Werbung auf allen browsern, adope flash player hängt sich immer auf

cyrill · 21.03.2014, 16:21

Heyho
ich muss vorweg sagen ich bin nicht sehr erfahren mit dem umgang mit pc zum zocken reichts gerade aber viel mehr geht nicht
nun hab ich mir irgendwas eingefangen es begann damit das sich bei firefox überall kleine fenster mit werbung öffneten( auch auf 100% sauberen seiten) und das mein flash player sich immer aufhängt (zb bei youtube hängt sich jedes video bei ca 5 sek auf )
ich habe den winzip malware entferner runtergeladen aber das programm scheitert immer beim ubdaten( kann sein das es mit dem virus zusammenhängt?)
ich habe gestern mal mozzila firefox geschreddert und neu installiert aber habe das problem immer noch
würde mich riesig freuen wenn mir jemand helfen könnte
mfg
hab mir mal das add on adblock (installiert>?

) jetzt ist die werbung weg aber das problem mit dem flash player bleibt

schrauber · 21.03.2014, 17:22

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

cyrill · 22.03.2014, 00:01

heyho danke das du dir die mühe machst un versucht mir zu helfen
ich hab beide datein runtergeladen kann aber keine der beiden öffnen(keine zulässige win 32 anwendung)
hab in nem anderen forum gelesen das ich mich am besten an den windows support wenden aber denke nicht das die mir helfen können wenn das problem vom virus ausgeht
was rätst du mir?
mfg

schrauber · 22.03.2014, 19:04

Was für ein Betriebssystem hast du?

cyrill · 23.03.2014, 01:49

windows 7 home premium 64 bit betriebssystem
hab die 64 bit version ca 4 mal runtergeladen und versucht zu starten und es kommt immer die nachricht frst.exe ist keine zulässige win32 anwendung

schrauber · 23.03.2014, 11:32

hi,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

cyrill · 24.03.2014, 11:40

ich glaubs nicht aber denke ich habs geschafft

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by SYSTEM on MININT-QHO9N40 on 24-03-2014 11:33:49
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.




==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2890000 2012-03-16] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020064 2012-02-13] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-02-13] (Atheros Commnucations)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [Command Center Controllers] - C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-06-15] (Alienware)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [Sound Blaster Recon3Di Control Panel] - c:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [880640 2011-12-22] (Creative Technology Ltd)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] - C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [1546096 2011-11-04] ()
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-30] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [Integrated Webcam Live! Central] - C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe [577024 2012-03-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [SweetIM] - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\cyrill\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-25] ()
HKU\cyrill\...\Run: [BackgroundContainer] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\cyrill\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\cyrill\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [250504 2013-02-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [205184 2013-02-10] (NVIDIA Corporation)

==================== Services (Whitelisted) =================

S2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [122880 2012-03-28] (Creative Technology Ltd)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-01] (Intel Corporation)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-09-24] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-09] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-09-20] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-09-24] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-09-24] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 Qualcomm Atheros Killer Service; C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [492032 2012-02-24] ()
S2 Update Higher Aurum; C:\Program Files (x86)\Higher Aurum\updateHigherAurum.exe [348448 2014-03-20] ()
S2 Util Higher Aurum; C:\Program Files (x86)\Higher Aurum\bin\utilHigherAurum.exe [348448 2014-03-20] ()
S2 WNDA6200; C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe [53536 2012-07-27] ()

==================== Drivers (Whitelisted) ====================

S3 A6200; C:\Windows\System32\DRIVERS\bcmwlhigh664.sys [2263144 2012-07-31] (Broadcom Corporation)
S3 Ak27x64; C:\Windows\System32\DRIVERS\Ak27x64.sys [3571816 2012-02-24] (Atheros Communications, Inc.)
S1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-12-23] ()
S1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [75880 2012-02-24] (Bigfoot Networks, Inc.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-09-24] (McAfee, Inc.)
S3 cthda; C:\Windows\System32\drivers\cthda.sys [1052760 2012-03-28] (Creative Technology Ltd)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-04-29] ()
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-09-24] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-09-24] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519192 2013-09-24] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [781312 2013-09-24] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [390552 2013-09-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-09-24] (McAfee, Inc.)
S1 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-26] (CACE Technologies, Inc.)
S1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-02-10] (NVIDIA Corporation)
S3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [67184 2012-01-03] (STMicroelectronics)
S1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61120 2014-03-18] (StdLib)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-24 11:33 - 2014-03-24 11:33 - 00000000 ____D () C:\FRST
2014-03-23 14:58 - 2014-03-23 14:58 - 00801680 _____ () C:\Users\cyrill\Downloads\AdobeFlashPlayer.exe
2014-03-23 14:17 - 2014-03-23 14:34 - 04051104 _____ () C:\Users\cyrill\Downloads\avira_de_av___ws.exe
2014-03-22 01:13 - 2014-03-22 01:13 - 00002928 _____ () C:\Windows\System32\Tasks\{30A72B4D-E074-44A7-92A8-234CEFB87ABF}
2014-03-22 01:12 - 2014-03-22 01:12 - 00002928 _____ () C:\Windows\System32\Tasks\{86EE2B96-1631-4785-9D90-AE92BDA9FA48}
2014-03-22 01:12 - 2014-03-22 01:12 - 00002928 _____ () C:\Windows\System32\Tasks\{31AFFCBE-FA3F-4559-B113-83A9DB62A65D}
2014-03-22 00:51 - 2014-03-21 23:39 - 02155596 _____ () C:\FRST64.exe
2014-03-21 23:43 - 2014-03-21 23:43 - 00002924 _____ () C:\Windows\System32\Tasks\{E3D6266F-D4FD-4823-8931-9D4E7E5F38BC}
2014-03-21 16:15 - 2014-03-21 16:15 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-21 16:15 - 2014-03-21 16:15 - 00001149 _____ () C:\ProgramData\Desktop\Mozilla Firefox.lnk
2014-03-21 16:02 - 2014-03-23 17:49 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-03-21 16:02 - 2014-03-21 16:02 - 00001191 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-03-21 16:02 - 2014-03-21 16:02 - 00001191 _____ () C:\ProgramData\Desktop\WinZip Malware Protector.lnk
2014-03-21 16:02 - 2014-03-21 16:02 - 00000000 ____D () C:\Users\cyrill\AppData\Roaming\Nico Mak Computing
2014-03-21 16:02 - 2014-03-21 16:02 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-03-21 16:02 - 2014-03-21 16:02 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-03-21 16:02 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\System32\wsusnative64.exe
2014-03-21 00:34 - 2014-03-21 00:34 - 00002960 _____ () C:\Windows\System32\Tasks\{EBBDF4E5-7C66-4DD1-9BBA-93525421F59C}
2014-03-18 16:50 - 2014-03-18 16:59 - 04889560 _____ (WinZip International LLC ) C:\Users\cyrill\Downloads\wzmp_8.exe
2014-03-18 08:20 - 2014-03-18 08:20 - 00061120 _____ (StdLib) C:\Windows\System32\Drivers\wStLib64.sys
2014-03-14 01:53 - 2014-03-14 01:53 - 00000000 ____D () C:\Users\cyrill\AppData\Local\Blizzard Entertainment
2014-03-13 11:17 - 2014-03-13 11:17 - 00000000 ____D () C:\Users\cyrill\AppData\Local\Blizzard
2014-03-13 11:08 - 2014-03-14 01:54 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-03-13 11:08 - 2014-03-13 11:08 - 00001159 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-03-13 11:08 - 2014-03-13 11:08 - 00001159 _____ () C:\ProgramData\Desktop\Hearthstone.lnk
2014-03-13 11:00 - 2014-03-24 10:01 - 00000000 ____D () C:\Users\cyrill\AppData\Local\Battle.net
2014-03-13 11:00 - 2014-03-13 11:17 - 00000000 ____D () C:\Users\cyrill\AppData\Roaming\Battle.net
2014-03-13 11:00 - 2014-03-13 11:00 - 00001122 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-03-13 11:00 - 2014-03-13 11:00 - 00001122 _____ () C:\ProgramData\Desktop\Battle.net.lnk
2014-03-13 10:59 - 2014-03-22 01:50 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-03-13 10:57 - 2014-03-13 10:57 - 07056680 _____ (Blizzard Entertainment) C:\Users\cyrill\Downloads\Hearthstone-Setup-deDE.exe
2014-02-23 23:57 - 2014-02-23 23:57 - 00000000 ____D () C:\Users\cyrill\Documents\gothic3

==================== One Month Modified Files and Folders =======

2014-03-24 11:33 - 2014-03-24 11:33 - 00000000 ____D () C:\FRST
2014-03-24 11:17 - 2013-06-17 21:09 - 00000431 _____ () C:\Windows\System32\Drivers\etc\hosts.ics
2014-03-24 11:17 - 2013-01-19 01:15 - 00000000 ____D () C:\Program Files (x86)\AlienRespawn
2014-03-24 11:17 - 2013-01-18 17:41 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-24 11:17 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-24 11:17 - 2009-07-14 05:51 - 00105061 _____ () C:\Windows\setupact.log
2014-03-24 11:01 - 2013-01-19 00:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-24 10:01 - 2014-03-13 11:00 - 00000000 ____D () C:\Users\cyrill\AppData\Local\Battle.net
2014-03-23 18:19 - 2013-01-25 00:45 - 00000000 ____D () C:\Users\cyrill\AppData\Local\PMB Files
2014-03-23 18:03 - 2013-01-18 17:43 - 01758268 _____ () C:\Windows\WindowsUpdate.log
2014-03-23 18:01 - 2013-05-22 02:20 - 00003460 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-03-23 17:54 - 2009-07-14 05:45 - 00021296 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-23 17:54 - 2009-07-14 05:45 - 00021296 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-23 17:52 - 2009-07-14 03:34 - 00000635 _____ () C:\Windows\win.ini
2014-03-23 17:49 - 2014-03-21 16:02 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-03-23 17:49 - 2014-01-12 00:08 - 00003376 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2014-03-23 17:49 - 2013-01-19 01:09 - 00000000 ____D () C:\ProgramData\Bigfoot Networks
2014-03-23 17:48 - 2013-10-27 21:45 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-23 17:48 - 2013-01-19 01:20 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-03-23 17:48 - 2013-01-19 01:20 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-03-23 17:46 - 2010-11-21 04:47 - 00375150 _____ () C:\Windows\PFRO.log
2014-03-23 15:10 - 2013-02-07 13:49 - 00000000 ____D () C:\Users\cyrill\AppData\Local\Adobe
2014-03-23 15:00 - 2013-01-27 19:00 - 00000000 ____D () C:\Users\cyrill\AppData\Local\CrashDumps
2014-03-23 14:58 - 2014-03-23 14:58 - 00801680 _____ () C:\Users\cyrill\Downloads\AdobeFlashPlayer.exe
2014-03-23 14:57 - 2013-05-14 21:47 - 00007606 _____ () C:\Users\cyrill\AppData\Local\resmon.resmoncfg
2014-03-23 14:34 - 2014-03-23 14:17 - 04051104 _____ () C:\Users\cyrill\Downloads\avira_de_av___ws.exe
2014-03-23 14:17 - 2013-01-25 00:54 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-03-23 14:08 - 2013-01-24 23:19 - 00000000 ____D () C:\users\cyrill
2014-03-22 01:50 - 2014-03-13 10:59 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-03-22 01:13 - 2014-03-22 01:13 - 00002928 _____ () C:\Windows\System32\Tasks\{30A72B4D-E074-44A7-92A8-234CEFB87ABF}
2014-03-22 01:12 - 2014-03-22 01:12 - 00002928 _____ () C:\Windows\System32\Tasks\{86EE2B96-1631-4785-9D90-AE92BDA9FA48}
2014-03-22 01:12 - 2014-03-22 01:12 - 00002928 _____ () C:\Windows\System32\Tasks\{31AFFCBE-FA3F-4559-B113-83A9DB62A65D}
2014-03-22 01:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-03-21 23:43 - 2014-03-21 23:43 - 00002924 _____ () C:\Windows\System32\Tasks\{E3D6266F-D4FD-4823-8931-9D4E7E5F38BC}
2014-03-21 23:39 - 2014-03-22 00:51 - 02155596 _____ () C:\FRST64.exe
2014-03-21 16:15 - 2014-03-21 16:15 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-21 16:15 - 2014-03-21 16:15 - 00001149 _____ () C:\ProgramData\Desktop\Mozilla Firefox.lnk
2014-03-21 16:15 - 2014-02-15 11:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-21 16:15 - 2013-01-25 00:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-21 16:02 - 2014-03-21 16:02 - 00001191 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-03-21 16:02 - 2014-03-21 16:02 - 00001191 _____ () C:\ProgramData\Desktop\WinZip Malware Protector.lnk
2014-03-21 16:02 - 2014-03-21 16:02 - 00000000 ____D () C:\Users\cyrill\AppData\Roaming\Nico Mak Computing
2014-03-21 16:02 - 2014-03-21 16:02 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-03-21 16:02 - 2014-03-21 16:02 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-03-21 01:09 - 2013-02-03 01:03 - 00000000 ____D () C:\Users\cyrill\AppData\Roaming\Skype
2014-03-21 00:34 - 2014-03-21 00:34 - 00002960 _____ () C:\Windows\System32\Tasks\{EBBDF4E5-7C66-4DD1-9BBA-93525421F59C}
2014-03-18 16:59 - 2014-03-18 16:50 - 04889560 _____ (WinZip International LLC ) C:\Users\cyrill\Downloads\wzmp_8.exe
2014-03-18 08:20 - 2014-03-18 08:20 - 00061120 _____ (StdLib) C:\Windows\System32\Drivers\wStLib64.sys
2014-03-16 16:44 - 2013-08-27 15:53 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-03-16 14:52 - 2013-01-24 23:20 - 00000000 ____D () C:\Users\cyrill\AppData\Local\VirtualStore
2014-03-15 00:38 - 2013-12-22 23:53 - 00000000 ____D () C:\Program Files (x86)\Higher Aurum
2014-03-14 01:54 - 2014-03-13 11:08 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-03-14 01:53 - 2014-03-14 01:53 - 00000000 ____D () C:\Users\cyrill\AppData\Local\Blizzard Entertainment
2014-03-13 11:17 - 2014-03-13 11:17 - 00000000 ____D () C:\Users\cyrill\AppData\Local\Blizzard
2014-03-13 11:17 - 2014-03-13 11:00 - 00000000 ____D () C:\Users\cyrill\AppData\Roaming\Battle.net
2014-03-13 11:08 - 2014-03-13 11:08 - 00001159 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-03-13 11:08 - 2014-03-13 11:08 - 00001159 _____ () C:\ProgramData\Desktop\Hearthstone.lnk
2014-03-13 11:00 - 2014-03-13 11:00 - 00001122 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-03-13 11:00 - 2014-03-13 11:00 - 00001122 _____ () C:\ProgramData\Desktop\Battle.net.lnk
2014-03-13 10:57 - 2014-03-13 10:57 - 07056680 _____ (Blizzard Entertainment) C:\Users\cyrill\Downloads\Hearthstone-Setup-deDE.exe
2014-03-12 03:01 - 2013-01-25 02:01 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-12 03:01 - 2013-01-19 00:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 03:01 - 2013-01-19 00:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 03:01 - 2013-01-19 00:49 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-02 22:48 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-02-28 08:03 - 2013-12-27 16:18 - 00003134 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask-Retry
2014-02-24 22:17 - 2013-01-27 01:55 - 00000000 ____D () C:\Users\cyrill\AppData\Roaming\TS3Client
2014-02-24 14:19 - 2013-01-24 23:27 - 00000000 ____D () C:\Users\cyrill\Documents\Bluetooth Folder
2014-02-23 23:57 - 2014-02-23 23:57 - 00000000 ____D () C:\Users\cyrill\Documents\gothic3
2014-02-23 23:57 - 2013-12-23 21:36 - 00000000 ____D () C:\Users\cyrill\Documents\Gothic3ForsakenGods

Some content of TEMP:
====================
C:\Users\cyrill\AppData\Local\Temp\install_flashplayer12x32_ltr5x64d_awc_aih.exe
C:\Users\cyrill\AppData\Local\Temp\install_flashplayer12x32_mssa_awc_aih.exe
C:\Users\cyrill\AppData\Local\Temp\Shockwave_Installer_FF-1.exe
C:\Users\cyrill\AppData\Local\Temp\Shockwave_Installer_FF.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-03-22 00:59:38
Restore point made on: 2014-03-22 01:06:20
Restore point made on: 2014-03-23 14:16:18
Restore point made on: 2014-03-23 14:17:24
Restore point made on: 2014-03-23 19:00:21

==================== Memory info =========================== 

Percentage of memory in use: 8%
Total physical RAM: 12170.31 MB
Available physical RAM: 11192.98 MB
Total Pagefile: 12168.51 MB
Available Pagefile: 11192.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:456.5 GB) (Free:336.07 GB) NTFS
Drive d: (RESOURCE_CD) (CDROM) (Total:2.27 GB) (Free:0 GB) CDFS
Drive e: (FLASH DRIVE) (Removable) (Total:7.2 GB) (Free:7.2 GB) FAT32
Drive f: (RECOVERY) (Fixed) (Total:9.22 GB) (Free:2.92 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 6AF2CF84)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=457 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: 4A4588C6)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0C)


LastRegBack: 2014-03-23 11:48

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 24.03.2014, 17:04

Komisch, ich seh nix was ne Exe blockieren könnte. Du kannst im normalen Modus kein Programm starten?

