 octets] - [03/01/2014 01:43:03]
AdwCleaner[R3].txt - [1194 octets] - [03/01/2014 01:46:42]
AdwCleaner[R4].txt - [1249 octets] - [23/01/2014 01:28:40]
AdwCleaner[R5].txt - [1306 octets] - [23/01/2014 01:33:55]
AdwCleaner[R6].txt - [1358 octets] - [23/01/2014 01:39:43]
AdwCleaner[R7].txt - [1098 octets] - [23/01/2014 12:48:33]
AdwCleaner[S1].txt - [2926 octets] - [03/01/2014 01:37:20]
AdwCleaner[S2].txt - [1268 octets] - [23/01/2014 01:32:06]
AdwCleaner[S3].txt - [1367 octets] - [23/01/2014 01:34:48]
AdwCleaner[S4].txt - [1377 octets] - [23/01/2014 01:40:18]

########## EOF - C:\AdwCleaner\AdwCleaner[R7].txt - [1398 octets] ##########

Danach neu gestartet und FRST64 ausgeführt...

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-01-2014
Ran by Der Internet (administrator) on JO-PC on 23-01-2014 12:53:05
Running from C:\Users\Der Internet\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Miranda Fusion Team) C:\Program Files (x86)\MirandaFusion\fusiontools\mfstart.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Google Inc.) C:\Users\Der Internet\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(modified by Miranda Fusion Team) C:\Program Files (x86)\MirandaFusion\miranda32.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\Der Internet\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Florian Klein Software) G:\Kaufland\Baumarkt\Multimedia\sound_automator\sound_automator.exe
(Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CCC.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Piotr Pawlowski) C:\Program Files (x86)\foobar2000\foobar2000.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Fences] - C:\Program Files (x86)\Stardock\Fences\Fences.exe [4017368 2012-10-29] (Stardock Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKCU\...\Run: [Google Update] - C:\Users\Der Internet\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-19] (Google Inc.)
HKCU\...\Run: [Miranda Fusion] - C:\Program Files (x86)\MirandaFusion\fusiontools\mfstart.exe [1122241 2012-06-12] (Miranda Fusion Team)
HKCU\...\Run: [HP Photosmart 5510 series (NET)] - C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2676584 2011-09-16] (Hewlett-Packard Co.)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1815976 2014-01-23] (Valve Corporation)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKCU\...\Run: [Google+ Auto Backup] - C:\Users\Der Internet\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.)
HKCU\...\Run: [GoogleChromeAutoLaunch_6D82468B35573D5D2204F6922BE8CD8A] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [858392 2014-01-22] (Google Inc.)
HKCU\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
MountPoints2: {ce31afd6-3637-11e2-9571-002522b42065} - H:\setup.exe
AppInit_DLLs:  => File Not Found
AppInit_DLLs-x32: à => File Not Found
Startup: C:\Users\Der Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Der Internet\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Der Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk
ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Startup: C:\Users\Der Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sound_automator - Verknüpfung.lnk
ShortcutTarget: sound_automator - Verknüpfung.lnk -> G:\Kaufland\Baumarkt\Multimedia\sound_automator\sound_automator.exe (Florian Klein Software)
Startup: C:\Users\Der Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk
ShortcutTarget: SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
Startup: C:\Users\Der Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5510 series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Photosmart 5510 series (Netzwerk).lnk -> C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x285201EFA696CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: ReggularDueals - {58C7BD69-58DC-BC31-48D0-88D9C7653223} - C:\ProgramData\ReggularDueals\zs7n.x64.dll ()
BHO: ShopDrop - {A9869688-1795-A825-DEFF-05E80ECCA231} - C:\ProgramData\ShopDrop\2yKuPLTIhU.x64.dll ()
BHO-x32: ReggularDueals - {58C7BD69-58DC-BC31-48D0-88D9C7653223} - C:\ProgramData\ReggularDueals\zs7n.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ShopDrop - {A9869688-1795-A825-DEFF-05E80ECCA231} - C:\ProgramData\ShopDrop\2yKuPLTIhU.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 46.23.70.78 pagead2.googlesyndication.com
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP6F2B3C5B-E543-4DF7-B373-14E8FB43EA5B
CHR Extension: (ProxTube) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-01-04]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2013-06-28]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-28]
CHR Extension: (Feedly tabs) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbknmbmpegpkeamflgefmekmjjhgddhk [2013-07-27]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-28]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2013-06-28]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\didcohlhbnnjkbpcakccofgfpfalobdn [2013-07-03]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlbemabjbfhjcccahjioenmkgimjbbkd [2013-06-28]
CHR Extension: (Chrome Connectivity Diagnostics (Dev)) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemlkeanncmjljgehlbplemhmdmalhdc [2014-01-13]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-06-28]
CHR Extension: (Facebook One) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gceeodfjmkoilhaoehbnhofdpobaohnm [2013-07-17]
CHR Extension: (AdBlock) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-02]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\glclbhaolhlabamoncniejlhknjffdip [2013-10-09]
CHR Extension: (Google Calendar (by Google)) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2013-06-28]
CHR Extension: (TweetDeck) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2013-06-28]
CHR Extension: (LastPass) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2013-06-28]
CHR Extension: (surf anD  keep) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\heiaobnbainaibjdkdcehdephlgfpncd [2013-11-26]
CHR Extension: (ProxMate - Improve your Internet!) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2013-06-28]
CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2013-07-13]
CHR Extension: (Checker Plus for Google Calendar™) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha [2013-06-28]
CHR Extension: (Google Keep) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2013-08-20]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2013-06-28]
CHR Extension: (Chrome to Mobile) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd [2013-06-28]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2013-06-28]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2013-12-24]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijgclgmgjipgefcnnnibgllfonlfdap [2013-07-17]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjpfchnjhjfiildkeelmdbkfkegkgehh [2013-06-28]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkgogmboalmaijfgfhfepckdgjeopfhk [2013-12-06]
CHR Extension: (Any.DO) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2013-07-15]
CHR Extension: (SimpleExtManager) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\kniehgiejgnnpgojkdhhjbgbllnfkfdk [2013-06-28]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2013-06-28]
CHR Extension: (Smooth Gestures) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld [2013-06-28]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\libmnnehcdjmemobhldmjnpfamankgho [2013-07-04]
CHR Extension: (MyPermissions Cleaner) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\liiikhhbkpmpomjmdofandjmdgapiahi [2013-12-05]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-06-28]
CHR Extension: (Google Play Books) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2013-09-25]
CHR Extension: (Hangouts) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2013-11-12]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nheaocaplknjkpcnbadlgfpdfjaabiml [2013-06-28]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-06-28]
CHR Extension: (Extensions Update Notifier) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlldbplhbaopldicmcoogopmkonpebjm [2014-01-20]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Auto-Translate) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\obgoiaeapddkeekbocomnjlckbbfapmk [2013-07-17]
CHR Extension: (YoutubeBookmark) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\odhfgbnijgflcibgcbckkhoclnmhdcin [2013-11-26]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2013-06-28]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\oheflacdocadefgdpiimpapbkomhgbbe [2013-12-06]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2013-06-28]
CHR Extension: (Picasa) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-01-20]
CHR Extension: (4chan Plus) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj [2013-06-28]
CHR Extension: (SHoPDroap) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkfjkgmimhoojoahdhhoadgmgahofjl [2013-12-30]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-28]
CHR Extension: (Privacyfix by Privacychoice) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmejhjjecaldkllonlokhkglbdbkdcni [2013-06-28]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmdghpofpmllhegbpllolmndihbedof [2013-10-24]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files (x86)\LastPass\lpchrome.crx [2012-09-19]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 03e661da; C:\ProgramData\WinFilter\WinFilterSvc.dll [176464 2013-12-28] ()
R2 14be225b; C:\ProgramData\FastSys\FastSysSvc.dll [179024 2013-12-30] ()
R2 2384af53; C:\ProgramData\Network Acceleration\NetworkAccelerationSvc.dll [181072 2013-12-30] ()
R2 25a98636; C:\ProgramData\Web Light\WebLightSvc.dll [179024 2013-12-29] ()
R2 89f7ebe4; C:\ProgramData\WinWeb protection\WinWebprotectionSvc.dll [184656 2013-12-28] ()
R2 8b68ee33; C:\ProgramData\Accelesys\AccelesysSvc.dll [180048 2013-12-31] ()
R2 c8d49171; C:\ProgramData\InteliWeb\InteliWebSvc.dll [180560 2013-12-30] ()
R2 def8540c; C:\ProgramData\Winclean performap\WincleanperformapSvc.dll [176976 2013-12-31] ()
R2 dfc86759; C:\ProgramData\Performancer\PerformancerSvc.dll [178512 2013-12-31] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-09] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1326176 2012-07-25] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [681056 2012-07-25] (Secunia)
R2 StarMoney 8.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [744856 2012-11-14] (Tunngle.net GmbH)

