Ständiger wiederkehrender Maleware Fund "Trojan.Win32.Vague.cg" in C:\Windows\Temp\41560_updater.exe

cosinus · 21.05.2014, 21:31

Zitat:

hab mir jetzt Avira installiert und Zonealarm und Spybot rausgeworfen.

Ohje

ich hab extra Empfehlungen gepostet und du nimmst etwas ganz anderes, Avira empfehlen wir auch schon lange nicht mehr. Hat sich unbeliebt gemacht als es als Partner Junkware/Adware Klitschen ausgesucht hat und viel schlimmer, das Teil glänzt auch viel häufiger durch Fehlalarme als unsere bisherigen empfohlenen Scanner.

Adware/Junkware/Toolbars entfernen

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

SH001 · 23.05.2014, 11:31

Meinte natürlich Avast nicht Avira

So AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.210 - Bericht erstellt am 21/05/2014 um 23:19:04
# Aktualisiert 19/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Sascha AD - SCHUSSEL
# Gestartet von : C:\Users\Sascha AD\Desktop\adwcleaner_3.210.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Gast\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
[!] Ordner Gelöscht : C:\Users\Sascha\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Ordner Gelöscht : C:\Users\Sascha\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Sascha\AppData\Roaming\kikin
[!] Ordner Gelöscht : C:\Users\Sascha AD\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Ordner Gelöscht : C:\Users\Sascha AD\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Sascha AD\AppData\Roaming\kikin
Datei Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vva842z9.default\.autoreg

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
Wert Gelöscht : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0041560.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0041560.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0041560.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0041560.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422152260}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455155560}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466156660}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444154460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411151160}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411151160}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411151160}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411151160}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422152260}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411151160}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455155560}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466156660}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411151160}
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vva842z9.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [7153 octets] - [21/05/2014 23:18:14]
AdwCleaner[S0].txt - [6190 octets] - [21/05/2014 23:19:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6250 octets] ##########

--- --- ---

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Sascha AD on 23.05.2014 at 12:14:55,22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Myfree Codec
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Myfree Codec



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.05.2014 at 12:20:46,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by Sascha AD (administrator) on SCHUSSEL on 23-05-2014 12:24:04
Running from C:\Users\Sascha AD\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Gainward Co.) C:\Program Files (x86)\EXPERTool\TBPANEL.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-08] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740888 2013-04-24] (Sony Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-21] (AVAST Software)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3344588163-4229223017-3211320431-1003\...\Run: [GAINWARD] => C:\Program Files (x86)\EXPERTool\TBPanel.exe [2265416 2011-04-08] (Gainward Co.)
HKU\S-1-5-21-3344588163-4229223017-3211320431-1003\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung)
HKU\S-1-5-21-3344588163-4229223017-3211320431-1003\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3344588163-4229223017-3211320431-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3344588163-4229223017-3211320431-1003\...\MountPoints2: {0b2eb4f4-3c77-11e0-ae56-806e6f6e6963} - G:\autorun.exe -auto
HKU\S-1-5-21-3344588163-4229223017-3211320431-1003\...\MountPoints2: {0b2eb4f5-3c77-11e0-ae56-806e6f6e6963} - H:\CDSETUP.EXE

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - (No Name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No File
SearchScopes: HKCU - {1245A68F-115A-4355-8FF6-80F3C3B4B0FB} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Sascha AD\AppData\Roaming\Mozilla\Firefox\Profiles\j327c08o.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nosltd.com/getPlus+(R),version=1.6.2.99 - C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-05-26]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-21]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com)
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-21] (AVAST Software)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
S3 DAUpdaterSvc; D:\Spiele\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
S3 IDriverT; C:\Program Files (x86)\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation)
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [52288 2011-02-02] (NOS Microsystems Ltd.)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-02-26] ()