cyrill · 24.03.2014, 17:26

doch ich kann im normalen modus eig alle programme starten nur frst ging nicht alles andere läuft normal
ich hab auch sonst keine probleme mit dem notebook einzig das der flash player sich immer aufhängt und die werbung(wenn ich ad block nicht an hab)
mfg

schrauber · 25.03.2014, 12:07

Im normalen Modus:

FRST löschen, neu laden. Antivirenprogramm abschalten, FRST starten, Haken setzen bei Additional und scannen, poste bitte beide Logfiles.

cyrill · 25.03.2014, 15:31

danke das du mich nicht aufgibst,)
und es geht

hab oben alle 6 hacken gelassen und unten additional als einziges hoffe das stimmt so

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by cyrill (administrator) on BABY on 25-03-2014 15:27:39
Running from C:\Users\cyrill\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) c:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Creative Technology Ltd) C:\Windows\sysWow64\CtHdaSvc.exe
(Intel(R) Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
() C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
(SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\sftservice.EXE
() C:\Program Files (x86)\Higher Aurum\updateHigherAurum.exe
() C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\TOASTER.EXE
() C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
() C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\CTJckCfg.exe
() C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe
(SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(McAfee, Inc.) C:\Program Files\mcafee\msm\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
() C:\Program Files (x86)\Higher Aurum\bin\utilHigherAurum.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2890000 2012-03-16] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020064 2012-02-13] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-02-13] (Atheros Commnucations)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [Command Center Controllers] - C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-06-15] (Alienware)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [Sound Blaster Recon3Di Control Panel] - c:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [880640 2011-12-22] (Creative Technology Ltd)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] - C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [1546096 2011-11-04] ()
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-30] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [Integrated Webcam Live! Central] - C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe [577024 2012-03-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [SweetIM] - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1016955995-1485819605-607754855-1001\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-25] ()
HKU\S-1-5-21-1016955995-1485819605-607754855-1001\...\Run: [BackgroundContainer] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\cyrill\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-1016955995-1485819605-607754855-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-1016955995-1485819605-607754855-1001\...\MountPoints2: {996f10bd-618d-11e2-84e0-806e6f6e6963} - D:\autoRcd.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [250504 2013-02-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [205184 2013-02-10] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0A0CyEyEyBzzyCzzyC0FtBtN0D0Tzu0SzztCtAtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyBtAtCtBtAzztDtGyCyE0AtDtG0E0A0EzztGzytByCzytGtByEyEtDzytAyByB0BtBtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzyzztB0DyE0A0DtG0F0DyDyBtGtC0B0B0DtG0DyE0FtCtGyBzz0DtA0BtByDtAyByDyBtA2Q&cr=262989748&ir=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.alienwarearena.com/welcome-ch-g
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0A0CyEyEyBzzyCzzyC0FtBtN0D0Tzu0SzztCtAtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyBtAtCtBtAzztDtGyCyE0AtDtG0E0A0EzztGzytByCzytGtByEyEtDzytAyByB0BtBtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzyzztB0DyE0A0DtG0F0DyDyBtGtC0B0B0DtG0DyE0FtCtGyBzz0DtA0BtByDtAyByDyBtA2Q&cr=262989748&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0A0CyEyEyBzzyCzzyC0FtBtN0D0Tzu0SzztCtAtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyBtAtCtBtAzztDtGyCyE0AtDtG0E0A0EzztGzytByCzytGtByEyEtDzytAyByB0BtBtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzyzztB0DyE0A0DtG0F0DyDyBtGtC0B0B0DtG0DyE0FtCtGyBzz0DtA0BtByDtAyByDyBtA2Q&cr=262989748&ir=
URLSearchHook: HKLM-x32 - DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
URLSearchHook: HKCU - DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0A0CyEyEyBzzyCzzyC0FtBtN0D0Tzu0SzztCtAtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyBtAtCtBtAzztDtGyCyE0AtDtG0E0A0EzztGzytByCzytGtByEyEtDzytAyByB0BtBtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzyzztB0DyE0A0DtG0F0DyDyBtGtC0B0B0DtG0DyE0FtCtGyBzz0DtA0BtByDtAyByDyBtA2Q&cr=262989748&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0A0CyEyEyBzzyCzzyC0FtBtN0D0Tzu0SzztCtAtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyBtAtCtBtAzztDtGyCyE0AtDtG0E0A0EzztGzytByCzytGtByEyEtDzytAyByB0BtBtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzyzztB0DyE0A0DtG0F0DyDyBtGtC0B0B0DtG0DyE0FtCtGyBzz0DtA0BtByDtAyByDyBtA2Q&cr=262989748&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {21997B00-E730-4E34-88AD-B9A9F9259794} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
BHO-x32: DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
Toolbar: HKLM-x32 - DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\BfLLR.dll [174592] (Bigfoot Networks, Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\BfLLR.dll [174592] (Bigfoot Networks, Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\BfLLR.dll [174592] (Bigfoot Networks, Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\BfLLR.dll [174592] (Bigfoot Networks, Inc.)
Winsock: Catalog9 16 C:\Windows\SysWOW64\BfLLR.dll [174592] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 01 %SYSTEMROOT%\system32\BfLLR.dll [189952] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 02 %SYSTEMROOT%\system32\BfLLR.dll [189952] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 03 %SYSTEMROOT%\system32\BfLLR.dll [189952] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 04 %SYSTEMROOT%\system32\BfLLR.dll [189952] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 16 %SYSTEMROOT%\system32\BfLLR.dll [189952] (Bigfoot Networks, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default
FF user.js: detected! => C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\user.js
FF SearchEngineOrder.1: Mysearchdial
FF Homepage: about:home
FF Keyword.URL: hxxp://search.sweetim.com/search.asp?src=2&barid={6A277E85-7A12-4E9A-8E93-4749DD6CA29A}&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-19]
FF Extension: JavaScript Debugger - C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2014-03-24]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-01-19]

==================== Services (Whitelisted) =================

R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [122880 2012-03-28] (Creative Technology Ltd)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-01] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-09-24] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-09] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-09-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-09-24] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-09-24] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 Qualcomm Atheros Killer Service; C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [492032 2012-02-24] ()
R2 Update Higher Aurum; C:\Program Files (x86)\Higher Aurum\updateHigherAurum.exe [348448 2014-03-20] ()
R2 Util Higher Aurum; C:\Program Files (x86)\Higher Aurum\bin\utilHigherAurum.exe [348448 2014-03-25] ()
R2 WNDA6200; C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe [53536 2012-07-27] ()

==================== Drivers (Whitelisted) ====================

S3 A6200; C:\Windows\System32\DRIVERS\bcmwlhigh664.sys [2263144 2012-07-31] (Broadcom Corporation)
R3 Ak27x64; C:\Windows\System32\DRIVERS\Ak27x64.sys [3571816 2012-02-24] (Atheros Communications, Inc.)
R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-12-23] ()
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [75880 2012-02-24] (Bigfoot Networks, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-09-24] (McAfee, Inc.)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1052760 2012-03-28] (Creative Technology Ltd)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-04-29] ()
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-09-24] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-09-24] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519192 2013-09-24] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [781312 2013-09-24] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [390552 2013-09-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-09-24] (McAfee, Inc.)
R1 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-26] (CACE Technologies, Inc.)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-02-10] (NVIDIA Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [67184 2012-01-03] (STMicroelectronics)
R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61120 2014-03-18] (StdLib)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-25 15:27 - 2014-03-25 15:28 - 00021475 _____ () C:\Users\cyrill\Downloads\FRST.txt
2014-03-25 15:24 - 2014-03-25 15:24 - 02157056 _____ (Farbar) C:\Users\cyrill\Downloads\FRST64.exe
2014-03-24 21:23 - 2014-03-24 21:23 - 00676040 _____ () C:\Users\cyrill\Downloads\java-64-bits.exe
2014-03-24 21:06 - 2014-03-24 21:06 - 00000000 ___RD () C:\Users\cyrill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-03-24 20:37 - 2014-03-24 20:37 - 00921000 _____ (Oracle Corporation) C:\Users\cyrill\Downloads\jxpiinstall(1).exe
2014-03-24 20:31 - 2014-03-24 20:41 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-24 20:30 - 2014-03-24 20:30 - 00921000 _____ (Oracle Corporation) C:\Users\cyrill\Downloads\jxpiinstall.exe
2014-03-24 11:33 - 2014-03-25 15:27 - 00000000 ____D () C:\FRST
2014-03-23 14:58 - 2014-03-23 14:58 - 00801680 _____ () C:\Users\cyrill\Downloads\AdobeFlashPlayer.exe
2014-03-23 14:17 - 2014-03-23 14:34 - 04051104 _____ () C:\Users\cyrill\Downloads\avira_de_av___ws.exe
2014-03-22 01:13 - 2014-03-22 01:13 - 00002928 _____ () C:\Windows\System32\Tasks\{30A72B4D-E074-44A7-92A8-234CEFB87ABF}
2014-03-22 01:12 - 2014-03-22 01:12 - 00002928 _____ () C:\Windows\System32\Tasks\{86EE2B96-1631-4785-9D90-AE92BDA9FA48}
2014-03-22 01:12 - 2014-03-22 01:12 - 00002928 _____ () C:\Windows\System32\Tasks\{31AFFCBE-FA3F-4559-B113-83A9DB62A65D}
2014-03-22 00:51 - 2014-03-21 23:39 - 02155596 _____ () C:\FRST64.exe
2014-03-21 23:43 - 2014-03-21 23:43 - 00002924 _____ () C:\Windows\System32\Tasks\{E3D6266F-D4FD-4823-8931-9D4E7E5F38BC}
2014-03-21 16:15 - 2014-03-21 16:15 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-21 16:02 - 2014-03-24 15:42 - 00000000 ____D () C:\Users\cyrill\AppData\Roaming\Nico Mak Computing
2014-03-21 00:34 - 2014-03-21 00:34 - 00002960 _____ () C:\Windows\System32\Tasks\{EBBDF4E5-7C66-4DD1-9BBA-93525421F59C}
2014-03-18 16:50 - 2014-03-18 16:59 - 04889560 _____ (WinZip International LLC ) C:\Users\cyrill\Downloads\wzmp_8.exe
2014-03-18 08:20 - 2014-03-18 08:20 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
2014-03-14 01:53 - 2014-03-14 01:53 - 00000000 ____D () C:\Users\cyrill\AppData\Local\Blizzard Entertainment
2014-03-13 11:17 - 2014-03-13 11:17 - 00000000 ____D () C:\Users\cyrill\AppData\Local\Blizzard
2014-03-13 11:08 - 2014-03-14 01:54 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-03-13 11:08 - 2014-03-13 11:08 - 00001159 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-03-13 11:00 - 2014-03-24 16:57 - 00000000 ____D () C:\Users\cyrill\AppData\Local\Battle.net
2014-03-13 11:00 - 2014-03-13 11:17 - 00000000 ____D () C:\Users\cyrill\AppData\Roaming\Battle.net
2014-03-13 11:00 - 2014-03-13 11:00 - 00001122 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-03-13 10:59 - 2014-03-22 01:50 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-03-13 10:57 - 2014-03-13 10:57 - 07056680 _____ (Blizzard Entertainment) C:\Users\cyrill\Downloads\Hearthstone-Setup-deDE.exe
2014-02-23 23:57 - 2014-02-23 23:57 - 00000000 ____D () C:\Users\cyrill\Documents\gothic3

==================== One Month Modified Files and Folders =======

2014-03-25 15:28 - 2014-03-25 15:27 - 00021475 _____ () C:\Users\cyrill\Downloads\FRST.txt
2014-03-25 15:27 - 2014-03-24 11:33 - 00000000 ____D () C:\FRST
2014-03-25 15:27 - 2009-07-14 03:34 - 00000635 _____ () C:\Windows\win.ini
2014-03-25 15:24 - 2014-03-25 15:24 - 02157056 _____ (Farbar) C:\Users\cyrill\Downloads\FRST64.exe
2014-03-25 15:21 - 2013-01-19 00:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-25 03:24 - 2013-01-25 00:45 - 00000000 ____D () C:\Users\cyrill\AppData\Local\PMB Files
2014-03-24 21:24 - 2013-01-27 19:00 - 00000000 ____D () C:\Users\cyrill\AppData\Local\CrashDumps
2014-03-24 21:23 - 2014-03-24 21:23 - 00676040 _____ () C:\Users\cyrill\Downloads\java-64-bits.exe
2014-03-24 21:13 - 2009-07-14 05:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-24 21:13 - 2009-07-14 05:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-24 21:07 - 2013-01-27 01:55 - 00000000 ____D () C:\Users\cyrill\AppData\Roaming\TS3Client
2014-03-24 21:06 - 2014-03-24 21:06 - 00000000 ___RD () C:\Users\cyrill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-03-24 21:06 - 2014-01-12 00:08 - 00003376 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2014-03-24 21:06 - 2013-10-27 21:45 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-24 21:06 - 2013-06-17 21:09 - 00000431 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-03-24 21:06 - 2013-01-19 01:20 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-03-24 21:06 - 2013-01-19 01:20 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-03-24 21:06 - 2013-01-19 01:15 - 00000000 ____D () C:\Program Files (x86)\AlienRespawn
2014-03-24 21:06 - 2013-01-19 01:09 - 00000000 ____D () C:\ProgramData\Bigfoot Networks
2014-03-24 21:06 - 2013-01-18 17:41 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-24 21:06 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-24 21:06 - 2009-07-14 05:51 - 00105229 _____ () C:\Windows\setupact.log
2014-03-24 20:41 - 2014-03-24 20:31 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-24 20:37 - 2014-03-24 20:37 - 00921000 _____ (Oracle Corporation) C:\Users\cyrill\Downloads\jxpiinstall(1).exe
2014-03-24 20:30 - 2014-03-24 20:30 - 00921000 _____ (Oracle Corporation) C:\Users\cyrill\Downloads\jxpiinstall.exe
2014-03-24 16:57 - 2014-03-13 11:00 - 00000000 ____D () C:\Users\cyrill\AppData\Local\Battle.net
2014-03-24 16:02 - 2013-01-18 17:43 - 01758777 _____ () C:\Windows\WindowsUpdate.log
2014-03-24 16:01 - 2013-05-22 02:20 - 00003460 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-03-24 15:42 - 2014-03-21 16:02 - 00000000 ____D () C:\Users\cyrill\AppData\Roaming\Nico Mak Computing
2014-03-23 17:46 - 2010-11-21 04:47 - 00375150 _____ () C:\Windows\PFRO.log
2014-03-23 15:10 - 2013-02-07 13:49 - 00000000 ____D () C:\Users\cyrill\AppData\Local\Adobe
2014-03-23 14:58 - 2014-03-23 14:58 - 00801680 _____ () C:\Users\cyrill\Downloads\AdobeFlashPlayer.exe
2014-03-23 14:57 - 2013-05-14 21:47 - 00007606 _____ () C:\Users\cyrill\AppData\Local\resmon.resmoncfg
2014-03-23 14:34 - 2014-03-23 14:17 - 04051104 _____ () C:\Users\cyrill\Downloads\avira_de_av___ws.exe
2014-03-23 14:17 - 2013-01-25 00:54 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-03-23 14:08 - 2013-01-24 23:19 - 00000000 ____D () C:\Users\cyrill
2014-03-22 01:50 - 2014-03-13 10:59 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-03-22 01:13 - 2014-03-22 01:13 - 00002928 _____ () C:\Windows\System32\Tasks\{30A72B4D-E074-44A7-92A8-234CEFB87ABF}
2014-03-22 01:12 - 2014-03-22 01:12 - 00002928 _____ () C:\Windows\System32\Tasks\{86EE2B96-1631-4785-9D90-AE92BDA9FA48}
2014-03-22 01:12 - 2014-03-22 01:12 - 00002928 _____ () C:\Windows\System32\Tasks\{31AFFCBE-FA3F-4559-B113-83A9DB62A65D}
2014-03-22 01:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-03-21 23:43 - 2014-03-21 23:43 - 00002924 _____ () C:\Windows\System32\Tasks\{E3D6266F-D4FD-4823-8931-9D4E7E5F38BC}
2014-03-21 23:39 - 2014-03-22 00:51 - 02155596 _____ () C:\FRST64.exe
2014-03-21 16:15 - 2014-03-21 16:15 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-21 16:15 - 2014-02-15 11:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-21 16:15 - 2013-01-25 00:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-21 01:09 - 2013-02-03 01:03 - 00000000 ____D () C:\Users\cyrill\AppData\Roaming\Skype
2014-03-21 00:34 - 2014-03-21 00:34 - 00002960 _____ () C:\Windows\System32\Tasks\{EBBDF4E5-7C66-4DD1-9BBA-93525421F59C}
2014-03-18 16:59 - 2014-03-18 16:50 - 04889560 _____ (WinZip International LLC ) C:\Users\cyrill\Downloads\wzmp_8.exe
2014-03-18 08:20 - 2014-03-18 08:20 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
2014-03-16 16:44 - 2013-08-27 15:53 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-03-16 14:52 - 2013-01-24 23:20 - 00000000 ____D () C:\Users\cyrill\AppData\Local\VirtualStore
2014-03-15 00:38 - 2013-12-22 23:53 - 00000000 ____D () C:\Program Files (x86)\Higher Aurum
2014-03-14 01:54 - 2014-03-13 11:08 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-03-14 01:53 - 2014-03-14 01:53 - 00000000 ____D () C:\Users\cyrill\AppData\Local\Blizzard Entertainment
2014-03-13 11:17 - 2014-03-13 11:17 - 00000000 ____D () C:\Users\cyrill\AppData\Local\Blizzard
2014-03-13 11:17 - 2014-03-13 11:00 - 00000000 ____D () C:\Users\cyrill\AppData\Roaming\Battle.net
2014-03-13 11:08 - 2014-03-13 11:08 - 00001159 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-03-13 11:00 - 2014-03-13 11:00 - 00001122 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-03-13 10:57 - 2014-03-13 10:57 - 07056680 _____ (Blizzard Entertainment) C:\Users\cyrill\Downloads\Hearthstone-Setup-deDE.exe
2014-03-12 03:01 - 2013-01-25 02:01 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-12 03:01 - 2013-01-19 00:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 03:01 - 2013-01-19 00:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 03:01 - 2013-01-19 00:49 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-02 22:48 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-28 08:03 - 2013-12-27 16:18 - 00003134 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask-Retry
2014-02-24 14:19 - 2013-01-24 23:27 - 00000000 ____D () C:\Users\cyrill\Documents\Bluetooth Folder
2014-02-23 23:57 - 2014-02-23 23:57 - 00000000 ____D () C:\Users\cyrill\Documents\gothic3
2014-02-23 23:57 - 2013-12-23 21:36 - 00000000 ____D () C:\Users\cyrill\Documents\Gothic3ForsakenGods