==================== Drivers (Whitelisted) ====================

S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-11-24] (DT Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [108648 2013-01-08] (Softwareentwicklung Remus - ArchiCrypt - )
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [38272 2013-08-17] (Windows (R) Win 7 DDK provider)
S3 wod0205; C:\Windows\System32\DRIVERS\wod0205.sys [33160 2011-04-23] (WeOnlyDo Software)
S4 NVHDA; system32\drivers\nvhda64v.sys [x]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [x]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-23 01:45 - 2014-01-23 01:45 - 01037068 _____ (Thisisu) C:\Users\Der Internet\Desktop\JRT (1).exe
2014-01-23 01:35 - 2014-01-23 12:53 - 00025882 _____ C:\Users\Der Internet\Desktop\FRST.txt
2014-01-23 01:35 - 2014-01-23 01:35 - 00000000 ____D C:\FRST
2014-01-23 01:27 - 2014-01-23 01:27 - 02077184 _____ (Farbar) C:\Users\Der Internet\Desktop\FRST64.exe
2014-01-23 01:22 - 2014-01-23 01:22 - 01236282 _____ C:\Users\Der Internet\Desktop\adwcleaner.exe
2014-01-22 17:43 - 2014-01-22 17:43 - 00000000 ____D C:\Users\Der Internet\AppData\Roaming\ATI
2014-01-22 17:43 - 2014-01-22 17:43 - 00000000 ____D C:\Users\Der Internet\AppData\Local\ATI
2014-01-22 17:43 - 2014-01-22 17:43 - 00000000 ____D C:\ProgramData\ATI
2014-01-22 17:43 - 2014-01-22 17:43 - 00000000 _____ C:\Windows\ativpsrm.bin
2014-01-22 17:40 - 2014-01-22 17:40 - 00000000 ____D C:\ProgramData\AMD
2014-01-22 17:40 - 2014-01-22 17:40 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2014-01-22 17:40 - 2014-01-22 17:40 - 00000000 ____D C:\Program Files\ATI
2014-01-22 17:40 - 2014-01-22 17:40 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2014-01-22 17:40 - 2014-01-22 17:40 - 00000000 ____D C:\Program Files (x86)\AMD APP
2014-01-22 17:39 - 2014-01-22 17:40 - 00000000 ____D C:\Program Files (x86)\ATI
2014-01-22 17:38 - 2014-01-22 17:38 - 00000000 ____D C:\AMD
2014-01-22 17:35 - 2014-01-22 17:35 - 00791552 _____ (AMD) C:\Users\Der Internet\Desktop\amddriverdownloader.exe
2014-01-22 17:34 - 2014-01-22 17:35 - 00000757 _____ C:\Windows\LkmdfCoInst.log
2014-01-22 01:16 - 2014-01-22 01:16 - 00410480 _____ C:\Windows\Minidump\012214-15927-01.dmp
2014-01-21 23:10 - 2014-01-21 23:10 - 00368712 _____ C:\Windows\Minidump\012114-9578-01.dmp
2014-01-21 14:52 - 2014-01-21 14:56 - 113722693 _____ C:\Users\Der Internet\Desktop\Mosh - Empire.zip
2014-01-21 14:02 - 2014-01-21 14:02 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-20 16:15 - 2014-01-20 16:15 - 00000000 ____D C:\Users\Der Internet\Documents\Assassin's Creed Liberation HD
2014-01-20 16:15 - 2014-01-20 16:15 - 00000000 ____D C:\Saves
2014-01-20 15:47 - 2014-01-20 15:47 - 00000000 ____D C:\Users\Der Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-19 21:49 - 2014-01-19 21:49 - 00000880 _____ C:\Users\Public\Desktop\Assassin's Creed Liberation HD.lnk
2014-01-19 17:03 - 2014-01-19 17:03 - 00092966 _____ C:\Users\Der Internet\Desktop\Hausaufgaben.zip
2014-01-17 19:07 - 2014-01-17 19:07 - 00000000 ____D C:\Users\Der Internet\Documents\MGR
2014-01-17 16:43 - 2014-01-17 16:43 - 00000797 _____ C:\Users\Public\Desktop\METAL GEAR RISING REVENGEANCE.lnk
2014-01-16 12:03 - 2014-01-16 12:06 - 00000000 ____D C:\Users\Der Internet\Downloads\extracted
2014-01-15 22:20 - 2014-01-15 22:20 - 00037795 _____ C:\Users\Der Internet\Desktop\bf38a0b5782e67e66e8cdcc293960c18ac87377c.zip
2014-01-15 17:30 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 17:12 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 17:12 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 17:12 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 17:12 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 17:12 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 17:12 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 17:12 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 17:12 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 22:57 - 2014-01-21 21:53 - 00000633 _____ C:\Users\Public\Desktop\The Walking Dead.lnk
2014-01-14 20:31 - 2014-01-14 20:31 - 00039492 _____ C:\Users\Der Internet\Desktop\f272b59a009c9d315f5253d0acbcaf47ee3dc516.zip
2014-01-13 17:46 - 2014-01-13 17:46 - 00039625 _____ C:\Users\Der Internet\Desktop\3571977.zip
2014-01-13 16:33 - 2014-01-13 16:33 - 00897216 _____ C:\Users\Der Internet\Desktop\AlbumArtDownloaderXUI-1.00.exe
2014-01-13 16:29 - 2014-01-13 16:29 - 00152691 _____ (Tordex) C:\Users\Der Internet\Desktop\mc-foo2k.exe
2014-01-13 01:55 - 2014-01-13 01:55 - 00019456 ___SH C:\Users\Der Internet\Downloads\Thumbs.db
2014-01-09 00:12 - 2014-01-09 00:12 - 03172160 _____ C:\Users\Der Internet\Desktop\N8FanClub.com_Swype_v2.1.4436_fixed_unsigned.sis
2014-01-08 21:41 - 2014-01-08 22:29 - 274355821 _____ C:\Users\Der Internet\Desktop\NordicLakeSoundsVolV.zip
2014-01-08 01:07 - 2014-01-08 01:07 - 00000000 ____D C:\NVIDIA
2014-01-06 20:23 - 2014-01-06 20:23 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2014-01-04 16:04 - 2014-01-04 16:05 - 27609126 _____ C:\Users\Der Internet\Desktop\DFRNT - Dark Blue EP.zip
2014-01-03 23:15 - 2014-01-03 23:15 - 00000000 ____D C:\Users\Der Internet\Desktop\Paula Temple - Colonized [RS1307D] (2013)
2014-01-03 01:43 - 2014-01-03 01:43 - 01036305 _____ (Thisisu) C:\Users\Der Internet\Desktop\JRT.exe
2014-01-03 01:43 - 2014-01-03 01:43 - 00000000 ____D C:\Windows\ERUNT
2014-01-03 01:31 - 2014-01-23 12:48 - 00000000 ____D C:\AdwCleaner
2014-01-03 01:31 - 2014-01-03 01:31 - 01233962 _____ C:\Users\Der Internet\Desktop\adwcleaner_3.016.exe
2013-12-31 21:49 - 2013-12-31 21:49 - 00000000 ____D C:\ProgramData\Winclean performap
2013-12-31 11:38 - 2013-12-31 11:38 - 00000000 ____D C:\ProgramData\Performancer
2013-12-31 02:17 - 2013-12-31 02:17 - 00000000 ____D C:\ProgramData\Accelesys
2013-12-30 13:10 - 2013-12-30 13:10 - 00000000 ____D C:\ProgramData\InteliWeb
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\ProgramData\ShopDrop
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\ProgramData\SHoPDroap
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\ProgramData\ReggularDueals
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\ProgramData\mhjpkbehoplopblenpbhmofpnabjfnbe
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\ProgramData\bedaajccclfbfhilmpglafgmjjlapdnp
2013-12-30 13:01 - 2013-12-30 13:01 - 00000000 ____D C:\ProgramData\Tordex
2013-12-30 05:44 - 2013-12-30 05:44 - 00000000 ____D C:\ProgramData\FastSys
2013-12-30 01:38 - 2013-12-30 01:38 - 00000000 ____D C:\ProgramData\Network Acceleration
2013-12-29 06:10 - 2013-12-29 06:10 - 00000000 ____D C:\ProgramData\Web Light
2013-12-29 05:15 - 2013-12-29 05:15 - 00000000 ____D C:\Users\Der Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Airfoil
2013-12-29 05:15 - 2013-12-29 05:15 - 00000000 ____D C:\Program Files (x86)\Airfoil
2013-12-29 05:13 - 2013-12-29 05:13 - 09022448 _____ C:\Users\Der Internet\Desktop\AirfoilInstaller.exe
2013-12-29 05:05 - 2013-12-29 07:03 - 00000000 ____D C:\Users\Der Internet\AppData\Local\Rogue Amoeba
2013-12-29 04:36 - 2013-12-29 04:38 - 06738360 _____ C:\Users\Der Internet\Desktop\AirfoilSpeakersInstaller.exe
2013-12-28 23:32 - 2013-12-28 23:32 - 00000000 ____D C:\ProgramData\WinFilter
2013-12-28 23:24 - 2013-12-28 23:24 - 00000000 ____D C:\ProgramData\WinWeb protection
2013-12-24 00:32 - 2013-12-24 00:32 - 00000000 ____D C:\Users\Der Internet\Desktop\A Very Bootie Christmas 3