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-21] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R2 DLABMFSE; C:\Windows\System32\DLA\DLABMFSE.SYS [43888 2008-02-22] (Roxio)
R2 DLABOIOE; C:\Windows\System32\DLA\DLABOIOE.SYS [41712 2008-02-22] (Roxio)
R1 DLACDBHE; C:\Windows\System32\Drivers\DLACDBHE.SYS [15864 2007-02-08] (Roxio)
R2 DLADResE; C:\Windows\System32\DLA\DLADResE.SYS [10096 2008-02-22] (Roxio)
R2 DLAIFS_E; C:\Windows\System32\DLA\DLAIFS_E.SYS [141296 2008-02-22] (Roxio)
R2 DLAOPIOE; C:\Windows\System32\DLA\DLAOPIOE.SYS [33904 2008-02-22] (Roxio)
R2 DLAPoolE; C:\Windows\System32\DLA\DLAPoolE.SYS [17776 2008-02-22] (Roxio)
R1 DLARTL_E; C:\Windows\System32\Drivers\DLARTL_E.SYS [39160 2007-02-08] (Roxio)
R2 DLAUDFAE; C:\Windows\System32\DLA\DLAUDFAE.SYS [136816 2008-02-22] (Roxio)
R2 DLAUDF_E; C:\Windows\System32\DLA\DLAUDF_E.SYS [142832 2008-02-22] (Roxio)
R0 DRVECDB; C:\Windows\System32\Drivers\DRVECDB.SYS [122776 2006-07-21] (Sonic Solutions)
R2 DRVEDDM; C:\Windows\System32\Drivers\DRVEDDM.SYS [63608 2007-02-09] (Roxio)
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2012-01-09] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2012-01-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [485680 2012-01-09] (Kaspersky Lab)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 TBPanel; No ImagePath
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 FreshIO; \??\C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP6\WNt500x64\Sandra.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-23 12:24 - 2014-05-23 12:24 - 00015179 _____ () C:\Users\Sascha AD\Desktop\FRST.txt
2014-05-23 12:20 - 2014-05-23 12:20 - 00000788 _____ () C:\Users\Sascha AD\Desktop\JRT.txt
2014-05-23 12:12 - 2014-05-23 12:12 - 00000000 ____D () C:\Windows\ERUNT
2014-05-21 14:09 - 2014-05-21 14:09 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\AVAST Software
2014-05-21 14:00 - 2014-05-23 08:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-21 14:00 - 2014-05-21 14:00 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-21 14:00 - 2014-05-21 14:00 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-21 14:00 - 2014-05-21 14:00 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-21 14:00 - 2014-05-21 14:00 - 00000000 ____D () C:\Users\Sascha AD\AppData\Roaming\AVAST Software
2014-05-21 14:00 - 2014-05-21 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-05-21 14:00 - 2014-05-21 13:59 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1400673648500
2014-05-21 14:00 - 2014-05-21 13:59 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1400673648500
2014-05-21 14:00 - 2014-05-21 13:59 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-21 14:00 - 2014-05-21 13:59 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-21 14:00 - 2014-05-21 13:59 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-21 14:00 - 2014-05-21 13:59 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-21 14:00 - 2014-05-21 13:59 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-21 14:00 - 2014-05-21 13:59 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-21 13:59 - 2014-05-21 13:59 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-21 13:59 - 2014-05-21 13:59 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-21 13:37 - 2014-05-21 13:37 - 00000074 _____ () C:\Windows\avast5.ini
2014-05-21 13:26 - 2014-05-21 13:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-21 13:25 - 2014-05-21 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-21 13:25 - 2014-05-21 13:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-21 13:25 - 2014-05-21 13:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-21 13:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-21 13:25 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-21 13:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-21 13:16 - 2014-05-21 13:16 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-05-21 13:15 - 2014-05-21 13:15 - 01326389 _____ () C:\Users\Sascha AD\Desktop\adwcleaner_3.210.exe
2014-05-21 13:15 - 2014-05-21 13:15 - 01016261 _____ (Thisisu) C:\Users\Sascha AD\Desktop\JRT.exe
2014-05-21 13:11 - 2014-05-21 13:11 - 00000000 ____D () C:\Windows\7AE5C77687424874B53B941190171E6D.TMP
2014-05-21 12:29 - 2014-05-21 12:29 - 00448512 _____ (OldTimer Tools) C:\Users\Sascha AD\Desktop\TFC.exe
2014-05-21 11:55 - 2014-05-21 11:56 - 00000000 ____D () C:\Users\Sascha AD\AppData\Roaming\FreshDiagnose
2014-05-21 11:43 - 2014-05-23 11:58 - 00000000 ____D () C:\AdwCleaner
2014-05-21 11:04 - 2014-05-21 10:45 - 00450770 _____ () C:\Windows\system32\Drivers\etc\hosts.20140521-110424.backup
2014-05-21 10:45 - 2014-05-04 21:27 - 00450770 _____ () C:\Windows\system32\Drivers\etc\hosts.20140521-104509.backup
2014-05-21 10:35 - 2014-05-20 16:38 - 02067456 _____ (Farbar) C:\Users\Sascha AD\Desktop\FRST64.exe
2014-05-20 16:43 - 2014-05-23 12:24 - 00000000 ____D () C:\FRST
2014-05-20 16:42 - 2014-05-20 16:42 - 02067456 _____ (Farbar) C:\Users\Sascha\Downloads\FRST64(1).exe
2014-05-20 12:27 - 2014-05-20 12:27 - 00002203 _____ () C:\Users\Sascha\.recently-used.xbel
2014-05-19 19:02 - 2014-05-19 19:02 - 00000358 _____ () C:\Users\Sascha\Documents\OuProxy.log
2014-05-16 18:53 - 2014-05-16 18:53 - 00000000 ____D () C:\Users\Sascha\AppData\Local\AAV
2014-05-16 16:08 - 2014-05-16 16:08 - 00000000 ____D () C:\Users\Sascha AD\AppData\Local\AAV
2014-05-16 16:04 - 2014-05-16 18:51 - 00002205 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2014.lnk
2014-05-16 16:04 - 2014-05-16 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps
2014-05-16 15:59 - 2014-05-16 16:09 - 00000000 ____D () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft
2014-05-16 15:56 - 2014-05-19 18:33 - 00000000 ____D () C:\ProgramData\AAV
2014-05-16 00:40 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 00:40 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 00:40 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-16 00:40 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-16 00:40 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-16 00:40 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 19:22 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 19:22 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 19:19 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 19:19 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 19:19 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 19:19 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 19:19 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 19:19 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 19:19 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 19:19 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 19:19 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 19:19 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 19:19 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 19:19 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 19:19 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 19:19 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 19:19 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 19:19 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 19:19 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 19:19 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 19:19 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 19:19 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 19:19 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 