Some content of TEMP:
====================
C:\Users\cyrill\AppData\Local\Temp\install_flashplayer12x32_ltr5x64d_awc_aih.exe
C:\Users\cyrill\AppData\Local\Temp\install_flashplayer12x32_mssa_awc_aih.exe
C:\Users\cyrill\AppData\Local\Temp\Shockwave_Installer_FF-1.exe
C:\Users\cyrill\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\cyrill\AppData\Local\Temp\xz0i8cce.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-23 11:48

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by cyrill at 2014-03-25 15:28:31
Running from C:\Users\cyrill\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AION Free-to-Play Version 1.0 (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version: 1.0 - Gameforge)
AlienAutopsy (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Alienware)
AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Alienware)
Alienware Command Center (HKLM-x32\...\InstallShield_{FD1AE10F-163C-4D4B-9FCE-AC667AF1DC6E}) (Version: 2.8.8.0 - Alienware Corp.)
Alienware Command Center (Version: 2.8.8.0 - Alienware Corp.) Hidden
Alienware On-Screen Display (HKLM-x32\...\InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.32.1.1 - )
Alienware On-Screen Display (x32 Version: 0.32.1.1 - ) Hidden
ANNO 1503 GOLD (HKLM-x32\...\{DB833EF9-A198-49BE-970A-BD46F30BFBB4}) (Version: 1.05.00 - )
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.122 - Atheros)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Driver Detective (HKLM-x32\...\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}) (Version: 8.0.1 - PC Drivers HeadQuarters)
DVDVideoSoftTB DE Toolbar (HKLM-x32\...\DVDVideoSoftTB_DE Toolbar) (Version: 6.9.0.16 - DVDVideoSoftTB DE)
Empire Earth Demo (HKLM-x32\...\{2447500B-22D7-47BD-9B13-1A927F43A267}) (Version:  - )
EMSC (x32 Version: 0.0.0.22C - Compal Electronics, Inc.) Hidden
Free YouTube to MP3 Converter version 3.11.37.1212 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.37.1212 - DVDVideoSoft Ltd.)
Gameforge Live 1.9.0 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.9.0 - Gameforge)
Gothic III - Forsaken Gods (HKLM-x32\...\Gothic3ForsakenGods_is1) (Version: 1.0.6 - JoWood)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Higher Aurum 2013.11.07.204308 (HKLM\...\Higher Aurum) (Version: 2013.11.07.204308 - Higher Aurum) <==== ATTENTION
How to Survive (HKLM-x32\...\Steam App 250400) (Version:  - )
Integrated Webcam Live! Central (HKLM-x32\...\Integrated Webcam Live! Central) (Version: 2.01.15 - Creative Technology Ltd)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2653 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
LastChaosGER (HKLM-x32\...\{A86A50FC-7C22-478B-BAEF-82393328825F}) (Version: 1.00.000 - Barunsongames CO., LTD.)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.856 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MP Manager (HKLM-x32\...\{813184D1-50FC-4EA2-A613-F7F5C5A40D07}) (Version: 1.0.6406 - MPMAN)
NETGEAR A6200 Genie (HKLM-x32\...\{638CBDD4-5014-44D1-930A-1E5AC6083542}) (Version: 1.0.0.0 - NETGEAR)
NVIDIA 3D Vision Treiber 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.07 - NVIDIA Corporation)
NVIDIA Grafiktreiber 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.07 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.12.12 (Version: 1.12.12 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1407 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 314.07 (Version: 314.07 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
Qualcomm Atheros Killer Network Manager (HKLM-x32\...\InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}) (Version: 6.1.0.305 - Qualcomm Atheros)
Qualcomm Atheros Killer Network Manager (Version: 6.1.0.305 - Qualcomm Atheros) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 5.8 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.8.158 - Skype Technologies S.A.)
Sound Blaster Recon3Di (HKLM-x32\...\{C8AAFCDC-CD3A-40AD-9FA9-07FB70F08224}) (Version: 1.00.08 - Creative Technology Limited)
Sound Blaster Recon3Di Extras (HKLM-x32\...\{C45E715E-442E-4D82-BD46-A08A0870957C}) (Version: 1.0 - Creative Technology Limited)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.12.0018 - ST Microelectronics)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SweetIM Bundle by SweetPacks (HKLM-x32\...\SweetIM Bundle by SweetPacks) (Version: 1.0.0.0 - SweetPacks LTD) <==== ATTENTION
SweetIM for Messenger 3.7 (x32 Version: 3.7.0007 - SweetIM Technologies Ltd.) Hidden <==== ATTENTION
SweetPacks Toolbar For Firefox 1.11.0.2 (x32 Version:  - ) Hidden <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.4.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)

==================== Restore Points  =========================

21-03-2014 23:59:18 Windows-Sicherung
22-03-2014 00:06:11 Wiederherstellungsvorgang
23-03-2014 13:15:58 TuneUp Utilities 2013 wird entfernt
23-03-2014 13:17:13 TuneUp Utilities Language Pack (de-DE) wird entfernt
23-03-2014 18:00:01 Windows-Sicherung

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0C52F395-912C-44D3-91EF-35A2569FE4BC} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\AlienAutopsy\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {108E8E13-B856-42A1-9A81-515071CEBC76} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\AlienAutopsy\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {1E94E4B0-0D16-42A4-A1E1-8CCDA889471B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {250622C3-C1C8-43C0-82EE-590FEA7956E0} - System32\Tasks\{30A72B4D-E074-44A7-92A8-234CEFB87ABF} => C:\Users\cyrill\Desktop\FRST64.exe
Task: {3DE0C6BB-5A67-407A-B75D-93D355212F11} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\cyrill\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {44C1AA0A-2E08-4588-BEDF-876DBA7EC2E4} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\AlienAutopsy\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {456BD8EB-1D7C-46B1-9C62-B93172176C17} - System32\Tasks\{86EE2B96-1631-4785-9D90-AE92BDA9FA48} => C:\Users\cyrill\Desktop\FRST64.exe
Task: {4DC5E494-9F7B-492F-8F74-C3DE4F04CD06} - System32\Tasks\{234C9991-DABC-4DC5-A502-81B98E755975} => C:\Users\cyrill\Documents\gothic_3_community_patch_v1.75.14_int_full\Gothic_3_EE_Patch_v1.75.14_Int_Full.exe [2012-04-27] (Nordic Games GmbH                                           )
Task: {72CBFB09-477B-4EAA-840A-CDACBA2AF367} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {73DC3720-219B-46B4-B9EA-64A43D4A0451} - System32\Tasks\{85E6F79A-3FA9-42DF-B9B7-5752524D7724} => C:\Program Files (x86)\JoWood\Gothic III - Forsaken Gods\Gothic III - Götterdämmerung.exe [2010-06-16] (Trine Games)
Task: {9309682B-613D-47EA-9B71-527FA2ABBA2D} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {A26A4752-75D7-4CDF-951C-ABE52AA2F07D} - System32\Tasks\{7267AE18-DE7A-478A-B9D8-1ED7F50F5679} => C:\Riot Games\League of Legends\lol.launcher.exe [2012-04-24] ()
Task: {D04EEAEE-8D59-4C38-960F-23E1BA8E454A} - System32\Tasks\{31AFFCBE-FA3F-4559-B113-83A9DB62A65D} => C:\Users\cyrill\Desktop\FRST64.exe
Task: {E3A6DF1E-BD97-40CA-B2A8-77A13F2735A1} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {E52E227E-811A-45E2-9149-D940A6497A39} - System32\Tasks\{EBBDF4E5-7C66-4DD1-9BBA-93525421F59C} => Firefox.exe 
Task: {FE7336CD-52EB-4CBB-9DE2-AEC514115184} - System32\Tasks\{E3D6266F-D4FD-4823-8931-9D4E7E5F38BC} => C:\Users\cyrill\Desktop\FRST.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-01-19 02:31 - 2012-03-04 23:52 - 00004096 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-01-18 17:41 - 2013-02-10 02:04 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-02-24 23:35 - 2012-02-24 23:35 - 00492032 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
2011-05-10 02:46 - 2011-05-10 02:46 - 02760192 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\QtCore4.dll
2011-05-10 02:56 - 2011-05-10 02:56 - 09856000 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\QtGui4.dll
2011-05-10 02:47 - 2011-05-10 02:47 - 00416256 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\QtXml4.dll
2012-02-24 23:35 - 2012-02-24 23:35 - 00217600 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\BFCommon.dll
2011-05-10 18:32 - 2011-05-10 18:32 - 00731648 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\qwt5.dll
2011-05-10 02:48 - 2011-05-10 02:48 - 00990720 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\QtNetwork4.dll
2013-11-07 21:43 - 2014-03-20 02:17 - 00348448 _____ () C:\Program Files (x86)\Higher Aurum\updateHigherAurum.exe
2013-04-22 15:34 - 2012-07-27 11:05 - 00053536 _____ () C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
2013-01-19 02:30 - 2012-02-14 18:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-02-24 23:35 - 2012-02-24 23:35 - 00549888 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
2012-02-24 23:35 - 2012-02-24 23:35 - 00404992 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modApplications.dll
2012-02-24 23:35 - 2012-02-24 23:35 - 00036864 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modFeatures.dll
2012-02-24 23:35 - 2012-02-24 23:35 - 00025088 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modFraps.dll
2012-02-24 23:35 - 2012-02-24 23:35 - 00241152 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modGraph.dll
2012-02-24 23:35 - 2012-02-24 23:35 - 00062464 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modlcd.dll
2012-02-24 23:35 - 2012-02-24 23:35 - 00289280 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modNetwork.dll
2012-02-24 23:35 - 2012-02-24 23:35 - 00184832 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modNpu.dll
2012-02-24 23:35 - 2012-02-24 23:35 - 00210944 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modOptions.dll
2012-02-24 23:35 - 2012-02-24 23:35 - 00055808 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modOverview.dll
2012-02-24 23:35 - 2012-02-24 23:35 - 00329216 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modSystemInfo.dll
2013-01-19 01:15 - 2012-01-27 04:49 - 02751808 _____ () C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
2011-11-04 01:01 - 2011-11-04 01:01 - 01546096 _____ () C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
2013-12-23 18:08 - 2014-03-25 15:27 - 00348448 _____ () C:\Program Files (x86)\Higher Aurum\bin\utilHigherAurum.exe
2014-01-23 23:42 - 2013-12-12 23:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-01-23 23:42 - 2013-11-05 02:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll
2013-08-21 14:18 - 2014-02-11 03:34 - 00751616 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2013-10-08 18:19 - 2014-02-25 22:57 - 01135296 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-09-10 14:20 - 2014-01-11 00:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-06-14 15:49 - 2013-06-15 00:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-06-14 15:49 - 2013-06-15 00:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-06-14 15:49 - 2013-06-15 00:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2011-12-23 01:31 - 2011-12-23 01:31 - 00593920 _____ () C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\de-DE\SBRcni.resources.dll
2009-12-18 18:07 - 2009-12-18 18:07 - 00577536 _____ () C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll
2013-01-27 13:30 - 2013-01-27 13:30 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\8b857add6394c98128874eb2579534e5\IsdiInterop.ni.dll
2013-01-19 01:05 - 2011-11-30 03:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-01-19 01:05 - 2012-02-01 23:44 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-02-15 11:18 - 2014-03-15 09:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-19 13:03 - 2014-03-21 03:11 - 00179488 _____ () C:\Program Files (x86)\Higher Aurum\bin\xtlsapp.dll
2014-03-12 03:01 - 2014-03-12 03:01 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
2014-03-19 13:03 - 2014-03-21 03:11 - 00078624 _____ () C:\Program Files (x86)\Higher Aurum\bin\XTLSApp.exe

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Microsoft-6zu4-Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft-ISATAP-Adapter
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft-ISATAP-Adapter #2
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft-ISATAP-Adapter #3
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft-ISATAP-Adapter #4
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft-ISATAP-Adapter #5
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: NETGEAR WNR3500Lv2 N300 Wireless Gigabit Router
Description: NETGEAR WNR3500Lv2 N300 Wireless Gigabit Router
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/24/2014 09:23:55 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: java-64-bits.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00340214
ID des fehlerhaften Prozesses: 0x8e4
Startzeit der fehlerhaften Anwendung: 0xjava-64-bits.exe0
Pfad der fehlerhaften Anwendung: java-64-bits.exe1
Pfad des fehlerhaften Moduls: java-64-bits.exe2
Berichtskennung: java-64-bits.exe3

Error: (03/24/2014 09:23:30 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: java-64-bits.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x01ba0214
ID des fehlerhaften Prozesses: 0xfa8
Startzeit der fehlerhaften Anwendung: 0xjava-64-bits.exe0
Pfad der fehlerhaften Anwendung: java-64-bits.exe1
Pfad des fehlerhaften Moduls: java-64-bits.exe2
Berichtskennung: java-64-bits.exe3

Error: (03/24/2014 09:17:59 PM) (Source: Application Hang) (User: )
Description: Programm explorer.exe, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1af0

Startzeit: 01cf479d710bfdb8

Endzeit: 15

Anwendungspfad: C:\Windows\explorer.exe

Berichts-ID: 5d61a7c4-b391-11e3-bbc5-a41731a754da

Error: (03/24/2014 09:12:55 PM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: f9c

Startzeit: 01cf479c8b5273a4

Endzeit: 31

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: a93759f7-b390-11e3-bbc5-a41731a754da

Error: (03/24/2014 09:07:21 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/24/2014 09:07:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/24/2014 08:43:09 PM) (Source: Application Hang) (User: )
Description: Programm jxpiinstall(1).exe, Version 7.0.510.13 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 13f0

Startzeit: 01cf47988e35b394

Endzeit: 47

Anwendungspfad: C:\Users\cyrill\Downloads\jxpiinstall(1).exe

Berichts-ID:

Error: (03/24/2014 08:36:56 PM) (Source: Application Hang) (User: )
Description: Programm jxpiinstall.exe, Version 7.0.510.13 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1c70

Startzeit: 01cf4797940d277a

Endzeit: 47

Anwendungspfad: C:\Users\cyrill\Downloads\jxpiinstall.exe

Berichts-ID:

Error: (03/24/2014 11:46:33 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/23/2014 05:50:18 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall


System errors:
=============
Error: (03/25/2014 03:22:16 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Qualcomm Atheros Killer Service erreicht.

Error: (03/25/2014 03:22:10 PM) (Source: ipnathlp) (User: )
Description: 0

Error: (03/25/2014 03:22:08 PM) (Source: ipnathlp) (User: )
Description: 0

Error: (03/25/2014 03:21:46 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Qualcomm Atheros Killer Service erreicht.