==================== One Month Modified Files and Folders =======

2014-01-23 12:53 - 2014-01-23 01:35 - 00025882 _____ C:\Users\Der Internet\Desktop\FRST.txt
2014-01-23 12:52 - 2012-09-19 23:12 - 00000000 ____D C:\Users\Der Internet\AppData\Roaming\foobar2000
2014-01-23 12:48 - 2014-01-03 01:31 - 00000000 ____D C:\AdwCleaner
2014-01-23 12:47 - 2009-07-14 05:45 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-23 12:47 - 2009-07-14 05:45 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-23 12:46 - 2011-04-12 08:43 - 00699416 _____ C:\Windows\system32\perfh007.dat
2014-01-23 12:46 - 2011-04-12 08:43 - 00149556 _____ C:\Windows\system32\perfc007.dat
2014-01-23 12:46 - 2009-07-14 06:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-23 12:44 - 2012-09-19 21:00 - 01903654 _____ C:\Windows\WindowsUpdate.log
2014-01-23 12:43 - 2013-11-12 18:02 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-23 12:42 - 2012-09-20 20:09 - 00000000 ____D C:\Users\Der Internet\AppData\Roaming\Dropbox
2014-01-23 12:41 - 2013-03-19 22:03 - 00005088 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Jo-PC-Der Internet Jo-PC
2014-01-23 12:41 - 2012-10-27 21:24 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-23 12:40 - 2013-11-26 16:55 - 00000462 ____H C:\Windows\Tasks\SK.Enhancer-S-161304646.job
2014-01-23 12:40 - 2013-11-17 10:50 - 00022827 _____ C:\Windows\setupact.log
2014-01-23 12:40 - 2013-11-12 18:02 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-23 12:40 - 2013-08-16 23:59 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2014-01-23 12:40 - 2013-02-12 14:22 - 00000000 ____D C:\Program Files (x86)\StarMoney 8.0
2014-01-23 12:40 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-23 01:45 - 2014-01-23 01:45 - 01037068 _____ (Thisisu) C:\Users\Der Internet\Desktop\JRT (1).exe
2014-01-23 01:38 - 2012-09-19 21:12 - 00001148 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2910854657-4121419401-2933497238-1000UA.job
2014-01-23 01:35 - 2014-01-23 01:35 - 00000000 ____D C:\FRST
2014-01-23 01:28 - 2012-09-22 18:03 - 00000000 ____D C:\Program Files (x86)\JDownloader 2
2014-01-23 01:27 - 2014-01-23 01:27 - 02077184 _____ (Farbar) C:\Users\Der Internet\Desktop\FRST64.exe
2014-01-23 01:22 - 2014-01-23 01:22 - 01236282 _____ C:\Users\Der Internet\Desktop\adwcleaner.exe
2014-01-23 00:46 - 2012-09-19 22:11 - 01593956 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-23 00:28 - 2012-09-20 01:16 - 00000000 ____D C:\Program Files (x86)\Origin
2014-01-23 00:27 - 2012-09-19 22:08 - 00000000 ____D C:\Spiele
2014-01-23 00:16 - 2012-09-20 00:19 - 00000000 ____D C:\Users\Der Internet\AppData\Roaming\vlc
2014-01-22 18:38 - 2012-09-19 21:12 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2910854657-4121419401-2933497238-1000Core.job
2014-01-22 17:43 - 2014-01-22 17:43 - 00000000 ____D C:\Users\Der Internet\AppData\Roaming\ATI
2014-01-22 17:43 - 2014-01-22 17:43 - 00000000 ____D C:\Users\Der Internet\AppData\Local\ATI
2014-01-22 17:43 - 2014-01-22 17:43 - 00000000 ____D C:\ProgramData\ATI
2014-01-22 17:43 - 2014-01-22 17:43 - 00000000 _____ C:\Windows\ativpsrm.bin
2014-01-22 17:40 - 2014-01-22 17:40 - 00000000 ____D C:\ProgramData\AMD
2014-01-22 17:40 - 2014-01-22 17:40 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2014-01-22 17:40 - 2014-01-22 17:40 - 00000000 ____D C:\Program Files\ATI
2014-01-22 17:40 - 2014-01-22 17:40 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2014-01-22 17:40 - 2014-01-22 17:40 - 00000000 ____D C:\Program Files (x86)\AMD APP
2014-01-22 17:40 - 2014-01-22 17:39 - 00000000 ____D C:\Program Files (x86)\ATI
2014-01-22 17:39 - 2013-11-14 02:28 - 00000000 ____D C:\Users\Der Internet\AppData\Local\NVIDIA Corporation
2014-01-22 17:39 - 2012-09-19 21:17 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2014-01-22 17:39 - 2012-09-19 21:17 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2014-01-22 17:39 - 2012-09-19 21:16 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2014-01-22 17:38 - 2014-01-22 17:38 - 00000000 ____D C:\AMD
2014-01-22 17:37 - 2012-09-19 21:17 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-22 17:35 - 2014-01-22 17:35 - 00791552 _____ (AMD) C:\Users\Der Internet\Desktop\amddriverdownloader.exe
2014-01-22 17:35 - 2014-01-22 17:34 - 00000757 _____ C:\Windows\LkmdfCoInst.log
2014-01-22 17:34 - 2012-09-19 21:51 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-01-22 16:34 - 2013-11-29 23:48 - 335683607 _____ C:\Windows\MEMORY.DMP
2014-01-22 01:16 - 2014-01-22 01:16 - 00410480 _____ C:\Windows\Minidump\012214-15927-01.dmp
2014-01-21 23:10 - 2014-01-21 23:10 - 00368712 _____ C:\Windows\Minidump\012114-9578-01.dmp
2014-01-21 23:10 - 2012-09-20 08:09 - 00000000 ____D C:\Windows\Minidump
2014-01-21 23:05 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
2014-01-21 21:53 - 2014-01-14 22:57 - 00000633 _____ C:\Users\Public\Desktop\The Walking Dead.lnk
2014-01-21 14:56 - 2014-01-21 14:52 - 113722693 _____ C:\Users\Der Internet\Desktop\Mosh - Empire.zip
2014-01-21 14:05 - 2013-11-12 00:28 - 00000000 ____D C:\ProgramData\Oracle
2014-01-21 14:02 - 2014-01-21 14:02 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-21 14:02 - 2012-09-22 16:42 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-20 19:14 - 2012-09-19 21:12 - 00000000 ____D C:\Users\Der Internet\AppData\Local\Google
2014-01-20 16:15 - 2014-01-20 16:15 - 00000000 ____D C:\Users\Der Internet\Documents\Assassin's Creed Liberation HD
2014-01-20 16:15 - 2014-01-20 16:15 - 00000000 ____D C:\Saves
2014-01-20 15:47 - 2014-01-20 15:47 - 00000000 ____D C:\Users\Der Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-20 15:12 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2014-01-19 21:50 - 2013-11-20 11:28 - 00088135 _____ C:\Windows\DirectX.log
2014-01-19 21:49 - 2014-01-19 21:49 - 00000880 _____ C:\Users\Public\Desktop\Assassin's Creed Liberation HD.lnk
2014-01-19 17:03 - 2014-01-19 17:03 - 00092966 _____ C:\Users\Der Internet\Desktop\Hausaufgaben.zip
2014-01-19 08:33 - 2010-11-21 04:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-17 19:07 - 2014-01-17 19:07 - 00000000 ____D C:\Users\Der Internet\Documents\MGR
2014-01-17 16:43 - 2014-01-17 16:43 - 00000797 _____ C:\Users\Public\Desktop\METAL GEAR RISING REVENGEANCE.lnk
2014-01-17 13:04 - 2012-09-20 20:09 - 00000000 ____D C:\Users\Der Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-17 13:04 - 2012-09-19 21:00 - 00000000 ___RD C:\Users\Der Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-16 15:34 - 2009-07-14 05:45 - 00376856 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 12:06 - 2014-01-16 12:03 - 00000000 ____D C:\Users\Der Internet\Downloads\extracted
2014-01-16 11:08 - 2012-10-18 12:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-16 11:07 - 2013-08-15 00:57 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 11:04 - 2012-09-19 21:38 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 22:20 - 2014-01-15 22:20 - 00037795 _____ C:\Users\Der Internet\Desktop\bf38a0b5782e67e66e8cdcc293960c18ac87377c.zip
2014-01-15 21:21 - 2013-04-17 18:28 - 00000000 ____D C:\Users\Der Internet\AppData\Roaming\Skype
2014-01-14 22:57 - 2013-01-18 21:01 - 00000000 ____D C:\Users\Der Internet\Documents\Telltale Games
2014-01-14 20:31 - 2014-01-14 20:31 - 00039492 _____ C:\Users\Der Internet\Desktop\f272b59a009c9d315f5253d0acbcaf47ee3dc516.zip
2014-01-13 17:46 - 2014-01-13 17:46 - 00039625 _____ C:\Users\Der Internet\Desktop\3571977.zip
2014-01-13 16:33 - 2014-01-13 16:33 - 00897216 _____ C:\Users\Der Internet\Desktop\AlbumArtDownloaderXUI-1.00.exe
2014-01-13 16:29 - 2014-01-13 16:29 - 00152691 _____ (Tordex) C:\Users\Der Internet\Desktop\mc-foo2k.exe
2014-01-13 01:55 - 2014-01-13 01:55 - 00019456 ___SH C:\Users\Der Internet\Downloads\Thumbs.db
2014-01-13 01:55 - 2013-07-29 12:37 - 00000000 ____D C:\Users\Der Internet\Downloads\nd FB login_files
2014-01-12 19:15 - 2012-09-26 02:12 - 00000000 ____D C:\Users\Der Internet\AppData\Roaming\uTorrent
2014-01-09 00:12 - 2014-01-09 00:12 - 03172160 _____ C:\Users\Der Internet\Desktop\N8FanClub.com_Swype_v2.1.4436_fixed_unsigned.sis
2014-01-08 22:29 - 2014-01-08 21:41 - 274355821 _____ C:\Users\Der Internet\Desktop\NordicLakeSoundsVolV.zip
2014-01-08 01:07 - 2014-01-08 01:07 - 00000000 ____D C:\NVIDIA
2014-01-06 20:23 - 2014-01-06 20:23 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2014-01-05 23:21 - 2013-04-17 18:28 - 00000000 ___RD C:\Program Files (x86)\Skype
2014-01-05 23:21 - 2013-04-17 18:28 - 00000000 ____D C:\ProgramData\Skype
2014-01-04 16:05 - 2014-01-04 16:04 - 27609126 _____ C:\Users\Der Internet\Desktop\DFRNT - Dark Blue EP.zip
2014-01-03 23:15 - 2014-01-03 23:15 - 00000000 ____D C:\Users\Der Internet\Desktop\Paula Temple - Colonized [RS1307D] (2013)
2014-01-03 01:43 - 2014-01-03 01:43 - 01036305 _____ (Thisisu) C:\Users\Der Internet\Desktop\JRT.exe
2014-01-03 01:43 - 2014-01-03 01:43 - 00000000 ____D C:\Windows\ERUNT
2014-01-03 01:40 - 2012-09-19 21:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-03 01:40 - 2012-09-19 21:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-03 01:38 - 2013-11-26 18:37 - 00203836 _____ C:\Windows\PFRO.log
2014-01-03 01:31 - 2014-01-03 01:31 - 01233962 _____ C:\Users\Der Internet\Desktop\adwcleaner_3.016.exe
2014-01-03 01:31 - 2013-11-26 16:55 - 00000000 ____D C:\ProgramData\e9d54e1bbb87d760
2013-12-31 21:49 - 2013-12-31 21:49 - 00000000 ____D C:\ProgramData\Winclean performap
2013-12-31 11:38 - 2013-12-31 11:38 - 00000000 ____D C:\ProgramData\Performancer
2013-12-31 02:17 - 2013-12-31 02:17 - 00000000 ____D C:\ProgramData\Accelesys
2013-12-30 13:10 - 2013-12-30 13:10 - 00000000 ____D C:\ProgramData\InteliWeb
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\ProgramData\ShopDrop
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\ProgramData\SHoPDroap
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\ProgramData\ReggularDueals
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\ProgramData\mhjpkbehoplopblenpbhmofpnabjfnbe
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\ProgramData\bedaajccclfbfhilmpglafgmjjlapdnp
2013-12-30 13:01 - 2013-12-30 13:01 - 00000000 ____D C:\ProgramData\Tordex
2013-12-30 13:01 - 2012-09-20 16:35 - 00000000 ____D C:\Program Files\TrueLaunchBar
2013-12-30 05:44 - 2013-12-30 05:44 - 00000000 ____D C:\ProgramData\FastSys
2013-12-30 01:38 - 2013-12-30 01:38 - 00000000 ____D C:\ProgramData\Network Acceleration
2013-12-29 07:03 - 2013-12-29 05:05 - 00000000 ____D C:\Users\Der Internet\AppData\Local\Rogue Amoeba
2013-12-29 06:10 - 2013-12-29 06:10 - 00000000 ____D C:\ProgramData\Web Light
2013-12-29 05:15 - 2013-12-29 05:15 - 00000000 ____D C:\Users\Der Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Airfoil
2013-12-29 05:15 - 2013-12-29 05:15 - 00000000 ____D C:\Program Files (x86)\Airfoil
2013-12-29 05:13 - 2013-12-29 05:13 - 09022448 _____ C:\Users\Der Internet\Desktop\AirfoilInstaller.exe
2013-12-29 04:38 - 2013-12-29 04:36 - 06738360 _____ C:\Users\Der Internet\Desktop\AirfoilSpeakersInstaller.exe
2013-12-28 23:32 - 2013-12-28 23:32 - 00000000 ____D C:\ProgramData\WinFilter
2013-12-28 23:24 - 2013-12-28 23:24 - 00000000 ____D C:\ProgramData\WinWeb protection
2013-12-24 00:32 - 2013-12-24 00:32 - 00000000 ____D C:\Users\Der Internet\Desktop\A Very Bootie Christmas 3