19:19 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 19:19 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 19:19 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 19:19 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 19:19 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 19:19 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 19:19 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 19:19 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 19:19 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 19:19 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 19:19 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 19:19 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 19:19 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 19:19 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 19:19 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 19:19 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 19:19 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 19:19 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 19:19 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 19:19 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-12 19:47 - 2014-05-12 19:47 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-12 19:47 - 2014-05-12 19:47 - 00000000 ____D () C:\ProgramData\Mozilla
2014-05-12 19:47 - 2014-05-12 19:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-12 19:45 - 2014-05-12 19:45 - 00283144 _____ (Mozilla) C:\Users\Sascha\Downloads\Firefox Setup Stub 29.0.1.exe
2014-05-10 16:45 - 2014-05-16 14:54 - 00000000 ___RD () C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-09 15:32 - 2014-05-09 15:32 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\SUPERAntiSpyware.com
2014-05-09 15:31 - 2014-05-09 15:32 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-09 15:31 - 2014-05-09 15:31 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-05-09 15:31 - 2014-05-09 15:31 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-05-04 21:27 - 2014-05-04 21:18 - 00450770 _____ () C:\Windows\system32\Drivers\etc\hosts.20140504-212702.backup
2014-05-04 21:18 - 2011-02-22 22:24 - 00430078 _____ () C:\Windows\system32\Drivers\etc\hosts.20140504-211817.backup
2014-05-04 19:38 - 2014-05-04 19:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-05-04 19:38 - 2014-05-04 19:38 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-05-03 14:38 - 2013-11-27 01:29 - 05693440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-05-03 14:38 - 2013-11-27 00:49 - 06573056 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-05-03 14:32 - 2014-05-23 12:08 - 00006416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-03 14:32 - 2014-05-23 12:08 - 00006416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-03 14:32 - 2014-05-03 14:32 - 00000552 _____ () C:\Windows\system32\spsys.log
2014-04-28 20:23 - 2014-04-28 20:23 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-28 18:41 - 2014-04-28 18:41 - 00000000 _____ () C:\autoexec.bat
2014-04-28 18:40 - 2014-05-04 19:13 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-04-27 07:38 - 2014-04-27 07:38 - 00000000 __SHD () C:\Users\Sascha AD\AppData\Local\EmieUserList
2014-04-27 07:38 - 2014-04-27 07:38 - 00000000 __SHD () C:\Users\Sascha AD\AppData\Local\EmieSiteList
2014-04-26 09:05 - 2014-04-26 09:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-26 09:03 - 2013-05-10 07:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-04-26 09:03 - 2013-05-10 07:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-04-26 09:03 - 2013-05-10 06:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-04-26 09:03 - 2013-05-10 06:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-04-26 08:56 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-04-26 08:55 - 2014-03-04 13:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-04-26 08:55 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-04-26 08:55 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-26 08:55 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-26 08:55 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-04-26 08:55 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-04-26 08:55 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-04-26 08:55 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-04-26 08:55 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-04-26 08:55 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-04-26 08:55 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-04-26 08:55 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-04-26 08:55 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-04-26 08:55 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-04-26 08:55 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-04-26 08:55 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-04-26 08:43 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-04-26 08:43 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-04-26 08:43 - 2012-08-23 15:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-04-26 08:43 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-04-26 08:43 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-04-26 08:43 - 2012-08-23 11:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-04-26 08:41 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-04-26 08:41 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-04-26 08:41 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-04-26 08:41 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-04-26 08:41 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-04-26 08:41 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-04-26 08:41 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-04-26 08:41 - 2012-06-02 16:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-04-26 08:30 - 2012-12-07 15:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-04-26 08:30 - 2012-12-07 15:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-04-26 08:30 - 2012-12-07 14:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-04-26 08:30 - 2012-12-07 14:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2014-04-26 08:30 - 2012-12-07 13:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2014-04-26 08:30 - 2012-12-07 13:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2014-04-26 08:30 - 2012-12-07 13:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2014-04-26 08:30 - 2012-12-07 13:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2014-04-26 08:30 - 2012-12-07 13:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2014-04-26 08:30 - 2012-12-07 13:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2014-04-26 08:30 - 2012-12-07 13:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2014-04-26 08:30 - 2012-12-07 13:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2014-04-26 08:30 - 2012-12-07 13:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2014-04-26 08:30 - 2012-12-07 13:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2014-04-26 08:30 - 2012-12-07 13:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2014-04-26 08:30 - 2012-12-07 13:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2014-04-26 08:30 - 2012-12-07 13:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2014-04-26 08:30 - 2012-12-07 13:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2014-04-26 08:30 - 2012-12-07 12:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2014-04-26 08:30 - 