Error: (03/24/2014 09:08:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (03/24/2014 09:08:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (03/24/2014 09:06:24 PM) (Source: ipnathlp) (User: )
Description: 0

Error: (03/24/2014 09:04:51 PM) (Source: ipnathlp) (User: )
Description: 0

Error: (03/24/2014 11:47:04 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (03/24/2014 11:47:04 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (03/24/2014 09:23:55 PM) (Source: Application Error)(User: )
Description: java-64-bits.exe0.0.0.02a425e19unknown0.0.0.000000000c0000005003402148e401cf479ef9e39e65C:\Users\cyrill\Downloads\java-64-bits.exeunknown3868c67e-b392-11e3-bbc5-a41731a754da

Error: (03/24/2014 09:23:30 PM) (Source: Application Error)(User: )
Description: java-64-bits.exe0.0.0.02a425e19unknown0.0.0.000000000c000000501ba0214fa801cf479ee913e675C:\Users\cyrill\Downloads\java-64-bits.exeunknown29967509-b392-11e3-bbc5-a41731a754da

Error: (03/24/2014 09:17:59 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.1.7601.175671af001cf479d710bfdb815C:\Windows\explorer.exe5d61a7c4-b391-11e3-bbc5-a41731a754da

Error: (03/24/2014 09:12:55 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.17567f9c01cf479c8b5273a431C:\Windows\Explorer.EXEa93759f7-b390-11e3-bbc5-a41731a754da

Error: (03/24/2014 09:07:21 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/24/2014 09:07:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/24/2014 08:43:09 PM) (Source: Application Hang)(User: )
Description: jxpiinstall(1).exe7.0.510.1313f001cf47988e35b39447C:\Users\cyrill\Downloads\jxpiinstall(1).exe

Error: (03/24/2014 08:36:56 PM) (Source: Application Hang)(User: )
Description: jxpiinstall.exe7.0.510.131c7001cf4797940d277a47C:\Users\cyrill\Downloads\jxpiinstall.exe

Error: (03/24/2014 11:46:33 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/23/2014 05:50:18 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall


==================== Memory info =========================== 

Percentage of memory in use: 24%
Total physical RAM: 12170.31 MB
Available physical RAM: 9148.09 MB
Total Pagefile: 24338.8 MB
Available Pagefile: 20664.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:456.5 GB) (Free:335.98 GB) NTFS
Drive d: (RESOURCE_CD) (CDROM) (Total:2.27 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 6AF2CF84)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=457 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 26.03.2014, 11:15

Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

cyrill · 26.03.2014, 22:50

hey
mit revo hatt ich bischen probleme konnte nicht alles löschen weil es nicht gefunden wurde aber denke eh es waren prozesse...
hoffe es stimmt so

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 26.03.2014
Suchlauf-Zeit: 12:15:29
Logdatei: mhh.txt
Administrator: Ja

Version: 2.00.0.1000
Malware Datenbank: v2014.03.26.03
Rootkit Datenbank: v2014.03.25.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: cyrill

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 265277
Verstrichene Zeit: 12 Min, 37 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 5
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe, 5624, Löschen bei Neustart, [895212f50a717bbb744ed55206fe11ef]
PUP.Optional.HigherAurum.A, C:\Program Files (x86)\Higher Aurum\bin\utilHigherAurum.exe, 4960, Löschen bei Neustart, [b7249077b1ca7bbbc922a5a508f9f907]
PUP.Optional.HigherAurum.A, C:\Program Files (x86)\Higher Aurum\updateHigherAurum.exe, 5216, Löschen bei Neustart, [4398c54234471b1b717ae06a8879db25]
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\FilterApp_C64.exe, 4964, Löschen bei Neustart, [8e4da85fe09b9c9ada4334526f94a25e]
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\XTLSApp.exe, 8140, Löschen bei Neustart, [8e4da85fe09b9c9ada4334526f94a25e]

Module: 22
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll, Löschen bei Neustart, [d40794734239db5b457d5ec9cf35916f], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll, Löschen bei Neustart, [d40794734239db5b457d5ec9cf35916f], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll, Löschen bei Neustart, [d40794734239db5b457d5ec9cf35916f], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll, Löschen bei Neustart, [d40794734239db5b457d5ec9cf35916f], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll, Löschen bei Neustart, [d40794734239db5b457d5ec9cf35916f], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll, Löschen bei Neustart, [d40794734239db5b457d5ec9cf35916f], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll, Löschen bei Neustart, [d40794734239db5b457d5ec9cf35916f], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll, Löschen bei Neustart, [d40794734239db5b457d5ec9cf35916f], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll, Löschen bei Neustart, [d40794734239db5b457d5ec9cf35916f], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll, Löschen bei Neustart, [d40794734239db5b457d5ec9cf35916f], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll, Löschen bei Neustart, [d40794734239db5b457d5ec9cf35916f], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll, Löschen bei Neustart, [d40794734239db5b457d5ec9cf35916f], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll, Löschen bei Neustart, [f3e822e51f5c77bfc3ffa5821be9be42], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll, Löschen bei Neustart, [726961a688f3c175457d2700857f7090], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll, Löschen bei Neustart, [88530ef9cab160d60eb44ed933d119e7], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll, Löschen bei Neustart, [31aa43c4601b3bfb259df334e4200af6], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll, Löschen bei Neustart, [cb10c146e6952b0b8c3604239c68738d], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll, Löschen bei Neustart, [b7243acd2f4ce0569d25cf5838cc837d], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll, Löschen bei Neustart, [f1ea14f3d3a8280e8141d94ef311b14f], 
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\XTLS.dll, Löschen bei Neustart, [8e4da85fe09b9c9ada4334526f94a25e], 
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\XTLS.dll, Löschen bei Neustart, [8e4da85fe09b9c9ada4334526f94a25e], 
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\XTLSApp.dll, Löschen bei Neustart, [8e4da85fe09b9c9ada4334526f94a25e], 

Registrierungsschlüssel: 29
PUP.Optional.HigherAurum.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Higher Aurum, In Quarantäne, [b7249077b1ca7bbbc922a5a508f9f907], 
PUP.Optional.HigherAurum.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Higher Aurum, In Quarantäne, [4398c54234471b1b717ae06a8879db25], 
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [8e4d70975724f244ba42dc5dc83abe42], 
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [8e4d70975724f244ba42dc5dc83abe42], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}, In Quarantäne, [b922a067aad154e2ebfdd16821e141bf], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, In Quarantäne, [b922a067aad154e2ebfdd16821e141bf], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, In Quarantäne, [b922a067aad154e2ebfdd16821e141bf], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc.1, In Quarantäne, [b922a067aad154e2ebfdd16821e141bf], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc, In Quarantäne, [b922a067aad154e2ebfdd16821e141bf], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc, In Quarantäne, [b922a067aad154e2ebfdd16821e141bf], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc.1, In Quarantäne, [b922a067aad154e2ebfdd16821e141bf], 
PUP.Optional.Sambreel, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Higher Aurum, In Quarantäne, [8e4da85fe09b9c9ada4334526f94a25e], 
PUP.Optional.Sambreel, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, In Quarantäne, [8e4da85fe09b9c9ada4334526f94a25e], 
PUP.Optional.Sambreel, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, In Quarantäne, [8e4da85fe09b9c9ada4334526f94a25e], 
PUP.Optional.Sambreel, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, In Quarantäne, [8e4da85fe09b9c9ada4334526f94a25e], 
PUP.Optional.Sambreel, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, In Quarantäne, [8e4da85fe09b9c9ada4334526f94a25e], 
PUP.Optional.Sambreel, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, In Quarantäne, [8e4da85fe09b9c9ada4334526f94a25e], 
PUP.Optional.Sambreel, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, In Quarantäne, [8e4da85fe09b9c9ada4334526f94a25e], 
PUP.Optional.Sambreel, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, In Quarantäne, [8e4da85fe09b9c9ada4334526f94a25e], 
Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\Higher Aurum, In Quarantäne, [c417ee19611a6bcbef942c36976b24dc], 
PUP.Optional.HigherAurum.A, HKLM\SOFTWARE\WOW6432NODE\Higher Aurum, In Quarantäne, [4f8cef185f1ca6908b6b830ca162d828], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, In Quarantäne, [d5061ee9fe7d65d1918653265ca78b75], 
PUP.Optional.PriceGong.A, HKU\S-1-5-21-1016955995-1485819605-607754855-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, In Quarantäne, [42998e7990eb3ff77baafa623cc6d32d], 
PUP.Optional.HigherAurum.A, HKU\S-1-5-21-1016955995-1485819605-607754855-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Higher Aurum, In Quarantäne, [c417dd2a2f4c1620d3245c337a8945bb], 
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1016955995-1485819605-607754855-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mysearchdial.com, In Quarantäne, [7a618087334812245bd3a3d6ec173bc5], 
PUP.Optional.PriceGong.A, HKU\S-1-5-21-1016955995-1485819605-607754855-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, In Quarantäne, [508b6c9be893dc5a40e504589b676a96], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1016955995-1485819605-607754855-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [518a9c6b09727cba2cb78fd28e7431cf], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1016955995-1485819605-607754855-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [ac2fb84f5d1ea49284a54d2b976cde22], 
PUP.Optional.SweetIM.A, HKU\S-1-5-21-1016955995-1485819605-607754855-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, In Quarantäne, [3aa19374473470c6a274e693ea19ee12], 

Registrierungswerte: 5
PUP.Optional.SweetIM, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SweetIM, C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe, In Quarantäne, [895212f50a717bbb744ed55206fe11ef]
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, {6A277E85-7A12-4E9A-8E93-4749DD6CA29A}, In Quarantäne, [d5061ee9fe7d65d1918653265ca78b75]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1016955995-1485819605-607754855-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0A2O0R1R1H2Z1S1G0H1F, In Quarantäne, [ac2fb84f5d1ea49284a54d2b976cde22]
PUP.Optional.Conduit, HKU\S-1-5-21-1016955995-1485819605-607754855-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|BackgroundContainer, "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\cyrill\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun, In Quarantäne, [c6157097413a0432b7aa3650a95a60a0]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-1016955995-1485819605-607754855-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, {6A277E85-7A12-4E9A-8E93-4749DD6CA29A}, In Quarantäne, [3aa19374473470c6a274e693ea19ee12]

Registrierungsdaten: 3
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://start.mysearchdial.com/?f=1&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0A0CyEyEyBzzyCzzyC0FtBtN0D0Tzu0SzztCtAtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyBtAtCtBtAzztDtGyCyE0AtDtG0E0A0EzztGzytByCzytGtByEyEtDzytAyByB0BtBtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzyzztB0DyE0A0DtG0F0DyDyBtGtC0B0B0DtG0DyE0FtCtGyBzz0DtA0BtByDtAyByDyBtA2Q&cr=262989748&ir=, Gut: (hxxp://www.google.com), Schlecht: (hxxp://start.mysearchdial.com/?f=1&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0A0CyEyEyBzzyCzzyC0FtBtN0D0Tzu0SzztCtAtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyBtAtCtBtAzztDtGyCyE0AtDtG0E0A0EzztGzytByCzytGtByEyEtDzytAyByB0BtBtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzyzztB0DyE0A0DtG0F0DyDyBtGtC0B0B0DtG0DyE0FtCtGyBzz0DtA0BtByDtAyByDyBtA2Q&cr=262989748&ir=),Ersetzt,[e4f71bec09726fc7217e01031ee6936d]
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://start.mysearchdial.com/?f=1&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0A0CyEyEyBzzyCzzyC0FtBtN0D0Tzu0SzztCtAtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyBtAtCtBtAzztDtGyCyE0AtDtG0E0A0EzztGzytByCzytGtByEyEtDzytAyByB0BtBtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzyzztB0DyE0A0DtG0F0DyDyBtGtC0B0B0DtG0DyE0FtCtGyBzz0DtA0BtByDtAyByDyBtA2Q&cr=262989748&ir=, Gut: (hxxp://www.google.com), Schlecht: (hxxp://start.mysearchdial.com/?f=1&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0A0CyEyEyBzzyCzzyC0FtBtN0D0Tzu0SzztCtAtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyBtAtCtBtAzztDtGyCyE0AtDtG0E0A0EzztGzytByCzytGtByEyEtDzytAyByB0BtBtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzyzztB0DyE0A0DtG0F0DyDyBtGtC0B0B0DtG0DyE0FtCtGyBzz0DtA0BtByDtAyByDyBtA2Q&cr=262989748&ir=),Ersetzt,[c417f2158fec56e0455a55af788c57a9]
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1016955995-1485819605-607754855-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://start.mysearchdial.com/?f=1&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0A0CyEyEyBzzyCzzyC0FtBtN0D0Tzu0SzztCtAtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyBtAtCtBtAzztDtGyCyE0AtDtG0E0A0EzztGzytByCzytGtByEyEtDzytAyByB0BtBtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzyzztB0DyE0A0DtG0F0DyDyBtGtC0B0B0DtG0DyE0FtCtGyBzz0DtA0BtByDtAyByDyBtA2Q&cr=262989748&ir=, Gut: (hxxp://www.google.com), Schlecht: (hxxp://start.mysearchdial.com/?f=1&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0A0CyEyEyBzzyCzzyC0FtBtN0D0Tzu0SzztCtAtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyBtAtCtBtAzztDtGyCyE0AtDtG0E0A0EzztGzytByCzytGtByEyEtDzytAyByB0BtBtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzyzztB0DyE0A0DtG0F0DyDyBtGtC0B0B0DtG0DyE0FtCtGyBzz0DtA0BtByDtAyByDyBtA2Q&cr=262989748&ir=),Ersetzt,[9c3f2bdc6f0c91a5d2cc18ec47bd7e82]

Ordner: 8
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum, Löschen bei Neustart, [8e4da85fe09b9c9ada4334526f94a25e], 
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin, Löschen bei Neustart, [8e4da85fe09b9c9ada4334526f94a25e], 
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\plugins, In Quarantäne, [8e4da85fe09b9c9ada4334526f94a25e], 
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\TEMP, In Quarantäne, [8e4da85fe09b9c9ada4334526f94a25e], 
PUP.Optional.OpenCandy, C:\Users\cyrill\AppData\Roaming\OpenCandy, In Quarantäne, [716aa6611863dc5a2750f953828036ca], 
PUP.Optional.OpenCandy, C:\Users\cyrill\AppData\Roaming\OpenCandy\BDAD5A4BCFB641829DC0D550C73D9584, In Quarantäne, [716aa6611863dc5a2750f953828036ca], 
PUP.Optional.Conduit.A, C:\Users\cyrill\AppData\Local\Temp\ct2625848, In Quarantäne, [f9e21ee9cbb0af87856a72daea18c838], 
PUP.Optional.Conduit.A, C:\Users\cyrill\AppData\Local\Temp\ct2625848\xpi, In Quarantäne, [f9e21ee9cbb0af87856a72daea18c838], 