Some content of TEMP:
====================
C:\Users\Der Internet\AppData\Local\Temp\13-9-legacy_vista_win7_64_dd_ccc_whql.exe
C:\Users\Der Internet\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Der Internet\AppData\Local\Temp\NEventMessages.dll
C:\Users\Der Internet\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Der Internet\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Der Internet\AppData\Local\Temp\nvStInst.exe
C:\Users\Der Internet\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Der Internet\AppData\Local\Temp\sfareca00001.dll
C:\Users\Der Internet\AppData\Local\Temp\vlc-2.1.2-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 00:58

==================== End Of Log ============================

Auch JRT führt zu keinem Ergebnis


Nach dem ausführen der Tools ist der Fehler erst einmal behoben, sobald ich den Rechner neustarte aber wieder da.




In Chrome ist ein Plugin aufgeführt, dass "ExstrAACoupon" heißt und sicherlich der Übeltäter ist. Entferne ich dieses, ist der Fehler behoben - beim nächsten Start ist dieses allerdings wieder da. Was mich stutzig macht, ist das eine Suche nach "ExstrAACoupon" keinerlei Ergebnisse gibt - oder blockt die Malware die Suche nach selbigem?

BIn euch für jeden Tipp dankbar und schon kurz davor, Windows neu aufzusetzen

Alt 23.01.2014, 15:09   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Safesaver und Chrome - Standard

Safesaver und Chrome


hi.

Verbindest Du mit einem Google Konto?
__________________

__________________
Alt 23.01.2014, 19:55   #3
Der Internet
 
Safesaver und Chrome - Standard

Safesaver und Chrome


Ohja! Da könnte natürlich der Fehler liegen... nur wie verhindere ich, dass die Malware sich auch synchronisiert?
__________________
Alt 24.01.2014, 10:47   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Safesaver und Chrome - Standard

Safesaver und Chrome


Mit dem Konto verbinden in Chrome, dann die Einstellungen von Chrome, sowi die erweiterten Einstellungen und die Sync-Einstellungen manuell durchsuchen und alles löschen was raus muss
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.01.2014, 08:46   #5
Naitsirch
 
Safesaver und Chrome - Standard

Safesaver und Chrome


Hallo zusammen,

ich habe das gleiche Problem und bin ratlos, habe alles durchsucht was in meiner Macht steht... Problem besteht nur bei Chrome - das Addon heisst "NewSiaVer 1.1"...