2012-12-07 12:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2014-04-26 08:30 - 2012-12-07 12:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2014-04-26 08:30 - 2012-12-07 12:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2014-04-26 08:30 - 2012-12-07 12:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2014-04-26 08:30 - 2012-12-07 12:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2014-04-26 08:30 - 2012-12-07 12:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2014-04-26 08:30 - 2012-12-07 12:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2014-04-26 08:30 - 2012-12-07 12:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2014-04-26 08:30 - 2012-12-07 12:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2014-04-26 08:30 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2014-04-26 08:30 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2014-04-26 08:30 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2014-04-26 08:30 - 2012-12-07 12:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2014-04-26 08:30 - 2012-04-07 14:31 - 03216384 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-04-26 08:30 - 2012-04-07 13:26 - 02342400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-04-26 08:29 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-26 08:29 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-26 08:29 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-26 08:29 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-26 08:29 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-26 08:29 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-26 08:29 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-26 08:29 - 2013-12-04 04:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-04-26 08:29 - 2013-12-04 04:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-04-26 08:29 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-04-26 08:29 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-04-26 08:29 - 2013-12-04 04:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-04-26 08:29 - 2013-12-04 04:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-04-26 08:29 - 2013-12-04 04:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-04-26 08:29 - 2013-12-04 04:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-04-26 08:29 - 2013-12-04 04:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-04-26 08:29 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-04-26 08:29 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-04-26 08:29 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-04-26 08:29 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-04-26 08:29 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-04-26 08:29 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-04-26 08:29 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-04-26 08:29 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-04-26 08:29 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-04-26 08:29 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-04-26 08:29 - 2013-10-04 04:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-04-26 08:29 - 2013-10-04 04:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-04-26 08:29 - 2013-10-04 04:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-04-26 08:29 - 2013-10-04 03:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-04-26 08:29 - 2013-10-04 03:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-04-26 08:29 - 2013-10-04 03:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-04-26 08:29 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-04-26 08:29 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-04-26 08:29 - 2012-10-09 20:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-04-26 08:29 - 2012-10-09 20:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-04-26 08:29 - 2012-10-09 19:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2014-04-26 08:29 - 2012-10-09 19:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2014-04-26 08:29 - 2012-10-03 19:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2014-04-26 08:29 - 2012-10-03 19:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2014-04-26 08:29 - 2012-10-03 19:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2014-04-26 08:29 - 2012-10-03 19:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2014-04-26 08:29 - 2012-10-03 19:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2014-04-26 08:29 - 2012-10-03 19:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-04-26 08:29 - 2012-10-03 18:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2014-04-26 08:29 - 2012-10-03 18:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2014-04-26 08:29 - 2012-10-03 18:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2014-04-26 08:29 - 2012-10-03 18:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-04-26 08:29 - 2012-08-22 20:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-04-26 08:29 - 2012-07-04 22:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2014-04-26 08:29 - 2012-05-01 07:40 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-04-26 08:29 - 2012-01-13 09:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2014-04-26 08:28 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-04-26 08:28 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-04-26 08:28 - 2014-01-01 01:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-04-26 08:28 - 2013-11-23 20:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-04-26 08:28 - 2013-11-23 19:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-04-26 08:28 - 2013-10-30 04:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-04-26 08:28 - 2013-10-30 04:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-04-26 08:28 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-04-26 08:28 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-04-26 08:28 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-04-26 08:28 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-04-26 08:28 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-04-26 08:28 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-04-26 08:28 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-04-26 08:28 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2014-04-26 08:28 - 2013-03-19 07:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2014-04-26 08:28 - 2013-01-24 08:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-04-26 08:28 - 2012-11-22 07:44 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-04-26 08:28 - 2012-11-22 06:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-04-26 08:28 - 2012-08-21 23:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2014-04-26 08:28 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-04-26 08:28 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-04-26 08:28 - 2011-12-30 08:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2014-04-26 08:28 - 2011-12-30 07:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2014-04-26 08:26 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-26 08:26 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-04-26 08:26 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-26 08:26 - 2012-05-05 10:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-04-26 08:26 - 2012-05-05 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-04-26 08:20 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-04-26 08:17 - 2014-04-26 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in