Dateien: 106
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll, Löschen bei Neustart, [d40794734239db5b457d5ec9cf35916f], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe, Löschen bei Neustart, [895212f50a717bbb744ed55206fe11ef], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll, Löschen bei Neustart, [f3e822e51f5c77bfc3ffa5821be9be42], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll, Löschen bei Neustart, [726961a688f3c175457d2700857f7090], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll, Löschen bei Neustart, [88530ef9cab160d60eb44ed933d119e7], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll, Löschen bei Neustart, [31aa43c4601b3bfb259df334e4200af6], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll, Löschen bei Neustart, [cb10c146e6952b0b8c3604239c68738d], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll, Löschen bei Neustart, [b7243acd2f4ce0569d25cf5838cc837d], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll, Löschen bei Neustart, [f1ea14f3d3a8280e8141d94ef311b14f], 
PUP.Optional.HigherAurum.A, C:\Program Files (x86)\Higher Aurum\bin\utilHigherAurum.exe, Löschen bei Neustart, [b7249077b1ca7bbbc922a5a508f9f907], 
PUP.Optional.HigherAurum.A, C:\Program Files (x86)\Higher Aurum\updateHigherAurum.exe, Löschen bei Neustart, [4398c54234471b1b717ae06a8879db25], 
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Local\Temp\is135962811\mysearchdial.dll, In Quarantäne, [9645a2653f3cb28452bc87c355ac5ba5], 
PUP.Optional.Supercool, C:\Users\cyrill\Downloads\AdobeFlashPlayer.exe, In Quarantäne, [2bb07c8b8cefb97d4c9beab3c93a0bf5], 
PUP.Optional.BSDownloader, C:\Users\cyrill\Downloads\Brothersoft_downloader_For_Empire_Earth_1(1).exe, In Quarantäne, [39a2fc0b2e4dd1651e38a6786d934bb5], 
PUP.Optional.BSDownloader, C:\Users\cyrill\Downloads\Brothersoft_downloader_For_Empire_Earth_1.exe, In Quarantäne, [4d8ef61191ea68ce83d3e13dde2220e0], 
PUP.Optional.Conduit, C:\Users\cyrill\AppData\Local\Conduit\CT2625848\DVDVideoSoftTB_DEAutoUpdateHelper.exe, In Quarantäne, [3f9cf413552686b044362807cf318c74], 
PUP.Optional.SweetIM, C:\Windows\Installer\47676e.msi, In Quarantäne, [0ad151b69ae14cead7ebab7c0400dd23], 
PUP.Optional.Conduit.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\searchplugins\conduit.xml, In Quarantäne, [10cbca3d7ffcde58aaf5b5a1f40edd23], 
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\searchplugins\Mysearchdial.xml, In Quarantäne, [b328a562304bad89c460bf983cc67888], 
PUP.Optional.Conduit, C:\Windows\System32\Tasks\BackgroundContainer Startup Task, In Quarantäne, [7863ed1a90eb191ddbe190f2f60db14f], 
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\HigherAurum.ico, In Quarantäne, [8e4da85fe09b9c9ada4334526f94a25e], 
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\gagdebbdflpnhgahjichmoigigfbbmon.crx, In Quarantäne, [8e4da85fe09b9c9ada4334526f94a25e], 
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\HigherAurumUninstall.exe, In Quarantäne, [8e4da85fe09b9c9ada4334526f94a25e], 
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\updateHigherAurum.InstallState, In Quarantäne, [8e4da85fe09b9c9ada4334526f94a25e], 
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\7za.exe, In Quarantäne, [8e4da85fe09b9c9ada4334526f94a25e], 
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\BrowserAdapterS.7z, In Quarantäne, [8e4da85fe09b9c9ada4334526f94a25e], 
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\FilterApp_C64.exe, Löschen bei Neustart, [8e4da85fe09b9c9ada4334526f94a25e], 
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\HigherAurum.BrowserFilter.Helper.dll, In Quarantäne, [8e4da85fe09b9c9ada4334526f94a25e], 
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\HigherAurum.BrowserFilter.Helper.dll.old.2a2f9598-71c9-4b96-ac24-bdc3c61241c6, In Quarantäne, [8e4da85fe09b9c9ada4334526f94a25e], 
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\HigherAurumBrowserFilter.exe, In Quarantäne, [8e4da85fe09b9c9ada4334526f94a25e], 
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\sqlite3.dll, In Quarantäne, [8e4da85fe09b9c9ada4334526f94a25e], 
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\utilHigherAurum.InstallState, In Quarantäne, [8e4da85fe09b9c9ada4334526f94a25e], 
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\XTLS.dll, Löschen bei Neustart, [8e4da85fe09b9c9ada4334526f94a25e], 
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\XTLSApp.dll, Löschen bei Neustart, [8e4da85fe09b9c9ada4334526f94a25e], 
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\XTLSApp.exe, Löschen bei Neustart, [8e4da85fe09b9c9ada4334526f94a25e], 
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\plugins\HigherAurum.Bromon.dll, In Quarantäne, [8e4da85fe09b9c9ada4334526f94a25e], 
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\plugins\HigherAurum.BrowserAdapterS.dll, In Quarantäne, [8e4da85fe09b9c9ada4334526f94a25e], 
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\plugins\HigherAurum.BrowserFilter.dll, In Quarantäne, [8e4da85fe09b9c9ada4334526f94a25e], 
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\plugins\HigherAurum.IEUpdate.dll, In Quarantäne, [8e4da85fe09b9c9ada4334526f94a25e], 
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\plugins\HigherAurum.PurBrowse.dll, In Quarantäne, [8e4da85fe09b9c9ada4334526f94a25e], 
PUP.Optional.OpenCandy, C:\Users\cyrill\AppData\Roaming\OpenCandy\BDAD5A4BCFB641829DC0D550C73D9584\TuneUpUtilities2013_2200214_de-DE.exe, In Quarantäne, [716aa6611863dc5a2750f953828036ca], 
PUP.Optional.Conduit.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=13&CUI=UN39048782799113681");), Ersetzt,[b12a9a6d58231026348751dd57adb64a]
PUP.Optional.Conduit.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&CUI=UN39048782799113681&q=");), Ersetzt,[e3f8a562f08b7abc526984aa6c984ab6]
PUP.Optional.Conduit.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=3&q={searchTerms}&CUI=UN39048782799113681");), Ersetzt,[c318b1568cefe2548a3188a60ff537c9]
PUP.Optional.Conduit.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&CUI=UN39048782799113681&q=");), Ersetzt,[28b347c0a0dbf541a417c9652fd506fa]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.AL", 2);), Ersetzt,[82599b6cdd9e41f5a13ebb73cd37ea16]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.aflt", "ir_14_12_ff");), Ersetzt,[08d364a36318e551f8e7dc52fd07d030]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");), Ersetzt,[f7e431d6ec8f4de9c21d6ec00bf99769]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0A0CyEyEyBzzyCzzyC0FtBtN0D0Tzu0SzztCtAtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyBtAtCtBtAzztDtGyCyE0AtDtG0E0A0EzztGzytByCzytGtByEyEtDzytAyByB0BtBtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzyzztB0DyE0A0DtG0F0DyDyBtGtC0B0B0DtG0DyE0FtCtGyBzz0DtA0BtByDtAyByDyBtA2Q");), Ersetzt,[934833d4f78444f28758200ead57b44c]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.cntry", "CH");), Ersetzt,[8d4e7097ed8ed660c01f121ca1635ea2]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.cr", "262989748");), Ersetzt,[5c7f3bcccbb076c0b629032bf113b947]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.dfltLng", "");), Ersetzt,[f2e92ed9403bbc7ab728e24c06fe619f]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.dfltSrch", true);), Ersetzt,[aa3164a36d0e979f6b7446e8cf35a65a]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.dnsErr", true);), Ersetzt,[22b983841c5f1620fae5a68815ef926e]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,1828564131,3396905322,2787570089,1850357963,3855095921,1516386922,3836221436,2015489896,270173904,3729539987,424611005,965674394,609003582,2041931190,3874294282,2774755777,931959409,398575749,3999997753,1104451911,1233863968,4280856088,1554076246,1949401179,1770772786,3253391265,3778438159,1649478750,2848156272,2476712966,3103989719,475488147,1715867073,3594694113,3774606882,4036647035,1593922001,4110151693,2941033654,3206511613");), Ersetzt,[21baab5cdf9c5bdb9847fd317b89f10f]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.excTlbr", false);), Ersetzt,[d605fa0dbbc08bab7669a688e71d8779]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.hdrMd5", "7F2FEE9B36B190EFC750B6B5FD74429F");), Ersetzt,[ddfe0205fa8165d13aa52d01a16357a9]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.hmpg", true);), Ersetzt,[5d7e60a7bebde94d67787eb06c98b24e]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0A0CyEyEyBzzyCzzyC0FtBtN0D0Tzu0SzztCtAtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyBtAtCtBtAzztDtGyCyE0AtDtG0E0A0EzztGzytByCzytGtByEyEtDzytAyByB0BtBtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzyzztB0DyE0A0DtG0F0DyDyBtGtC0B0B0DtG0DyE0FtCtGyBzz0DtA0BtByDtAyByDyBtA2Q&cr=262989748&ir=");), Ersetzt,[3e9df80fadce072f2ab5dc52d133eb15]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.id", "B8CA3AC4478686F2");), Ersetzt,[98437f88502b0b2bd906ac82bd477b85]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.instlDay", "16152");), Ersetzt,[6279a66185f69b9bf3ec70be39cb05fb]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.instlRef", "140305_a");), Ersetzt,[ebf031d6413aae888a555ed01be9aa56]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0A0CyEyEyBzzyCzzyC0FtBtN0D0Tzu0SzztCtAtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyBtAtCtBtAzztDtGyCyE0AtDtG0E0A0EzztGzytByCzytGtByEyEtDzytAyByB0BtBtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzyzztB0DyE0A0DtG0F0DyDyBtGtC0B0B0DtG0DyE0FtCtGyBzz0DtA0BtByDtAyByDyBtA2Q&cr=262989748&ir=");), Ersetzt,[aa313acd205b201616c9ba7423e1728e]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.29.015:2:13");), Ersetzt,[409b16f13e3d0f27716e71bd669efa06]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0A0CyEyEyBzzyCzzyC0FtBtN0D0Tzu0SzztCtAtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyBtAtCtBtAzztDtGyCyE0AtDtG0E0A0EzztGzytByCzytGtByEyEtDzytAyByB0BtBtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzyzztB0DyE0A0DtG0F0DyDyBtGtC0B0B0DtG0DyE0FtCtGyBzz0DtA0BtByDtAyByDyBtA2Q&cr=262989748&ir=");), Ersetzt,[18c334d3116a8da9637c65c920e4926e]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"92\",\"lastVrsn\":\"92\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");), Ersetzt,[9a41986fdf9cd6601ac59c9200048977]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.prdct", "mysearchdial");), Ersetzt,[b328fa0d17647fb78c53d6581de7ff01]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");), Ersetzt,[36a57e894c2f89ad5c83fc32659f738d]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.sg", "none");), Ersetzt,[934834d3e596e6500dd2101ed331f709]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");), Ersetzt,[7b60fb0c780377bfd50a210df90b7090]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.tlbrId", "base");), Ersetzt,[617a33d4aad1122447987eb08b797c84]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0A0CyEyEyBzzyCzzyC0FtBtN0D0Tzu0SzztCtAtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyBtAtCtBtAzztDtGyCyE0AtDtG0E0A0EzztGzytByCzytGtByEyEtDzytAyByB0BtBtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzyzztB0DyE0A0DtG0F0DyDyBtGtC0B0B0DtG0DyE0FtCtGyBzz0DtA0BtByDtAyByDyBtA2Q&cr=262989748&ir=&q=");), Ersetzt,[4e8d9671d2a9c373ffe04ee01ee658a8]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");), Ersetzt,[984384834c2f57df7768ca6400047987]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");), Ersetzt,[a03bd53218636fc7984765c9a16351af]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial_i.newTab", false);), Ersetzt,[11ca9671b9c243f3429d54da4cb8f010]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial_i.smplGrp", "none");), Ersetzt,[627924e3582371c51bc4210df90b15eb]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.015:2:13");), Ersetzt,[ca11f71055269d9912cd32fc6c98857b]
PUP.Optional.MySearch.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.irmysearch.aflt", "ir_14_12_ff");), Ersetzt,[c318b94e7efd5cdabeef84aa13f1b64a]
PUP.Optional.MySearch.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.irmysearch.instlRef", "140305_a");), Ersetzt,[b22970974932c86ecbe28ea031d34db3]
PUP.Optional.MySearch.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.irmysearch.cr", "262989748");), Ersetzt,[bc1f32d5215ac472614cfd31956f718f]
PUP.Optional.MySearch.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0A0CyEyEyBzzyCzzyC0FtBtN0D0Tzu0SzztCtAtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyBtAtCtBtAzztDtGyCyE0AtDtG0E0A0EzztGzytByCzytGtByEyEtDzytAyByB0BtBtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzyzztB0DyE0A0DtG0F0DyDyBtGtC0B0B0DtG0DyE0FtCtGyBzz0DtA0BtByDtAyByDyBtA2Q");), Ersetzt,[4f8c1fe85e1d7bbb901d36f8cf35857b]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.hmpg", true);), Ersetzt,[bf1c3ccb90ebe84ed80981ad61a321df]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0A0CyEyEyBzzyCzzyC0FtBtN0D0Tzu0SzztCtAtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyBtAtCtBtAzztDtGyCyE0AtDtG0E0A0EzztGzytByCzytGtByEyEtDzytAyByB0BtBtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzyzztB0DyE0A0DtG0F0DyDyBtGtC0B0B0DtG0DyE0FtCtGyBzz0DtA0BtByDtAyByDyBtA2Q&cr=262989748&ir=");), Ersetzt,[ecef6f98067526100ed3af7f28dce61a]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.dfltSrch", true);), Ersetzt,[c417b15684f7d85e26bb4fdfd72d10f0]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");), Ersetzt,[5784986f275477bf776a7db121e359a7]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.dnsErr", true);), Ersetzt,[62793acdfb80bf77a63b3cf232d2fd03]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial_i.newTab", false);), Ersetzt,[2facf0171269c86ec8197cb2c83c10f0]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0A0CyEyEyBzzyCzzyC0FtBtN0D0Tzu0SzztCtAtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyBtAtCtBtAzztDtGyCyE0AtDtG0E0A0EzztGzytByCzytGtByEyEtDzytAyByB0BtBtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzyzztB0DyE0A0DtG0F0DyDyBtGtC0B0B0DtG0DyE0FtCtGyBzz0DtA0BtByDtAyByDyBtA2Q&cr=262989748&ir=");), Ersetzt,[736892753b4062d429b88ca2f80c20e0]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0A0CyEyEyBzzyCzzyC0FtBtN0D0Tzu0SzztCtAtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyBtAtCtBtAzztDtGyCyE0AtDtG0E0A0EzztGzytByCzytGtByEyEtDzytAyByB0BtBtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzyzztB0DyE0A0DtG0F0DyDyBtGtC0B0B0DtG0DyE0FtCtGyBzz0DtA0BtByDtAyByDyBtA2Q&cr=262989748&ir=&q=");), Ersetzt,[7a6110f74c2f82b4806195992fd5f60a]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.id", "B8CA3AC4478686F2");), Ersetzt,[2facf0177b00ab8b02df32fc2bd94cb4]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.instlDay", "16152");), Ersetzt,[30abcc3bdf9c2b0b5f8275b9db2933cd]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");), Ersetzt,[2ab1a95e037887afc8198da116ee42be]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");), Ersetzt,[34a746c1b1cab77ffce555d9e81cf20e]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.015:2:13");), Ersetzt,[974449bebbc041f53fa280aeb94b9d63]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");), Ersetzt,[4a9137d0a8d346f00fd249e5de269b65]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.prdct", "mysearchdial");), Ersetzt,[9d3e6c9b0279ad89825f37f7a460a25e]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.aflt", "ir_14_12_ff");), Ersetzt,[508b0502daa1340204dd98966c980af6]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial_i.smplGrp", "none");), Ersetzt,[c4177295d8a3a294af322509867e966a]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.tlbrId", "base");), Ersetzt,[f3e81ee9dd9e89ad855c0e20ea1a8878]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.instlRef", "140305_a");), Ersetzt,[59829374e596a39321c0f13d39cb29d7]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.dfltLng", "");), Ersetzt,[8a51a1666b10d0665889022c32d2f60a]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");), Ersetzt,[f8e36c9b4b309d995f8235f9e12357a9]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.excTlbr", false);), Ersetzt,[a536f90ec8b356e040a16ec0d82c0ef2]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.cr", "262989748");), Ersetzt,[3e9d2bdcf88376c04f920b23bf45cb35]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0A0CyEyEyBzzyCzzyC0FtBtN0D0Tzu0SzztCtAtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyBtAtCtBtAzztDtGyCyE0AtDtG0E0A0EzztGzytByCzytGtByEyEtDzytAyByB0BtBtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzyzztB0DyE0A0DtG0F0DyDyBtGtC0B0B0DtG0DyE0FtCtGyBzz0DtA0BtByDtAyByDyBtA2Q");), Ersetzt,[736897705e1d4aec6180a9854bb9d62a]
PUP.Optional.MySearchDial.A, C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.AL", 2);), Ersetzt,[43982bdcf289f24422bfae80e81ce51b]

Physische Sektoren: 0
(No malicious items detected)


(end)

adwcleaner:

Code:

ATTFilter


	Code: 

 ATTFilter

  
	# AdwCleaner v3.022 - Bericht erstellt am 26/03/2014 um 12:25:16
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : cyrill - BABY
# Gestartet von : C:\Users\cyrill\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files (x86)\DVDVideoSoftTB_DE
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Ordner Gelöscht : C:\Users\cyrill\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\cyrill\AppData\Local\DVDVideoSoftTB_DE
Ordner Gelöscht : C:\Users\cyrill\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\cyrill\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\cyrill\AppData\LocalLow\DVDVideoSoftTB_DE
Ordner Gelöscht : C:\Users\cyrill\AppData\Roaming\dvdvideosoftiehelpers
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\searchplugins\SweetIm.xml
Datei Gelöscht : C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2625848
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4E351960-7158-43D0-A0EA-958BB9E31C21}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D99344BB-D5D0-4E1F-BEAD-B584C8E2CB2B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DVDVideoSoftTB_DE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\BackgroundContainer
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB_DE
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EEE6C374-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB_DE Toolbar
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16476


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\prefs.js ]

Zeile gelöscht : user_pref("CT2625848.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Zeile gelöscht : user_pref("CT2625848_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1359071680014,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Zeile gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=13&CUI=UN39048782799113681");
Zeile gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "DVDVideoSoftTB DE Customized Web Search");
Zeile gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&CUI=UN39048782799113681&q=");
Zeile gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Zeile gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT2625848");
Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "DVDVideoSoftTB DE Customized Web Search");
Zeile gelöscht : user_pref("browser.search.order.1", "Mysearchdial");
Zeile gelöscht : user_pref("ct2625848.UserID", "UN39048782799113681");
Zeile gelöscht : user_pref("extensions.antigameorigin@antigame.de.AGO_DE_UNI121_111104_Units_Ship", "{\"version\":1,\"33673027\":{\"202\":21,\"203\":36,\"205\":3,\"206\":17,\"207\":12,\"209\":29,\"210\":25,\"215\":7,\[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.AL", 2);
Zeile gelöscht : user_pref("extensions.mysearchdial.aflt", "ir_14_12_ff");
Zeile gelöscht : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Zeile gelöscht : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0A0CyEyEyBzzyCzzyC0FtBtN0D0Tzu0SzztCtAtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyBtAtCtBtAzztDtGyCyE0At[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.cntry", "CH");
Zeile gelöscht : user_pref("extensions.mysearchdial.cr", "262989748");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltLng", "");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.dnsErr", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.excTlbr", false);
Zeile gelöscht : user_pref("extensions.mysearchdial.hdrMd5", "7F2FEE9B36B190EFC750B6B5FD74429F");
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpg", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0A0CyEyEyBzzyCzzyC0FtBtN0D0Tzu0SzztCtAtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtD[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.id", "B8CA3AC4478686F2");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlDay", "16152");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlRef", "140305_a");
Zeile gelöscht : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0A0CyEyEyBzzyCzzyC0FtBtN0D0Tzu0SzztCtAtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtA[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.29.015:2:13");
Zeile gelöscht : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0A0CyEyEyBzzyCzzyC0FtBtN0D0Tzu0SzztCtAtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyE[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"92\",\"lastVrsn\":\"92\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Zeile gelöscht : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.sg", "none");
Zeile gelöscht : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0A0CyEyEyBzzyCzzyC0FtBtN0D0Tzu0SzztCtAtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutC[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.newTab", false);
Zeile gelöscht : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.015:2:13");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&barid={6A277E85-7A12-4E9A-8E93-4749DD6CA29A}&q=");
Zeile gelöscht : user_pref("smartbar.machineId", "URXCVUQAQPNDYOWDNA1LZMM7M38IO4MZE/3PY5LD0KALSLPSZP2DY5AF45E6MB3NARMVTZHPZEO0F+AT1U8O5A");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=3&q={searchTerms}&CUI=UN39048782799113681");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "DVDVideoSoftTB DE Customized Web Search");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "about:home");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&CUI=UN39048782799113681&q=");
Zeile gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000&st=12&barid={6A277E85-7A12-4E9A-8E93-4749DD6CA29A}");