Hier mein FRST-Log:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-01-2014 02
Ran by Christian (administrator) on CHRISTIAN-PC on 27-01-2014 08:43:24
Running from C:\Users\Christian\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool 
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forums

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(CMedia) C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\AsusAudioCenter.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Spotify Ltd) C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe
(Valve Corporation) F:\Programme\Steam\Steam.exe
(AVM Berlin) C:\Users\Christian\AppData\Local\Apps\2.0\EYACQ913.WOT\14H727DA.263\frit..tion_8488884cfbcefd60_0002.0003_f308b4c1084cd0fd\fritzbox-usb-fernanschluss.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Electronic Arts) F:\Programme\Origin\Origin.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Spotify Ltd) C:\Users\Christian\AppData\Roaming\Spotify\spotify.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Razer USA Ltd) C:\Program Files (x86)\Razer\Razer StarCraftII\RazerStarCraftIISysTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(AppWork GmbH) C:\Program Files (x86)\JDownloader 2\JDownloader 2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() F:\Programme\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() F:\Programme\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.198\deploy\LoLLauncher.exe
() F:\Programme\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.68\deploy\LolClient.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-24] (Logitech Inc.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [Cmaudio8788] - C:\Windows\Syswow64\cmicnfgp.dll [12935168 2012-11-20] (C-Media Corporation)
HKLM\...\Run: [Cmaudio8788GX] - C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] - C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Razer StarcraftII Driver] - C:\Program Files (x86)\Razer\Razer StarCraftII\RazerStarCraftIISysTray
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [BCSSync] - F:\Programme\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [AVMUSBFernanschluss] - C:\Users\Christian\AppData\Local\Apps\2.0\EYACQ913.WOT\14H727DA.263\frit..tion_8488884cfbcefd60_0002.0003_f308b4c1084cd0fd\AVMAutoStart.exe [139264 2012-12-14] (AVM Berlin)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-14] (Spotify Ltd)
HKCU\...\Run: [Steam] - F:\Programme\Steam\Steam.exe [1815464 2014-01-07] (Valve Corporation)
HKCU\...\Run: [EADM] - F:\Programme\Origin\Origin.exe [3551576 2013-11-21] (Electronic Arts)
HKCU\...\Run: [Spotify] - C:\Users\Christian\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-14] (Spotify Ltd)
MountPoints2: {42ae44d0-6876-11e1-ac1c-c86000002ab6} - E:\autorun.exe
HKU\Default\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default User\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Jenny\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-19] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2013-12-19] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5C8B50A2ED26CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKCU - {99BC27D2-F902-47AF-9DD0-0318A8C47761} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: EuxstraSavaings - {58C53017-23B7-9274-45C0-A870D54B3741} - C:\ProgramData\EuxstraSavaings\H0.x64.dll No File
BHO: No Name - {C385781F-DDBA-B39A-7583-F796D0C830D5} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\gli1kiq1.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.de/
FF NetworkProxy: "autoconfig_url", "file:///C:\\Users\\CHRIST~1\\AppData\\Local\\Temp\\proxtube.pac"
FF NetworkProxy: "type", 0
FF Keyword.URL: hxxp://www.google.de/search?q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - F:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - F:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\gli1kiq1.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\gli1kiq1.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\gli1kiq1.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\gli1kiq1.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-02-27]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-02-27]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2013-02-27]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-22]

Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U39) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.390.4) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Extension: (No Name) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-02]
CHR Extension: (No Name) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-02]
CHR Extension: (Adblock Plus) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-03]
CHR Extension: (Adblock Plus) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-02]
CHR Extension: (Video Downloader professional) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2013-08-24]
CHR Extension: (Video Downloader professional) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghfllpjdokbgncpodfihobhledndlmdb [2014-01-01]
CHR Extension: (Video Downloader professional) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdbpbfpcldeegniokancfjolgpjeofc [2013-09-13]
CHR Extension: (Video Downloader professional) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpccpcaielehgefaagocjkkgkafaabdp [2013-09-17]
CHR Extension: (FVD Downloader) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2013-03-08]
CHR Extension: (Google Wallet) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Google Wallet) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-02]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-03-02]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-07-20] ()
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2013-11-21] (Futuremark)
S3 Microsoft SharePoint Workspace Audit Service; F:\Programme\Microsoft Office\Office14\GROOVE.EXE [30798512 2013-03-09] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-11-27] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-11-22] ()