==================== One Month Modified Files and Folders =======

2014-05-23 12:24 - 2014-05-23 12:24 - 00015179 _____ () C:\Users\Sascha AD\Desktop\FRST.txt
2014-05-23 12:24 - 2014-05-20 16:43 - 00000000 ____D () C:\FRST
2014-05-23 12:20 - 2014-05-23 12:20 - 00000788 _____ () C:\Users\Sascha AD\Desktop\JRT.txt
2014-05-23 12:12 - 2014-05-23 12:12 - 00000000 ____D () C:\Windows\ERUNT
2014-05-23 12:08 - 2014-05-03 14:32 - 00006416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-23 12:08 - 2014-05-03 14:32 - 00006416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-23 12:06 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-05-23 12:06 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-05-23 12:06 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-23 12:04 - 2011-02-20 01:12 - 01507910 _____ () C:\Windows\WindowsUpdate.log
2014-05-23 11:59 - 2011-02-19 23:28 - 00720698 _____ () C:\Windows\PFRO.log
2014-05-23 11:59 - 2011-02-19 21:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-23 11:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-23 11:59 - 2009-07-14 06:51 - 00188656 _____ () C:\Windows\setupact.log
2014-05-23 11:58 - 2014-05-21 11:43 - 00000000 ____D () C:\AdwCleaner
2014-05-23 11:58 - 2010-07-27 10:18 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\CheckPoint
2014-05-23 11:58 - 2010-07-27 10:18 - 00000000 ____D () C:\Users\Sascha AD\AppData\Roaming\CheckPoint
2014-05-23 11:47 - 2012-06-27 19:03 - 00000000 ____D () C:\Program Files (x86)\The Secret World
2014-05-23 10:06 - 2014-04-05 14:39 - 00000000 ____D () C:\ProgramData\Origin
2014-05-23 09:34 - 2012-04-18 18:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-23 08:14 - 2014-04-05 15:09 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-05-23 08:10 - 2014-05-21 14:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-21 22:14 - 2011-08-10 20:24 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\TS3Client
2014-05-21 14:09 - 2014-05-21 14:09 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\AVAST Software
2014-05-21 14:00 - 2014-05-21 14:00 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-21 14:00 - 2014-05-21 14:00 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-21 14:00 - 2014-05-21 14:00 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-21 14:00 - 2014-05-21 14:00 - 00000000 ____D () C:\Users\Sascha AD\AppData\Roaming\AVAST Software
2014-05-21 14:00 - 2014-05-21 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-05-21 13:59 - 2014-05-21 14:00 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1400673648500
2014-05-21 13:59 - 2014-05-21 14:00 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1400673648500
2014-05-21 13:59 - 2014-05-21 14:00 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-21 13:59 - 2014-05-21 14:00 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-21 13:59 - 2014-05-21 14:00 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-21 13:59 - 2014-05-21 14:00 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-21 13:59 - 2014-05-21 14:00 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-21 13:59 - 2014-05-21 14:00 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-21 13:59 - 2014-05-21 13:59 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-21 13:59 - 2014-05-21 13:59 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-21 13:46 - 2013-09-15 08:25 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-21 13:37 - 2014-05-21 13:37 - 00000074 _____ () C:\Windows\avast5.ini
2014-05-21 13:26 - 2014-05-21 13:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-21 13:25 - 2014-05-21 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-21 13:25 - 2014-05-21 13:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-21 13:25 - 2014-05-21 13:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-21 13:19 - 2013-05-13 17:54 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\CheckPoint
2014-05-21 13:17 - 2011-02-19 23:00 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-21 13:17 - 2011-02-19 22:38 - 00000201 _____ () C:\Windows\wininit.ini
2014-05-21 13:16 - 2014-05-21 13:16 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-05-21 13:15 - 2014-05-21 13:15 - 01326389 _____ () C:\Users\Sascha AD\Desktop\adwcleaner_3.210.exe
2014-05-21 13:15 - 2014-05-21 13:15 - 01016261 _____ (Thisisu) C:\Users\Sascha AD\Desktop\JRT.exe
2014-05-21 13:11 - 2014-05-21 13:11 - 00000000 ____D () C:\Windows\7AE5C77687424874B53B941190171E6D.TMP
2014-05-21 12:29 - 2014-05-21 12:29 - 00448512 _____ (OldTimer Tools) C:\Users\Sascha AD\Desktop\TFC.exe
2014-05-21 12:21 - 2011-02-20 02:08 - 00000000 ____D () C:\Users\Sascha AD
2014-05-21 11:58 - 2011-02-20 02:16 - 00000000 ____D () C:\Users\Sascha
2014-05-21 11:56 - 2014-05-21 11:55 - 00000000 ____D () C:\Users\Sascha AD\AppData\Roaming\FreshDiagnose
2014-05-21 10:45 - 2014-05-21 11:04 - 00450770 _____ () C:\Windows\system32\Drivers\etc\hosts.20140521-110424.backup
2014-05-21 10:31 - 2011-02-20 18:03 - 00125144 _____ () C:\Users\Sascha AD\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-21 10:31 - 2011-02-20 02:08 - 00000000 ___RD () C:\Users\Sascha AD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-21 10:31 - 2011-02-20 02:08 - 00000000 ___RD () C:\Users\Sascha AD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-20 16:42 - 2014-05-20 16:42 - 02067456 _____ (Farbar) C:\Users\Sascha\Downloads\FRST64(1).exe
2014-05-20 16:38 - 2014-05-21 10:35 - 02067456 _____ (Farbar) C:\Users\Sascha AD\Desktop\FRST64.exe
2014-05-20 15:38 - 2011-02-21 13:19 - 00125144 _____ () C:\Users\Sascha\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-20 12:27 - 2014-05-20 12:27 - 00002203 _____ () C:\Users\Sascha\.recently-used.xbel