*************************

AdwCleaner[R0].txt - [12806 octets] - [26/03/2014 12:24:54]
AdwCleaner[S0].txt - [12514 octets] - [26/03/2014 12:25:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12575 octets] ##########

das logfile von jrt find ich nicht bei mir wurde nach aublauf des scanns der lappi neu gestartet und ich war gerade am essen kann sein das es angezeigt wurde und verschwunden ist

ich versuchs später nochmal und füge es hinzu aber will erstmal den post hier fertig bekommen

frst:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by cyrill (administrator) on BABY on 26-03-2014 12:52:06
Running from C:\Users\cyrill\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) c:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Creative Technology Ltd) C:\Windows\sysWow64\CtHdaSvc.exe
(Intel(R) Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
() C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
(SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\sftservice.EXE
() C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
() C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
() C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\TOASTER.EXE
() C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\CTJckCfg.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2890000 2012-03-16] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020064 2012-02-13] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-02-13] (Atheros Commnucations)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [Command Center Controllers] - C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-06-15] (Alienware)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [Sound Blaster Recon3Di Control Panel] - c:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [880640 2011-12-22] (Creative Technology Ltd)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] - C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [1546096 2011-11-04] ()
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-30] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [Integrated Webcam Live! Central] - C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe [577024 2012-03-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1016955995-1485819605-607754855-1001\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-25] ()
HKU\S-1-5-21-1016955995-1485819605-607754855-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-1016955995-1485819605-607754855-1001\...\MountPoints2: {996f10bd-618d-11e2-84e0-806e6f6e6963} - D:\autoRcd.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [250504 2013-02-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [205184 2013-02-10] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.alienwarearena.com/welcome-ch-g
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0A0CyEyEyBzzyCzzyC0FtBtN0D0Tzu0SzztCtAtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyBtAtCtBtAzztDtGyCyE0AtDtG0E0A0EzztGzytByCzytGtByEyEtDzytAyByB0BtBtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzyzztB0DyE0A0DtG0F0DyDyBtGtC0B0B0DtG0DyE0FtCtGyBzz0DtA0BtByDtAyByDyBtA2Q&cr=262989748&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0A0CyEyEyBzzyCzzyC0FtBtN0D0Tzu0SzztCtAtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyBtAtCtBtAzztDtGyCyE0AtDtG0E0A0EzztGzytByCzytGtByEyEtDzytAyByB0BtBtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzyzztB0DyE0A0DtG0F0DyDyBtGtC0B0B0DtG0DyE0FtCtGyBzz0DtA0BtByDtAyByDyBtA2Q&cr=262989748&ir=
SearchScopes: HKCU - {21997B00-E730-4E34-88AD-B9A9F9259794} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\BfLLR.dll [174592] (Bigfoot Networks, Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\BfLLR.dll [174592] (Bigfoot Networks, Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\BfLLR.dll [174592] (Bigfoot Networks, Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\BfLLR.dll [174592] (Bigfoot Networks, Inc.)
Winsock: Catalog9 16 C:\Windows\SysWOW64\BfLLR.dll [174592] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 01 %SYSTEMROOT%\system32\BfLLR.dll [189952] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 02 %SYSTEMROOT%\system32\BfLLR.dll [189952] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 03 %SYSTEMROOT%\system32\BfLLR.dll [189952] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 04 %SYSTEMROOT%\system32\BfLLR.dll [189952] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 16 %SYSTEMROOT%\system32\BfLLR.dll [189952] (Bigfoot Networks, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-19]
FF Extension: JavaScript Debugger - C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2014-03-24]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-01-19]

==================== Services (Whitelisted) =================

R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [122880 2012-03-28] (Creative Technology Ltd)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-01] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-09-24] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-09] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-09-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-09-24] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-09-24] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 Qualcomm Atheros Killer Service; C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [492032 2012-02-24] ()
R2 WNDA6200; C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe [53536 2012-07-27] ()

==================== Drivers (Whitelisted) ====================

S3 A6200; C:\Windows\System32\DRIVERS\bcmwlhigh664.sys [2263144 2012-07-31] (Broadcom Corporation)
R3 Ak27x64; C:\Windows\System32\DRIVERS\Ak27x64.sys [3571816 2012-02-24] (Atheros Communications, Inc.)
R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-12-23] ()
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [75880 2012-02-24] (Bigfoot Networks, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-09-24] (McAfee, Inc.)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1052760 2012-03-28] (Creative Technology Ltd)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-04-29] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-03-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-09-24] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-09-24] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519192 2013-09-24] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [781312 2013-09-24] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [390552 2013-09-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-09-24] (McAfee, Inc.)
R1 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-26] (CACE Technologies, Inc.)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-02-10] (NVIDIA Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [67184 2012-01-03] (STMicroelectronics)
R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61120 2014-03-18] (StdLib)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-26 12:45 - 2014-03-26 12:45 - 00000000 ___RD () C:\Users\cyrill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-03-26 12:30 - 2014-03-26 12:30 - 01038974 _____ (Thisisu) C:\Users\cyrill\Downloads\JRT.exe
2014-03-26 12:30 - 2014-03-26 12:30 - 00000000 ____D () C:\Windows\ERUNT
2014-03-26 12:24 - 2014-03-26 12:25 - 00000000 ____D () C:\AdwCleaner
2014-03-26 12:23 - 2014-03-26 12:23 - 01950720 _____ () C:\Users\cyrill\Downloads\adwcleaner.exe
2014-03-26 12:00 - 2014-03-26 12:45 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-26 12:00 - 2014-03-26 12:00 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\cyrill\Downloads\mbam-setup-2.0.0.1000(1).exe
2014-03-26 12:00 - 2014-03-26 12:00 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-26 12:00 - 2014-03-26 12:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-26 12:00 - 2014-03-26 12:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-26 12:00 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-26 12:00 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-26 12:00 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-26 11:58 - 2014-03-26 11:58 - 17521924 _____ (Malwarebytes Corporation ) C:\Users\cyrill\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-26 11:43 - 2014-03-26 11:43 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\cyrill\Downloads\revosetup95(2).exe
2014-03-26 11:43 - 2014-03-26 11:43 - 00001266 _____ () C:\Users\cyrill\Desktop\Revo Uninstaller.lnk
2014-03-26 11:43 - 2014-03-26 11:43 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-26 11:42 - 2014-03-26 11:42 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\cyrill\Downloads\revosetup95(1).exe
2014-03-26 11:35 - 2014-03-26 11:35 - 02622196 _____ (VS Revo Group Ltd.) C:\Users\cyrill\Downloads\revosetup95.exe
2014-03-25 15:28 - 2014-03-25 15:29 - 00032473 _____ () C:\Users\cyrill\Downloads\Addition.txt
2014-03-25 15:27 - 2014-03-26 12:52 - 00018240 _____ () C:\Users\cyrill\Downloads\FRST.txt
2014-03-25 15:24 - 2014-03-25 15:24 - 02157056 _____ (Farbar) C:\Users\cyrill\Downloads\FRST64.exe
2014-03-24 21:23 - 2014-03-24 21:23 - 00676040 _____ () C:\Users\cyrill\Downloads\java-64-bits.exe
2014-03-24 20:37 - 2014-03-24 20:37 - 00921000 _____ (Oracle Corporation) C:\Users\cyrill\Downloads\jxpiinstall(1).exe
2014-03-24 20:31 - 2014-03-24 20:41 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-24 20:30 - 2014-03-24 20:30 - 00921000 _____ (Oracle Corporation) C:\Users\cyrill\Downloads\jxpiinstall.exe
2014-03-24 11:33 - 2014-03-26 12:52 - 00000000 ____D () C:\FRST
2014-03-23 14:17 - 2014-03-23 14:34 - 04051104 _____ () C:\Users\cyrill\Downloads\avira_de_av___ws.exe
2014-03-22 01:13 - 2014-03-22 01:13 - 00002928 _____ () C:\Windows\System32\Tasks\{30A72B4D-E074-44A7-92A8-234CEFB87ABF}
2014-03-22 01:12 - 2014-03-22 01:12 - 00002928 _____ () C:\Windows\System32\Tasks\{86EE2B96-1631-4785-9D90-AE92BDA9FA48}
2014-03-22 01:12 - 2014-03-22 01:12 - 00002928 _____ () C:\Windows\System32\Tasks\{31AFFCBE-FA3F-4559-B113-83A9DB62A65D}
2014-03-22 00:51 - 2014-03-21 23:39 - 02155596 _____ () C:\FRST64.exe
2014-03-21 23:43 - 2014-03-21 23:43 - 00002924 _____ () C:\Windows\System32\Tasks\{E3D6266F-D4FD-4823-8931-9D4E7E5F38BC}
2014-03-21 16:15 - 2014-03-21 16:15 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-21 16:02 - 2014-03-24 15:42 - 00000000 ____D () C:\Users\cyrill\AppData\Roaming\Nico Mak Computing
2014-03-21 00:34 - 2014-03-21 00:34 - 00002960 _____ () C:\Windows\System32\Tasks\{EBBDF4E5-7C66-4DD1-9BBA-93525421F59C}
2014-03-18 16:50 - 2014-03-18 16:59 - 04889560 _____ (WinZip International LLC ) C:\Users\cyrill\Downloads\wzmp_8.exe
2014-03-18 08:20 - 2014-03-18 08:20 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
2014-03-14 01:53 - 2014-03-14 01:53 - 00000000 ____D () C:\Users\cyrill\AppData\Local\Blizzard Entertainment
2014-03-13 11:17 - 2014-03-13 11:17 - 00000000 ____D () C:\Users\cyrill\AppData\Local\Blizzard
2014-03-13 11:08 - 2014-03-14 01:54 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-03-13 11:08 - 2014-03-13 11:08 - 00001159 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-03-13 11:00 - 2014-03-26 09:49 - 00000000 ____D () C:\Users\cyrill\AppData\Local\Battle.net
2014-03-13 11:00 - 2014-03-13 11:17 - 00000000 ____D () C:\Users\cyrill\AppData\Roaming\Battle.net
2014-03-13 11:00 - 2014-03-13 11:00 - 00001122 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-03-13 10:59 - 2014-03-22 01:50 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-03-13 10:57 - 2014-03-13 10:57 - 07056680 _____ (Blizzard Entertainment) C:\Users\cyrill\Downloads\Hearthstone-Setup-deDE.exe

==================== One Month Modified Files and Folders =======

2014-03-26 12:52 - 2014-03-25 15:27 - 00018240 _____ () C:\Users\cyrill\Downloads\FRST.txt
2014-03-26 12:52 - 2014-03-24 11:33 - 00000000 ____D () C:\FRST
2014-03-26 12:52 - 2013-01-25 00:45 - 00000000 ____D () C:\Users\cyrill\AppData\Local\PMB Files
2014-03-26 12:49 - 2009-07-14 05:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-26 12:49 - 2009-07-14 05:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-26 12:45 - 2014-03-26 12:45 - 00000000 ___RD () C:\Users\cyrill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-03-26 12:45 - 2014-03-26 12:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-26 12:45 - 2013-10-27 21:45 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-26 12:45 - 2013-01-19 01:20 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-03-26 12:45 - 2013-01-19 01:20 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-03-26 12:45 - 2013-01-19 01:15 - 00000000 ____D () C:\Program Files (x86)\AlienRespawn
2014-03-26 12:45 - 2013-01-19 01:09 - 00000000 ____D () C:\ProgramData\Bigfoot Networks
2014-03-26 12:42 - 2013-06-17 21:09 - 00000431 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-03-26 12:42 - 2013-01-18 17:41 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-26 12:42 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-26 12:42 - 2009-07-14 05:51 - 00105397 _____ () C:\Windows\setupact.log
2014-03-26 12:30 - 2014-03-26 12:30 - 01038974 _____ (Thisisu) C:\Users\cyrill\Downloads\JRT.exe
2014-03-26 12:30 - 2014-03-26 12:30 - 00000000 ____D () C:\Windows\ERUNT
2014-03-26 12:26 - 2010-11-21 04:47 - 00387468 _____ () C:\Windows\PFRO.log
2014-03-26 12:25 - 2014-03-26 12:24 - 00000000 ____D () C:\AdwCleaner
2014-03-26 12:23 - 2014-03-26 12:23 - 01950720 _____ () C:\Users\cyrill\Downloads\adwcleaner.exe
2014-03-26 12:16 - 2009-07-14 03:34 - 00000635 _____ () C:\Windows\win.ini
2014-03-26 12:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Web
2014-03-26 12:01 - 2013-01-19 00:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-26 12:00 - 2014-03-26 12:00 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\cyrill\Downloads\mbam-setup-2.0.0.1000(1).exe
2014-03-26 12:00 - 2014-03-26 12:00 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-26 12:00 - 2014-03-26 12:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-26 12:00 - 2014-03-26 12:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-26 11:58 - 2014-03-26 11:58 - 17521924 _____ (Malwarebytes Corporation ) C:\Users\cyrill\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-26 11:43 - 2014-03-26 11:43 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\cyrill\Downloads\revosetup95(2).exe
2014-03-26 11:43 - 2014-03-26 11:43 - 00001266 _____ () C:\Users\cyrill\Desktop\Revo Uninstaller.lnk
2014-03-26 11:43 - 2014-03-26 11:43 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-26 11:42 - 2014-03-26 11:42 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\cyrill\Downloads\revosetup95(1).exe
2014-03-26 11:35 - 2014-03-26 11:35 - 02622196 _____ (VS Revo Group Ltd.) C:\Users\cyrill\Downloads\revosetup95.exe
2014-03-26 09:49 - 2014-03-13 11:00 - 00000000 ____D () C:\Users\cyrill\AppData\Local\Battle.net
2014-03-25 22:57 - 2013-01-18 17:43 - 01759281 _____ () C:\Windows\WindowsUpdate.log
2014-03-25 22:53 - 2013-05-22 02:20 - 00003460 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-03-25 15:29 - 2014-03-25 15:28 - 00032473 _____ () C:\Users\cyrill\Downloads\Addition.txt
2014-03-25 15:24 - 2014-03-25 15:24 - 02157056 _____ (Farbar) C:\Users\cyrill\Downloads\FRST64.exe
2014-03-24 21:24 - 2013-01-27 19:00 - 00000000 ____D () C:\Users\cyrill\AppData\Local\CrashDumps
2014-03-24 21:23 - 2014-03-24 21:23 - 00676040 _____ () C:\Users\cyrill\Downloads\java-64-bits.exe
2014-03-24 21:07 - 2013-01-27 01:55 - 00000000 ____D () C:\Users\cyrill\AppData\Roaming\TS3Client
2014-03-24 20:41 - 2014-03-24 20:31 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-24 20:37 - 2014-03-24 20:37 - 00921000 _____ (Oracle Corporation) C:\Users\cyrill\Downloads\jxpiinstall(1).exe
2014-03-24 20:30 - 2014-03-24 20:30 - 00921000 _____ (Oracle Corporation) C:\Users\cyrill\Downloads\jxpiinstall.exe
2014-03-24 15:42 - 2014-03-21 16:02 - 00000000 ____D () C:\Users\cyrill\AppData\Roaming\Nico Mak Computing
2014-03-23 15:10 - 2013-02-07 13:49 - 00000000 ____D () C:\Users\cyrill\AppData\Local\Adobe
2014-03-23 14:57 - 2013-05-14 21:47 - 00007606 _____ () C:\Users\cyrill\AppData\Local\resmon.resmoncfg
2014-03-23 14:34 - 2014-03-23 14:17 - 04051104 _____ () C:\Users\cyrill\Downloads\avira_de_av___ws.exe
2014-03-23 14:17 - 2013-01-25 00:54 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-03-23 14:08 - 2013-01-24 23:19 - 00000000 ____D () C:\Users\cyrill
2014-03-22 01:50 - 2014-03-13 10:59 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-03-22 01:13 - 2014-03-22 01:13 - 00002928 _____ () C:\Windows\System32\Tasks\{30A72B4D-E074-44A7-92A8-234CEFB87ABF}
2014-03-22 01:12 - 2014-03-22 01:12 - 00002928 _____ () C:\Windows\System32\Tasks\{86EE2B96-1631-4785-9D90-AE92BDA9FA48}
2014-03-22 01:12 - 2014-03-22 01:12 - 00002928 _____ () C:\Windows\System32\Tasks\{31AFFCBE-FA3F-4559-B113-83A9DB62A65D}
2014-03-22 01:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-03-21 23:43 - 2014-03-21 23:43 - 00002924 _____ () C:\Windows\System32\Tasks\{E3D6266F-D4FD-4823-8931-9D4E7E5F38BC}
2014-03-21 23:39 - 2014-03-22 00:51 - 02155596 _____ () C:\FRST64.exe
2014-03-21 16:15 - 2014-03-21 16:15 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-21 16:15 - 2014-02-15 11:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-21 16:15 - 2013-01-25 00:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-21 01:09 - 2013-02-03 01:03 - 00000000 ____D () C:\Users\cyrill\AppData\Roaming\Skype
2014-03-21 00:34 - 2014-03-21 00:34 - 00002960 _____ () C:\Windows\System32\Tasks\{EBBDF4E5-7C66-4DD1-9BBA-93525421F59C}
2014-03-18 16:59 - 2014-03-18 16:50 - 04889560 _____ (WinZip International LLC ) C:\Users\cyrill\Downloads\wzmp_8.exe
2014-03-18 08:20 - 2014-03-18 08:20 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
2014-03-16 16:44 - 2013-08-27 15:53 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-03-16 14:52 - 2013-01-24 23:20 - 00000000 ____D () C:\Users\cyrill\AppData\Local\VirtualStore
2014-03-14 01:54 - 2014-03-13 11:08 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-03-14 01:53 - 2014-03-14 01:53 - 00000000 ____D () C:\Users\cyrill\AppData\Local\Blizzard Entertainment
2014-03-13 11:17 - 2014-03-13 11:17 - 00000000 ____D () C:\Users\cyrill\AppData\Local\Blizzard
2014-03-13 11:17 - 2014-03-13 11:00 - 00000000 ____D () C:\Users\cyrill\AppData\Roaming\Battle.net
2014-03-13 11:08 - 2014-03-13 11:08 - 00001159 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-03-13 11:00 - 2014-03-13 11:00 - 00001122 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-03-13 10:57 - 2014-03-13 10:57 - 07056680 _____ (Blizzard Entertainment) C:\Users\cyrill\Downloads\Hearthstone-Setup-deDE.exe
2014-03-12 03:01 - 2013-01-25 02:01 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-12 03:01 - 2013-01-19 00:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 03:01 - 2013-01-19 00:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 03:01 - 2013-01-19 00:49 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-05 09:26 - 2014-03-26 12:00 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-26 12:00 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-26 12:00 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-02 22:48 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-28 08:03 - 2013-12-27 16:18 - 00003134 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask-Retry
2014-02-24 14:19 - 2013-01-24 23:27 - 00000000 ____D () C:\Users\cyrill\Documents\Bluetooth Folder