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-13] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-13] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-08-13] ()
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116096 2012-03-09] (AVM Berlin)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2012-12-14] (AVM Berlin)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2734080 2013-04-11] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-26] (DT Soft Ltd)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 ALSysIO; \??\C:\Users\CHRIST~1\AppData\Local\Temp\ALSysIO64.sys [x]
S3 cpuz135; \??\C:\Users\CHRIST~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x]
S3 PROCEXP151; \??\C:\Windows\system32\Drivers\PROCEXP151.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-27 08:43 - 2014-01-27 08:43 - 00023880 _____ C:\Users\Christian\Desktop\FRST.txt
2014-01-26 22:16 - 2014-01-27 08:42 - 00000000 ____D C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-01-26 22:14 - 2014-01-26 22:14 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Christian\Desktop\SpyHunter-Installer (2).exe
2014-01-26 21:24 - 2014-01-26 21:24 - 00000000 ____D C:\Users\Christian\AppData\Local\Anvisoft
2014-01-26 21:18 - 2014-01-27 08:43 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2014-01-26 21:10 - 2014-01-26 21:10 - 00000000 ____D C:\FRST
2014-01-26 21:09 - 2014-01-26 21:10 - 02078208 _____ (Farbar) C:\Users\Christian\Desktop\FRST64.exe
2014-01-26 21:07 - 2014-01-26 21:07 - 01236282 _____ C:\Users\Christian\Desktop\AdwCleaner.exe
2014-01-26 21:02 - 2014-01-26 21:02 - 00000000 ____D C:\Windows\ERUNT
2014-01-25 14:24 - 2014-01-25 15:17 - 3192264704 _____ C:\Users\Christian\Desktop\X15-65741.iso
2014-01-24 18:55 - 2014-01-24 18:57 - 64010585 _____ C:\Users\Christian\Desktop\8820851129keyNjXXTioG3gQend1390600424dataWfUH165250BAreftag541216213210112891822557419mp4.mp4
2014-01-24 18:52 - 2014-01-24 18:52 - 02379143 _____ C:\Users\Christian\Desktop\AzHotPorncom - Beautiful Hip and Leg of Tall Asian Woman - XVIDEOSCOM.flv
2014-01-24 18:32 - 2014-01-24 18:33 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Christian\Desktop\mbam-setup-1.75.0.1300 (1).exe
2014-01-19 22:19 - 2014-01-19 22:19 - 00002247 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-19 22:17 - 2014-01-19 22:18 - 37739976 _____ (Google Inc.) C:\Users\Christian\Desktop\ChromeStandalone32Setup.exe
2014-01-17 19:38 - 2014-01-27 08:38 - 00002016 _____ C:\Windows\setupact.log
2014-01-17 19:38 - 2014-01-20 22:14 - 00001154 _____ C:\Windows\PFRO.log
2014-01-17 19:38 - 2014-01-17 19:38 - 00000000 _____ C:\Windows\setuperr.log
2014-01-17 19:28 - 2014-01-17 19:28 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-16 18:33 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 18:33 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 18:33 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 18:33 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 18:33 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 18:33 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 18:33 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 18:33 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 18:33 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 18:34 - 2014-01-14 18:42 - 82572688 _____ C:\Users\Christian\Desktop\malesubmission - Domme Boots Trample slaves cock Two - EroProfile.mp4
2014-01-12 21:02 - 2014-01-17 19:29 - 00000000 ____D C:\Windows\CD09642E061D4844BA37ED1480916404.TMP
2014-01-12 21:00 - 2014-01-12 21:00 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Christian\Desktop\SpyHunter-Installer (1).exe
2014-01-10 11:00 - 2014-01-10 11:00 - 00000000 ____D C:\Users\Christian\AppData\Roaming\LavasoftStatistics
2014-01-10 09:13 - 2014-01-10 09:13 - 00002305 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-01-10 09:12 - 2014-01-10 09:12 - 00000085 _____ C:\Windows\wininit.ini
2014-01-10 09:11 - 2014-01-10 09:11 - 01725064 _____ C:\Users\Christian\Desktop\Adaware_Installer_11.1.exe
2014-01-10 09:11 - 2014-01-10 09:11 - 00000000 ____D C:\ProgramData\Lavasoft
2014-01-10 09:06 - 2014-01-11 21:26 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-10 09:06 - 2014-01-10 09:12 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-10 09:06 - 2014-01-10 09:06 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2014-01-10 09:02 - 2014-01-10 09:04 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Christian\Desktop\spybot-2.2.25.exe
2014-01-08 15:19 - 2014-01-08 15:19 - 00001347 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2014-01-08 15:15 - 2013-12-19 21:33 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-01-08 15:15 - 2013-12-19 21:33 - 22960416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-01-08 15:15 - 2013-12-19 21:33 - 18222008 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-01-08 15:15 - 2013-12-19 21:33 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-01-08 15:15 - 2013-12-19 21:33 - 15877216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-01-08 15:15 - 2013-12-19 21:33 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-01-08 15:15 - 2013-12-19 21:33 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-01-08 15:15 - 2013-12-19 21:33 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-01-08 15:15 - 2013-12-19 21:33 - 09700224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-01-08 15:15 - 2013-12-19 21:33 - 09657464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-01-08 15:15 - 2013-12-19 21:33 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-01-08 15:15 - 2013-12-19 21:33 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-01-08 15:15 - 2013-12-19 21:33 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-01-08 15:15 - 2013-12-19 21:33 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-01-08 15:15 - 2013-12-19 21:33 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll
2014-01-08 15:15 - 2013-12-19 21:33 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll
2014-01-08 15:15 - 2013-12-19 21:33 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-01-08 15:15 - 2013-12-19 21:33 - 00882464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-01-08 15:15 - 2013-12-19 21:33 - 00879392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-01-08 15:15 - 2013-12-19 21:33 - 00852768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-01-08 15:15 - 2013-12-19 21:33 - 00847648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-01-08 15:15 - 2013-12-19 21:33 - 00479520 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-01-08 15:15 - 2013-12-19 21:33 - 00451872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstusb.sys
2014-01-08 15:15 - 2013-12-19 21:33 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-01-08 15:15 - 2013-12-19 21:33 - 00357152 _____ C:\Windows\system32\NvIFROpenGL.dll
2014-01-08 15:15 - 2013-12-19 21:33 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-01-08 15:15 - 2013-12-19 21:33 - 00314656 _____ C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-01-08 15:15 - 2013-12-19 21:33 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-01-08 15:15 - 2013-12-05 09:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-01-08 15:15 - 2013-12-05 09:42 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-01-08 15:15 - 2013-11-28 14:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-01-08 15:15 - 2013-11-28 14:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-01-08 15:15 - 2013-11-22 09:36 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-01-08 14:46 - 2014-01-08 14:46 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Malwarebytes
2014-01-08 14:46 - 2014-01-08 14:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-08 14:45 - 2014-01-08 14:46 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Christian\Desktop\mbam-setup-1.75.0.1300.exe
2014-01-08 14:01 - 2014-01-08 14:06 - 262041840 _____ (NVIDIA Corporation) C:\Users\Christian\Desktop\332.21-desktop-win8-win7-winvista-64bit-international-whql.exe
2014-01-08 12:16 - 2014-01-08 12:16 - 00000000 _____ C:\autoexec.bat
2014-01-08 12:15 - 2014-01-08 14:45 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2014-01-08 12:15 - 2014-01-08 12:15 - 00000000 ____D C:\Program Files\Enigma Software Group
2014-01-08 12:12 - 2014-01-08 12:12 - 00003182 _____ C:\Windows\System32\Tasks\{7C0A1FE8-960B-4093-AA26-ADFD9DC8072B}
2014-01-07 17:44 - 2014-01-07 17:45 - 35143116 _____ C:\Users\Christian\Desktop\Japanese girls in white boots torture cock - xHamstercom.flv
2014-01-07 17:35 - 2014-01-07 17:35 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Christian\Desktop\SpyHunter-Installer.exe
2014-01-07 12:50 - 2014-01-07 12:50 - 00052572 _____ C:\Windows\Cmicnfgp.ini.cfl
2014-01-07 12:50 - 2014-01-07 12:50 - 00000985 _____ C:\Windows\Cmicnfgp.ini.imi
2014-01-07 12:50 - 2014-01-07 12:50 - 00000924 _____ C:\Windows\system\Cmicnfgp.ini
2014-01-07 12:50 - 2014-01-07 12:50 - 00000142 _____ C:\Windows\system\Dlap.pfx
2014-01-07 12:50 - 2014-01-07 12:50 - 00000000 ____D C:\Users\Christian\AppData\Roaming\ASUS
2014-01-07 12:50 - 2014-01-07 12:50 - 00000000 ____D C:\Program Files\ASUS Xonar Essence STX Audio
2014-01-07 12:50 - 2014-01-07 12:50 - 00000000 ____D C:\Program Files (x86)\OpenAL
2014-01-07 12:50 - 2013-03-28 11:23 - 00004986 ____N C:\Windows\Cmicnfgp.ini.cfg
2014-01-07 12:50 - 2013-03-21 10:11 - 00827904 ____N C:\Windows\system32\Cmeauoxy.exe
2014-01-07 12:50 - 2012-11-20 11:24 - 12935168 ____N (C-Media Corporation) C:\Windows\SysWOW64\CmiCnfgp.dll
2014-01-07 12:50 - 2012-09-28 15:45 - 00465408 ____N (C-Media Electronics Inc.) C:\Windows\system32\cmasiopx.dll
2014-01-07 12:50 - 2012-09-28 15:45 - 00303104 ____N (C-Media Electronics Inc.) C:\Windows\SysWOW64\cmasiop.dll
2014-01-07 12:50 - 2012-06-06 09:56 - 00143360 ____N C:\Windows\SysWOW64\VmixP8.dll
2014-01-07 12:50 - 2012-06-04 14:15 - 04533760 ____N C:\Windows\system32\CmiCnfgp.cpl
2014-01-07 12:50 - 2012-01-06 09:30 - 00212992 ____N (C-Media Electronics Inc.) C:\Windows\SysWOW64\HsSrv2.dll
2014-01-07 12:50 - 2012-01-06 09:30 - 00212992 ____N (C-Media Electronics Inc.) C:\Windows\SysWOW64\HsSrv.dll
2014-01-07 12:50 - 2012-01-06 09:30 - 00122880 ____N (C-Media Electronics Inc.) C:\Windows\system\HsSrv642.dll
2014-01-07 12:50 - 2012-01-06 09:30 - 00122880 ____N (C-Media Electronics Inc.) C:\Windows\system\HsSrv64.dll
2014-01-07 12:50 - 2010-09-28 17:35 - 00000491 ____N C:\Windows\cmudaxp.ini
2014-01-07 12:50 - 2010-06-25 12:25 - 00000061 ____N C:\Windows\system32\cmasiopx.ini
2014-01-07 12:50 - 2010-06-25 12:25 - 00000057 ____N C:\Windows\SysWOW64\cmasiop.ini
2014-01-07 12:50 - 2009-08-19 16:00 - 00359424 ____N C:\Windows\system32\CmiInstallResAll64.dll
2014-01-07 12:50 - 2008-07-11 15:04 - 00200704 ____N C:\Windows\SysWOW64\HsMgr.exe
2014-01-07 12:50 - 2008-07-11 15:03 - 00282112 ____N C:\Windows\system\HsMgr64.exe
2014-01-07 12:50 - 2007-12-13 17:12 - 00122880 ____N (CMedia Electronics Inc.) C:\Windows\SysWOW64\Cm_Oal.dll
2014-01-07 12:50 - 2007-12-13 17:12 - 00122880 ____N (CMedia Electronics Inc.) C:\Windows\system32\Cm_Oal.dll
2014-01-07 12:50 - 2007-11-05 01:30 - 01144983 ____N C:\Windows\KB936225x64.msu
2014-01-07 12:50 - 2006-10-06 05:45 - 00524768 _____ (Microsoft Corporation) C:\Windows\difxapi.dll
2014-01-07 12:50 - 2006-09-13 10:21 - 00200704 ____N (C-Media) C:\Windows\SysWOW64\Cmpaoxy.dll
2014-01-07 12:49 - 2013-06-07 15:50 - 00000000 ____D C:\Users\Christian\Desktop\STX-1.06(W7-QR)
2014-01-07 12:49 - 2013-04-11 19:21 - 02734080 _____ (C-Media Inc) C:\Windows\system32\Drivers\cmudaxp.sys
2014-01-07 12:49 - 2013-04-11 19:21 - 00315392 _____ (C-Media Electronics Inc.) C:\Windows\SysWOW64\CmiFltr.dll
2014-01-07 12:49 - 2013-04-11 19:21 - 00315392 _____ (C-Media Electronics Inc.) C:\Windows\system\CmiFltr.dll
2014-01-07 12:49 - 2013-04-11 19:21 - 00032768 _____ (C-Media Electronics Inc.) C:\Windows\system32\cmudaxp.dll
2014-01-07 12:40 - 2014-01-07 12:41 - 11797337 _____ C:\Users\Christian\Desktop\PCI_STX_7_0_8_1821_Win7.rar
2014-01-07 12:39 - 2014-01-26 22:11 - 00000000 ____D C:\AdwCleaner
2014-01-01 23:47 - 2014-01-01 23:47 - 00000000 ____D C:\ProgramData\caclggnefeonhpfllpjfgiiciglaphki
2014-01-01 23:46 - 2014-01-10 18:43 - 00000000 ____D C:\ProgramData\EuxstraSavaings
2014-01-01 23:46 - 2014-01-01 23:47 - 00000000 ____D C:\ProgramData\1a94de5c6e97b406
2013-12-31 00:56 - 2014-01-08 15:19 - 00000000 ____D C:\Users\Christian\AppData\Local\NVIDIA Corporation
2013-12-31 00:26 - 2013-12-31 00:26 - 03821064 _____ C:\Users\Christian\Desktop\battlelog-web-plugins_2.3.2_130.exe