2014-05-20 12:27 - 2012-07-04 18:31 - 00000000 ____D () C:\Users\Sascha\.gimp-2.6
2014-05-20 12:27 - 2008-09-04 18:35 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\gtk-2.0
2014-05-19 19:07 - 2010-05-16 11:11 - 00000000 ____D () C:\Users\Sascha\Documents\Steuerfälle
2014-05-19 19:02 - 2014-05-19 19:02 - 00000358 _____ () C:\Users\Sascha\Documents\OuProxy.log
2014-05-19 18:33 - 2014-05-16 15:56 - 00000000 ____D () C:\ProgramData\AAV
2014-05-19 15:21 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-17 07:29 - 2009-07-14 06:45 - 00457320 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-16 18:53 - 2014-05-16 18:53 - 00000000 ____D () C:\Users\Sascha\AppData\Local\AAV
2014-05-16 18:51 - 2014-05-16 16:04 - 00002205 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2014.lnk
2014-05-16 16:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-16 16:09 - 2014-05-16 15:59 - 00000000 ____D () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft
2014-05-16 16:08 - 2014-05-16 16:08 - 00000000 ____D () C:\Users\Sascha AD\AppData\Local\AAV
2014-05-16 16:04 - 2014-05-16 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps
2014-05-16 14:54 - 2014-05-10 16:45 - 00000000 ___RD () C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 14:54 - 2011-02-20 02:16 - 00000000 ___RD () C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 00:39 - 2013-08-16 23:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 00:37 - 2011-02-20 09:52 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-13 22:34 - 2012-04-18 18:02 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 22:34 - 2012-04-18 18:02 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 22:34 - 2011-05-17 12:39 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 19:04 - 2011-02-19 22:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-12 20:01 - 2011-02-20 18:25 - 00000000 ____D () C:\Users\Sascha\AppData\Local\Mozilla
2014-05-12 19:47 - 2014-05-12 19:47 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-12 19:47 - 2014-05-12 19:47 - 00000000 ____D () C:\ProgramData\Mozilla
2014-05-12 19:47 - 2014-05-12 19:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-12 19:45 - 2014-05-12 19:45 - 00283144 _____ (Mozilla) C:\Users\Sascha\Downloads\Firefox Setup Stub 29.0.1.exe
2014-05-12 07:26 - 2014-05-21 13:25 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-21 13:25 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-21 13:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 11:09 - 2012-06-07 13:05 - 00000000 ____D () C:\Users\Sascha\AppData\Local\.elfohilfe
2014-05-09 15:32 - 2014-05-09 15:32 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\SUPERAntiSpyware.com
2014-05-09 15:32 - 2014-05-09 15:31 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-09 15:31 - 2014-05-09 15:31 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-05-09 15:31 - 2014-05-09 15:31 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-05-06 06:40 - 2014-05-16 00:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-16 00:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-16 00:40 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-16 00:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-16 00:40 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-16 00:40 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-04 21:27 - 2014-05-21 10:45 - 00450770 _____ () C:\Windows\system32\Drivers\etc\hosts.20140521-104509.backup
2014-05-04 21:18 - 2014-05-04 21:27 - 00450770 _____ () C:\Windows\system32\Drivers\etc\hosts.20140504-212702.backup
2014-05-04 19:38 - 2014-05-04 19:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-05-04 19:38 - 2014-05-04 19:38 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-05-04 19:13 - 2014-04-28 18:40 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-03 14:32 - 2014-05-03 14:32 - 00000552 _____ () C:\Windows\system32\spsys.log
2014-04-28 20:23 - 2014-04-28 20:23 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-28 19:10 - 2011-08-10 20:16 - 00001407 _____ () C:\Users\Sascha\Desktop\TeamSpeak 3 Client.lnk
2014-04-28 18:41 - 2014-04-28 18:41 - 00000000 _____ () C:\autoexec.bat
2014-04-28 00:03 - 2013-01-26 10:29 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-27 07:38 - 2014-04-27 07:38 - 00000000 __SHD () C:\Users\Sascha AD\AppData\Local\EmieUserList
2014-04-27 07:38 - 2014-04-27 07:38 - 00000000 __SHD () C:\Users\Sascha AD\AppData\Local\EmieSiteList
2014-04-26 09:36 - 2010-05-12 22:24 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\vlc
2014-04-26 09:30 - 2013-11-23 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-04-26 09:28 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-26 09:05 - 2014-04-26 09:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-26 09:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-26 08:55 - 2011-02-19 21:35 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-04-26 08:17 - 2014-04-26 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2014-04-26 08:17 - 2011-02-19 21:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-04-26 08:13 - 2014-01-18 11:04 - 00000000 ____D () C:\Users\Sascha AD\AppData\Local\NVIDIA Corporation
2014-04-26 08:11 - 2011-02-20 02:08 - 00001425 _____ () C:\Users\Sascha AD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-26 07:12 - 2011-02-19 22:15 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-04-23 19:28 - 2009-07-14 05:20 - 00000000 __RSD () C:\Windows\Media
2014-04-23 19:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-04-23 19:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat

Files to move or delete:
====================
C:\Users\Sascha AD\wand.dat


Some content of TEMP:
====================
C:\Users\Sascha AD\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-15 19:19] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 16:17

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014
Ran by Sascha AD at 2014-05-23 12:24:46
Running from C:\Users\Sascha AD\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Download Manager (HKLM-x32\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.99 - NOS Microsystems Ltd.)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.2) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)
Age of Conan: Hyborian Adventures (HKLM-x32\...\Age of Conan_is1) (Version:  - Funcom)
ASRock IES v2.0.92 (HKLM-x32\...\ASRock IES_is1) (Version:  - )
Assassin’s Creed® III (HKLM-x32\...\Steam App 208480) (Version:  - Ubisoft Montreal)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
Assassin's Creed II (HKLM-x32\...\Steam App 33230) (Version:  - Ubisoft Montreal)
ATI Catalyst Install Manager (HKLM\...\{D3364347-0A05-CA85-1DAD-80A7A75BF677}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber Deutschland)
Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)
Barbarian Invasion (HKLM-x32\...\{4905C2C7-96CB-4DD9-A706-C427913DE5AE}) (Version: 1.4 - )
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CPUID ROG CPU-Z 1.65 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.65 - CPUID, Inc.)
Dawn of War - Soulstorm (x32 Version: 1.00.0000 - THQ) Hidden
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.04 - Electronic Arts, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular 13.2.0.8623p) (Version: 14.1.11318 - Landesfinanzdirektion Thüringen)
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version:  - The Creative Assembly)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
EXPERTool 7.20 (HKLM-x32\...\MySSID_is1) (Version:  - Gainward Co., Ltd)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Free Audio CD Burner version 1.4.7 (HKLM-x32\...\Free Audio CD Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free YouTube to MP3 Converter version 3.11.32.918 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.32.918 - DVDVideoSoft Ltd.)
FreeCommander 2009.02b (HKLM-x32\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski)
Freedom Force (HKLM-x32\...\Steam App 8880) (Version:  - Irrational Games)
Freedom Force vs. the 3rd Reich (HKLM-x32\...\Steam App 8890) (Version:  - Irrational Games)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
Fresco Logic USB3.0 Host Controller (HKLM\...\{6E9E1B70-59C4-403E-ABFB-C08012BC7F8A}) (Version: 3.0.89.14 - Fresco Logic Inc.)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.15.0 - Futuremark Corporation)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version:  - )
GimPhoto 1.4.3 (HKLM-x32\...\GimPhoto) (Version: 1.4.3 - Ek kian)
GPL Ghostscript 9.00 (HKLM-x32\...\GPL Ghostscript 9.00) (Version:  - )
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version:  - Rockstar)
Image Data Converter (HKLM-x32\...\{87998E4E-6D9C-411B-AAE9-B8523FFE357D}) (Version: 4.2.02.10112 - Sony Corporation)
inSSIDer 2.0 (HKLM\...\{57019733-78E6-43DE-8E6D-55349F0FDE6F}) (Version: 2.0.7 - MetaGeek)
LightScribe System Software  1.12.29.2 (HKLM-x32\...\{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}) (Version: 1.12.29.2 - hxxp://www.lightscribe.com)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1036 - Marvell)
Mass Effect (HKLM-x32\...\Steam App 17460) (Version:  - BioWare)
Mass Effect 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.02 - Electronic Arts, Inc.)
Mass Effect™ 3 (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.01.0.0 - Electronic Arts)
Medieval II Total War (HKLM-x32\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Americas (HKLM-x32\...\{75983B66-804C-40D1-BA13-64DAF652A6F1}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Britannia (HKLM-x32\...\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Crusades (HKLM-x32\...\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Teutonic (HKLM-x32\...\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}) (Version: 1.03.000 - SEGA)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.3 (HKLM-x32\...\{C3E9887A-23BA-4777-8080-191A5AFCAB74}) (Version: 1.2.3 - Thorvald Natvig)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version:  - The Creative Assembly)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
NVIDIA 3D Vision Controller Driver (x32 Version: 280.19 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller-Treiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.82 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.145.1024 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera 10.00 (HKLM-x32\...\{2085F05D-24C5-4E27-B7B4-A51DE890FFC9}) (Version: 10.00 - Opera Software ASA)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Photo Viewer (HKLM-x32\...\{67183F00-3DDC-497B-A090-4E2B79EAF1CD}) (Version: 1.00.0000 - Photo Viewer)
PlayMemories Home (HKLM-x32\...\{0657DE52-8F5C-4073-B70C-ED4F3F7FA076}) (Version: 7.0.03.04240 - Sony Corporation)
Port Royale 3 (HKLM-x32\...\Steam App 205610) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek Ethernet Controller  Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6043 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Remote Camera Control (HKLM-x32\...\{F4346E8D-1F90-4B07-92B9-2155C07D7D0F}) (Version: 3.1.02190 - Sony Corporation)
Rome - Total War(TM) (HKLM-x32\...\InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}) (Version: 1.0 - Ihr Firmenname)
Rome - Total War(TM) (x32 Version: 1.0 - Ihr Firmenname) Hidden
Roxio Creator Audio (HKLM-x32\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator Basic v9 (HKLM-x32\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM-x32\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM-x32\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM-x32\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio)
Roxio Express Labeler 3 (HKLM-x32\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD Basic v9 (HKLM-x32\...\{938B1CD7-7C60-491E-AA90-1F1888168240}) (Version: 9.0.117 - Roxio)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Sid Meier's Civilization IV (HKLM-x32\...\Steam App 3900) (Version:  - Firaxis)
Sid Meier's Civilization IV: Beyond the Sword (HKLM-x32\...\Steam App 8800) (Version:  - Firaxis)
Sid Meier's Civilization IV: Colonization (HKLM-x32\...\Steam App 16810) (Version:  - Firaxis)
Sid Meier's Civilization IV: Warlords (HKLM-x32\...\Steam App 3990) (Version:  - Firaxis)
Sins of a Solar Empire: Rebellion (HKLM-x32\...\Steam App 204880) (Version:  - )
Sins of a Solar Empire: Trinity (HKLM-x32\...\Steam App 201290) (Version:  - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic Activation Module (x32 Version: 1.0 - Sonic Solutions) Hidden
Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version:  - BioWare)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.09.86 - Akademische Arbeitsgemeinschaft)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
The Secret World (HKLM-x32\...\The Secret World_is1) (Version: 1.0.0 - Funcom)
Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
Tropico 4 (HKLM-x32\...\Steam App 57690) (Version:  - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Vallen JPegger (HKLM-x32\...\{73182AC3-5CC3-4161-AE97-F23E09B13147}) (Version: V5.62 (Build: 9.1221) - Vallen Systeme GmbH)
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
WarhammerÂ® 40,000â„¢: Dawn of WarÂ® II (HKLM-x32\...\Steam App 15620) (Version:  - Relic)
Winamp (HKLM-x32\...\Winamp) (Version: 5.601  - Nullsoft, Inc)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Wise Registry Cleaner 8.03 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.03 - WiseCleaner.com, Inc.)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - )
ZoneAlarm Antivirus (x32 Version: 10.2.081.000 - Check Point Software Technologies Ltd.) Hidden