Some content of TEMP:
====================
C:\Users\cyrill\AppData\Local\Temp\install_flashplayer12x32_ltr5x64d_awc_aih.exe
C:\Users\cyrill\AppData\Local\Temp\install_flashplayer12x32_mssa_awc_aih.exe
C:\Users\cyrill\AppData\Local\Temp\Quarantine.exe
C:\Users\cyrill\AppData\Local\Temp\Shockwave_Installer_FF-1.exe
C:\Users\cyrill\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\cyrill\AppData\Local\Temp\xz0i8cce.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-23 11:48

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by cyrill at 2014-03-26 12:52:33
Running from C:\Users\cyrill\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AION Free-to-Play Version 1.0 (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version: 1.0 - Gameforge)
AlienAutopsy (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Alienware)
AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Alienware)
Alienware Command Center (HKLM-x32\...\InstallShield_{FD1AE10F-163C-4D4B-9FCE-AC667AF1DC6E}) (Version: 2.8.8.0 - Alienware Corp.)
Alienware Command Center (Version: 2.8.8.0 - Alienware Corp.) Hidden
Alienware On-Screen Display (HKLM-x32\...\InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.32.1.1 - )
Alienware On-Screen Display (x32 Version: 0.32.1.1 - ) Hidden
ANNO 1503 GOLD (HKLM-x32\...\{DB833EF9-A198-49BE-970A-BD46F30BFBB4}) (Version: 1.05.00 - )
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.122 - Atheros)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Driver Detective (HKLM-x32\...\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}) (Version: 8.0.1 - PC Drivers HeadQuarters)
Empire Earth Demo (HKLM-x32\...\{2447500B-22D7-47BD-9B13-1A927F43A267}) (Version:  - )
EMSC (x32 Version: 0.0.0.22C - Compal Electronics, Inc.) Hidden
Free YouTube to MP3 Converter version 3.11.37.1212 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.37.1212 - DVDVideoSoft Ltd.)
Gameforge Live 1.9.0 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.9.0 - Gameforge)
Gothic III - Forsaken Gods (HKLM-x32\...\Gothic3ForsakenGods_is1) (Version: 1.0.6 - JoWood)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
How to Survive (HKLM-x32\...\Steam App 250400) (Version:  - )
Integrated Webcam Live! Central (HKLM-x32\...\Integrated Webcam Live! Central) (Version: 2.01.15 - Creative Technology Ltd)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2653 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
LastChaosGER (HKLM-x32\...\{A86A50FC-7C22-478B-BAEF-82393328825F}) (Version: 1.00.000 - Barunsongames CO., LTD.)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.856 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MP Manager (HKLM-x32\...\{813184D1-50FC-4EA2-A613-F7F5C5A40D07}) (Version: 1.0.6406 - MPMAN)
NETGEAR A6200 Genie (HKLM-x32\...\{638CBDD4-5014-44D1-930A-1E5AC6083542}) (Version: 1.0.0.0 - NETGEAR)
NVIDIA 3D Vision Treiber 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.07 - NVIDIA Corporation)
NVIDIA Grafiktreiber 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.07 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.12.12 (Version: 1.12.12 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1407 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 314.07 (Version: 314.07 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
Qualcomm Atheros Killer Network Manager (HKLM-x32\...\InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}) (Version: 6.1.0.305 - Qualcomm Atheros)
Qualcomm Atheros Killer Network Manager (Version: 6.1.0.305 - Qualcomm Atheros) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 5.8 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.8.158 - Skype Technologies S.A.)
Sound Blaster Recon3Di (HKLM-x32\...\{C8AAFCDC-CD3A-40AD-9FA9-07FB70F08224}) (Version: 1.00.08 - Creative Technology Limited)
Sound Blaster Recon3Di Extras (HKLM-x32\...\{C45E715E-442E-4D82-BD46-A08A0870957C}) (Version: 1.0 - Creative Technology Limited)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.12.0018 - ST Microelectronics)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.4.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)

==================== Restore Points  =========================

21-03-2014 23:59:18 Windows-Sicherung
22-03-2014 00:06:11 Wiederherstellungsvorgang
23-03-2014 13:15:58 TuneUp Utilities 2013 wird entfernt
23-03-2014 13:17:13 TuneUp Utilities Language Pack (de-DE) wird entfernt
23-03-2014 18:00:01 Windows-Sicherung
26-03-2014 10:48:08 Revo Uninstaller's restore point - SweetIM Bundle by SweetPacks

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0C52F395-912C-44D3-91EF-35A2569FE4BC} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\AlienAutopsy\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {108E8E13-B856-42A1-9A81-515071CEBC76} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\AlienAutopsy\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {1E94E4B0-0D16-42A4-A1E1-8CCDA889471B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {250622C3-C1C8-43C0-82EE-590FEA7956E0} - System32\Tasks\{30A72B4D-E074-44A7-92A8-234CEFB87ABF} => C:\Users\cyrill\Desktop\FRST64.exe
Task: {3DE0C6BB-5A67-407A-B75D-93D355212F11} - \BackgroundContainer Startup Task No Task File
Task: {44C1AA0A-2E08-4588-BEDF-876DBA7EC2E4} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\AlienAutopsy\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {456BD8EB-1D7C-46B1-9C62-B93172176C17} - System32\Tasks\{86EE2B96-1631-4785-9D90-AE92BDA9FA48} => C:\Users\cyrill\Desktop\FRST64.exe
Task: {4DC5E494-9F7B-492F-8F74-C3DE4F04CD06} - System32\Tasks\{234C9991-DABC-4DC5-A502-81B98E755975} => C:\Users\cyrill\Documents\gothic_3_community_patch_v1.75.14_int_full\Gothic_3_EE_Patch_v1.75.14_Int_Full.exe [2012-04-27] (Nordic Games GmbH                                           )
Task: {72CBFB09-477B-4EAA-840A-CDACBA2AF367} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {73DC3720-219B-46B4-B9EA-64A43D4A0451} - System32\Tasks\{85E6F79A-3FA9-42DF-B9B7-5752524D7724} => C:\Program Files (x86)\JoWood\Gothic III - Forsaken Gods\Gothic III - Götterdämmerung.exe [2010-06-16] (Trine Games)
Task: {9309682B-613D-47EA-9B71-527FA2ABBA2D} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {A26A4752-75D7-4CDF-951C-ABE52AA2F07D} - System32\Tasks\{7267AE18-DE7A-478A-B9D8-1ED7F50F5679} => C:\Riot Games\League of Legends\lol.launcher.exe [2012-04-24] ()
Task: {D04EEAEE-8D59-4C38-960F-23E1BA8E454A} - System32\Tasks\{31AFFCBE-FA3F-4559-B113-83A9DB62A65D} => C:\Users\cyrill\Desktop\FRST64.exe
Task: {E3A6DF1E-BD97-40CA-B2A8-77A13F2735A1} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {E52E227E-811A-45E2-9149-D940A6497A39} - System32\Tasks\{EBBDF4E5-7C66-4DD1-9BBA-93525421F59C} => Firefox.exe 
Task: {FE7336CD-52EB-4CBB-9DE2-AEC514115184} - System32\Tasks\{E3D6266F-D4FD-4823-8931-9D4E7E5F38BC} => C:\Users\cyrill\Desktop\FRST.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-01-19 02:31 - 2012-03-04 23:52 - 00004096 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-01-18 17:41 - 2013-02-10 02:04 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-02-24 23:35 - 2012-02-24 23:35 - 00492032 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
2011-05-10 02:46 - 2011-05-10 02:46 - 02760192 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\QtCore4.dll
2011-05-10 02:56 - 2011-05-10 02:56 - 09856000 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\QtGui4.dll
2011-05-10 02:47 - 2011-05-10 02:47 - 00416256 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\QtXml4.dll
2012-02-24 23:35 - 2012-02-24 23:35 - 00217600 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\BFCommon.dll
2011-05-10 18:32 - 2011-05-10 18:32 - 00731648 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\qwt5.dll
2011-05-10 02:48 - 2011-05-10 02:48 - 00990720 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\QtNetwork4.dll
2013-04-22 15:34 - 2012-07-27 11:05 - 00053536 _____ () C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
2013-01-19 02:30 - 2012-02-14 18:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-01-25 00:45 - 2013-01-25 00:45 - 03093624 _____ () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
2012-02-24 23:35 - 2012-02-24 23:35 - 00549888 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
2012-02-24 23:35 - 2012-02-24 23:35 - 00404992 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modApplications.dll
2012-02-24 23:35 - 2012-02-24 23:35 - 00036864 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modFeatures.dll
2012-02-24 23:35 - 2012-02-24 23:35 - 00025088 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modFraps.dll
2012-02-24 23:35 - 2012-02-24 23:35 - 00241152 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modGraph.dll
2012-02-24 23:35 - 2012-02-24 23:35 - 00062464 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modlcd.dll
2012-02-24 23:35 - 2012-02-24 23:35 - 00289280 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modNetwork.dll
2012-02-24 23:35 - 2012-02-24 23:35 - 00184832 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modNpu.dll
2012-02-24 23:35 - 2012-02-24 23:35 - 00210944 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modOptions.dll
2012-02-24 23:35 - 2012-02-24 23:35 - 00055808 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modOverview.dll
2012-02-24 23:35 - 2012-02-24 23:35 - 00329216 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modSystemInfo.dll
2011-11-04 01:01 - 2011-11-04 01:01 - 01546096 _____ () C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
2013-01-19 01:15 - 2012-01-27 04:49 - 02751808 _____ () C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
2013-01-27 13:30 - 2013-01-27 13:30 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\8b857add6394c98128874eb2579534e5\IsdiInterop.ni.dll
2013-01-19 01:05 - 2011-11-30 03:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-01-19 01:05 - 2012-02-01 23:44 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-01-23 23:42 - 2013-12-12 23:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-01-23 23:42 - 2013-11-05 02:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll
2013-08-21 14:18 - 2014-02-11 03:34 - 00751616 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2013-10-08 18:19 - 2014-02-25 22:57 - 01135296 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-09-10 14:20 - 2014-01-11 00:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-06-14 15:49 - 2013-06-15 00:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-06-14 15:49 - 2013-06-15 00:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-06-14 15:49 - 2013-06-15 00:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2011-12-23 01:31 - 2011-12-23 01:31 - 00593920 _____ () C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\de-DE\SBRcni.resources.dll
2009-12-18 18:07 - 2009-12-18 18:07 - 00577536 _____ () C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll
2014-02-15 11:18 - 2014-03-15 09:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Microsoft-6zu4-Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft-ISATAP-Adapter
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft-ISATAP-Adapter #2
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft-ISATAP-Adapter #3
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft-ISATAP-Adapter #4
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft-ISATAP-Adapter #5
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: NETGEAR WNR3500Lv2 N300 Wireless Gigabit Router
Description: NETGEAR WNR3500Lv2 N300 Wireless Gigabit Router
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/26/2014 00:45:53 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/26/2014 00:44:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/26/2014 00:27:29 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/26/2014 00:27:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/26/2014 00:18:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/26/2014 11:45:16 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (03/26/2014 09:28:36 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (03/26/2014 09:28:10 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (03/26/2014 09:28:00 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (03/24/2014 09:23:55 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: java-64-bits.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00340214
ID des fehlerhaften Prozesses: 0x8e4
Startzeit der fehlerhaften Anwendung: 0xjava-64-bits.exe0
Pfad der fehlerhaften Anwendung: java-64-bits.exe1
Pfad des fehlerhaften Moduls: java-64-bits.exe2
Berichtskennung: java-64-bits.exe3


System errors:
=============
Error: (03/26/2014 00:44:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (03/26/2014 00:44:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (03/26/2014 00:28:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (03/26/2014 00:28:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (03/26/2014 00:19:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (03/26/2014 00:19:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (03/26/2014 00:04:23 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Qualcomm Atheros Killer Service erreicht.

Error: (03/26/2014 00:03:53 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Qualcomm Atheros Killer Service erreicht.

Error: (03/26/2014 00:03:23 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Qualcomm Atheros Killer Service erreicht.

Error: (03/26/2014 11:32:44 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Qualcomm Atheros Killer Service erreicht.


Microsoft Office Sessions:
=========================
Error: (03/26/2014 00:45:53 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/26/2014 00:44:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/26/2014 00:27:29 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/26/2014 00:27:22 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/26/2014 00:18:43 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/26/2014 11:45:16 AM) (Source: SideBySide)(User: )
Description: C:\FRST64.exeC:\FRST64.exe0

Error: (03/26/2014 09:28:36 AM) (Source: SideBySide)(User: )
Description: C:\FRST64.exeC:\FRST64.exe0

Error: (03/26/2014 09:28:10 AM) (Source: SideBySide)(User: )
Description: C:\FRST64.exeC:\FRST64.exe0

Error: (03/26/2014 09:28:00 AM) (Source: SideBySide)(User: )
Description: C:\FRST64.exeC:\FRST64.exe0

Error: (03/24/2014 09:23:55 PM) (Source: Application Error)(User: )
Description: java-64-bits.exe0.0.0.02a425e19unknown0.0.0.000000000c0000005003402148e401cf479ef9e39e65C:\Users\cyrill\Downloads\java-64-bits.exeunknown3868c67e-b392-11e3-bbc5-a41731a754da


==================== Memory info =========================== 

Percentage of memory in use: 24%
Total physical RAM: 12170.31 MB
Available physical RAM: 9144.9 MB
Total Pagefile: 24338.8 MB
Available Pagefile: 20920.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:456.5 GB) (Free:335.81 GB) NTFS
Drive d: (RESOURCE_CD) (CDROM) (Total:2.27 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 6AF2CF84)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=457 GB) - (Type=07 NTFS)

==================== End Of Log ============================

habe frst additional gleich durchgeschaut und keine <== ATTENTION mehr gefunden
mfg

sry schrauber hatt mir nicht gereicht das jrt noch zu posten bevor ich zur arbeit musste

Code:

ATTFilter

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by cyrill on 26.03.2014 at 14:32:39.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{21997B00-E730-4E34-88AD-B9A9F9259794}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\cyrill\AppData\Roaming\mozilla\firefox\profiles\4alx5smf.default\minidumps [146 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.03.2014 at 14:52:31.71
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

hoffe das ist jetzt alles und das alles so stimmt
mfg

schrauber · 27.03.2014, 12:34

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

cyrill · 27.03.2014, 23:53

hallo
eset:

security check:

Code:

ATTFilter

Results of screen317's Security Check version 0.99.80  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
McAfee Anti-Virus und Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 12.0.0.77  
 Adobe Reader XI  
 Mozilla Firefox (28.0) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 ESET ESET Online Scanner OnlineScannerApp.exe  
 ESET ESET Online Scanner OnlineCmdLineScanner.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

frst:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by cyrill (administrator) on BABY on 27-03-2014 23:37:11
Running from C:\Users\cyrill\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) c:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Creative Technology Ltd) C:\Windows\sysWow64\CtHdaSvc.exe
(Intel(R) Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
() C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
(SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\sftservice.EXE
() C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\TOASTER.EXE
() C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
() C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\CTJckCfg.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
() C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\mcafee\msm\McSmtFwk.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2890000 2012-03-16] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020064 2012-02-13] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-02-13] (Atheros Commnucations)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [Command Center Controllers] - C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-06-15] (Alienware)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [Sound Blaster Recon3Di Control Panel] - c:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [880640 2011-12-22] (Creative Technology Ltd)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] - C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [1546096 2011-11-04] ()
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-30] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [Integrated Webcam Live! Central] - C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe [577024 2012-03-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1016955995-1485819605-607754855-1001\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-25] ()
HKU\S-1-5-21-1016955995-1485819605-607754855-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-1016955995-1485819605-607754855-1001\...\MountPoints2: {996f10bd-618d-11e2-84e0-806e6f6e6963} - D:\autoRcd.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [250504 2013-02-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [205184 2013-02-10] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.alienwarearena.com/welcome-ch-g
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\BfLLR.dll [174592] (Bigfoot Networks, Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\BfLLR.dll [174592] (Bigfoot Networks, Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\BfLLR.dll [174592] (Bigfoot Networks, Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\BfLLR.dll [174592] (Bigfoot Networks, Inc.)
Winsock: Catalog9 16 C:\Windows\SysWOW64\BfLLR.dll [174592] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 01 %SYSTEMROOT%\system32\BfLLR.dll [189952] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 02 %SYSTEMROOT%\system32\BfLLR.dll [189952] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 03 %SYSTEMROOT%\system32\BfLLR.dll [189952] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 04 %SYSTEMROOT%\system32\BfLLR.dll [189952] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 16 %SYSTEMROOT%\system32\BfLLR.dll [189952] (Bigfoot Networks, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-19]
FF Extension: JavaScript Debugger - C:\Users\cyrill\AppData\Roaming\Mozilla\Firefox\Profiles\4alx5smf.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2014-03-24]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-01-19]