==================== One Month Modified Files and Folders =======

2014-01-27 08:43 - 2014-01-27 08:43 - 00023880 _____ C:\Users\Christian\Desktop\FRST.txt
2014-01-27 08:43 - 2014-01-26 21:18 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2014-01-27 08:42 - 2014-01-26 22:16 - 00000000 ____D C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-01-27 08:41 - 2012-07-10 19:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-27 08:41 - 2012-01-31 23:22 - 00000000 ____D C:\Users\Christian\AppData\Roaming\TS3Client
2014-01-27 08:38 - 2014-01-17 19:38 - 00002016 _____ C:\Windows\setupact.log
2014-01-27 08:38 - 2013-03-20 22:27 - 00000000 ____D C:\Program Files (x86)\JDownloader 2
2014-01-27 08:38 - 2013-01-12 23:23 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-27 08:38 - 2012-08-28 10:35 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Spotify
2014-01-27 08:38 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-27 08:37 - 2013-01-30 23:11 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-26 23:58 - 2012-01-31 22:30 - 01623547 _____ C:\Windows\WindowsUpdate.log
2014-01-26 23:00 - 2013-01-12 23:23 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-26 22:20 - 2009-07-14 05:45 - 00025744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-26 22:20 - 2009-07-14 05:45 - 00025744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-26 22:19 - 2009-07-14 18:58 - 00712396 _____ C:\Windows\system32\perfh007.dat
2014-01-26 22:19 - 2009-07-14 18:58 - 00155486 _____ C:\Windows\system32\perfc007.dat
2014-01-26 22:19 - 2009-07-14 06:13 - 01651686 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-26 22:16 - 2012-02-18 16:50 - 00000000 ____D C:\Users\Christian\AppData\Roaming\vlc
2014-01-26 22:14 - 2014-01-26 22:14 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Christian\Desktop\SpyHunter-Installer (2).exe
2014-01-26 22:11 - 2014-01-07 12:39 - 00000000 ____D C:\AdwCleaner
2014-01-26 21:24 - 2014-01-26 21:24 - 00000000 ____D C:\Users\Christian\AppData\Local\Anvisoft
2014-01-26 21:10 - 2014-01-26 21:10 - 00000000 ____D C:\FRST
2014-01-26 21:10 - 2014-01-26 21:09 - 02078208 _____ (Farbar) C:\Users\Christian\Desktop\FRST64.exe
2014-01-26 21:07 - 2014-01-26 21:07 - 01236282 _____ C:\Users\Christian\Desktop\AdwCleaner.exe
2014-01-26 21:02 - 2014-01-26 21:02 - 00000000 ____D C:\Windows\ERUNT
2014-01-25 15:17 - 2014-01-25 14:24 - 3192264704 _____ C:\Users\Christian\Desktop\X15-65741.iso
2014-01-24 18:57 - 2014-01-24 18:55 - 64010585 _____ C:\Users\Christian\Desktop\8820851129keyNjXXTioG3gQend1390600424dataWfUH165250BAreftag541216213210112891822557419mp4.mp4
2014-01-24 18:52 - 2014-01-24 18:52 - 02379143 _____ C:\Users\Christian\Desktop\AzHotPorncom - Beautiful Hip and Leg of Tall Asian Woman - XVIDEOSCOM.flv
2014-01-24 18:33 - 2014-01-24 18:32 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Christian\Desktop\mbam-setup-1.75.0.1300 (1).exe
2014-01-20 22:21 - 2012-08-28 10:35 - 00000000 ____D C:\Users\Christian\AppData\Local\Spotify
2014-01-20 22:21 - 2012-03-22 20:10 - 00000000 ____D C:\Users\Christian\AppData\Local\Google
2014-01-20 22:14 - 2014-01-17 19:38 - 00001154 _____ C:\Windows\PFRO.log
2014-01-19 22:19 - 2014-01-19 22:19 - 00002247 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-19 22:19 - 2012-03-22 20:10 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-19 22:18 - 2014-01-19 22:17 - 37739976 _____ (Google Inc.) C:\Users\Christian\Desktop\ChromeStandalone32Setup.exe
2014-01-17 20:19 - 2012-02-01 18:19 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2014-01-17 20:04 - 2012-02-01 18:19 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2014-01-17 19:57 - 2012-01-31 22:58 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Winamp
2014-01-17 19:38 - 2014-01-17 19:38 - 00000000 _____ C:\Windows\setuperr.log
2014-01-17 19:38 - 2012-12-02 19:11 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2014-01-17 19:37 - 2012-01-31 22:30 - 00000000 ____D C:\Users\Christian
2014-01-17 19:32 - 2013-08-15 13:40 - 00000000 ____D C:\Users\Christian\AppData\Roaming\uTorrent
2014-01-17 19:32 - 2012-03-07 19:48 - 00000000 ____D C:\Users\Christian\AppData\Roaming\DAEMON Tools Lite
2014-01-17 19:32 - 2012-02-05 19:32 - 00000000 ____D C:\Windows\Minidump
2014-01-17 19:32 - 2012-02-01 05:23 - 00000000 ____D C:\Windows\Panther
2014-01-17 19:32 - 2012-01-31 23:29 - 00000000 ____D C:\Users\Christian\AppData\Local\CrashDumps
2014-01-17 19:32 - 2012-01-31 22:55 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Skype
2014-01-17 19:29 - 2014-01-12 21:02 - 00000000 ____D C:\Windows\CD09642E061D4844BA37ED1480916404.TMP
2014-01-17 19:29 - 2013-12-06 03:03 - 00000000 ____D C:\Users\Christian\AppData\Local\Unity
2014-01-17 19:29 - 2012-04-10 20:06 - 00000000 ____D C:\Windows\system32\appmgmt
2014-01-17 19:28 - 2014-01-17 19:28 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-17 19:28 - 2013-01-30 23:03 - 00000000 ____D C:\Program Files\CCleaner
2014-01-17 17:27 - 2009-07-14 05:45 - 00353072 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-17 00:18 - 2013-08-14 20:41 - 00000000 ____D C:\Windows\system32\MRT
2014-01-17 00:17 - 2012-01-31 23:27 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-17 00:14 - 2013-10-15 22:09 - 00000000 ____D C:\Users\Christian\AppData\Local\Battle.net
2014-01-14 18:42 - 2014-01-14 18:34 - 82572688 _____ C:\Users\Christian\Desktop\malesubmission - Domme Boots Trample slaves cock Two - EroProfile.mp4
2014-01-12 21:00 - 2014-01-12 21:00 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Christian\Desktop\SpyHunter-Installer (1).exe
2014-01-11 21:26 - 2014-01-10 09:06 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-10 18:43 - 2014-01-01 23:46 - 00000000 ____D C:\ProgramData\EuxstraSavaings
2014-01-10 11:00 - 2014-01-10 11:00 - 00000000 ____D C:\Users\Christian\AppData\Roaming\LavasoftStatistics
2014-01-10 09:13 - 2014-01-10 09:13 - 00002305 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-01-10 09:12 - 2014-01-10 09:12 - 00000085 _____ C:\Windows\wininit.ini
2014-01-10 09:12 - 2014-01-10 09:06 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-10 09:11 - 2014-01-10 09:11 - 01725064 _____ C:\Users\Christian\Desktop\Adaware_Installer_11.1.exe
2014-01-10 09:11 - 2014-01-10 09:11 - 00000000 ____D C:\ProgramData\Lavasoft
2014-01-10 09:06 - 2014-01-10 09:06 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2014-01-10 09:04 - 2014-01-10 09:02 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Christian\Desktop\spybot-2.2.25.exe
2014-01-08 15:19 - 2014-01-08 15:19 - 00001347 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2014-01-08 15:19 - 2013-12-31 00:56 - 00000000 ____D C:\Users\Christian\AppData\Local\NVIDIA Corporation
2014-01-08 15:19 - 2013-10-23 16:21 - 00000000 ____D C:\Users\Christian\AppData\Local\NVIDIA
2014-01-08 15:19 - 2013-02-06 20:56 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2014-01-08 15:17 - 2012-01-31 22:52 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2014-01-08 15:17 - 2012-01-31 22:51 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2014-01-08 14:46 - 2014-01-08 14:46 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Malwarebytes
2014-01-08 14:46 - 2014-01-08 14:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-08 14:46 - 2014-01-08 14:45 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Christian\Desktop\mbam-setup-1.75.0.1300.exe
2014-01-08 14:45 - 2014-01-08 12:15 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2014-01-08 14:06 - 2014-01-08 14:01 - 262041840 _____ (NVIDIA Corporation) C:\Users\Christian\Desktop\332.21-desktop-win8-win7-winvista-64bit-international-whql.exe
2014-01-08 12:16 - 2014-01-08 12:16 - 00000000 _____ C:\autoexec.bat
2014-01-08 12:15 - 2014-01-08 12:15 - 00000000 ____D C:\Program Files\Enigma Software Group
2014-01-08 12:12 - 2014-01-08 12:12 - 00003182 _____ C:\Windows\System32\Tasks\{7C0A1FE8-960B-4093-AA26-ADFD9DC8072B}
2014-01-07 17:45 - 2014-01-07 17:44 - 35143116 _____ C:\Users\Christian\Desktop\Japanese girls in white boots torture cock - xHamstercom.flv
2014-01-07 17:35 - 2014-01-07 17:35 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Christian\Desktop\SpyHunter-Installer.exe
2014-01-07 13:46 - 2013-01-16 19:58 - 00000000 ____D C:\ProgramData\InstallMate
2014-01-07 12:50 - 2014-01-07 12:50 - 00052572 _____ C:\Windows\Cmicnfgp.ini.cfl
2014-01-07 12:50 - 2014-01-07 12:50 - 00000985 _____ C:\Windows\Cmicnfgp.ini.imi
2014-01-07 12:50 - 2014-01-07 12:50 - 00000924 _____ C:\Windows\system\Cmicnfgp.ini
2014-01-07 12:50 - 2014-01-07 12:50 - 00000142 _____ C:\Windows\system\Dlap.pfx
2014-01-07 12:50 - 2014-01-07 12:50 - 00000000 ____D C:\Users\Christian\AppData\Roaming\ASUS
2014-01-07 12:50 - 2014-01-07 12:50 - 00000000 ____D C:\Program Files\ASUS Xonar Essence STX Audio
2014-01-07 12:50 - 2014-01-07 12:50 - 00000000 ____D C:\Program Files (x86)\OpenAL
2014-01-07 12:50 - 2012-04-30 20:49 - 00419840 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-01-07 12:50 - 2012-04-30 20:49 - 00413696 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-01-07 12:50 - 2012-04-30 20:49 - 00111616 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-01-07 12:50 - 2012-04-30 20:49 - 00102400 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-01-07 12:50 - 2012-01-31 23:06 - 00091496 _____ C:\Users\Christian\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-07 12:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system
2014-01-07 12:44 - 2013-02-27 15:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-07 12:41 - 2014-01-07 12:40 - 11797337 _____ C:\Users\Christian\Desktop\PCI_STX_7_0_8_1821_Win7.rar
2014-01-07 11:42 - 2013-11-03 20:04 - 00000000 ____D C:\Windows\AutoKMS
2014-01-07 10:40 - 2012-08-26 14:14 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-01 23:47 - 2014-01-01 23:47 - 00000000 ____D C:\ProgramData\caclggnefeonhpfllpjfgiiciglaphki
2014-01-01 23:47 - 2014-01-01 23:46 - 00000000 ____D C:\ProgramData\1a94de5c6e97b406
2013-12-31 00:27 - 2013-05-04 08:29 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-12-31 00:26 - 2013-12-31 00:26 - 03821064 _____ C:\Users\Christian\Desktop\battlelog-web-plugins_2.3.2_130.exe
2013-12-30 23:14 - 2012-03-22 21:23 - 01628774 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