==================== Restore Points  =========================

15-05-2014 17:04:08 Windows Update
15-05-2014 22:36:39 Windows Update
16-05-2014 13:58:19 SteuerSparErklärung 2014 wurde installiert.
16-05-2014 14:08:28 Installed AAVUpdateManager.
21-05-2014 05:35:07 Windows Update
21-05-2014 09:51:56 Removed 3DMark06
21-05-2014 10:01:15 SiSoftware Sandra Lite
21-05-2014 11:10:30 Removed RegHunter
21-05-2014 11:15:56 Removed SpyHunter
21-05-2014 11:34:20 avast! antivirus system restore point
21-05-2014 11:36:19 avast! antivirus system restore point
21-05-2014 11:59:18 avast! antivirus system restore point

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-05-21 10:45 - 00450770 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {9003D439-7603-42BF-AA39-359346E3408F} - System32\Tasks\{F2765E5B-840D-40C4-AE32-2A063B7390FD} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {A3C86436-71F0-4C0C-B3C8-8D3AC370200B} - System32\Tasks\{3C29E2AC-2DFE-44B9-A786-15EC245DD216} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/de/abandoninstall?source=lightinstaller&amp;page=tsProblems&amp;LastError=12007&amp;installinfo=google-toolbar:offered-notinstalled,google-chrome:notoffered;toolbaroffered
Task: {BC7BFB88-731E-4C21-9EDA-B76C6696F8D3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-21] (AVAST Software)
Task: {C4F0ABA4-2173-4BD9-B713-C54263F5BD6D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2011-04-07 23:19 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-02-20 10:58 - 2010-06-17 22:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2014-02-26 19:44 - 2014-02-26 19:44 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-10-07 11:39 - 2011-10-07 11:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2011-02-19 22:38 - 2008-02-22 11:22 - 00049648 _____ () C:\Windows\system32\DLAAPI_W.DLL
2014-05-23 08:10 - 2014-05-23 08:10 - 02254848 _____ () C:\Program Files\AVAST Software\Avast\defs\14052200\algo.dll
2011-08-23 17:49 - 1998-10-31 10:55 - 00005120 _____ () C:\Program Files (x86)\EXPERTool\TBManage.dll
2014-05-21 13:59 - 2014-05-21 13:59 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-02-20 11:58 - 2014-04-26 07:12 - 00835584 _____ () C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll
2011-02-20 11:58 - 2014-04-26 07:12 - 00093696 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll
2011-02-20 11:58 - 2014-04-26 07:12 - 00094208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll
2011-02-20 11:58 - 2014-04-26 07:12 - 00057344 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll
2011-12-08 19:37 - 2014-04-26 07:12 - 00096256 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll
2011-02-20 11:58 - 2014-04-26 07:12 - 00062976 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll
2011-02-20 11:58 - 2014-04-26 07:12 - 00067072 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll
2011-02-20 11:58 - 2014-04-26 07:12 - 00158208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
2011-02-20 11:58 - 2014-04-26 07:12 - 00312832 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll
2011-02-20 11:58 - 2014-04-26 07:12 - 00038912 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll
2011-02-20 11:58 - 2014-04-26 07:12 - 00073728 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll
2011-02-20 11:58 - 2014-04-26 07:12 - 00101888 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: RoxioDragToDisc => "C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe"
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-05-21 13:10:11.297
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-21 12:37:50.757
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-21 12:10:59.714
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-21 11:55:28.951
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-21 11:55:28.576
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-21 11:49:51.375
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-21 11:28:31.157
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-21 11:11:06.834
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-21 08:19:21.939
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-21 07:59:30.334
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 16%
Total physical RAM: 12287.3 MB
Available physical RAM: 10234.79 MB
Total Pagefile: 36860.09 MB
Available Pagefile: 34737.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:431.5 GB) (Free:95.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (SH1_2) (Fixed) (Total:500.01 GB) (Free:93.46 GB) NTFS
Drive e: (SH2) (Fixed) (Total:596.17 GB) (Free:110.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 596 GB) (Disk ID: 28911AF8)
Partition 1: (Active) - (Size=596 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 7D14B18F)
Partition 1: (Active) - (Size=432 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=500 GB) - (Type=05)

==================== End Of Log ============================

Ständiger wiederkehrender Maleware Fund "Trojan.Win32.Vague.cg" in C:\Windows\Temp\41560_updater.exe

Plagegeister aller Art und deren Bekämpfung: Ständiger wiederkehrender Maleware Fund "Trojan.Win32.Vague.cg" in C:\Windows\Temp\41560_updater.exe

Ständiger wiederkehrender Maleware Fund "Trojan.Win32.Vague.cg" in C:\Windows\Temp\41560_updater.exe

Ständiger wiederkehrender Maleware Fund "Trojan.Win32.Vague.cg" in C:\Windows\Temp\41560_updater.exe

Ähnliche Themen: Ständiger wiederkehrender Maleware Fund "Trojan.Win32.Vague.cg" in C:\Windows\Temp\41560_updater.exe