==================== Services (Whitelisted) =================

R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [122880 2012-03-28] (Creative Technology Ltd)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-01] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-09-24] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-09] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-09-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-09-24] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-09-24] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 Qualcomm Atheros Killer Service; C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [492032 2012-02-24] ()
R2 WNDA6200; C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe [53536 2012-07-27] ()

==================== Drivers (Whitelisted) ====================

S3 A6200; C:\Windows\System32\DRIVERS\bcmwlhigh664.sys [2263144 2012-07-31] (Broadcom Corporation)
R3 Ak27x64; C:\Windows\System32\DRIVERS\Ak27x64.sys [3571816 2012-02-24] (Atheros Communications, Inc.)
R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-12-23] ()
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [75880 2012-02-24] (Bigfoot Networks, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-09-24] (McAfee, Inc.)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1052760 2012-03-28] (Creative Technology Ltd)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-04-29] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-03-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-09-24] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-09-24] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519192 2013-09-24] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [781312 2013-09-24] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [390552 2013-09-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-09-24] (McAfee, Inc.)
R1 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-26] (CACE Technologies, Inc.)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-02-10] (NVIDIA Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [67184 2012-01-03] (STMicroelectronics)
R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61120 2014-03-18] (StdLib)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-27 16:02 - 2014-03-27 16:02 - 00003012 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest-Retry
2014-03-27 14:06 - 2014-03-27 14:06 - 00987442 _____ () C:\Users\cyrill\Downloads\SecurityCheck.exe
2014-03-27 12:46 - 2014-03-27 12:46 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-27 12:41 - 2014-03-27 12:41 - 00000000 ___RD () C:\Users\cyrill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-03-26 13:55 - 2014-03-27 23:35 - 00000000 ____D () C:\Users\cyrill\Desktop\trojanerdräck
2014-03-26 12:30 - 2014-03-26 12:30 - 01038974 _____ (Thisisu) C:\Users\cyrill\Downloads\JRT.exe
2014-03-26 12:30 - 2014-03-26 12:30 - 00000000 ____D () C:\Windows\ERUNT
2014-03-26 12:24 - 2014-03-26 12:25 - 00000000 ____D () C:\AdwCleaner
2014-03-26 12:23 - 2014-03-26 12:23 - 01950720 _____ () C:\Users\cyrill\Downloads\adwcleaner.exe
2014-03-26 12:00 - 2014-03-27 23:27 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-26 12:00 - 2014-03-26 12:00 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\cyrill\Downloads\mbam-setup-2.0.0.1000(1).exe
2014-03-26 12:00 - 2014-03-26 12:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-26 12:00 - 2014-03-26 12:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-26 12:00 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-26 12:00 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-26 12:00 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-26 11:58 - 2014-03-26 11:58 - 17521924 _____ (Malwarebytes Corporation ) C:\Users\cyrill\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-26 11:43 - 2014-03-26 11:43 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\cyrill\Downloads\revosetup95(2).exe
2014-03-26 11:43 - 2014-03-26 11:43 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-26 11:42 - 2014-03-26 11:42 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\cyrill\Downloads\revosetup95(1).exe
2014-03-26 11:35 - 2014-03-26 11:35 - 02622196 _____ (VS Revo Group Ltd.) C:\Users\cyrill\Downloads\revosetup95.exe
2014-03-25 15:28 - 2014-03-26 12:53 - 00030668 _____ () C:\Users\cyrill\Downloads\Addition.txt
2014-03-25 15:27 - 2014-03-27 23:37 - 00017423 _____ () C:\Users\cyrill\Downloads\FRST.txt
2014-03-25 15:24 - 2014-03-25 15:24 - 02157056 _____ (Farbar) C:\Users\cyrill\Downloads\FRST64.exe
2014-03-24 21:23 - 2014-03-24 21:23 - 00676040 _____ () C:\Users\cyrill\Downloads\java-64-bits.exe
2014-03-24 20:37 - 2014-03-24 20:37 - 00921000 _____ (Oracle Corporation) C:\Users\cyrill\Downloads\jxpiinstall(1).exe
2014-03-24 20:31 - 2014-03-24 20:41 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-24 20:30 - 2014-03-24 20:30 - 00921000 _____ (Oracle Corporation) C:\Users\cyrill\Downloads\jxpiinstall.exe
2014-03-24 11:33 - 2014-03-27 23:37 - 00000000 ____D () C:\FRST
2014-03-23 14:17 - 2014-03-23 14:34 - 04051104 _____ () C:\Users\cyrill\Downloads\avira_de_av___ws.exe
2014-03-22 01:13 - 2014-03-22 01:13 - 00002928 _____ () C:\Windows\System32\Tasks\{30A72B4D-E074-44A7-92A8-234CEFB87ABF}
2014-03-22 01:12 - 2014-03-22 01:12 - 00002928 _____ () C:\Windows\System32\Tasks\{86EE2B96-1631-4785-9D90-AE92BDA9FA48}
2014-03-22 01:12 - 2014-03-22 01:12 - 00002928 _____ () C:\Windows\System32\Tasks\{31AFFCBE-FA3F-4559-B113-83A9DB62A65D}
2014-03-22 00:51 - 2014-03-21 23:39 - 02155596 _____ () C:\FRST64.exe
2014-03-21 23:43 - 2014-03-21 23:43 - 00002924 _____ () C:\Windows\System32\Tasks\{E3D6266F-D4FD-4823-8931-9D4E7E5F38BC}
2014-03-21 16:15 - 2014-03-21 16:15 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-21 16:02 - 2014-03-24 15:42 - 00000000 ____D () C:\Users\cyrill\AppData\Roaming\Nico Mak Computing
2014-03-21 00:34 - 2014-03-21 00:34 - 00002960 _____ () C:\Windows\System32\Tasks\{EBBDF4E5-7C66-4DD1-9BBA-93525421F59C}
2014-03-18 16:50 - 2014-03-18 16:59 - 04889560 _____ (WinZip International LLC ) C:\Users\cyrill\Downloads\wzmp_8.exe
2014-03-18 08:20 - 2014-03-18 08:20 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
2014-03-14 01:53 - 2014-03-14 01:53 - 00000000 ____D () C:\Users\cyrill\AppData\Local\Blizzard Entertainment
2014-03-13 11:17 - 2014-03-13 11:17 - 00000000 ____D () C:\Users\cyrill\AppData\Local\Blizzard
2014-03-13 11:08 - 2014-03-14 01:54 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-03-13 11:08 - 2014-03-13 11:08 - 00001159 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-03-13 11:00 - 2014-03-26 09:49 - 00000000 ____D () C:\Users\cyrill\AppData\Local\Battle.net
2014-03-13 11:00 - 2014-03-13 11:17 - 00000000 ____D () C:\Users\cyrill\AppData\Roaming\Battle.net
2014-03-13 11:00 - 2014-03-13 11:00 - 00001122 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-03-13 10:59 - 2014-03-22 01:50 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-03-13 10:57 - 2014-03-13 10:57 - 07056680 _____ (Blizzard Entertainment) C:\Users\cyrill\Downloads\Hearthstone-Setup-deDE.exe

==================== One Month Modified Files and Folders =======

2014-03-27 23:37 - 2014-03-25 15:27 - 00017423 _____ () C:\Users\cyrill\Downloads\FRST.txt
2014-03-27 23:37 - 2014-03-24 11:33 - 00000000 ____D () C:\FRST
2014-03-27 23:35 - 2014-03-26 13:55 - 00000000 ____D () C:\Users\cyrill\Desktop\trojanerdräck
2014-03-27 23:34 - 2013-12-22 23:56 - 00000030 _____ () C:\Windows\SIERRA.INI
2014-03-27 23:27 - 2014-03-26 12:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-27 23:27 - 2013-01-19 00:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-27 16:02 - 2014-03-27 16:02 - 00003012 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest-Retry
2014-03-27 16:02 - 2013-12-27 16:18 - 00003134 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask-Retry
2014-03-27 14:06 - 2014-03-27 14:06 - 00987442 _____ () C:\Users\cyrill\Downloads\SecurityCheck.exe
2014-03-27 13:12 - 2013-01-25 00:45 - 00000000 ____D () C:\Users\cyrill\AppData\Local\PMB Files
2014-03-27 12:47 - 2009-07-14 05:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-27 12:47 - 2009-07-14 05:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-27 12:46 - 2014-03-27 12:46 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-27 12:45 - 2010-11-21 07:50 - 00696870 _____ () C:\Windows\system32\perfh007.dat
2014-03-27 12:45 - 2010-11-21 07:50 - 00148134 _____ () C:\Windows\system32\perfc007.dat
2014-03-27 12:45 - 2009-07-14 06:13 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-27 12:41 - 2014-03-27 12:41 - 00000000 ___RD () C:\Users\cyrill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-03-27 12:41 - 2013-10-27 21:45 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-27 12:41 - 2013-01-19 01:20 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-03-27 12:41 - 2013-01-19 01:20 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-03-27 12:41 - 2013-01-19 01:15 - 00000000 ____D () C:\Program Files (x86)\AlienRespawn
2014-03-27 12:41 - 2013-01-19 01:09 - 00000000 ____D () C:\ProgramData\Bigfoot Networks
2014-03-27 12:40 - 2013-06-17 21:09 - 00000431 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-03-27 12:40 - 2013-01-18 17:41 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-27 12:40 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-27 12:40 - 2009-07-14 05:51 - 00105565 _____ () C:\Windows\setupact.log
2014-03-26 16:02 - 2013-01-18 17:43 - 01759790 _____ () C:\Windows\WindowsUpdate.log
2014-03-26 16:01 - 2013-05-22 02:20 - 00003460 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-03-26 12:53 - 2014-03-25 15:28 - 00030668 _____ () C:\Users\cyrill\Downloads\Addition.txt
2014-03-26 12:30 - 2014-03-26 12:30 - 01038974 _____ (Thisisu) C:\Users\cyrill\Downloads\JRT.exe
2014-03-26 12:30 - 2014-03-26 12:30 - 00000000 ____D () C:\Windows\ERUNT
2014-03-26 12:26 - 2010-11-21 04:47 - 00387468 _____ () C:\Windows\PFRO.log
2014-03-26 12:25 - 2014-03-26 12:24 - 00000000 ____D () C:\AdwCleaner
2014-03-26 12:23 - 2014-03-26 12:23 - 01950720 _____ () C:\Users\cyrill\Downloads\adwcleaner.exe
2014-03-26 12:16 - 2009-07-14 03:34 - 00000635 _____ () C:\Windows\win.ini
2014-03-26 12:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Web
2014-03-26 12:00 - 2014-03-26 12:00 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\cyrill\Downloads\mbam-setup-2.0.0.1000(1).exe
2014-03-26 12:00 - 2014-03-26 12:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-26 12:00 - 2014-03-26 12:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-26 11:58 - 2014-03-26 11:58 - 17521924 _____ (Malwarebytes Corporation ) C:\Users\cyrill\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-26 11:43 - 2014-03-26 11:43 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\cyrill\Downloads\revosetup95(2).exe
2014-03-26 11:43 - 2014-03-26 11:43 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-26 11:42 - 2014-03-26 11:42 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\cyrill\Downloads\revosetup95(1).exe
2014-03-26 11:35 - 2014-03-26 11:35 - 02622196 _____ (VS Revo Group Ltd.) C:\Users\cyrill\Downloads\revosetup95.exe
2014-03-26 09:49 - 2014-03-13 11:00 - 00000000 ____D () C:\Users\cyrill\AppData\Local\Battle.net
2014-03-25 15:24 - 2014-03-25 15:24 - 02157056 _____ (Farbar) C:\Users\cyrill\Downloads\FRST64.exe
2014-03-24 21:24 - 2013-01-27 19:00 - 00000000 ____D () C:\Users\cyrill\AppData\Local\CrashDumps
2014-03-24 21:23 - 2014-03-24 21:23 - 00676040 _____ () C:\Users\cyrill\Downloads\java-64-bits.exe
2014-03-24 21:07 - 2013-01-27 01:55 - 00000000 ____D () C:\Users\cyrill\AppData\Roaming\TS3Client
2014-03-24 20:41 - 2014-03-24 20:31 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-24 20:37 - 2014-03-24 20:37 - 00921000 _____ (Oracle Corporation) C:\Users\cyrill\Downloads\jxpiinstall(1).exe
2014-03-24 20:30 - 2014-03-24 20:30 - 00921000 _____ (Oracle Corporation) C:\Users\cyrill\Downloads\jxpiinstall.exe
2014-03-24 15:42 - 2014-03-21 16:02 - 00000000 ____D () C:\Users\cyrill\AppData\Roaming\Nico Mak Computing
2014-03-23 15:10 - 2013-02-07 13:49 - 00000000 ____D () C:\Users\cyrill\AppData\Local\Adobe
2014-03-23 14:57 - 2013-05-14 21:47 - 00007606 _____ () C:\Users\cyrill\AppData\Local\resmon.resmoncfg
2014-03-23 14:34 - 2014-03-23 14:17 - 04051104 _____ () C:\Users\cyrill\Downloads\avira_de_av___ws.exe
2014-03-23 14:17 - 2013-01-25 00:54 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-03-23 14:08 - 2013-01-24 23:19 - 00000000 ____D () C:\Users\cyrill
2014-03-22 01:50 - 2014-03-13 10:59 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-03-22 01:13 - 2014-03-22 01:13 - 00002928 _____ () C:\Windows\System32\Tasks\{30A72B4D-E074-44A7-92A8-234CEFB87ABF}
2014-03-22 01:12 - 2014-03-22 01:12 - 00002928 _____ () C:\Windows\System32\Tasks\{86EE2B96-1631-4785-9D90-AE92BDA9FA48}
2014-03-22 01:12 - 2014-03-22 01:12 - 00002928 _____ () C:\Windows\System32\Tasks\{31AFFCBE-FA3F-4559-B113-83A9DB62A65D}
2014-03-22 01:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-03-21 23:43 - 2014-03-21 23:43 - 00002924 _____ () C:\Windows\System32\Tasks\{E3D6266F-D4FD-4823-8931-9D4E7E5F38BC}
2014-03-21 23:39 - 2014-03-22 00:51 - 02155596 _____ () C:\FRST64.exe
2014-03-21 16:15 - 2014-03-21 16:15 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-21 16:15 - 2014-02-15 11:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-21 16:15 - 2013-01-25 00:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-21 01:09 - 2013-02-03 01:03 - 00000000 ____D () C:\Users\cyrill\AppData\Roaming\Skype
2014-03-21 00:34 - 2014-03-21 00:34 - 00002960 _____ () C:\Windows\System32\Tasks\{EBBDF4E5-7C66-4DD1-9BBA-93525421F59C}
2014-03-18 16:59 - 2014-03-18 16:50 - 04889560 _____ (WinZip International LLC ) C:\Users\cyrill\Downloads\wzmp_8.exe
2014-03-18 08:20 - 2014-03-18 08:20 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
2014-03-16 16:44 - 2013-08-27 15:53 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-03-16 14:52 - 2013-01-24 23:20 - 00000000 ____D () C:\Users\cyrill\AppData\Local\VirtualStore
2014-03-14 01:54 - 2014-03-13 11:08 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-03-14 01:53 - 2014-03-14 01:53 - 00000000 ____D () C:\Users\cyrill\AppData\Local\Blizzard Entertainment
2014-03-13 11:17 - 2014-03-13 11:17 - 00000000 ____D () C:\Users\cyrill\AppData\Local\Blizzard
2014-03-13 11:17 - 2014-03-13 11:00 - 00000000 ____D () C:\Users\cyrill\AppData\Roaming\Battle.net
2014-03-13 11:08 - 2014-03-13 11:08 - 00001159 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-03-13 11:00 - 2014-03-13 11:00 - 00001122 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-03-13 10:57 - 2014-03-13 10:57 - 07056680 _____ (Blizzard Entertainment) C:\Users\cyrill\Downloads\Hearthstone-Setup-deDE.exe
2014-03-12 03:01 - 2013-01-25 02:01 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-12 03:01 - 2013-01-19 00:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 03:01 - 2013-01-19 00:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 03:01 - 2013-01-19 00:49 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-05 09:26 - 2014-03-26 12:00 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-26 12:00 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-26 12:00 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-02 22:48 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

Some content of TEMP:
====================
C:\Users\cyrill\AppData\Local\Temp\install_flashplayer12x32_ltr5x64d_awc_aih.exe
C:\Users\cyrill\AppData\Local\Temp\install_flashplayer12x32_mssa_awc_aih.exe
C:\Users\cyrill\AppData\Local\Temp\Quarantine.exe
C:\Users\cyrill\AppData\Local\Temp\Shockwave_Installer_FF-1.exe
C:\Users\cyrill\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\cyrill\AppData\Local\Temp\xz0i8cce.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-23 11:48

==================== End Of Log ============================

--- --- ---

also die werbung ist in allen browsern weg dafür schonmal ein riesiges dankeschön

flash player spinnt weiterhin (heisst wenn ich zb auf utube ein vid öffne bleibt es bei 1 sek hängen widerholt sich 2-3 mal und dann kommt ein flimmernden bildschirm das ein fehler aufgetreten ist.
kann aber gut sein das das an meinen einstellungen oder meiner internetverbindung liegt
wenn du die logs nochmal (durchlaufen lässt?) und nix findest denke ich das wir durch sind
mfg

24.03.2014, 17:04	#8
schrauber /// the machine /// TB-Ausbilder	Werbung auf allen browsern, adope flash player hängt sich immer auf Komisch, ich seh nix was ne Exe blockieren könnte. Du kannst im normalen Modus kein Programm starten? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Werbung auf allen browsern, adope flash player hängt sich immer auf

Plagegeister aller Art und deren Bekämpfung: Werbung auf allen browsern, adope flash player hängt sich immer auf