Some content of TEMP:
====================
C:\Users\Christian\AppData\Local\Temp\Quarantine.exe
C:\Users\Christian\AppData\Local\Temp\SHSetup.exe
C:\Users\Jenny\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 14:53

==================== End Of Log ============================
--- --- ---


Über Hilfe würde ich mich sehr freuen.

Gruss
Naitsirch


Alt 27.01.2014, 16:26   #6
schrauber
/// the machine
/// TB-Ausbilder
 
Safesaver und Chrome - Standard

Safesaver und Chrome


Hi,

bitte eröffne ein eigenes Thema.
__________________
--> Safesaver und Chrome

Antwort

Themen zu Safesaver und Chrome
.dll, adblock, administrator, adobe, bonjour, browser, chrome, desktop, diagnostics, explorer, fehler, google, internet, internet explorer, malware, minidump, mozilla, netzwerk, preferences, realtek, registrierungsdatenbank, registry, safesave, scan, secunia psi, security, services.exe, software, starmoney, suche, svchost.exe, vista, windows, winlogon.exe


« Hohe CPU Auslastung und veränderter autostart durch ccleaner-resident.exe | Search Protect läst sich nicht entfernen »


Ähnliche Themen: Safesaver und Chrome


  1. Chrome ADs/Werbung
    Log-Analyse und Auswertung - 02.08.2015 (3)
  2. ESET hat Diverses gefunden, Laptop extrem langsam, andauernde Fehlermeldungen Chrome"Ups Google Chrome ...."
    Plagegeister aller Art und deren Bekämpfung - 19.07.2015 (165)
  3. Google Chrome - öffnet eine andere Seite beim Starten von Google Chrome (Win7)
    Plagegeister aller Art und deren Bekämpfung - 19.01.2015 (29)
  4. Chrome Datenschutz
    Überwachung, Datenschutz und Spam - 17.09.2014 (10)
  5. appround.net - Chrome
    Plagegeister aller Art und deren Bekämpfung - 27.02.2014 (9)
  6. Problem mit dem Safesaver
    Plagegeister aller Art und deren Bekämpfung - 19.02.2014 (7)
  7. Safesaver wie entferne ichs?
    Log-Analyse und Auswertung - 23.01.2014 (1)
  8. Habe mir den "safesaver"-Mist eingefangen
    Plagegeister aller Art und deren Bekämpfung - 20.01.2014 (7)
  9. Auch hier: SafeSaver lässt sich nicht entfernen!
    Log-Analyse und Auswertung - 07.01.2014 (4)
  10. SafeSaver lässt sich nicht entfernen
    Log-Analyse und Auswertung - 05.01.2014 (12)
  11. Infektion mit SafeSaver
    Log-Analyse und Auswertung - 04.01.2014 (7)
  12. SafeSaver lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 02.01.2014 (3)
  13. ClickTrojaner in Chrome!
    Plagegeister aller Art und deren Bekämpfung - 07.09.2013 (5)
  14. chrome adblocker
    Plagegeister aller Art und deren Bekämpfung - 10.08.2013 (11)
  15. "Ads not by this site" und "safesaver"
    Plagegeister aller Art und deren Bekämpfung - 29.06.2013 (10)
  16. Sicherheitsupdate für Chrome 27
    Nachrichten - 05.06.2013 (0)
  17. Chrome friert, ab und zu, ein
    Log-Analyse und Auswertung - 19.03.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Safesaver und Chrome - Juten Tach zusammen, sehr beschämt muss ich zugeben, mir irgendwo dieses furchtbare safesaver plugin eingefangen habe... ich bin eigentlich kein Amateur, bekomme es aber einfach nicht weg. Habe auch schon - Safesaver und Chrome...
Archiv
Du betrachtest: Safesaver und Chrome auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55